[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2001/dsa-0{73,67}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2001/dsa-067.wml	2002-02-18 18:20:11.000000000 +0500
+++ russian/security/2001/dsa-067.wml	2016-07-07 18:03:49.889304726 +0500
@@ -1,37 +1,38 @@
- -<define-tag description>Remote exploit</define-tag>
+#use wml::debian::translation-check translation="1.6" maintainer="Lev Lamberov"
+<define-tag description>Ñ?далÑ?ннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?</define-tag>
 <define-tag moreinfo>
 
- -We have received reports that the `apache' package, as included in
- -the Debian `stable' distribution, is vulnerable to the `artificially
- -long slash path directory listing vulnerability' as described on <a
+Ð?Ñ? полÑ?Ñ?или Ñ?ообÑ?ениÑ? о Ñ?ом, Ñ?Ñ?о пакеÑ? `apache', вÑ?одÑ?Ñ?ий в Ñ?оÑ?Ñ?ав
+Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка Debian, подвеÑ?жен `Ñ?Ñ?звимоÑ?Ñ?и лиÑ?Ñ?инга каÑ?алога
+из-за болÑ?Ñ?ого колиÑ?еÑ?Ñ?ва коÑ?Ñ?Ñ? Ñ?еÑ?Ñ?', опиÑ?Ñ?ваемой в Ñ?Ñ?аÑ?Ñ?е <a
 href="http://www.securityfocus.com/vdb/bottom.html?vid=2503";>SecurityFocus</a>.
 
- -<p>This vulnerability was announced to bugtraq by Dan Harkless.
+<p>Ð?б Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и Ñ?ообÑ?ил Ð?Ñ?н ХаÑ?клеÑ? на bugtraq.
 
- -<p>Quoting the SecurityFocus entry for this vulnerability:
+<p>ЦиÑ?иÑ?Ñ?ем Ñ?Ñ?аÑ?Ñ?Ñ? SecurityFocus об Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и:
 
 <blockquote>
- - <p>A problem in the package could allow directory indexing, and path
- - discovery. In a default configuration, Apache enables mod_dir,
- - mod_autoindex, and mod_negotiation. However, by placing a custom
- - crafted request to the Apache server consisting of a long path name
- - created artificially by using numerous slashes, this can cause these
- - modules to misbehave, making it possible to escape the error page,
- - and gain a listing of the directory contents.
- -
- - <p>This vulnerability makes it possible for a malicious remote user
- - to launch an information gathering attack, which could potentially
- - result in compromise of the system. Additionally, this vulnerability
- - affects all releases of Apache previous to 1.3.19.
+ <p>Ð?Ñ?облема в пакеÑ?е можеÑ? позволиÑ?Ñ? вÑ?полниÑ?Ñ? индекÑ?аÑ?иÑ? каÑ?алога и
+ обнаÑ?Ñ?жение пÑ?Ñ?и. Ð?о Ñ?молÑ?аниÑ? Apache вклÑ?Ñ?аеÑ? модÑ?ли mod_dir,
+ mod_autoindex и mod_negotiation. Тем не менее, оÑ?пÑ?авка Ñ?пеÑ?иалÑ?но
+ Ñ?Ñ?оÑ?миÑ?ованного запÑ?оÑ?а на Ñ?еÑ?веÑ? Apache, Ñ?одеÑ?жаÑ?его длинное имÑ? пÑ?Ñ?и
+ Ñ? болÑ?Ñ?им колиÑ?еÑ?Ñ?вом коÑ?Ñ?Ñ? Ñ?еÑ?Ñ?, пÑ?иводиÑ? к непÑ?авилÑ?номÑ? поведениÑ?
+ Ñ?казаннÑ?Ñ? модÑ?лей, Ñ?Ñ?о позволÑ?еÑ? избежаÑ?Ñ? Ñ?Ñ?Ñ?аниÑ?Ñ? Ñ? оÑ?ибкой и
+ полÑ?Ñ?иÑ?Ñ? лиÑ?Ñ?инг Ñ?одеÑ?жимого каÑ?алога.
+
+ <p>Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? позволÑ?еÑ? Ñ?далÑ?нномÑ? злоÑ?мÑ?Ñ?ленникÑ?
+ запÑ?Ñ?каÑ?Ñ? аÑ?акÑ? по Ñ?боÑ?Ñ? инÑ?оÑ?маÑ?ии, коÑ?оÑ?аÑ? поÑ?енÑ?иалÑ?но можеÑ?
+ пÑ?ивеÑ?Ñ?и к компÑ?омеÑ?аÑ?ии Ñ?иÑ?Ñ?емÑ?. Ð?Ñ?оме Ñ?ого, даннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+ каÑ?аеÑ?Ñ?Ñ? вÑ?еÑ? вÑ?пÑ?Ñ?ков Apache ниже веÑ?Ñ?ии 1.3.19.
 </blockquote>
 
- -<p>This problem has been fixed in apache-ssl 1.3.9-13.3 and
- -apache 1.3.9-14.  We recommend that you upgrade your packages
- -immediately.</p>
- -
- -<p>Warning: The MD5Sum of the .dsc and .diff.gz file don't match
- -since they were copied from the stable release afterwards, the
- -content of the .diff.gz file is the same, though, checked.</p>
+<p>ЭÑ?а пÑ?облемÑ? бÑ?ла иÑ?пÑ?авлена в пакеÑ?е apache-ssl веÑ?Ñ?ии 1.3.9-13.3 и
+пакеÑ?е apache веÑ?Ñ?ии 1.3.9-14.  РекомендÑ?еÑ?Ñ?Ñ? как можно Ñ?коÑ?ее
+обновиÑ?Ñ? пакеÑ?Ñ?.</p>
+
+<p>Ð?нимание: конÑ?Ñ?олÑ?нÑ?е Ñ?Ñ?ммÑ? MD5 Ñ?айлов .dsc и .diff.gz не Ñ?овпадаÑ?Ñ?,
+Ñ?ак как они бÑ?ли Ñ?копиÑ?ованÑ? из Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка позже, но Ñ?айл
+.diff.gz имееÑ? Ñ?о же Ñ?одеÑ?жимое, Ñ?Ñ?о пÑ?овеÑ?ено.</p>
 
 </define-tag>
 
- --- english/security/2001/dsa-073.wml	2002-08-21 14:09:06.000000000 +0600
+++ russian/security/2001/dsa-073.wml	2016-07-07 17:52:13.676945093 +0500
@@ -1,35 +1,36 @@
- -<define-tag description>3 remote exploits</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>Ñ?Ñ?и Ñ?далÑ?ннÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -The Horde team released version 2.2.6 of IMP (a web based IMAP mail
- -program) which fixes three security problems. Their release announcement
- -describes them as follows:
+Ð?оманда Horde вÑ?пÑ?Ñ?Ñ?ила веÑ?Ñ?иÑ? 2.2.6 IMP (поÑ?Ñ?овой веб-пÑ?огÑ?аммÑ? на оÑ?нове
+IMAP), в коÑ?оÑ?ой иÑ?пÑ?авленÑ? Ñ?Ñ?и пÑ?облемÑ? безопаÑ?ноÑ?Ñ?и. Ð? Ñ?ообÑ?ении о вÑ?пÑ?Ñ?ке
+Ñ?Ñ?и Ñ?Ñ?звимоÑ?Ñ?и опиÑ?Ñ?ваÑ?Ñ?Ñ?Ñ? Ñ?ледÑ?Ñ?Ñ?им обÑ?азом:
 
 <ol>
- -<li> A PHPLIB vulnerability allowed an attacker to provide a value for the
- -   array element $_PHPLIB[libdir], and thus to get scripts from another
- -   server to load and execute.  This vulnerability is remotely
- -   exploitable.  (Horde 1.2.x ships with its own customized version of
- -   PHPLIB, which has now been patched to prevent this problem.)
- -
- -<li> By using tricky encodings of "javascript:" an attacker can cause
- -   malicious JavaScript code to execute in the browser of a user reading
- -   email sent by attacker.  (IMP 2.2.x already filters many such
- -   patterns; several new ones that were slipping past the filters are
- -   now blocked.)
- -
- -<li> A hostile user that can create a publicly-readable file named
- -   "prefs.lang" somewhere on the Apache/PHP server can cause that file
- -   to be executed as PHP code.  The IMP configuration files could thus
- -   be read, the Horde database password used to read and alter the
- -   database used to store contacts and preferences, etc.  We do not
- -   believe this is remotely exploitable directly through Apache/PHP/IMP;
- -   however, shell access to the server or other means (e.g., FTP) could
- -   be used to create this file.
+<li> УÑ?звимоÑ?Ñ?Ñ? PHPLIB позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ? пеÑ?едаваÑ?Ñ? знаÑ?ение длÑ?
+   Ñ?леменÑ?а маÑ?Ñ?ива $_PHPLIB[libdir], и, Ñ?аким обÑ?азом, полÑ?Ñ?аÑ?Ñ? длÑ? загÑ?Ñ?зки и
+   вÑ?полнениÑ? Ñ?Ñ?енаÑ?ии Ñ? дÑ?Ñ?гого Ñ?еÑ?веÑ?а.  ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+   Ñ?далÑ?нно.  (Horde 1.2.x поÑ?Ñ?авлÑ?еÑ?Ñ?Ñ? Ñ? Ñ?обÑ?Ñ?венной веÑ?Ñ?ией
+   PHPLIB, на коÑ?оÑ?Ñ?Ñ? бÑ?ла наложена заплаÑ?а Ñ? Ñ?елÑ?Ñ? пÑ?едоÑ?вÑ?аÑ?ениÑ? Ñ?казанной пÑ?облемÑ?.)
+
+<li> Ð?Ñ?полÑ?зÑ?Ñ? оÑ?обÑ?е кодÑ? длÑ? "javascript:", злоÑ?мÑ?Ñ?ленник можеÑ? вÑ?зÑ?ваÑ?Ñ?
+   запÑ?Ñ?к кода JavaScript в бÑ?аÑ?зеÑ?е полÑ?зоваÑ?елÑ?, Ñ?иÑ?аÑ?Ñ?его
+   Ñ?ообÑ?ение, оÑ?пÑ?авленное злоÑ?мÑ?Ñ?ленником.  (IMP 2.2.x Ñ?же Ñ?илÑ?Ñ?Ñ?Ñ?еÑ? множеÑ?Ñ?во
+   подобнÑ?Ñ? Ñ?аблонов; Ñ?епеÑ?Ñ? блокиÑ?Ñ?Ñ?Ñ?Ñ?Ñ? некоÑ?оÑ?Ñ?е новÑ?е Ñ?аблонÑ?, коÑ?оÑ?Ñ?е
+   пÑ?оÑ?одили имеÑ?Ñ?иеÑ?Ñ? Ñ?илÑ?Ñ?Ñ?Ñ?.)
+
+<li> Ð?лоÑ?мÑ?Ñ?ленник, коÑ?оÑ?Ñ?й можеÑ? Ñ?оздаÑ?Ñ? Ñ?айл Ñ? именем "prefs.lang", оÑ?кÑ?Ñ?Ñ?Ñ?й длÑ? Ñ?Ñ?ениÑ?
+   длÑ? вÑ?еÑ? полÑ?зоваÑ?елей, где-нибÑ?дÑ? на Ñ?еÑ?веÑ?е Apache/PHP, можеÑ? запÑ?Ñ?Ñ?иÑ?Ñ? Ñ?Ñ?оÑ?
+   Ñ?айл как код на Ñ?зÑ?ке PHP.  Таким обÑ?азом, можно пÑ?оÑ?еÑ?Ñ?Ñ? Ñ?айлÑ? наÑ?Ñ?Ñ?ойки IMP,
+   базÑ? даннÑ?Ñ? паÑ?олей Horde, иÑ?полÑ?зÑ?емÑ?Ñ? длÑ? Ñ?Ñ?ениÑ? и изменениÑ?
+   базÑ? даннÑ?Ñ?, иÑ?полÑ?зÑ?емой длÑ? Ñ?Ñ?анениÑ? конÑ?акÑ?ов и наÑ?Ñ?Ñ?оек, и Ñ?. д.  Ð?ам не кажеÑ?Ñ?Ñ?,
+   Ñ?Ñ?о Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? можно напÑ?Ñ?мÑ?Ñ? Ñ?далÑ?нно иÑ?полÑ?зоваÑ?Ñ? Ñ?еÑ?ез Apache/PHP/IMP;
+   Ñ?ем не менее, доÑ?Ñ?Ñ?п к командной оболоÑ?ке Ñ?еÑ?веÑ?а или какие-Ñ?о дÑ?Ñ?гие видÑ? доÑ?Ñ?Ñ?па (напÑ?имеÑ?, FTP)
+   могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? Ñ?озданиÑ? Ñ?акого Ñ?айла.
 
 </ol>
 
- -<p>This has been fixed in version 2:2.2.6-0.potato.1. Please note that you
- -will also need to upgrade the <code>horde</code> package to the same version.
+<p>ЭÑ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в веÑ?Ñ?ии 2:2.2.6-0.potato.1. Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о
+вам Ñ?акже Ñ?ледÑ?еÑ? обновиÑ?Ñ? пакеÑ? <code>horde</code> до Ñ?ой же Ñ?амой веÑ?Ñ?ии.
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXflM4AAoJEF7nbuICFtKlf3EQAI1KJfFr2igsKoELH/pGNpwA
RXIR8dr5JxYgmrj/J1bGHBb62z+NXl6sUIKHZ7bFUyENFrC0ed85ktNbKVkorKrU
f6Owdo8U0Rx7F0WLiRTaj7NBAdyMa3grkfi84CSvZ7JLIs27X6tlGpy4elxfyZLi
bpNJHe40iDviSv/6nqc/HYbu4JDn+dOzlTzH/hOq0J2i4slv0/PZ+whtVPqJnPZc
isXBJMw1pcLqEr0jA6Kk3WF6N8C/wDCXwkX8tlG35xrr7maFCGXO/90C1ZsOJBOk
GgmG/mjJKUDoJ0RLKOeiBpdMWwIErPjZ9kde4I1hmr/LzRhv8k7jxtEKcvt6PoOo
duHWmplQINejlw0gio7rOEzt642hRoXfnnDiVEdfgzdqNf5CTfTclLztsIvgGG19
Nj9s8p/of9ok0fDVZRRaLreYP3MW7G+mxmOHkNkvZuhFaa2VqwfEQrR8rIRz3OhR
y/IcnbGs/ThqCIY8skSd+iqgLSPVLor78AQx24rVx3bLH7sTU4mn9d7p16BXRvvU
cQ4sqc0PIYLAw6XFgh4csTlfBRDZGoy9rU9XcJP4J8KX2MG6ByFru+XC2dNIqdqY
kpQn9NzwK/j/Oui90i42ypHACtMEg0KOsSHyCDgYpS5/XWyQ2iZpY2o0k0TQOGyN
JszQ1PKXSTa9J6vussuz
=Xl+p
-----END PGP SIGNATURE-----
Reply to: