[DONE] wml://security/2001/dsa-04{7,3}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2001/dsa-043.wml 2004-12-13 05:20:29.000000000 +0500
+++ russian/security/2001/dsa-043.wml 2016-07-07 18:28:58.426964407 +0500
@@ -1,50 +1,51 @@
- -<define-tag moreinfo>This advisory covers several vulnerabilities in Zope that
- -have been addressed.
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
+<define-tag moreinfo>Ð?аннаÑ? Ñ?екомендаÑ?иÑ? покÑ?Ñ?ваеÑ? неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей в Zope,
+коÑ?оÑ?Ñ?е бÑ?ли Ñ?еÑ?енÑ?.
<dl>
- -<dt>Hotfix 08_09_2000 "Zope security alert and hotfix product"
+<dt>Ð?Ñ?пÑ?авление 08_09_2000 "Ð?Ñ?едÑ?пÑ?еждение безопаÑ?ноÑ?Ñ?и Zope и иÑ?пÑ?авление"
<dd>
- - The issue involves the fact that the getRoles method of user objects
- - contained in the default UserFolder implementation returns a mutable
- - Python type. Because the mutable object is still associated with
- - the persistent User object, users with the ability to edit DTML
- - could arrange to give themselves extra roles for the duration of a
- - single request by mutating the roles list as a part of the request
- - processing.
+ ÐÑ?а пÑ?облема каÑ?аеÑ?Ñ?Ñ? Ñ?ого Ñ?акÑ?а, Ñ?Ñ?о меÑ?од getRoles полÑ?зоваÑ?елÑ?Ñ?киÑ? обÑ?екÑ?ов,
+ Ñ?одеÑ?жаÑ?иÑ?Ñ?Ñ? в Ñ?еализаÑ?ии UserFolder по Ñ?молÑ?аниÑ?, возвÑ?аÑ?аеÑ? изменÑ?емÑ?й
+ Ñ?ип Ñ?зÑ?ка Python. Ð?оÑ?колÑ?кÑ? изменÑ?емÑ?й обÑ?екÑ? вÑ?Ñ? еÑ?Ñ? аÑ?Ñ?оÑ?ииÑ?Ñ?еÑ?Ñ?Ñ? Ñ?
+ поÑ?Ñ?оÑ?ннÑ?м обÑ?екÑ?ом User, полÑ?зоваÑ?ели, Ñ?поÑ?обнÑ?е Ñ?едакÑ?иÑ?оваÑ?Ñ? DTML,
+ могÑ?Ñ? вÑ?даÑ?Ñ? Ñ?ебе дополниÑ?елÑ?нÑ?е Ñ?оли на вÑ?емÑ?
+ одного запÑ?оÑ?а, изменÑ?Ñ? Ñ?пиÑ?ок Ñ?олей в каÑ?еÑ?Ñ?ве Ñ?аÑ?Ñ?и обÑ?абоÑ?ки
+ запÑ?оÑ?а.
- -<dt>Hotfix 2000-10-02 "ZPublisher security update"
+<dt>Ð?Ñ?пÑ?авление 2000-10-02 "Ð?бновление безопаÑ?ноÑ?Ñ?и ZPublisher"
<dd>
- - It is sometimes possible to access, through a URL only, objects
- - protected by a role which the user has in some context, but not in
- - the context of the accessed object.
+ Ð?ногда можно полÑ?Ñ?иÑ?Ñ? доÑ?Ñ?Ñ?п (Ñ?олÑ?ко Ñ?еÑ?ез URL) к обÑ?екÑ?ам,
+ заÑ?иÑ?Ñ?ннÑ?м Ñ?олÑ?Ñ?, коÑ?оÑ?Ñ?Ñ? полÑ?зоваÑ?елÑ? имееÑ? в некоÑ?оÑ?ом конÑ?екÑ?Ñ?е, но не в
+ конÑ?екÑ?Ñ?е обÑ?екÑ?а, к коÑ?оÑ?омÑ? вÑ?полнÑ?еÑ?Ñ?Ñ? доÑ?Ñ?Ñ?п.
- -<dt>Hotfix 2000-10-11 "ObjectManager subscripting"
+<dt>Hotfix 2000-10-11 "Ð?ндекÑ?аÑ?иÑ? ObjectManager"
<dd>
- - The issue involves the fact that the 'subscript notation' that can
- - be used to access items of ObjectManagers (Folders) did not
- - correctly restrict return values to only actual sub items. This
- - made it possible to access names that should be private from DTML
- - (objects with names beginning with the underscore '_' character).
- - This could allow DTML authors to see private implementation data
- - structures and in certain cases possibly call methods that they
- - shouldn't have access to from DTML.
+ ÐÑ?а пÑ?облема каÑ?аеÑ?Ñ?Ñ? Ñ?ого Ñ?акÑ?а, Ñ?Ñ?о 'ноÑ?аÑ?иÑ? индекÑ?а', коÑ?оÑ?аÑ?
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? доÑ?Ñ?Ñ?па к ObjectManagers (Folders), непÑ?авилÑ?но
+ огÑ?аниÑ?иваеÑ? возвÑ?аÑ?аемÑ?е знаÑ?ениÑ? Ñ?олÑ?ко Ñ?акÑ?иÑ?еÑ?кими подпÑ?нкÑ?ами. ÐÑ?о
+ позволÑ?еÑ? полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к именам, коÑ?оÑ?Ñ?е должнÑ? бÑ?Ñ?Ñ? закÑ?Ñ?Ñ?Ñ? из DTML
+ (обÑ?екÑ?Ñ? Ñ? именами, наÑ?инаÑ?Ñ?имиÑ?Ñ? Ñ? Ñ?имвола подÑ?Ñ?Ñ?киваниÑ?, '_').
+ ÐÑ?о позволÑ?еÑ? авÑ?оÑ?ам DTML пÑ?оÑ?маÑ?Ñ?иваÑ?Ñ? закÑ?Ñ?Ñ?Ñ?Ñ? Ñ?еализаÑ?иÑ? Ñ?Ñ?Ñ?Ñ?кÑ?Ñ?Ñ?
+ даннÑ?Ñ?, а в некоÑ?оÑ?Ñ?Ñ? Ñ?лÑ?Ñ?аÑ?Ñ? вÑ?зÑ?ваÑ?Ñ? меÑ?одÑ?, к коÑ?оÑ?Ñ?м они не
+ должнÑ? имеÑ?Ñ? доÑ?Ñ?Ñ?па из DTML.
- -<dt>Hotfix 2001-02-23 "Class attribute access"
+<dt>Hotfix 2001-02-23 "Ð?оÑ?Ñ?Ñ?п к аÑ?Ñ?ибÑ?Ñ?Ñ? клаÑ?Ñ?а"
<dd>
- - The issue is related to ZClasses in that a user with through-the-web
- - scripting capabilities on a Zope site can view and assign class
- - attributes to ZClasses, possibly allowing them to make inappropriate
- - changes to ZClass instances.
+ ÐÑ?а пÑ?облема Ñ?вÑ?зана Ñ? ZClass, в коÑ?оÑ?Ñ?Ñ? полÑ?зоваÑ?елÑ?, Ñ?поÑ?обнÑ?й Ñ?еÑ?ез веб
+ вÑ?полниÑ?Ñ? Ñ?кÑ?ипÑ?инг на Ñ?айÑ?е Zope, можеÑ? пÑ?оÑ?маÑ?Ñ?иваÑ?Ñ? и пÑ?иÑ?ваиваÑ?Ñ? ZClass
+ аÑ?Ñ?ибÑ?Ñ?Ñ? клаÑ?Ñ?а, Ñ?Ñ?о можеÑ? позволиÑ?Ñ? емÑ? внеÑ?Ñ?и недопÑ?Ñ?Ñ?имÑ?е изменениÑ?
+ в обÑ?азÑ?Ñ? ZClass.
<br>
- - A second part fixes problems in the ObjectManager, PropertyManager,
- - and PropertySheet classes related to mutability of method return
- - values which could be perceived as a security problem.
+ Ð?Ñ?оÑ?аÑ? Ñ?аÑ?Ñ?Ñ? иÑ?пÑ?авлÑ?еÑ? пÑ?облемÑ? в клаÑ?Ñ?аÑ? ObjectManager, PropertyManager
+ и PropertySheet, Ñ?вÑ?заннÑ?е Ñ? изменением возвÑ?аÑ?аемÑ?Ñ? меÑ?одом
+ знаÑ?ений, Ñ?Ñ?о Ñ?Ñ?иÑ?аеÑ?Ñ?Ñ? пÑ?облемой безопаÑ?ноÑ?Ñ?и.
</dl>
- -These fixes are included in zope 2.1.6-7 for Debian 2.2 (potato). We recommend
- -you upgrade your zope package immediately.
+ÐÑ?и иÑ?пÑ?авлениÑ? вклÑ?Ñ?енÑ? в пакеÑ? zope веÑ?Ñ?ии 2.1.6-7 длÑ? Debian 2.2 (potato). РекомендÑ?еÑ?Ñ?Ñ?
+как можно Ñ?коÑ?ее обновиÑ?Ñ? пакеÑ? zope.
</define-tag>
- -<define-tag description>remote exploit</define-tag>
+<define-tag description>Ñ?далÑ?ннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?</define-tag>
# do not modify the following line
#include '$(ENGLISHDIR)/security/2001/dsa-043.data'
- --- english/security/2001/dsa-047.wml 2002-08-21 14:18:26.000000000 +0600
+++ russian/security/2001/dsa-047.wml 2016-07-07 18:15:41.860704500 +0500
@@ -1,42 +1,43 @@
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
<define-tag moreinfo>
- -The kernels used in Debian GNU/Linux 2.2 have been found to have
- -multiple security problems. This is a list of problems based
- -on the 2.2.19 release notes as found on <a href="http://www.linux.org.uk/">
+Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?дÑ?а, иÑ?полÑ?зÑ?емÑ?е в Debian GNU/Linux 2.2, Ñ?одеÑ?жаÑ?
+многоÑ?иÑ?леннÑ?е пÑ?облемÑ? безопаÑ?ноÑ?Ñ?и. Ð?иже пÑ?иводиÑ?Ñ?Ñ? Ñ?пиÑ?ок пÑ?облем, коÑ?оÑ?Ñ?й
+оÑ?новÑ?ваеÑ?Ñ?Ñ? на инÑ?оÑ?маÑ?ии о вÑ?пÑ?Ñ?ке веÑ?Ñ?ии 2.2.19 Ñ? <a href="http://www.linux.org.uk/">
http://www.linux.org.uk/</a>:
<ul>
- -<li>binfmt_misc used user pages directly
- -<li>the CPIA driver had an off-by-one error in the buffer code which made
- - it possible for users to write into kernel memory
- -<li>the CPUID and MSR drivers had a problem in the module unloading code
- - which could cause a system crash if they were set to automatically load
- - and unload (please note that Debian does not automatically unload kernel
- - modules)
- -<li>There was a possible hang in the classifier code
- -<li>The getsockopt and setsockopt system calls did not handle sign bits
- - correctly which made a local DoS and other attacks possible
- -<li>The sysctl system call did not handle sign bits correctly which allowed
- - a user to write in kernel memory
- -<li>ptrace/exec races that could give a local user extra privileges
- -<li>possible abuse of a boundary case in the sockfilter code
- -<li>SYSV shared memory code could overwrite recently freed memory which might
- - cause problems
- -<li>The packet length checks in the masquerading code were a bit lax
- - (probably not exploitable)
- -<li>Some x86 assembly bugs caused the wrong number of bytes to be copied.
- -<li>A local user could deadlock the kernel due to bugs in the UDP port
- - allocation.
+<li>binfmt_misc напÑ?Ñ?мÑ?Ñ? иÑ?полÑ?зÑ?еÑ? полÑ?зоваÑ?елÑ?Ñ?кие Ñ?Ñ?Ñ?аниÑ?Ñ?
+<li>Ð?Ñ?айвеÑ? CPIA Ñ?одеÑ?жиÑ? оÑ?ибкÑ? на единиÑ?Ñ? в коде бÑ?Ñ?еÑ?а, коÑ?оÑ?аÑ? позволÑ?еÑ?
+ полÑ?зоваÑ?елÑ?м вÑ?полнÑ?Ñ?Ñ? запиÑ?Ñ? в памÑ?Ñ?Ñ? Ñ?дÑ?а
+<li>Ð?Ñ?айвеÑ?Ñ? CPUID и MSR Ñ?одеÑ?жаÑ? пÑ?облемÑ? в коде вÑ?гÑ?Ñ?зки модÑ?лÑ?,
+ коÑ?оÑ?аÑ? можеÑ? пÑ?иводиÑ?Ñ? к аваÑ?ийной оÑ?Ñ?ановке Ñ?иÑ?Ñ?емÑ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли модÑ?ли авÑ?омаÑ?иÑ?еÑ?ки
+ загÑ?Ñ?жаÑ?Ñ?Ñ?Ñ? и вÑ?гÑ?Ñ?жаÑ?Ñ?Ñ?Ñ? (замеÑ?Ñ?Ñ?е, Ñ?Ñ?о в Debian модÑ?ли Ñ?дÑ?а авÑ?омаÑ?иÑ?еÑ?ки
+ не вÑ?гÑ?Ñ?жаÑ?Ñ?Ñ?Ñ?)
+<li>Ð?озможное завиÑ?ание в коде клаÑ?Ñ?иÑ?икаÑ?оÑ?а
+<li>СиÑ?Ñ?емнÑ?е вÑ?зовÑ? getsockopt и setsockopt непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваÑ?Ñ? знаковÑ?е
+ Ñ?азÑ?Ñ?дÑ?, Ñ?Ñ?о позволÑ?еÑ? вÑ?зÑ?ваÑ?Ñ? локалÑ?нÑ?й оÑ?каз в обÑ?лÑ?живании и вÑ?полнÑ?Ñ?Ñ? дÑ?Ñ?гие аÑ?аки
+<li>СиÑ?Ñ?емнÑ?й вÑ?зов sysctl непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? знаковÑ?е Ñ?азÑ?Ñ?дÑ?, Ñ?Ñ?о позволÑ?еÑ?
+ полÑ?зоваÑ?елÑ? вÑ?полнÑ?Ñ?Ñ? запиÑ?Ñ? в памÑ?Ñ?Ñ? Ñ?дÑ?а
+<li>СоÑ?Ñ?оÑ?ние гонки в ptrace/exec, позволÑ?Ñ?Ñ?ее локалÑ?номÑ? полÑ?зоваÑ?елÑ? полÑ?Ñ?аÑ?Ñ? дополниÑ?елÑ?нÑ?е пÑ?ивилегии
+<li>Ð?озможное некоÑ?Ñ?екÑ?ное иÑ?полÑ?зование гÑ?аниÑ?ного Ñ?лÑ?Ñ?аÑ? в коде sockfilter
+<li>Ð?од Ñ?азделÑ?емой памÑ?Ñ?и SYSV можеÑ? вÑ?полнÑ?Ñ?Ñ? пеÑ?езапиÑ?Ñ? недавно оÑ?вобождÑ?нной памÑ?Ñ?и, Ñ?Ñ?о можеÑ?
+ вÑ?зÑ?ваÑ?Ñ? пÑ?облемÑ?
+<li>Ð?Ñ?овеÑ?ки длинÑ? пакеÑ?а в коде маÑ?каÑ?адинга Ñ?лиÑ?ком Ñ?лабÑ?
+ (возможно, Ñ?Ñ?Ñ? пÑ?облемÑ? нелÑ?зÑ? иÑ?полÑ?зоваÑ?Ñ?)
+<li>Ð?екоÑ?оÑ?Ñ?е оÑ?ибки в аÑ?Ñ?емблеÑ?ном коде x86 пÑ?иводÑ?Ñ? к копиÑ?ованиÑ? непÑ?авилÑ?ного Ñ?иÑ?ла байÑ?
+<li>Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? вÑ?зваÑ?Ñ? блокиÑ?овкÑ? Ñ?дÑ?а из-за оÑ?ибок в коде вÑ?делениÑ?
+ поÑ?Ñ?а UDP
</ul>
- -<p>All these problems are fixed in the 2.2.19 kernel, and it is highly
- -recommend that you upgrade machines to this kernel.
+<p>Ð?Ñ?е Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в Ñ?дÑ?е 2.2.19, наÑ?Ñ?оÑ?Ñ?елÑ?но Ñ?екомендÑ?еÑ?Ñ?Ñ?
+обновиÑ?Ñ? ваÑ?и маÑ?инÑ? до Ñ?Ñ?ой веÑ?Ñ?ии Ñ?дÑ?а.
- -<p>Please note that kernel upgrades are not done automatically. You will
- -have to explicitly tell the packaging system to install the right kernel
- -for your system.
+<p>Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о обновлениÑ? Ñ?дÑ?а не вÑ?полнÑ?Ñ?Ñ?Ñ?Ñ? авÑ?омаÑ?иÑ?еÑ?ки. Ð?ам Ñ?ледÑ?еÑ?
+Ñ?вно Ñ?ообÑ?иÑ?Ñ? Ñ?иÑ?Ñ?еме пакеÑ?ов, какое Ñ?дÑ?о Ñ?ледÑ?еÑ?
+Ñ?Ñ?Ñ?ановиÑ?Ñ? длÑ? ваÑ?ей Ñ?иÑ?Ñ?емÑ?.
</define-tag>
- -<define-tag description>multiple security problems</define-tag>
+<define-tag description>многоÑ?иÑ?леннÑ?е пÑ?облемÑ? безопаÑ?ноÑ?Ñ?и</define-tag>
# do not modify the following line
#include '$(ENGLISHDIR)/security/2001/dsa-047.data'
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXflkdAAoJEF7nbuICFtKlbHQP/RyvI5zw3UW5tAONsycmjE2w
nMoYWztumTYzW2lU4qrDx/C1w5W9wdl/u3OAoaBHvfPB97Pw6M1OiMM6L/cLLxtj
+QVvHhjEtVsyeoOprUceKhe4amrtYxRaD6rmrm4gPYlb+O0YSjRTvhwKJ9JU9xQE
hP09Z6I+xBhyO4D8wVfPqrFpSkwej25N7inEFm9/7WTyskpdWV65bV9fXROjsU6T
XEvUItHHpICwcVEpz+kceoIXcgUpRYxBkZeqi04pnuTMpXfFJoMbXlcxHXaKd6m3
6uwP0NBo94LdTx6nyG+hD8BR6mupgQE+mdqHh0P/VFaqSbwR9FNz+0JLtZOUKbXa
NbgWY0S7Q8rwd+YPkTZhFCMfk2AYtpW9UXrLUJ+quYc+gldYwb4bmJDpOtv2+nEY
pDnSUFNrCZdNyBpoWCGT4j9k0KoFKkd/+QrCfUbZYSEO6PFVYcc477sCfzt0JeCg
IPuY5RAOkT4qQBTaiHbJrFKw9hxgZw8CETtbL4mN27h95KzrIjuFCMMsxWTRrvjG
tYnlhx/JNN6TD97myQKiRy5yPD9DYIFXwxb4DUCXucNBS81cwbW4QX9+HlPPENhA
76C4JugpnDDSwbSjpN0pVQ7kWn3n3+2h+/88Z8gnFi5wvjJfQ8HAFG17ojv5pzQK
j7dZBxT0lgg+1/kzdVOz
=9kCR
-----END PGP SIGNATURE-----
Reply to: