[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2001/dsa-04{7,3}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2001/dsa-043.wml	2004-12-13 05:20:29.000000000 +0500
+++ russian/security/2001/dsa-043.wml	2016-07-07 18:28:58.426964407 +0500
@@ -1,50 +1,51 @@
- -<define-tag moreinfo>This advisory covers several vulnerabilities in Zope that
- -have been addressed.
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
+<define-tag moreinfo>Ð?аннаÑ? Ñ?екомендаÑ?иÑ? покÑ?Ñ?ваеÑ? неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей в Zope,
+коÑ?оÑ?Ñ?е бÑ?ли Ñ?еÑ?енÑ?.
 
 <dl>
- -<dt>Hotfix 08_09_2000 "Zope security alert and hotfix product"
+<dt>Ð?Ñ?пÑ?авление 08_09_2000 "Ð?Ñ?едÑ?пÑ?еждение безопаÑ?ноÑ?Ñ?и Zope и иÑ?пÑ?авление"
 <dd>
- -    The issue involves the fact that the getRoles method of user objects
- -    contained in the default UserFolder implementation returns a mutable
- -    Python type.  Because the mutable object is still associated with
- -    the persistent User object, users with the ability to edit DTML
- -    could arrange to give themselves extra roles for the duration of a
- -    single request by mutating the roles list as a part of the request
- -    processing.
+    ЭÑ?а пÑ?облема каÑ?аеÑ?Ñ?Ñ? Ñ?ого Ñ?акÑ?а, Ñ?Ñ?о меÑ?од getRoles полÑ?зоваÑ?елÑ?Ñ?киÑ? обÑ?екÑ?ов,
+    Ñ?одеÑ?жаÑ?иÑ?Ñ?Ñ? в Ñ?еализаÑ?ии UserFolder по Ñ?молÑ?аниÑ?, возвÑ?аÑ?аеÑ? изменÑ?емÑ?й
+    Ñ?ип Ñ?зÑ?ка Python.  Ð?оÑ?колÑ?кÑ? изменÑ?емÑ?й обÑ?екÑ? вÑ?Ñ? еÑ?Ñ? аÑ?Ñ?оÑ?ииÑ?Ñ?еÑ?Ñ?Ñ? Ñ?
+    поÑ?Ñ?оÑ?ннÑ?м обÑ?екÑ?ом User, полÑ?зоваÑ?ели, Ñ?поÑ?обнÑ?е Ñ?едакÑ?иÑ?оваÑ?Ñ? DTML,
+    могÑ?Ñ? вÑ?даÑ?Ñ? Ñ?ебе дополниÑ?елÑ?нÑ?е Ñ?оли на вÑ?емÑ?
+    одного запÑ?оÑ?а, изменÑ?Ñ? Ñ?пиÑ?ок Ñ?олей в каÑ?еÑ?Ñ?ве Ñ?аÑ?Ñ?и обÑ?абоÑ?ки
+    запÑ?оÑ?а.
 
- -<dt>Hotfix 2000-10-02 "ZPublisher security update"
+<dt>Ð?Ñ?пÑ?авление 2000-10-02 "Ð?бновление безопаÑ?ноÑ?Ñ?и ZPublisher"
 <dd>
- -    It is sometimes possible to access, through a URL only, objects
- -    protected by a role which the user has in some context, but not in
- -    the context of the accessed object.
+    Ð?ногда можно полÑ?Ñ?иÑ?Ñ? доÑ?Ñ?Ñ?п (Ñ?олÑ?ко Ñ?еÑ?ез URL) к обÑ?екÑ?ам,
+    заÑ?иÑ?Ñ?ннÑ?м Ñ?олÑ?Ñ?, коÑ?оÑ?Ñ?Ñ? полÑ?зоваÑ?елÑ? имееÑ? в некоÑ?оÑ?ом конÑ?екÑ?Ñ?е, но не в
+    конÑ?екÑ?Ñ?е обÑ?екÑ?а, к коÑ?оÑ?омÑ? вÑ?полнÑ?еÑ?Ñ?Ñ? доÑ?Ñ?Ñ?п.
 
- -<dt>Hotfix 2000-10-11 "ObjectManager subscripting"
+<dt>Hotfix 2000-10-11 "Ð?ндекÑ?аÑ?иÑ? ObjectManager"
 <dd>
- -    The issue involves the fact that the 'subscript notation' that can
- -    be used to access items of ObjectManagers (Folders) did not
- -    correctly restrict return values to only actual sub items.  This
- -    made it possible to access names that should be private from DTML
- -    (objects with names beginning with the underscore '_' character).
- -    This could allow DTML authors to see private implementation data
- -    structures and in certain cases possibly call methods that they
- -    shouldn't have access to from DTML.
+    ЭÑ?а пÑ?облема каÑ?аеÑ?Ñ?Ñ? Ñ?ого Ñ?акÑ?а, Ñ?Ñ?о 'ноÑ?аÑ?иÑ? индекÑ?а', коÑ?оÑ?аÑ?
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? доÑ?Ñ?Ñ?па к ObjectManagers (Folders), непÑ?авилÑ?но
+    огÑ?аниÑ?иваеÑ? возвÑ?аÑ?аемÑ?е знаÑ?ениÑ? Ñ?олÑ?ко Ñ?акÑ?иÑ?еÑ?кими подпÑ?нкÑ?ами.  ЭÑ?о
+    позволÑ?еÑ? полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к именам, коÑ?оÑ?Ñ?е должнÑ? бÑ?Ñ?Ñ? закÑ?Ñ?Ñ?Ñ? из DTML
+    (обÑ?екÑ?Ñ? Ñ? именами, наÑ?инаÑ?Ñ?имиÑ?Ñ? Ñ? Ñ?имвола подÑ?Ñ?Ñ?киваниÑ?, '_').
+    ЭÑ?о позволÑ?еÑ? авÑ?оÑ?ам DTML пÑ?оÑ?маÑ?Ñ?иваÑ?Ñ? закÑ?Ñ?Ñ?Ñ?Ñ? Ñ?еализаÑ?иÑ? Ñ?Ñ?Ñ?Ñ?кÑ?Ñ?Ñ?
+    даннÑ?Ñ?, а в некоÑ?оÑ?Ñ?Ñ? Ñ?лÑ?Ñ?аÑ?Ñ? вÑ?зÑ?ваÑ?Ñ? меÑ?одÑ?, к коÑ?оÑ?Ñ?м они не
+    должнÑ? имеÑ?Ñ? доÑ?Ñ?Ñ?па из DTML.
 
- -<dt>Hotfix 2001-02-23 "Class attribute access"
+<dt>Hotfix 2001-02-23 "Ð?оÑ?Ñ?Ñ?п к аÑ?Ñ?ибÑ?Ñ?Ñ? клаÑ?Ñ?а"
 <dd>
- -    The issue is related to ZClasses in that a user with through-the-web
- -    scripting capabilities on a Zope site can view and assign class
- -    attributes to ZClasses, possibly allowing them to make inappropriate
- -    changes to ZClass instances.
+    ЭÑ?а пÑ?облема Ñ?вÑ?зана Ñ? ZClass, в коÑ?оÑ?Ñ?Ñ? полÑ?зоваÑ?елÑ?, Ñ?поÑ?обнÑ?й Ñ?еÑ?ез веб
+    вÑ?полниÑ?Ñ? Ñ?кÑ?ипÑ?инг на Ñ?айÑ?е Zope, можеÑ? пÑ?оÑ?маÑ?Ñ?иваÑ?Ñ? и пÑ?иÑ?ваиваÑ?Ñ? ZClass
+    аÑ?Ñ?ибÑ?Ñ?Ñ? клаÑ?Ñ?а, Ñ?Ñ?о можеÑ? позволиÑ?Ñ? емÑ? внеÑ?Ñ?и недопÑ?Ñ?Ñ?имÑ?е изменениÑ?
+    в обÑ?азÑ?Ñ? ZClass.
     <br>
- -    A second part fixes problems in the ObjectManager, PropertyManager,
- -    and PropertySheet classes related to mutability of method return
- -    values which could be perceived as a security problem.
+    Ð?Ñ?оÑ?аÑ? Ñ?аÑ?Ñ?Ñ? иÑ?пÑ?авлÑ?еÑ? пÑ?облемÑ? в клаÑ?Ñ?аÑ? ObjectManager, PropertyManager
+    и PropertySheet, Ñ?вÑ?заннÑ?е Ñ? изменением возвÑ?аÑ?аемÑ?Ñ? меÑ?одом
+    знаÑ?ений, Ñ?Ñ?о Ñ?Ñ?иÑ?аеÑ?Ñ?Ñ? пÑ?облемой безопаÑ?ноÑ?Ñ?и.
 </dl>
 
- -These fixes are included in zope 2.1.6-7 for Debian 2.2 (potato). We recommend
- -you upgrade your zope package immediately.
+ЭÑ?и иÑ?пÑ?авлениÑ? вклÑ?Ñ?енÑ? в пакеÑ? zope веÑ?Ñ?ии 2.1.6-7 длÑ? Debian 2.2 (potato). РекомендÑ?еÑ?Ñ?Ñ?
+как можно Ñ?коÑ?ее обновиÑ?Ñ? пакеÑ? zope.
 </define-tag>
- -<define-tag description>remote exploit</define-tag>
+<define-tag description>Ñ?далÑ?ннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?</define-tag>
 
 # do not modify the following line
 #include '$(ENGLISHDIR)/security/2001/dsa-043.data'
- --- english/security/2001/dsa-047.wml	2002-08-21 14:18:26.000000000 +0600
+++ russian/security/2001/dsa-047.wml	2016-07-07 18:15:41.860704500 +0500
@@ -1,42 +1,43 @@
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
 <define-tag moreinfo>
- -The kernels used in Debian GNU/Linux 2.2 have been found to have 
- -multiple security problems. This is a list of problems based 
- -on the 2.2.19 release notes as found on <a href="http://www.linux.org.uk/";>
+Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?дÑ?а, иÑ?полÑ?зÑ?емÑ?е в Debian GNU/Linux 2.2, Ñ?одеÑ?жаÑ?
+многоÑ?иÑ?леннÑ?е пÑ?облемÑ? безопаÑ?ноÑ?Ñ?и. Ð?иже пÑ?иводиÑ?Ñ?Ñ? Ñ?пиÑ?ок пÑ?облем, коÑ?оÑ?Ñ?й
+оÑ?новÑ?ваеÑ?Ñ?Ñ? на инÑ?оÑ?маÑ?ии о вÑ?пÑ?Ñ?ке веÑ?Ñ?ии 2.2.19 Ñ? <a href="http://www.linux.org.uk/";>
 http://www.linux.org.uk/</a>:
 
 <ul>
- -<li>binfmt_misc used user pages directly
- -<li>the CPIA driver had an off-by-one error in the buffer code which made
- -  it possible for users to write into kernel memory
- -<li>the CPUID and MSR drivers had a problem in the module unloading code
- -  which could cause a system crash if they were set to automatically load
- -  and unload (please note that Debian does not automatically unload kernel
- -  modules)
- -<li>There was a possible hang in the classifier code
- -<li>The getsockopt and setsockopt system calls did not handle sign bits
- -  correctly which made a local DoS and other attacks possible
- -<li>The sysctl system call did not handle sign bits correctly which allowed
- -  a user to write in kernel memory
- -<li>ptrace/exec races that could give a local user extra privileges
- -<li>possible abuse of a boundary case in the sockfilter code
- -<li>SYSV shared memory code could overwrite recently freed memory which might
- -  cause problems
- -<li>The packet length checks in the masquerading code were a bit lax
- -  (probably not exploitable)
- -<li>Some x86 assembly bugs caused the wrong number of bytes to be copied.
- -<li>A local user could deadlock the kernel due to bugs in the UDP port
- -  allocation.
+<li>binfmt_misc напÑ?Ñ?мÑ?Ñ? иÑ?полÑ?зÑ?еÑ? полÑ?зоваÑ?елÑ?Ñ?кие Ñ?Ñ?Ñ?аниÑ?Ñ?
+<li>Ð?Ñ?айвеÑ? CPIA Ñ?одеÑ?жиÑ? оÑ?ибкÑ? на единиÑ?Ñ? в коде бÑ?Ñ?еÑ?а, коÑ?оÑ?аÑ? позволÑ?еÑ?
+  полÑ?зоваÑ?елÑ?м вÑ?полнÑ?Ñ?Ñ? запиÑ?Ñ? в памÑ?Ñ?Ñ? Ñ?дÑ?а
+<li>Ð?Ñ?айвеÑ?Ñ? CPUID и MSR Ñ?одеÑ?жаÑ? пÑ?облемÑ? в коде вÑ?гÑ?Ñ?зки модÑ?лÑ?,
+  коÑ?оÑ?аÑ? можеÑ? пÑ?иводиÑ?Ñ? к аваÑ?ийной оÑ?Ñ?ановке Ñ?иÑ?Ñ?емÑ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли модÑ?ли авÑ?омаÑ?иÑ?еÑ?ки
+  загÑ?Ñ?жаÑ?Ñ?Ñ?Ñ? и вÑ?гÑ?Ñ?жаÑ?Ñ?Ñ?Ñ? (замеÑ?Ñ?Ñ?е, Ñ?Ñ?о в Debian модÑ?ли Ñ?дÑ?а авÑ?омаÑ?иÑ?еÑ?ки
+  не вÑ?гÑ?Ñ?жаÑ?Ñ?Ñ?Ñ?)
+<li>Ð?озможное завиÑ?ание в коде клаÑ?Ñ?иÑ?икаÑ?оÑ?а
+<li>СиÑ?Ñ?емнÑ?е вÑ?зовÑ? getsockopt и setsockopt непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваÑ?Ñ? знаковÑ?е
+  Ñ?азÑ?Ñ?дÑ?, Ñ?Ñ?о позволÑ?еÑ? вÑ?зÑ?ваÑ?Ñ? локалÑ?нÑ?й оÑ?каз в обÑ?лÑ?живании и вÑ?полнÑ?Ñ?Ñ? дÑ?Ñ?гие аÑ?аки
+<li>СиÑ?Ñ?емнÑ?й вÑ?зов sysctl непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? знаковÑ?е Ñ?азÑ?Ñ?дÑ?, Ñ?Ñ?о позволÑ?еÑ?
+  полÑ?зоваÑ?елÑ? вÑ?полнÑ?Ñ?Ñ? запиÑ?Ñ? в памÑ?Ñ?Ñ? Ñ?дÑ?а
+<li>СоÑ?Ñ?оÑ?ние гонки в ptrace/exec, позволÑ?Ñ?Ñ?ее локалÑ?номÑ? полÑ?зоваÑ?елÑ? полÑ?Ñ?аÑ?Ñ? дополниÑ?елÑ?нÑ?е пÑ?ивилегии
+<li>Ð?озможное некоÑ?Ñ?екÑ?ное иÑ?полÑ?зование гÑ?аниÑ?ного Ñ?лÑ?Ñ?аÑ? в коде sockfilter
+<li>Ð?од Ñ?азделÑ?емой памÑ?Ñ?и SYSV можеÑ? вÑ?полнÑ?Ñ?Ñ? пеÑ?езапиÑ?Ñ? недавно оÑ?вобождÑ?нной памÑ?Ñ?и, Ñ?Ñ?о можеÑ?
+  вÑ?зÑ?ваÑ?Ñ? пÑ?облемÑ?
+<li>Ð?Ñ?овеÑ?ки длинÑ? пакеÑ?а в коде маÑ?каÑ?адинга Ñ?лиÑ?ком Ñ?лабÑ?
+  (возможно, Ñ?Ñ?Ñ? пÑ?облемÑ? нелÑ?зÑ? иÑ?полÑ?зоваÑ?Ñ?)
+<li>Ð?екоÑ?оÑ?Ñ?е оÑ?ибки в аÑ?Ñ?емблеÑ?ном коде x86 пÑ?иводÑ?Ñ? к копиÑ?ованиÑ? непÑ?авилÑ?ного Ñ?иÑ?ла байÑ?
+<li>Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? вÑ?зваÑ?Ñ? блокиÑ?овкÑ? Ñ?дÑ?а из-за оÑ?ибок в коде вÑ?делениÑ?
+  поÑ?Ñ?а UDP
 </ul>
 
- -<p>All these problems are fixed in the 2.2.19 kernel, and it is highly
- -recommend that you upgrade machines to this kernel.
+<p>Ð?Ñ?е Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в Ñ?дÑ?е 2.2.19, наÑ?Ñ?оÑ?Ñ?елÑ?но Ñ?екомендÑ?еÑ?Ñ?Ñ?
+обновиÑ?Ñ? ваÑ?и маÑ?инÑ? до Ñ?Ñ?ой веÑ?Ñ?ии Ñ?дÑ?а.
 
- -<p>Please note that kernel upgrades are not done automatically. You will
- -have to explicitly tell the packaging system to install the right kernel
- -for your system.
+<p>Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о обновлениÑ? Ñ?дÑ?а не вÑ?полнÑ?Ñ?Ñ?Ñ?Ñ? авÑ?омаÑ?иÑ?еÑ?ки. Ð?ам Ñ?ледÑ?еÑ?
+Ñ?вно Ñ?ообÑ?иÑ?Ñ? Ñ?иÑ?Ñ?еме пакеÑ?ов, какое Ñ?дÑ?о Ñ?ледÑ?еÑ?
+Ñ?Ñ?Ñ?ановиÑ?Ñ? длÑ? ваÑ?ей Ñ?иÑ?Ñ?емÑ?.
 
 </define-tag>
- -<define-tag description>multiple security problems</define-tag>
+<define-tag description>многоÑ?иÑ?леннÑ?е пÑ?облемÑ? безопаÑ?ноÑ?Ñ?и</define-tag>
 
 # do not modify the following line
 #include '$(ENGLISHDIR)/security/2001/dsa-047.data'
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXflkdAAoJEF7nbuICFtKlbHQP/RyvI5zw3UW5tAONsycmjE2w
nMoYWztumTYzW2lU4qrDx/C1w5W9wdl/u3OAoaBHvfPB97Pw6M1OiMM6L/cLLxtj
+QVvHhjEtVsyeoOprUceKhe4amrtYxRaD6rmrm4gPYlb+O0YSjRTvhwKJ9JU9xQE
hP09Z6I+xBhyO4D8wVfPqrFpSkwej25N7inEFm9/7WTyskpdWV65bV9fXROjsU6T
XEvUItHHpICwcVEpz+kceoIXcgUpRYxBkZeqi04pnuTMpXfFJoMbXlcxHXaKd6m3
6uwP0NBo94LdTx6nyG+hD8BR6mupgQE+mdqHh0P/VFaqSbwR9FNz+0JLtZOUKbXa
NbgWY0S7Q8rwd+YPkTZhFCMfk2AYtpW9UXrLUJ+quYc+gldYwb4bmJDpOtv2+nEY
pDnSUFNrCZdNyBpoWCGT4j9k0KoFKkd/+QrCfUbZYSEO6PFVYcc477sCfzt0JeCg
IPuY5RAOkT4qQBTaiHbJrFKw9hxgZw8CETtbL4mN27h95KzrIjuFCMMsxWTRrvjG
tYnlhx/JNN6TD97myQKiRy5yPD9DYIFXwxb4DUCXucNBS81cwbW4QX9+HlPPENhA
76C4JugpnDDSwbSjpN0pVQ7kWn3n3+2h+/88Z8gnFi5wvjJfQ8HAFG17ojv5pzQK
j7dZBxT0lgg+1/kzdVOz
=9kCR
-----END PGP SIGNATURE-----
Reply to: