[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2008/dsa-16{80,70,05}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2008/dsa-1605.wml	2008-07-21 00:52:34.000000000 +0600
+++ russian/security/2008/dsa-1605.wml	2016-07-08 16:29:42.678335400 +0500
@@ -1,27 +1,28 @@
- -<define-tag description>DNS cache poisoning</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>оÑ?Ñ?авление кеÑ?а DNS</define-tag>
 <define-tag moreinfo>
 
- -<p>Dan Kaminsky discovered that properties inherent to the DNS protocol
- -lead to practical DNS spoofing and cache poisoning attacks.  Among
- -other things, successful attacks can lead to misdirected web traffic
- -and email rerouting.</p>
- -
- -<p>At this time, it is not possible to implement the recommended
- -countermeasures in the GNU libc stub resolver.  The following
- -workarounds are available:</p>
- -
- -<p>1. Install a local BIND 9 resolver on the host, possibly in
- -forward-only mode.  BIND 9 will then use source port randomization
- -when sending queries over the network.  (Other caching resolvers can
- -be used instead.)</p>
- -
- -<p>2. Rely on IP address spoofing protection if available.  Successful
- -attacks must spoof the address of one of the resolvers, which may not
- -be possible if the network is guarded properly against IP spoofing
- -attacks (both from internal and external sources).</p>
+<p>Ð?Ñ?н Ð?аминÑ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?обÑ?Ñ?веннÑ?е Ñ?войÑ?Ñ?ва пÑ?оÑ?окола DNS
+пÑ?иводÑ?Ñ? к пÑ?акÑ?иÑ?еÑ?ким аÑ?акам по подделке DNS и оÑ?Ñ?авлениÑ? кеÑ?а. Ð?омимо пÑ?оÑ?его
+Ñ?Ñ?пеÑ?нÑ?е аÑ?аки могÑ?Ñ? пÑ?иводиÑ?Ñ? к непÑ?авилÑ?номÑ? напÑ?авлениÑ? веб-Ñ?Ñ?аÑ?ика и
+Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ?.</p>
+
+<p>Ð? Ñ?Ñ?оÑ? Ñ?аз нелÑ?зÑ? Ñ?еализоваÑ?Ñ? Ñ?екомендÑ?емÑ?е
+конÑ?Ñ?меÑ?Ñ? в Ñ?еÑ?аÑ?еле GNU libc.  Ð?оÑ?Ñ?Ñ?пнÑ?
+Ñ?ледÑ?Ñ?Ñ?ие обÑ?однÑ?е пÑ?Ñ?и:</p>
+
+<p>1. УÑ?Ñ?ановиÑ?Ñ? локалÑ?нÑ?й Ñ?еÑ?аÑ?елÑ? BIND 9 на Ñ?зел, возможно в
+Ñ?ежиме Ñ?еÑ?Ñ?анÑ?лÑ?Ñ?оÑ?а.  BIND 9 бÑ?деÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?лÑ?Ñ?айнÑ?й вÑ?боÑ? поÑ?Ñ?а
+иÑ?Ñ?оÑ?ника пÑ?и оÑ?пÑ?авке запÑ?оÑ?ов по Ñ?еÑ?и.  (Ð?огÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? и дÑ?Ñ?гие
+кеÑ?иÑ?Ñ?Ñ?Ñ?ие Ñ?еÑ?аÑ?ели.)</p>
+
+<p>2. Ð?Ñ?полÑ?зоваÑ?Ñ? (пÑ?и налиÑ?ии) заÑ?иÑ?Ñ? оÑ? подделки IP адÑ?еÑ?а.  УÑ?пеÑ?нÑ?е
+аÑ?аки должнÑ? подделаÑ?Ñ? адÑ?еÑ? одного из Ñ?еÑ?аÑ?елей, Ñ?Ñ?о можеÑ? оказаÑ?Ñ?Ñ?Ñ?
+невозможнÑ?м в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли Ñ?еÑ?Ñ? заÑ?иÑ?ена оÑ? аÑ?ак по подделке
+IP адÑ?еÑ?ов (и Ñ?о Ñ?Ñ?оÑ?онÑ? внÑ?Ñ?Ñ?енниÑ? и Ñ?о Ñ?Ñ?оÑ?онÑ? внеÑ?ниÑ? иÑ?Ñ?оÑ?ников).</p>
 
- -<p>This DSA will be updated when patches for hardening the stub resolver
- -are available.</p>
+<p>Ð?аннаÑ? Ñ?екомендаÑ?иÑ? DSA бÑ?деÑ? обновлена, как Ñ?олÑ?ко бÑ?дÑ?Ñ? доÑ?Ñ?Ñ?пнÑ? заплаÑ?Ñ? длÑ?
+Ñ?Ñ?илениÑ? безопаÑ?ноÑ?Ñ?и Ñ?еÑ?аÑ?елÑ?.</p>
 
 </define-tag>
 
- --- english/security/2008/dsa-1670.wml	2014-04-30 13:16:16.000000000 +0600
+++ russian/security/2008/dsa-1670.wml	2016-07-08 16:23:20.208664710 +0500
@@ -1,30 +1,31 @@
- -<define-tag description>buffer overflows</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнение бÑ?Ñ?еÑ?а</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in Enscript, a converter
- -from ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities
- -and Exposures project identifies the following problems:</p>
+<p>Ð? Enscript, пÑ?огÑ?амме длÑ? пÑ?еобÑ?азованиÑ? ASCII-Ñ?екÑ?Ñ?а в Ñ?оÑ?маÑ?Ñ? Postscript,
+HTML и RTF, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей. Ð?Ñ?оекÑ? Common Vulnerabilities
+and Exposures опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-3863";>CVE-2008-3863</a>
 
- -   <p>Ulf Harnhammer discovered that a buffer overflow may lead to
- -   the execution of arbitrary code.</p></li>
+   <p>УлÑ?Ñ? ХаÑ?нÑ?аммеÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о пеÑ?еполнение бÑ?Ñ?еÑ?а можеÑ? пÑ?иводиÑ?Ñ? к
+   вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-4306";>CVE-2008-4306</a>
 
- -   <p>Kees Cook and Tomas Hoger discovered that several buffer
- -   overflows may lead to the execution of arbitrary code.</p></li>
+   <p>Ð?иÑ? Ð?Ñ?к и ТомаÑ? ХоджеÑ? обнаÑ?Ñ?жили, Ñ?Ñ?о неÑ?колÑ?ко пеÑ?еполнений
+   бÑ?Ñ?еÑ?а могÑ?Ñ? пÑ?иводиÑ?Ñ? к вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (etch), these problems have been fixed in
- -version 1.6.4-11.1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.6.4-11.1.</p>
 
- -<p>For the upcoming stable distribution (lenny) and the unstable
- -distribution (sid), these problems have been fixed in version 1.6.4-13.</p>
+<p>Ð? гоÑ?овÑ?Ñ?емÑ?Ñ? Ñ?Ñ?абилÑ?ном (lenny) и неÑ?Ñ?абилÑ?ном (sid)
+вÑ?пÑ?Ñ?каÑ? Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 1.6.4-13.</p>
 
- -<p>We recommend that you upgrade your enscript package.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? enscript.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2008/dsa-1680.wml	2014-04-30 13:16:16.000000000 +0600
+++ russian/security/2008/dsa-1680.wml	2016-07-08 16:20:05.199903831 +0500
@@ -1,23 +1,24 @@
- -<define-tag description>buffer overflow, stack consumption</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнение бÑ?Ñ?еÑ?а, Ñ?Ñ?езмеÑ?ное поÑ?Ñ?ебление Ñ?Ñ?ека</define-tag>
 <define-tag moreinfo>
- -<p>Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers
- -from an off-by-one-error in its VBA project file processing, leading to
- -a heap-based buffer overflow and potentially arbitrary code execution
+<p>Ð?оÑ?иÑ? Ð?одайÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о ClamAV, анÑ?ивиÑ?Ñ?Ñ?ное Ñ?еÑ?ение, Ñ?одеÑ?жиÑ?
+оÑ?ибкÑ? на единиÑ?Ñ? в коде обÑ?абоÑ?ки пÑ?оекÑ?нÑ?Ñ? Ñ?айлов VBA, коÑ?оÑ?аÑ? пÑ?иводиÑ?
+к пеÑ?еполнение динамиÑ?еÑ?кой памÑ?Ñ?и и поÑ?енÑ?иалÑ?номÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода
 (<a href="https://security-tracker.debian.org/tracker/CVE-2008-5050";>CVE-2008-5050</a>).</p>
 
- -<p>Ilja van Sprundel discovered that ClamAV contains a denial of service
- -condition in its JPEG file processing because it does not limit the
- -recursion depth when processing JPEG thumbnails (<a href="https://security-tracker.debian.org/tracker/CVE-2008-5314";>CVE-2008-5314</a>).</p>
+<p>Ð?лÑ?Ñ? ван ШпÑ?Ñ?нделÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о ClamAV Ñ?одеÑ?жиÑ? оÑ?каз в обÑ?лÑ?живании
+в коде обÑ?абоÑ?ки Ñ?айлов в Ñ?оÑ?маÑ?е JPEG, поÑ?колÑ?кÑ? в нÑ?м не огÑ?аниÑ?иваеÑ?Ñ?Ñ?
+глÑ?бина Ñ?екÑ?Ñ?Ñ?ии пÑ?и обÑ?абоÑ?ке Ñ?айлов пÑ?едваÑ?иÑ?елÑ?нÑ?Ñ? изобÑ?ажений JPEG (<a href="https://security-tracker.debian.org/tracker/CVE-2008-5314";>CVE-2008-5314</a>).</p>
 
- -<p>For the stable distribution (etch), these problems have been fixed in
- -version 0.90.1dfsg-4etch16.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 0.90.1dfsg-4etch16.</p>
 
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 0.94.dfsg.2-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 0.94.dfsg.2-1.</p>
 
- -<p>The testing distribution (lenny) will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?и пÑ?облемÑ? бÑ?дÑ?Ñ? иÑ?пÑ?авленÑ? позже.</p>
 
- -<p>We recommend that you upgrade your clamav packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? clamav.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXf46qAAoJEF7nbuICFtKl4wAP/iwoT8Mqj710qrY+ygZ4CqEf
kd7KjYf3T8XHhouPurBzd8Zk6EcxNaHTsf+1XL14FU8XJ6I6ub2xZs0svPeM+UcH
1dVrRNLSqT9dNAJ1JF44UTesy9O44vAUoinCX5ue9QrGePWAQSampb0VNjJv2/SR
kwyKzSRdHDJSNtNMYYENyWAhQzxbAUqCe8Z4QLN86I2BYtzyY0AFWVSZ8SBBOjdq
WdmAoJ8FO8N43+e6QBmin9Uv71/7XusP2OgOgUdxpBzcfYjsQYBPbteKpDHy64o5
Slzn0WjMDAkS+em8Y19wSXEkj/R2G3WDA2H/myPgu1aMbLmFaz0lj5qE2iIURxK+
hl8k3+doC3KWUpX3KzfdaZRBXR3sUOkoXxkxRuxDZBGet+tHsIQwUlwGVH475Wpu
P0hrE2OFEp+Uhy/e46Ge3O2+aflWBVV0JnMHala1wa/c5Lj7Qo8ehwzdd9+czFVl
IDLJwkiUKRKeTJMVkADvQQra8SHQi0BjTMOslpFlLMzqYPvNvBupp9PpfFWCzloh
KdL342FnckYsIB+Lpa7VDL/brO2ZDe5g51BRIFyGLYd//IvwYLvkOz6TbcAu6fS1
H4igrRnm441iUtb+CLXIL0VtnLB8jwlzmyccnHpHRwNpcugDh/Gj6eIwnp9cuUTr
yIteVRKzl3U/l5MbzEWM
=6JAY
-----END PGP SIGNATURE-----
Reply to: