[DONE] wml://{security/2016/dsa-3627.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dsa-3627.wml 2016-07-24 21:30:02.000000000 +0500
+++ russian/security/2016/dsa-3627.wml 2016-07-24 22:02:02.340490362 +0500
@@ -1,90 +1,91 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been fixed in phpMyAdmin, the web-based
- -MySQL administration interface.</p>
+<p>Ð? phpMyAdmin, веб-инÑ?еÑ?Ñ?ейÑ?е длÑ? админиÑ?Ñ?Ñ?иÑ?ованиÑ? MySQL, бÑ?ло
+обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-1927";>CVE-2016-1927</a>
- - <p>The suggestPassword function relied on a non-secure random number
- - generator which makes it easier for remote attackers to guess
- - generated passwords via a brute-force approach.</p></li>
+ <p>ФÑ?нкÑ?иÑ? suggestPassword иÑ?полÑ?зÑ?еÑ? небезопаÑ?нÑ?й генеÑ?аÑ?оÑ? Ñ?лÑ?Ñ?айнÑ?Ñ?
+ Ñ?иÑ?ел, Ñ?Ñ?о облегÑ?аеÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам подбоÑ?
+ поÑ?ождÑ?ннÑ?Ñ? паÑ?олей Ñ?еÑ?ез пеÑ?ебоÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2039";>CVE-2016-2039</a>
- - <p>CSRF token values were generated by a non-secure random number
- - generator, which allows remote attackers to bypass intended access
- - restrictions by predicting a value.</p></li>
+ <p>Ð?наÑ?ениÑ? Ñ?окена CSRF поÑ?ождаÑ?Ñ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ? небезопаÑ?ного генеÑ?аÑ?оÑ?а
+ Ñ?лÑ?Ñ?айнÑ?Ñ? Ñ?иÑ?ел, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам обÑ?одиÑ?Ñ? огÑ?аниÑ?ениÑ?
+ доÑ?Ñ?Ñ?па пÑ?Ñ?Ñ?м пÑ?едÑ?казаниÑ? знаÑ?ениÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2040";>CVE-2016-2040</a>
- - <p>Multiple cross-site scripting (XSS) vulnerabilities allow remote
- - authenticated users to inject arbitrary web script or HTML.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е Ñ?лÑ?Ñ?ае межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга (XSS) позволÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?м
+ аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?м полÑ?зоваÑ?елÑ?м вводиÑ?Ñ? веб-Ñ?Ñ?енаÑ?ий или код HTML.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2041";>CVE-2016-2041</a>
- - <p>phpMyAdmin does not use a constant-time algorithm for comparing
- - CSRF tokens, which makes it easier for remote attackers to bypass
- - intended access restrictions by measuring time differences.</p></li>
+ <p>phpMyAdmin не иÑ?полÑ?зÑ?еÑ? алгоÑ?иÑ?м поÑ?Ñ?оÑ?нного вÑ?емени длÑ? Ñ?Ñ?авнениÑ?
+ Ñ?окенов CSRF, Ñ?Ñ?о облегÑ?аеÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам обÑ?од
+ огÑ?аниÑ?ений доÑ?Ñ?Ñ?па пÑ?Ñ?Ñ?м измеÑ?ениÑ? Ñ?азниÑ?Ñ? во вÑ?емени.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2560";>CVE-2016-2560</a>
- - <p>Multiple cross-site scripting (XSS) vulnerabilities allow remote
- - attackers to inject arbitrary web script or HTML.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е Ñ?лÑ?Ñ?аи межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга (XSS) позволÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? веб-Ñ?Ñ?енаÑ?ий или код HTML.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2561";>CVE-2016-2561</a>
- - <p>Multiple cross-site scripting (XSS) vulnerabilities allow remote
- - attackers to inject arbitrary web script or HTML.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е Ñ?лÑ?Ñ?аи межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга (XSS) позволÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? веб-Ñ?Ñ?енаÑ?ий или код HTML.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5099";>CVE-2016-5099</a>
- - <p>Multiple cross-site scripting (XSS) vulnerabilities allow remote
- - attackers to inject arbitrary web script or HTML.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е Ñ?лÑ?Ñ?аи межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга (XSS) позволÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? веб-Ñ?Ñ?енаÑ?ий или код HTML.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5701";>CVE-2016-5701</a>
- - <p>For installations running on plain HTTP, phpMyAdmin allows remote
- - attackers to conduct BBCode injection attacks against HTTP sessions
- - via a crafted URI.</p></li>
+ <p>Ð? Ñ?Ñ?Ñ?ановкаÑ?, Ñ?абоÑ?аÑ?Ñ?иÑ? Ñ?еÑ?ез обÑ?Ñ?нÑ?й HTTP, phpMyAdmin позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вÑ?полнÑ?Ñ?Ñ? аÑ?аки по инÑ?екÑ?ии BBCode на Ñ?еÑ?Ñ?ии HTTP
+ Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? URI.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5705";>CVE-2016-5705</a>
- - <p>Multiple cross-site scripting (XSS) vulnerabilities allow remote
- - attackers to inject arbitrary web script or HTML.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е Ñ?лÑ?Ñ?аи межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга (XSS) позволÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? веб-Ñ?Ñ?енаÑ?ий или код HTML.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5706";>CVE-2016-5706</a>
- - <p>phpMyAdmin allows remote attackers to cause a denial of service
- - (resource consumption) via a large array in the scripts parameter.</p></li>
+ <p>phpMyAdmin позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+ (Ñ?Ñ?езмеÑ?ное поÑ?Ñ?ебление Ñ?еÑ?Ñ?Ñ?Ñ?ов) Ñ? помоÑ?Ñ?Ñ? болÑ?Ñ?ого маÑ?Ñ?ива в паÑ?амеÑ?Ñ?е Ñ?Ñ?енаÑ?иÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5731";>CVE-2016-5731</a>
- - <p>A cross-site scripting (XSS) vulnerability allows remote
- - attackers to inject arbitrary web script or HTML.</p></li>
+ <p>Ð?ежÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг (XSS) позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? веб-Ñ?Ñ?енаÑ?ий или код HTML.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5733";>CVE-2016-5733</a>
- - <p>Multiple cross-site scripting (XSS) vulnerabilities allow remote
- - attackers to inject arbitrary web script or HTML.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е Ñ?лÑ?Ñ?аи межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга (XSS) позволÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? веб-Ñ?Ñ?енаÑ?ий или код HTML.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5739";>CVE-2016-5739</a>
- - <p>A specially crafted Transformation could leak information which
- - a remote attacker could use to perform cross site request forgeries.</p></li>
+ <p>СпеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?е Ñ?Ñ?анÑ?Ñ?оÑ?маÑ?ии могÑ?Ñ? пÑ?иводиÑ?Ñ? к Ñ?Ñ?еÑ?ке инÑ?оÑ?маÑ?ии,
+ коÑ?оÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? длÑ? подделки межÑ?айÑ?овÑ?Ñ? запÑ?оÑ?ов.</p></li>
</ul>
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 4:4.2.12-2+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4:4.2.12-2+deb8u2.</p>
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 4:4.6.3-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4:4.6.3-1.</p>
- -<p>We recommend that you upgrade your phpmyadmin packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? phpmyadmin.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2016/dsa-3627.data"
- -# $Id: dsa-3627.wml,v 1.2 2016/07/24 16:30:02 dogsleg Exp $
+# $Id: dsa-3627.wml,v 1.1 2016/07/24 16:22:17 dogsleg Exp $
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXlPShAAoJEF7nbuICFtKl+AwP/iWndqrEXiXbJLjSvg+0ClMR
AoUIau6tQtl37RmzL8c+As9OY6p2CTxkSZMelY+BBez6BW3JxDoQ7T/GSi+9vJVN
yWJa5XsqUVS8Jys2f3wJTaiAAD+MTFy7m6ioK24fAAcOXAX3aZQygy1TTRNLRUKh
n/dIaOrPRKrL4reT3dLauNvk4ykHyZ8ff+eLgjruk0PsMwQNdua6IFB7mahjbFA4
8G9i664dCMK1fc3aSL52JJOtX5gYEvzxzdZ5Kv1I04STiCQQcxXD71llsG981dLU
4FtvpYnNAfGlONWP5tdZAvdhag3L+3lcSGu4N2/Luw1zOSK3Ra4i6qYv8SjrN4bv
7EUOPcqrNK//Skqls5eELCMHCiExZGIo5n+cVsfkNzeCnPK67wyEQL0xJLY+W4g8
kBFu7GmP+DS5Bfr699r6uK+Ngp9uXM8TFRGkU3CD4pen3BXebPTK+dApOoGrgWme
Qad1IyG8ctj4WOJvbzBk6FDhrLBESR4eORLZNnLP3PjgmvMBdUzb9Mi1xEicSLs8
ROI7NwoGnZfdQqs/nlLjzkpUJAawSDUunIiFMiCZ9+MzwzD3vRWO6CwAMSpQH/ie
25xydXT+KZtfrvIz+p86rZJxiNNcfOLUc6cGgNtRPy4bFVzZuiQ7ONtoA5O1YHXZ
y9SICsVXQJwy3rfHWsMG
=ywuk
-----END PGP SIGNATURE-----
Reply to: