[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2016/dsa-3659.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dsa-3659.wml	2016-09-04 23:47:34.000000000 +0500
+++ russian/security/2016/dsa-3659.wml	2016-09-05 00:03:27.476157839 +0500
@@ -1,63 +1,64 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or have other
- -impacts.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или имеÑ?Ñ? дÑ?Ñ?гое
+воздейÑ?Ñ?вие.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5696";>CVE-2016-5696</a>
 
- -    <p>Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V.
- -    Krishnamurthy of the University of California, Riverside; and Lisa
- -    M. Marvel of the United States Army Research Laboratory discovered
- -    that Linux's implementation of the TCP Challenge ACK feature
- -    results in a side channel that can be used to find TCP connections
- -    between specific IP addresses, and to inject messages into those
- -    connections.</p>
- -
- -    <p>Where a service is made available through TCP, this may allow
- -    remote attackers to impersonate another connected user to the
- -    server or to impersonate the server to another connected user.  In
- -    case the service uses a protocol with message authentication
- -    (e.g. TLS or SSH), this vulnerability only allows denial of
- -    service (connection failure).  An attack takes tens of seconds, so
- -    short-lived TCP connections are also unlikely to be vulnerable.</p>
+    <p>ЮÑ? Цао, ЧжиÑ?нÑ? ЦÑ?нÑ?, ЧжÑ?нÑ?зе Ð?ан, ТÑ?анÑ? Ð?ао и ШÑ?иканÑ?
+    Ð?Ñ?иÑ?намÑ?Ñ?Ñ?и из Ð?алиÑ?оÑ?нийÑ?кого Ñ?нивеÑ?Ñ?иÑ?еÑ?а, РивеÑ?Ñ?айд; а Ñ?акже Ð?иза
+    Ð?аÑ?вел из иÑ?Ñ?ледоваÑ?елÑ?Ñ?кой лабоÑ?аÑ?оÑ?ии аÑ?мии СШÐ? обнаÑ?Ñ?жили,
+    Ñ?Ñ?о Ñ?еализаÑ?иÑ? TCP Challenge ACK в Linux пÑ?иводиÑ? к
+    возникновениÑ? Ñ?Ñ?оÑ?оннего канала, коÑ?оÑ?Ñ?й можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? обнаÑ?Ñ?жениÑ?
+    TCP-Ñ?оединений междÑ? конкÑ?еÑ?нÑ?ми IP адÑ?еÑ?ами и длÑ? ввода Ñ?ообÑ?ений в Ñ?Ñ?и
+    Ñ?оединениÑ?.</p>
+
+    <p>Ð?Ñ?ли Ñ?лÑ?жба доÑ?Ñ?Ñ?пна Ñ?еÑ?ез TCP, Ñ?о Ñ?Ñ?о можеÑ? позволиÑ?Ñ?
+    Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?даÑ?Ñ? Ñ?ебÑ? за дÑ?Ñ?гого подклÑ?Ñ?Ñ?нного к Ñ?еÑ?веÑ?Ñ?
+    полÑ?зоваÑ?елÑ? или вÑ?даÑ?Ñ? Ñ?ебÑ? за Ñ?еÑ?веÑ? длÑ? дÑ?Ñ?гого подклÑ?Ñ?Ñ?нного полÑ?зоваÑ?елÑ?.  Ð?
+    Ñ?лÑ?Ñ?ае, еÑ?ли Ñ?лÑ?жба иÑ?полÑ?зÑ?еÑ? пÑ?оÑ?окол Ñ? аÑ?Ñ?енÑ?иÑ?икаÑ?ией Ñ?ообÑ?ений
+    (напÑ?имеÑ?, TLS или SSH), Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? позволÑ?еÑ? вÑ?зÑ?ваÑ?Ñ? Ñ?олÑ?ко оÑ?каз
+    в обÑ?лÑ?живании (оÑ?ибка Ñ?оединениÑ?).  Ð?лÑ? пÑ?оведениÑ? аÑ?аки Ñ?Ñ?ебÑ?Ñ?Ñ?Ñ?Ñ? деÑ?Ñ?Ñ?ки Ñ?екÑ?нд,
+    поÑ?Ñ?омÑ? кÑ?аÑ?коÑ?Ñ?оÑ?нÑ?е TCP-Ñ?оединениÑ? вÑ?Ñ?д ли Ñ?Ñ?звимÑ?.</p>
 
- -    <p>This may be mitigated by increasing the rate limit for TCP
- -    Challenge ACKs so that it is never exceeded:
+    <p>ЭÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? можно вÑ?еменно Ñ?еÑ?иÑ?Ñ? пÑ?Ñ?Ñ?м Ñ?велиÑ?ениÑ? огÑ?аниÑ?ениÑ? Ñ?коÑ?оÑ?Ñ?и длÑ? TCP
+    Challenge ACK Ñ?ак, Ñ?Ñ?обÑ? он никогда не бÑ?л пÑ?евÑ?Ñ?ен:
     sysctl net.ipv4.tcp_challenge_ack_limit=1000000000</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6136";>CVE-2016-6136</a>
 
- -    <p>Pengfei Wang discovered that the audit subsystem has a
- -    'double-fetch' or <q>TOCTTOU</q> bug in its handling of special
- -    characters in the name of an executable.  Where audit logging of
- -    execve() is enabled, this allows a local user to generate
- -    misleading log messages.</p></li>
+    <p>Ð?Ñ?нÑ?Ñ?й Ð?ан обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема audit Ñ?одеÑ?жиÑ? оÑ?ибкÑ?
+    'двойной-загÑ?Ñ?зки' или <q>TOCTTOU</q> в коде обÑ?абоÑ?ки Ñ?пеÑ?иалÑ?нÑ?Ñ?
+    Ñ?имволов в имени иÑ?полнÑ?емÑ?Ñ? Ñ?айлов.  Ð?Ñ?ли вклÑ?Ñ?ено жÑ?Ñ?налиÑ?ование
+    execve(), Ñ?о Ñ?Ñ?о позволÑ?еÑ? локалÑ?номÑ? полÑ?зоваÑ?елÑ? Ñ?оздаваÑ?Ñ?
+    обманнÑ?е Ñ?ообÑ?ениÑ? жÑ?Ñ?нала.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6480";>CVE-2016-6480</a>
 
- -    <p>Pengfei Wang discovered that the aacraid driver for Adaptec RAID
- -    controllers has a 'double-fetch' or <q>TOCTTOU</q> bug in its
- -    validation of <q>FIB</q> messages passed through the ioctl() system
- -    call.  This has no practical security impact in current Debian
- -    releases.</p></li>
+    <p>Ð?Ñ?нÑ?Ñ?Ñ? Ð?ан обнаÑ?Ñ?жил, Ñ?Ñ?о дÑ?айвеÑ? aacraid длÑ? конÑ?Ñ?оллеÑ?ов Adaptec RAID
+    Ñ?одеÑ?жиÑ? оÑ?ибкÑ? 'двойной-загÑ?Ñ?зки' или <q>TOCTTOU</q> в коде
+    пÑ?овеÑ?ки Ñ?ообÑ?ений <q>FIB</q>, пеÑ?едаваемÑ?Ñ? Ñ?еÑ?ез Ñ?иÑ?Ñ?емнÑ?й вÑ?зов
+    ioctl().  ЭÑ?а оÑ?ибка не имееÑ? пÑ?акÑ?иÑ?еÑ?киÑ? Ñ?ледÑ?Ñ?вий длÑ? безопаÑ?ноÑ?Ñ?и в Ñ?екÑ?Ñ?иÑ?
+    вÑ?пÑ?Ñ?каÑ? Debian.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6828";>CVE-2016-6828</a>
 
- -    <p>Marco Grassi reported a 'use-after-free' bug in the TCP
- -    implementation, which can be triggered by local users.  The
- -    security impact is unclear, but might include denial of service or
- -    privilege escalation.</p></li>
+    <p>Ð?аÑ?ко Ð?Ñ?аÑ?Ñ?и Ñ?ообÑ?ил об иÑ?полÑ?зовании Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и в Ñ?еализаÑ?ии
+    TCP, коÑ?оÑ?ое можеÑ? бÑ?Ñ?Ñ? вÑ?звано локалÑ?нÑ?ми полÑ?зоваÑ?елÑ?ми.  Ð?лиÑ?ние
+    Ñ?Ñ?ой оÑ?ибки на безопаÑ?ноÑ?Ñ?Ñ? не Ñ?Ñ?но, но оно можеÑ? вклÑ?Ñ?аÑ?Ñ? в Ñ?ебÑ? оÑ?каз в обÑ?лÑ?живании или
+    повÑ?Ñ?ение пÑ?ивилегий.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 3.16.36-1+deb8u1. In addition, this update contains several
- -changes originally targeted for the upcoming jessie point release.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.16.36-1+deb8u1. Ð?Ñ?оме Ñ?ого, данное обновление Ñ?одеÑ?жиÑ? неÑ?колÑ?ко
+изменений, коÑ?оÑ?Ñ?е изнаÑ?алÑ?но пÑ?едназнаÑ?алиÑ?Ñ? длÑ? гоÑ?овÑ?Ñ?ейÑ?Ñ? Ñ?едакÑ?ии jessie.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXzHAhAAoJEF7nbuICFtKl7TwP+QHVgxuTIFOZGQ6dVfGGLZ5F
/iFsmSN8fap6xJ27c94t+/1lkoo38Bv+UK7Z4UKOv0CR/49Sma5FB6I0FaKRi/lG
gOY8kU3NIVazpNuMy+PHCNZa5JuOU0oCohksKIa1UY0S36bemWIH8adlr0f51Lif
ph9fg4t3FVfl4/p0YEtkOmyBW8nFKTdhizig3eidP/Jx7NQI/Xra0rB9RxVy1oZZ
pUX4X4vpFK31mL0WPwULeYXib89nf+QGamLP602pRglVb9mofel3m8/Z+SmY3crU
TvlRt9aH6VchQxzrz3aZ0QNyP2hM3FyoORBrgDCZV/nggN4YDF/o551wVrn9eHD0
aWDYCSnpa9+wPycv22uEcVBNfahBQQiW+uezY1kNjcjR7zPBgLlHD5li/+lCXhX5
OCJRRN0t1e58KAffS1MHAfsZKtGt1hvoJzlF+91K38Rb6CERVnZg+xSWq/ESxz5n
TS7ROlLNCc7k05f7qcBMrmtIQNC5HX36SYDEAs4kZATxzUC2orDJxMiYXdqqpyL/
i1BpRUogN3ba8PFX9/QZ/lnyD8Mk7PvmAQR8y538ih09G3QvFJThxSlQ3gp1UeLR
NHQd2pMOAI0RSELczFcsBmhnZ5Xl8M8CJAQ1DdM4iWYrgAzLTNyewiDey0c6u57/
uO8Qt7GoZG9G7lKiYeaa
=vok2
-----END PGP SIGNATURE-----
Reply to: