[DONE] wml://{security/2016/dsa-3659.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dsa-3659.wml 2016-09-04 23:47:34.000000000 +0500
+++ russian/security/2016/dsa-3659.wml 2016-09-05 00:03:27.476157839 +0500
@@ -1,63 +1,64 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or have other
- -impacts.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или имеÑ?Ñ? дÑ?Ñ?гое
+воздейÑ?Ñ?вие.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5696">CVE-2016-5696</a>
- - <p>Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V.
- - Krishnamurthy of the University of California, Riverside; and Lisa
- - M. Marvel of the United States Army Research Laboratory discovered
- - that Linux's implementation of the TCP Challenge ACK feature
- - results in a side channel that can be used to find TCP connections
- - between specific IP addresses, and to inject messages into those
- - connections.</p>
- -
- - <p>Where a service is made available through TCP, this may allow
- - remote attackers to impersonate another connected user to the
- - server or to impersonate the server to another connected user. In
- - case the service uses a protocol with message authentication
- - (e.g. TLS or SSH), this vulnerability only allows denial of
- - service (connection failure). An attack takes tens of seconds, so
- - short-lived TCP connections are also unlikely to be vulnerable.</p>
+ <p>ЮÑ? Цао, ЧжиÑ?нÑ? ЦÑ?нÑ?, ЧжÑ?нÑ?зе Ð?ан, ТÑ?анÑ? Ð?ао и ШÑ?иканÑ?
+ Ð?Ñ?иÑ?намÑ?Ñ?Ñ?и из Ð?алиÑ?оÑ?нийÑ?кого Ñ?нивеÑ?Ñ?иÑ?еÑ?а, РивеÑ?Ñ?айд; а Ñ?акже Ð?иза
+ Ð?аÑ?вел из иÑ?Ñ?ледоваÑ?елÑ?Ñ?кой лабоÑ?аÑ?оÑ?ии аÑ?мии СШÐ? обнаÑ?Ñ?жили,
+ Ñ?Ñ?о Ñ?еализаÑ?иÑ? TCP Challenge ACK в Linux пÑ?иводиÑ? к
+ возникновениÑ? Ñ?Ñ?оÑ?оннего канала, коÑ?оÑ?Ñ?й можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? обнаÑ?Ñ?жениÑ?
+ TCP-Ñ?оединений междÑ? конкÑ?еÑ?нÑ?ми IP адÑ?еÑ?ами и длÑ? ввода Ñ?ообÑ?ений в Ñ?Ñ?и
+ Ñ?оединениÑ?.</p>
+
+ <p>Ð?Ñ?ли Ñ?лÑ?жба доÑ?Ñ?Ñ?пна Ñ?еÑ?ез TCP, Ñ?о Ñ?Ñ?о можеÑ? позволиÑ?Ñ?
+ Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?даÑ?Ñ? Ñ?ебÑ? за дÑ?Ñ?гого подклÑ?Ñ?Ñ?нного к Ñ?еÑ?веÑ?Ñ?
+ полÑ?зоваÑ?елÑ? или вÑ?даÑ?Ñ? Ñ?ебÑ? за Ñ?еÑ?веÑ? длÑ? дÑ?Ñ?гого подклÑ?Ñ?Ñ?нного полÑ?зоваÑ?елÑ?. Ð?
+ Ñ?лÑ?Ñ?ае, еÑ?ли Ñ?лÑ?жба иÑ?полÑ?зÑ?еÑ? пÑ?оÑ?окол Ñ? аÑ?Ñ?енÑ?иÑ?икаÑ?ией Ñ?ообÑ?ений
+ (напÑ?имеÑ?, TLS или SSH), Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? позволÑ?еÑ? вÑ?зÑ?ваÑ?Ñ? Ñ?олÑ?ко оÑ?каз
+ в обÑ?лÑ?живании (оÑ?ибка Ñ?оединениÑ?). Ð?лÑ? пÑ?оведениÑ? аÑ?аки Ñ?Ñ?ебÑ?Ñ?Ñ?Ñ?Ñ? деÑ?Ñ?Ñ?ки Ñ?екÑ?нд,
+ поÑ?Ñ?омÑ? кÑ?аÑ?коÑ?Ñ?оÑ?нÑ?е TCP-Ñ?оединениÑ? вÑ?Ñ?д ли Ñ?Ñ?звимÑ?.</p>
- - <p>This may be mitigated by increasing the rate limit for TCP
- - Challenge ACKs so that it is never exceeded:
+ <p>ÐÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? можно вÑ?еменно Ñ?еÑ?иÑ?Ñ? пÑ?Ñ?Ñ?м Ñ?велиÑ?ениÑ? огÑ?аниÑ?ениÑ? Ñ?коÑ?оÑ?Ñ?и длÑ? TCP
+ Challenge ACK Ñ?ак, Ñ?Ñ?обÑ? он никогда не бÑ?л пÑ?евÑ?Ñ?ен:
sysctl net.ipv4.tcp_challenge_ack_limit=1000000000</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6136">CVE-2016-6136</a>
- - <p>Pengfei Wang discovered that the audit subsystem has a
- - 'double-fetch' or <q>TOCTTOU</q> bug in its handling of special
- - characters in the name of an executable. Where audit logging of
- - execve() is enabled, this allows a local user to generate
- - misleading log messages.</p></li>
+ <p>Ð?Ñ?нÑ?Ñ?й Ð?ан обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема audit Ñ?одеÑ?жиÑ? оÑ?ибкÑ?
+ 'двойной-загÑ?Ñ?зки' или <q>TOCTTOU</q> в коде обÑ?абоÑ?ки Ñ?пеÑ?иалÑ?нÑ?Ñ?
+ Ñ?имволов в имени иÑ?полнÑ?емÑ?Ñ? Ñ?айлов. Ð?Ñ?ли вклÑ?Ñ?ено жÑ?Ñ?налиÑ?ование
+ execve(), Ñ?о Ñ?Ñ?о позволÑ?еÑ? локалÑ?номÑ? полÑ?зоваÑ?елÑ? Ñ?оздаваÑ?Ñ?
+ обманнÑ?е Ñ?ообÑ?ениÑ? жÑ?Ñ?нала.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6480">CVE-2016-6480</a>
- - <p>Pengfei Wang discovered that the aacraid driver for Adaptec RAID
- - controllers has a 'double-fetch' or <q>TOCTTOU</q> bug in its
- - validation of <q>FIB</q> messages passed through the ioctl() system
- - call. This has no practical security impact in current Debian
- - releases.</p></li>
+ <p>Ð?Ñ?нÑ?Ñ?Ñ? Ð?ан обнаÑ?Ñ?жил, Ñ?Ñ?о дÑ?айвеÑ? aacraid длÑ? конÑ?Ñ?оллеÑ?ов Adaptec RAID
+ Ñ?одеÑ?жиÑ? оÑ?ибкÑ? 'двойной-загÑ?Ñ?зки' или <q>TOCTTOU</q> в коде
+ пÑ?овеÑ?ки Ñ?ообÑ?ений <q>FIB</q>, пеÑ?едаваемÑ?Ñ? Ñ?еÑ?ез Ñ?иÑ?Ñ?емнÑ?й вÑ?зов
+ ioctl(). ÐÑ?а оÑ?ибка не имееÑ? пÑ?акÑ?иÑ?еÑ?киÑ? Ñ?ледÑ?Ñ?вий длÑ? безопаÑ?ноÑ?Ñ?и в Ñ?екÑ?Ñ?иÑ?
+ вÑ?пÑ?Ñ?каÑ? Debian.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6828">CVE-2016-6828</a>
- - <p>Marco Grassi reported a 'use-after-free' bug in the TCP
- - implementation, which can be triggered by local users. The
- - security impact is unclear, but might include denial of service or
- - privilege escalation.</p></li>
+ <p>Ð?аÑ?ко Ð?Ñ?аÑ?Ñ?и Ñ?ообÑ?ил об иÑ?полÑ?зовании Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и в Ñ?еализаÑ?ии
+ TCP, коÑ?оÑ?ое можеÑ? бÑ?Ñ?Ñ? вÑ?звано локалÑ?нÑ?ми полÑ?зоваÑ?елÑ?ми. Ð?лиÑ?ние
+ Ñ?Ñ?ой оÑ?ибки на безопаÑ?ноÑ?Ñ?Ñ? не Ñ?Ñ?но, но оно можеÑ? вклÑ?Ñ?аÑ?Ñ? в Ñ?ебÑ? оÑ?каз в обÑ?лÑ?живании или
+ повÑ?Ñ?ение пÑ?ивилегий.</p></li>
</ul>
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 3.16.36-1+deb8u1. In addition, this update contains several
- -changes originally targeted for the upcoming jessie point release.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.16.36-1+deb8u1. Ð?Ñ?оме Ñ?ого, данное обновление Ñ?одеÑ?жиÑ? неÑ?колÑ?ко
+изменений, коÑ?оÑ?Ñ?е изнаÑ?алÑ?но пÑ?едназнаÑ?алиÑ?Ñ? длÑ? гоÑ?овÑ?Ñ?ейÑ?Ñ? Ñ?едакÑ?ии jessie.</p>
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXzHAhAAoJEF7nbuICFtKl7TwP+QHVgxuTIFOZGQ6dVfGGLZ5F
/iFsmSN8fap6xJ27c94t+/1lkoo38Bv+UK7Z4UKOv0CR/49Sma5FB6I0FaKRi/lG
gOY8kU3NIVazpNuMy+PHCNZa5JuOU0oCohksKIa1UY0S36bemWIH8adlr0f51Lif
ph9fg4t3FVfl4/p0YEtkOmyBW8nFKTdhizig3eidP/Jx7NQI/Xra0rB9RxVy1oZZ
pUX4X4vpFK31mL0WPwULeYXib89nf+QGamLP602pRglVb9mofel3m8/Z+SmY3crU
TvlRt9aH6VchQxzrz3aZ0QNyP2hM3FyoORBrgDCZV/nggN4YDF/o551wVrn9eHD0
aWDYCSnpa9+wPycv22uEcVBNfahBQQiW+uezY1kNjcjR7zPBgLlHD5li/+lCXhX5
OCJRRN0t1e58KAffS1MHAfsZKtGt1hvoJzlF+91K38Rb6CERVnZg+xSWq/ESxz5n
TS7ROlLNCc7k05f7qcBMrmtIQNC5HX36SYDEAs4kZATxzUC2orDJxMiYXdqqpyL/
i1BpRUogN3ba8PFX9/QZ/lnyD8Mk7PvmAQR8y538ih09G3QvFJThxSlQ3gp1UeLR
NHQd2pMOAI0RSELczFcsBmhnZ5Xl8M8CJAQ1DdM4iWYrgAzLTNyewiDey0c6u57/
uO8Qt7GoZG9G7lKiYeaa
=vok2
-----END PGP SIGNATURE-----
Reply to: