[DONE] wml://security/2005/dsa-{880,707}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2005/dsa-707.wml 2005-04-13 20:45:49.000000000 +0600
+++ russian/security/2005/dsa-707.wml 2016-10-18 00:39:18.743887870 +0500
@@ -1,48 +1,49 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in MySQL, a popular
- -database. The Common Vulnerabilities and Exposures project identifies
- -the following problems:</p>
+<p>Ð? MySQL, попÑ?лÑ?Ñ?ной базе даннÑ?Ñ?, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей. Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures опÑ?еделÑ?еÑ?
+Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
<ul>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957">CAN-2004-0957</a>
- - <p>Sergei Golubchik discovered a problem in the access handling for
- - similar named databases. If a user is granted privileges to a
- - database with a name containing an underscore ("_"), the user also
- - gains privileges to other databases with similar names.</p>
+ <p>СеÑ?гей Ð?олÑ?бÑ?ик обнаÑ?Ñ?жил пÑ?облемÑ? в обÑ?абоÑ?ке доÑ?Ñ?Ñ?па к базам даннÑ?Ñ?
+ Ñ?о Ñ?Ñ?однÑ?ми именами. Ð?Ñ?ли полÑ?зоваÑ?елÑ? полÑ?Ñ?аеÑ? пÑ?ава длÑ? доÑ?Ñ?Ñ?па к
+ базе даннÑ?Ñ?, имÑ? коÑ?оÑ?ой Ñ?одеÑ?жиÑ? подÑ?Ñ?Ñ?кивание ("_"), Ñ?о Ñ?Ñ?оÑ? полÑ?зоваÑ?елÑ? полÑ?Ñ?аеÑ?
+ пÑ?ава к дÑ?Ñ?гим базам даннÑ?Ñ? Ñ?о Ñ?Ñ?однÑ?ми именами.</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709">CAN-2005-0709</a>
- - <p>Stefano Di Paola discovered that MySQL allows remote
- - authenticated users with INSERT and DELETE privileges to execute
- - arbitrary code by using CREATE FUNCTION to access libc calls.</p>
+ <p>СÑ?еÑ?ано Ð?и Ð?аола обнаÑ?Ñ?жил, Ñ?Ñ?о MySQL позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+ аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?м полÑ?зоваÑ?елÑ?м Ñ? пÑ?авами на вÑ?полнение опеÑ?аÑ?ий INSERT и DELETE вÑ?полнÑ?Ñ?Ñ?
+ пÑ?оизволÑ?нÑ?й код, иÑ?полÑ?зÑ?Ñ? CREATE FUNCTION длÑ? полÑ?Ñ?ениÑ? доÑ?Ñ?Ñ?па к вÑ?зовам libc.</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710">CAN-2005-0710</a>
- - <p>Stefano Di Paola discovered that MySQL allows remote authenticated
- - users with INSERT and DELETE privileges to bypass library path
- - restrictions and execute arbitrary libraries by using INSERT INTO
- - to modify the mysql.func table.</p>
+ <p>СÑ?еÑ?ано Ð?и Ð?аола обнаÑ?Ñ?жил, Ñ?Ñ?о MySQL позволÑ?еÑ? Ñ?далÑ?ннÑ?м аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?м
+ полÑ?зоваÑ?елÑ? Ñ? пÑ?авами на вÑ?полнение опеÑ?аÑ?ий INSERT и DELETE обÑ?одиÑ?Ñ? огÑ?аниÑ?ениÑ? пÑ?Ñ?и
+ библиоÑ?еки и вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?е библиоÑ?еки, иÑ?полÑ?зÑ?Ñ? INSERT INTO
+ длÑ? изменениÑ? Ñ?аблиÑ?Ñ? mysql.func.</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711">CAN-2005-0711</a>
- - <p>Stefano Di Paola discovered that MySQL uses predictable file names
- - when creating temporary tables, which allows local users with
- - CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via
- - a symlink attack.</p>
+ <p>СÑ?еÑ?ано Ð?и Ð?аола обнаÑ?Ñ?жил, Ñ?Ñ?о MySQL иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? пÑ?едÑ?казÑ?емÑ?е имена Ñ?айлов
+ пÑ?и Ñ?оздании вÑ?еменнÑ?Ñ? Ñ?аблиÑ?, Ñ?Ñ?о позволÑ?еÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м Ñ? пÑ?авами на вÑ?полнение
+ опеÑ?аÑ?ии CREATE TEMPORARY TABLE пеÑ?езапиÑ?Ñ?ваÑ?Ñ? пÑ?оизволÑ?нÑ?е Ñ?айлÑ? Ñ? помоÑ?Ñ?Ñ?
+ аÑ?аки Ñ?еÑ?ез Ñ?имволÑ?нÑ?е Ñ?Ñ?Ñ?лки.</p>
</ul>
- -<p>For the stable distribution (woody) these problems have been fixed in
- -version 3.23.49-8.11.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (woody) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.23.49-8.11.</p>
- -<p>For the unstable distribution (sid) these problems have been fixed in
- -version 4.0.24-5 of mysql-dfsg and in version 4.1.10a-6 of
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.0.24-5 пакеÑ?а mysql-dfsg и в веÑ?Ñ?ии 4.1.10a-6 пакеÑ?а
mysql-dfsg-4.1.</p>
- -<p>We recommend that you upgrade your mysql packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? mysql.</p>
</define-tag>
# do not modify the following line
- --- english/security/2005/dsa-880.wml 2005-11-04 23:48:45.000000000 +0500
+++ russian/security/2005/dsa-880.wml 2016-10-18 00:32:58.719017817 +0500
@@ -1,43 +1,44 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
<define-tag moreinfo>
- -<p>Several cross-site scripting vulnerabilities have been discovered in
- -phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW.
- -The Common Vulnerabilities and Exposures project identifies the
- -following problems:</p>
+<p>Ð? phpmyadmin, набоÑ?е Ñ?Ñ?енаÑ?иев на Ñ?зÑ?ке PHP длÑ? админиÑ?Ñ?Ñ?иÑ?ованиÑ? MySQL Ñ?еÑ?ез
+WWW, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?лÑ?Ñ?аев межÑ?айÑ?ового Ñ?кÑ?ипÑ?инга.
+Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures опÑ?еделÑ?еÑ?
+Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
<ul>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2869">CAN-2005-2869</a>
- - <p>Andreas Kerber and Michal Cihar discovered several cross-site
- - scripting vulnerabilities in the error page and in the cookie
+ <p>Ð?ндÑ?еаÑ? Ð?еÑ?беÑ? и Ð?иÑ?ал ЦигаÑ? обнаÑ?Ñ?жили неÑ?колÑ?ко Ñ?лÑ?Ñ?аев межÑ?айÑ?ового
+ Ñ?кÑ?ипÑ?инга на Ñ?Ñ?Ñ?аниÑ?е error и в кÑ?ки Ñ?Ñ?Ñ?аниÑ?Ñ?
login.</p></li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3300">CVE-2005-3300</a>
- - <p>Stefan Esser discovered missing safety checks in grab_globals.php
- - that could allow an attacker to induce phpmyadmin to include an
- - arbitrary local file.</p></li>
+ <p>ШÑ?еÑ?ан ÐÑ?Ñ?еÑ? обнаÑ?Ñ?жил оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие пÑ?овеÑ?ок надÑ?жноÑ?Ñ?и в grab_globals.php,
+ коÑ?оÑ?Ñ?е могÑ?Ñ? позволиÑ?Ñ? злоÑ?мÑ?Ñ?ленникÑ? загÑ?Ñ?зиÑ?Ñ? в phpmyadmin код из
+ пÑ?оизволÑ?ного локалÑ?ного Ñ?айла.</p></li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3301">CVE-2005-3301</a>
- - <p>Tobias Klein discovered several cross-site scripting
- - vulnerabilities that could allow attackers to inject arbitrary
- - HTML or client-side scripting.</p></li>
+ <p>ТобиаÑ? Ð?лÑ?йн обнаÑ?Ñ?жил неÑ?колÑ?ко Ñ?лÑ?Ñ?аев межÑ?айÑ?ового
+ Ñ?кÑ?ипÑ?инга, коÑ?оÑ?Ñ?е могÑ?Ñ? позволиÑ?Ñ? злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? пÑ?оизволÑ?нÑ?й
+ код HTML или вÑ?полнÑ?Ñ?Ñ? Ñ?кÑ?ипÑ?инг на Ñ?Ñ?оÑ?оне клиенÑ?а.</p></li>
</ul>
- -<p>The version in the old stable distribution (woody) has probably its
- -own flaws and is not easily fixable without a full audit and patch
- -session. The easier way is to upgrade it from woody to sarge.</p>
+<p>Ð?еÑ?Ñ?иÑ? пакеÑ?а в пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (woody), веÑ?оÑ?Ñ?но, Ñ?одеÑ?жиÑ?
+Ñ?обÑ?Ñ?веннÑ?е Ñ?Ñ?звимоÑ?Ñ?и, иÑ?пÑ?авиÑ?Ñ? еÑ? без полного аÑ?диÑ?а и подгоÑ?овки заплаÑ?
+пÑ?едÑ?Ñ?авлÑ?еÑ?Ñ?Ñ? непÑ?оÑ?Ñ?Ñ?м делом. Ð?оÑ?аздо пÑ?оÑ?е вÑ?полниÑ?Ñ? обновление Ñ? woody до sarge.</p>
- -<p>For the stable distribution (sarge) these problems have been fixed in
- -version 2.6.2-3sarge1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sarge) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.6.2-3sarge1.</p>
- -<p>For the unstable distribution (sid) these problems have been fixed in
- -version 2.6.4-pl3-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.6.4-pl3-1.</p>
- -<p>We recommend that you upgrade your phpmyadmin package.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? phpmyadmin.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYBSjpAAoJEF7nbuICFtKlATAQAJY+cDMZpevvsr9rWa9Bn01w
36XJjcLSQ490rgnMw1wWryjWfI53+aQ6d15lBtjfw+5nV51twRz2XyGyinGVTJPl
qVBc2trWGszGhKdSj1lvaCtDtNg59Hb1i3VlZp1lgwpNlrFWYkQpDcwmyQSV99fv
q2MgO9zCF3TLzS+JTw5zo0CKUKAAcSnip8DD1kaNFTzMVQTa+6Zzl5RdOGv2qNVz
e1zDlji76/H1jcqeesbEH6rdqmV/5pBNjdq1itUAF/KVGXC6eKX5Rg4P7Zqh+SVG
LfO7fiRwIRAufGpAfCe9y/9sq7KF6kGJBXvoqMNUsQovR0Xa/MJT93wqxnwUArRC
MsZJ905uo/lpAwG006TrXYKiEekrQPeS10JjpUe8LXCTOJ90z5OU46XSOZmE0wkE
rXRv/O0ZIObOq75tWsAoFIHKe/pLT0YC1K5lRg/wpmFtpgfsCsrVK1NNkSo8INQn
wUnYfr9kqH840ktGojP/G4w7m6UK2WBTy6jNLll2mb2c3qmRf0OFlXXwPbtLspta
3YYbT5FOxm2Ajd79t016R4xLLc62WdXl0WwOlE2Zo6dn7ZDSwnWIGH4e7tffSBEq
xee40y/3ZAMRFH1SeEajGSlDz2KJqN+tHMdv6pmqduaCnoeKpEo2lLx/Ao3oMmZf
NFsLSET89ckOH10sGKHN
=Ks8v
-----END PGP SIGNATURE-----
Reply to: