[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2016/dsa-3705.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dsa-3705.wml	2016-11-04 13:54:10.000000000 +0500
+++ russian/security/2016/dsa-3705.wml	2016-11-04 15:47:49.044184747 +0500
@@ -1,77 +1,78 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities were discovered in cURL, an URL transfer library:</p>
+<p>Ð? cURL, библиоÑ?еке пеÑ?едаÑ?и URL, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8615";>CVE-2016-8615</a>
 
- -    <p>It was discovered that a malicious HTTP server could inject new
- -    cookies for arbitrary domains into a cookie jar.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о HTTP-Ñ?еÑ?веÑ?, конÑ?Ñ?олиÑ?Ñ?емÑ?й злоÑ?мÑ?Ñ?ленником, можеÑ? вводиÑ?Ñ?
+    новÑ?е кÑ?ки длÑ? пÑ?оизволÑ?нÑ?Ñ? доменов в jar-Ñ?айл кÑ?ки.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8616";>CVE-2016-8616</a>
 
- -    <p>It was discovered that when re-using a connection, curl was doing case
- -    insensitive comparisons of user name and password with the existing
- -    connections.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о пÑ?и повÑ?оÑ?ном иÑ?полÑ?зовании Ñ?оединениÑ? curl вÑ?полнÑ?еÑ?
+    неÑ?Ñ?вÑ?Ñ?виÑ?елÑ?нÑ?е к Ñ?егиÑ?Ñ?Ñ?Ñ? Ñ?Ñ?авнениÑ? имени полÑ?зоваÑ?елÑ? и паÑ?олÑ? Ñ? Ñ?аковÑ?ми в
+    Ñ?же Ñ?Ñ?Ñ?еÑ?Ñ?вÑ?Ñ?Ñ?иÑ? Ñ?оединениÑ?Ñ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8617";>CVE-2016-8617</a>
 
- -    <p>It was discovered that on systems with 32-bit addresses in userspace
- -    (e.g. x86, ARM, x32), the output buffer size value calculated in the
- -    base64 encode function would wrap around if input size was at least
- -    1GB of data, causing an undersized output buffer to be allocated.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о на Ñ?иÑ?Ñ?емаÑ? Ñ? 32-биÑ?нÑ?ми адÑ?еÑ?ами в полÑ?зоваÑ?елÑ?Ñ?ком
+    пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве (напÑ?имеÑ?, x86, ARM, x32) Ñ?азмеÑ? бÑ?Ñ?еÑ?а вÑ?вода, вÑ?Ñ?иÑ?лÑ?емÑ?й в Ñ?Ñ?нкÑ?ии кодиÑ?ованиÑ?
+    base64, инкапÑ?Ñ?лиÑ?Ñ?еÑ?Ñ?Ñ? в Ñ?лÑ?Ñ?ае, еÑ?ли Ñ?азмеÑ? вÑ?однÑ?Ñ? даннÑ?Ñ? по менÑ?Ñ?ей меÑ?е Ñ?оÑ?Ñ?авлÑ?еÑ? 1Ð?Ð?,
+    Ñ?Ñ?о пÑ?иводиÑ? к вÑ?делениÑ? недоÑ?Ñ?аÑ?оÑ?ного колиÑ?еÑ?Ñ?ва памÑ?Ñ?и длÑ? вÑ?водного бÑ?Ñ?еÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8618";>CVE-2016-8618</a>
 
- -    <p>It was discovered that the curl_maprintf() function could be tricked
- -    into doing a double-free due to an unsafe size_t multiplication on
- -    systems using 32 bit size_t variables.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? curl_maprintf() можно иÑ?полÑ?зоваÑ?Ñ? длÑ?
+    вÑ?полнениÑ? двойного оÑ?вобождениÑ? памÑ?Ñ?и из-за небезопаÑ?ного Ñ?множениÑ? size_t
+    в Ñ?иÑ?Ñ?емаÑ?, иÑ?полÑ?зÑ?Ñ?Ñ?иÑ? 32-биÑ?нÑ?е пеÑ?еменнÑ?е size_t.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8619";>CVE-2016-8619</a>
 
- -    <p>It was discovered that the Kerberos implementation could be
- -    tricked into doing a double-free when reading one of the length fields
- -    from a socket.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?еализаÑ?иÑ? Kerberos можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ?
+    вÑ?полнениÑ? двойного оÑ?вобождениÑ? памÑ?Ñ?и пÑ?и Ñ?Ñ?ении одного из полей длин
+    из Ñ?океÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8620";>CVE-2016-8620</a>
 
- -    <p>It was discovered that the curl tool's <q>globbing</q> feature could write
- -    to invalid memory areas when parsing invalid ranges.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о инÑ?Ñ?Ñ?Ñ?менÑ? curl длÑ? Ñ?абоÑ?Ñ? Ñ? Ñ?аблонами поиÑ?ка можеÑ? вÑ?полнÑ?Ñ?Ñ?
+    запиÑ?Ñ? к непÑ?авилÑ?нÑ?Ñ? облаÑ?Ñ?Ñ? памÑ?Ñ?и пÑ?и вÑ?полнении гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а некоÑ?Ñ?екÑ?нÑ?Ñ? диапазонов.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8621";>CVE-2016-8621</a>
 
- -    <p>It was discovered that the function curl_getdate could read out of
- -    bounds when parsing invalid date strings.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? curl_getdate можеÑ? вÑ?полнÑ?Ñ?Ñ? Ñ?Ñ?ение за пÑ?еделами
+    вÑ?деленного бÑ?Ñ?еÑ?а пÑ?и вÑ?полнении гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а некоÑ?Ñ?екÑ?нÑ?Ñ? Ñ?Ñ?Ñ?ок Ñ? даÑ?ами.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8622";>CVE-2016-8622</a>
 
- -    <p>It was discovered that the URL percent-encoding decode function would
- -    return a signed 32bit integer variable as length, even though it
- -    allocated a destination buffer larger than 2GB, which would lead to
- -    a out-of-bounds write.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? декодиÑ?ованиÑ? URL, закодиÑ?ованнÑ?Ñ? Ñ? Ñ?имволами пÑ?оÑ?енÑ?а, можеÑ?
+    веÑ?нÑ?Ñ?Ñ? в каÑ?еÑ?Ñ?ве длинÑ? знаковÑ?Ñ? 32-биÑ?нÑ?Ñ? пеÑ?еменнÑ?Ñ? даже в Ñ?ом Ñ?лÑ?Ñ?ае, когда
+    бÑ?л вÑ?делен бÑ?Ñ?еÑ? назнаÑ?ениÑ? Ñ?азмеÑ?ом более 2Ð?Ð?, Ñ?Ñ?о можеÑ? пÑ?иводиÑ?Ñ? к
+    запиÑ?и за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8623";>CVE-2016-8623</a>
 
- -    <p>It was discovered that libcurl could access an already-freed memory
- -    area due to concurrent access to shared cookies. This could lead to
- -    a denial of service or disclosure of sensitive information.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о libcurl можеÑ? обÑ?аÑ?аÑ?Ñ?Ñ?Ñ? к Ñ?же оÑ?вобождÑ?ннÑ?м облаÑ?Ñ?Ñ?м
+    памÑ?Ñ?и из-за паÑ?аллелÑ?ного доÑ?Ñ?Ñ?па к Ñ?азделÑ?емÑ?м кÑ?ки. ЭÑ?о можеÑ? пÑ?иводиÑ?Ñ? к
+    оÑ?казÑ? в обÑ?лÑ?живании или Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8624";>CVE-2016-8624</a>
 
- -    <p>It was discovered that curl wouldn't parse the authority component of
- -    a URL correctly when the host name part ends with a '#' character,
- -    and could be tricked into connecting to a different host.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о curl непÑ?авилÑ?но вÑ?полнÑ?еÑ? гÑ?аммаÑ?иÑ?еÑ?кий Ñ?азбоÑ?
+    авÑ?оÑ?иÑ?еÑ?ного компоненÑ?а URL в Ñ?лÑ?Ñ?ае, еÑ?ли имÑ? Ñ?зла заканÑ?иваеÑ?Ñ?Ñ? Ñ?имволом '#',
+    и можеÑ? подклÑ?Ñ?иÑ?Ñ?Ñ?Ñ? к дÑ?Ñ?гомÑ? Ñ?злÑ?.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 7.38.0-4+deb8u5.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 7.38.0-4+deb8u5.</p>
 
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 7.51.0-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 7.51.0-1.</p>
 
- -<p>We recommend that you upgrade your curl packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? curl.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYHGdlAAoJEF7nbuICFtKlrNsQAJ5XbjgES8LULRKgPytAa0MP
2lqipH10tRpirQd0DcXiiwuE1uducp3eaHmwxgIIJT+zupdF1bQ6IXwH/uzL3F0o
10murei6Fw0iGQcSZcz7KdQtE1E4Q1IWyjxIsBH0XG6t6BGWyHBWoSwLj/lOYm6j
SSTGnlX5qCrG5D8vuBBC0l5muCC5uR1AQCBftL7i0TJICKtBUYlvXqVbCo0b/dmZ
1hEiqTuFCw0Pr3yzyBu83VqeIjLZG/y+KLP0TxQ32BtVVLcDEOLCfbnppAWwoiif
rOJzl5LuBN+4ZhObnkDhL10at+KV/AXMrHrzbhSpwsQGeqeGy9Gfs3zGWWUlM2PD
tYNwYatyVpe26kj7T9L9yeQkaA523+hPp7oDhFXoLVPdzGw/HVcY1a2FhZm5+WIZ
aVjW55exbT3GFZmTpQv9QxHnmTHrx0zSSpsJ3ePCg+PqJDxEZw5QYCcLEPUWPdTr
XjRbsKrQGNIOsObBAPR/n4djIUIUZko7w6drRkPBBcnHEYLzqQglcKSL+ijzf3qz
hOnzXtg72a2lVXBDjhP0tvtv/fCkjJXwQCalfL4idvgVLF6uW4RbcvcdHcAOGcMR
EFUiSl5CzXUp52KbskyZUMoL5QvhAJwiN1GUV2qMPPBJDpEfv3nZq/5gpI2NSEJs
4NH0PilaJ7INaDdjwyqx
=9sg7
-----END PGP SIGNATURE-----
Reply to: