[DONE] wml://{security/2016/dsa-3746.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dsa-3746.wml 2016-12-25 10:25:40.000000000 +0500
+++ russian/security/2016/dsa-3746.wml 2016-12-25 11:01:59.888775497 +0500
@@ -1,100 +1,102 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in GraphicsMagick, a
- -collection of image processing tool, which can cause denial of service
- -attacks, remote file deletion, and remote command execution.</p>
- -
- -<p>This security update removes the full support of PLT/Gnuplot decoder to
- -prevent Gnuplot-shell based shell exploits for fixing the
- -<a href="https://security-tracker.debian.org/tracker/CVE-2016-3714";>CVE-2016-3714</a>
- -vulnerability.</p>
+<p>Ð? GraphicsMagick, набоÑ?е инÑ?Ñ?Ñ?Ñ?менÑ?ов длÑ? обÑ?абоÑ?ки изобÑ?ажений, бÑ?ло
+обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е могÑ?Ñ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании,
+Ñ?далÑ?нное Ñ?даление Ñ?айлов и Ñ?далÑ?нное вÑ?полнение команд.</p>
+
+<p>Ð? данном обновлении безопаÑ?ноÑ?Ñ?и бÑ?ла Ñ?далена полнаÑ? поддеÑ?жка декодеÑ?а PLT/Gnuplot Ñ?
+Ñ?елÑ?Ñ? пÑ?едоÑ?вÑ?аÑ?ениÑ? Ñ?абоÑ?Ñ? Ñ?кÑ?плоиÑ?ов на оÑ?нове командной оболоÑ?ки Gnuplot, Ñ?Ñ?о иÑ?пÑ?авлÑ?еÑ?
+Ñ?Ñ?звимоÑ?Ñ?Ñ? <a href="https://security-tracker.debian.org/tracker/CVE-2016-3714";>
+CVE-2016-3714</a>.</p>
- -<p>The undocumented <q>TMP</q> magick prefix no longer removes the argument file
- -after it has been read for fixing the
+<p>Ð?еопиÑ?аннÑ?й в докÑ?менÑ?аÑ?ии magick-пÑ?еÑ?икÑ? <q>TMP</q> более не Ñ?далÑ?еÑ? Ñ?айл, пеÑ?еданнÑ?й
+в виде аÑ?гÑ?менÑ?а, поÑ?ле его пÑ?оÑ?Ñ?ениÑ?, Ñ?Ñ?о иÑ?пÑ?авлÑ?еÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
<a href="https://security-tracker.debian.org/tracker/CVE-2016-3715";>CVE-2016-3715</a>
- -vulnerability. Since the <q>TMP</q> feature was originally implemented,
- -GraphicsMagick added a temporary file management subsystem which assures
- -that temporary files are removed so this feature is not needed.</p>
- -
- -<p>Remove support for reading input from a shell command, or writing output
- -to a shell command, by prefixing the specified filename (containing the
- -command) with a '|' for fixing the
- -<a href="https://security-tracker.debian.org/tracker/CVE-2016-5118";>CVE-2016-5118</a>
- -vulnerability.</p>
+Ð?оÑ?колÑ?кÑ? Ñ?Ñ?нкÑ?иÑ? <q>TMP</q> бÑ?ла изнаÑ?алÑ?но Ñ?еализована,
+в GraphicsMagick бÑ?ла добавлена подÑ?иÑ?Ñ?ема Ñ?пÑ?авлениÑ? вÑ?еменнÑ?ми Ñ?айлами, коÑ?оÑ?аÑ?
+гаÑ?анÑ?иÑ?Ñ?еÑ?, Ñ?Ñ?о вÑ?еменнÑ?е Ñ?айлÑ? Ñ?далÑ?Ñ?Ñ?Ñ?Ñ?, поÑ?Ñ?омÑ? Ñ?казаннаÑ? Ñ?Ñ?нкÑ?иÑ? более не Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ?.</p>
+
+<p>Удалена поддеÑ?жка Ñ?Ñ?ениÑ? вÑ?однÑ?Ñ? даннÑ?Ñ? из оболоÑ?ки командной Ñ?Ñ?Ñ?оки, а Ñ?акже запиÑ?Ñ? вÑ?Ñ?однÑ?Ñ?
+даннÑ?Ñ? в оболоÑ?кÑ? командной Ñ?Ñ?Ñ?оки пÑ?Ñ?Ñ?м Ñ?казаниÑ? имени Ñ?айла (Ñ?одеÑ?жаÑ?его
+командÑ?) Ñ? Ñ?имволом канала, '|', Ñ?Ñ?о иÑ?пÑ?авлÑ?еÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+<a href="https://security-tracker.debian.org/tracker/CVE-2016-5118";>
+CVE-2016-5118</a>.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8808";>CVE-2015-8808</a>
- - <p>Gustavo Grieco discovered an out of bound read in the parsing of GIF
- - files which may cause denial of service.</p></li>
+ <p>Ð?Ñ?Ñ?Ñ?аво Ð?Ñ?ико обнаÑ?Ñ?жил Ñ?Ñ?ение за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и пÑ?и вÑ?полнении
+ гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а Ñ?айлов в Ñ?оÑ?маÑ?е GIF, коÑ?оÑ?ое можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2317";>CVE-2016-2317</a>
- - <p>Gustavo Grieco discovered a stack buffer overflow and two heap buffer
- - overflows while processing SVG images which may cause denial of service.</p></li>
+ <p>Ð?Ñ?Ñ?Ñ?аво Ð?Ñ?ико обнаÑ?Ñ?жил пеÑ?еполнение бÑ?Ñ?еÑ?а и два пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и,
+ возникаÑ?Ñ?иÑ? в пÑ?оÑ?еÑ?Ñ?е обÑ?абоÑ?ки изобÑ?ажений в Ñ?оÑ?маÑ?е SVG, Ñ?Ñ?о можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2318";>CVE-2016-2318</a>
- - <p>Gustavo Grieco discovered several segmentation faults while processing
- - SVG images which may cause denial of service.</p></li>
+ <p>Ð?Ñ?Ñ?Ñ?аво Ð?Ñ?ико обнаÑ?Ñ?жил неÑ?колÑ?ко оÑ?ибок Ñ?егменÑ?иÑ?ованиÑ?, возникаÑ?Ñ?иÑ? в Ñ?оде обÑ?абоÑ?ки
+ изобÑ?ажений в Ñ?оÑ?маÑ?е SVG, Ñ?Ñ?о можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-5240";>CVE-2016-5240</a>
- - <p>Gustavo Grieco discovered an endless loop problem caused by negative
- - stroke-dasharray arguments while parsing SVG files which may cause
- - denial of service.</p></li>
+ <p>Ð?Ñ?Ñ?Ñ?аво Ð?Ñ?ико обнаÑ?Ñ?жил беÑ?конеÑ?нÑ?й Ñ?икл, возникаÑ?Ñ?ий из-за оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?Ñ? аÑ?гÑ?менÑ?ов
+ stroke-dasharray пÑ?и вÑ?полнении гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а Ñ?айлов в Ñ?оÑ?маÑ?е SVG, Ñ?Ñ?о можеÑ?
+ вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-7800";>CVE-2016-7800</a>
- - <p>Marco Grassi discovered an unsigned underflow leading to heap overflow
- - when parsing 8BIM chunk often attached to JPG files which may cause
- - denial of service.</p></li>
+ <p>Ð?аÑ?ко Ð?Ñ?аÑ?Ñ?и обнаÑ?Ñ?жил оÑ?Ñ?иÑ?аÑ?елÑ?ное пеÑ?еполнение беззнаковÑ?Ñ? Ñ?иÑ?ел, пÑ?иводÑ?Ñ?ее к пеÑ?еполнениÑ?
+ динамиÑ?еÑ?кой памÑ?Ñ?и, коÑ?оÑ?ое возникаеÑ? пÑ?и вÑ?полнении гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а Ñ?Ñ?агменÑ?а 8BIM, Ñ?аÑ?Ñ?о
+ пÑ?икÑ?еплÑ?емого к Ñ?айлам в Ñ?оÑ?маÑ?е JPG, Ñ?Ñ?о можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-7996";>CVE-2016-7996</a>
- - <p>Moshe Kaplan discovered that there is no check that the provided
- - colormap is not larger than 256 entries in the WPG reader which may
- - cause denial of service.</p></li>
+ <p>Ð?оÑ?е Ð?аплан обнаÑ?Ñ?жил, Ñ?Ñ?о пÑ?овеÑ?ка Ñ?ого, Ñ?Ñ?о пеÑ?еданнаÑ? модÑ?лÑ? Ñ?Ñ?ениÑ? WPG палиÑ?Ñ?а
+ не пÑ?евÑ?Ñ?аеÑ? 256 запиÑ?ей, оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?, Ñ?Ñ?о можеÑ? вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-7997";>CVE-2016-7997</a>
- - <p>Moshe Kaplan discovered that an assertion is thrown for some files in
- - the WPG reader due to a logic error which may cause denial of service.</p></li>
+ <p>Ð?оÑ?е Ð?аплан обнаÑ?Ñ?жил, Ñ?Ñ?о длÑ? некоÑ?оÑ?Ñ?Ñ? Ñ?айлов в модÑ?ле Ñ?Ñ?ениÑ? WPG из-за
+ логиÑ?еÑ?кой оÑ?ибки Ñ?Ñ?абаÑ?Ñ?ваеÑ? Ñ?Ñ?веÑ?ждение, Ñ?Ñ?о можеÑ? вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8682";>CVE-2016-8682</a>
- - <p>Agostino Sarubbo of Gentoo discovered a stack buffer read overflow
- - while reading the SCT header which may cause denial of service.</p></li>
+ <p>Ð?гоÑ?Ñ?ино СаÑ?Ñ?бо из Gentoo обнаÑ?Ñ?жил пеÑ?еполнение Ñ?Ñ?ека, возникаÑ?Ñ?ее пÑ?и Ñ?Ñ?ении
+ заголовка SCT, Ñ?Ñ?о можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8683";>CVE-2016-8683</a>
- - <p>Agostino Sarubbo of Gentoo discovered a memory allocation failure in the
- - PCX coder which may cause denial of service.</p></li>
+ <p>Ð?гоÑ?Ñ?ино СаÑ?Ñ?бо из Gentoo обнаÑ?Ñ?жил оÑ?ибкÑ? вÑ?делениÑ? памÑ?Ñ?и в коде пÑ?еобÑ?азованиÑ?
+ PCX, коÑ?оÑ?аÑ? можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8684";>CVE-2016-8684</a>
- - <p>Agostino Sarubbo of Gentoo discovered a memory allocation failure in the
- - SGI coder which may cause denial of service.</p></li>
+ <p>Ð?гоÑ?Ñ?ино СаÑ?Ñ?бо из Gentoo обнаÑ?Ñ?жил оÑ?ибкÑ? вÑ?делениÑ? памÑ?Ñ?и в коде пÑ?еобÑ?азованиÑ?
+ SGI, коÑ?оÑ?аÑ? можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-9830";>CVE-2016-9830</a>
- - <p>Agostino Sarubbo of Gentoo discovered a memory allocation failure in
- - MagickRealloc() function which may cause denial of service.</p></li>
+ <p>Ð?гоÑ?Ñ?ино СаÑ?Ñ?бо из Gentoo обнаÑ?Ñ?жил оÑ?ибкÑ? вÑ?делениÑ? памÑ?Ñ?и в Ñ?Ñ?нкÑ?ии
+ MagickRealloc(), коÑ?оÑ?аÑ? можеÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
</ul>
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 1.3.20-3+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.3.20-3+deb8u2.</p>
- -<p>For the testing distribution (stretch), these problems (with the
- -exception of <a href="https://security-tracker.debian.org/tracker/CVE-2016-9830";>
- -CVE-2016-9830</a>) have been fixed in version 1.3.25-5.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? (кÑ?оме
+<a href="https://security-tracker.debian.org/tracker/CVE-2016-9830";>
+CVE-2016-9830</a>) бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 1.3.25-5.</p>
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 1.3.25-6.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.3.25-6.</p>
- -<p>We recommend that you upgrade your graphicsmagick packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? graphicsmagick.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlhfYN0ACgkQXudu4gIW
0qWdZg/+Pd2Wf1zOw3PpJOV+JLfH0gB9fHQfi1UPo84bP2Gna1i7EuMaOkxek8Yj
aQTjGXR7uN76UzHahhKmSU+e433RGey/KndQCQzKFquCGNNp8jnxm7R39WsNHba6
NzhlMGJxeX/q60YcWFLpiHEMQFiwjWWNHbY+DD8lkX8849C6QVmUhlHe6TAsAVOD
8hrTxAxiAZu8U+4oJ9H33v3ZQhh4wqlCWWIL1AqpaxjP3256Cxtlmp64izP4DzPQ
6v4hVUM/w8UhG//EdyfJ+tEEI0RMLMgx2HZkToIFbPGgF3ZV1Ds0C82y9UVDBy8e
BlbU3wwP87udQZ66wPxHQHEkYeNL50ONoTMLxYDhpOhG4MG7NBMyjZh36yxBLfd1
FwVL+W7Hg6Uyhm8tWxLBraqvBZ42cWRcJY3IeSeOFynIV8NBiIKPyYCQH8wzq5yh
o7hvoHRkqu2miTSXlbF1fO0haQ2P9Qc4UiuSv68OdCWf1FsscEc/+NKeOCV1J9Y8
uInEJ5RrzkEpXV0eC2bkrJjY1QUOQmSX6diIAXgDaP6+oziURa6vM22SRTUIfYW6
fv7hAT8tnXSfWNJdNdqrFTGVcAVsTNItgjxc2pHvDlmGC/5SuzrhGTU3U4/Eleu8
++LcXi5zfIvO0SaSV7tvlYzrctW0O49EKCTvq/8cMws4qjKWlTE=
=WGe6
-----END PGP SIGNATURE-----
Reply to: