[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2015/dla-307.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-307.wml	2016-06-07 16:39:34.000000000 +0500
+++ russian/security/2015/dla-307.wml	2016-06-07 16:40:10.760819072 +0500
@@ -1,93 +1,94 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
 <ul>
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3307";>CVE-2015-3307</a>
- -     <p>The phar_parse_metadata function in ext/phar/phar.c in PHP before
- -     5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote
- -     attackers to cause a denial of service (heap metadata corruption)
- -     or possibly have unspecified other impact via a crafted tar archive.</p></li>
+     <p>ФÑ?нкÑ?иÑ? phar_parse_metadata в ext/phar/phar.c в PHP до веÑ?Ñ?ии
+     5.4.40, 5.5.x до веÑ?Ñ?ии 5.5.24 и 5.6.x до веÑ?Ñ?ии 5.6.8 позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+     злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (повÑ?еждение меÑ?аданнÑ?Ñ? динамиÑ?еÑ?кой памÑ?Ñ?и)
+     или оказÑ?ваÑ?Ñ? какое-Ñ?о дÑ?Ñ?гое влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного аÑ?Ñ?ива tar.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3411";>CVE-2015-3411</a> + <a href="https://security-tracker.debian.org/tracker/CVE-2015-3412";>CVE-2015-3412</a>
- -     <p>Fixed bug #69353 (Missing null byte checks for paths in various
- -     PHP extensions).</p></li>
+     <p>Ð?Ñ?пÑ?авлена оÑ?ибка #69353 (оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие пÑ?овеÑ?кой null-байÑ?ов длÑ? пÑ?Ñ?ей в Ñ?азлиÑ?нÑ?Ñ?
+     Ñ?аÑ?Ñ?иÑ?ениÑ?Ñ? PHP).</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4021";>CVE-2015-4021</a>
- -     <p>The phar_parse_tarfile function in ext/phar/tar.c in PHP
- -     before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9
- -     does not verify that the first character of a filename is
- -     different from the \0 character, which allows remote attackers
- -     to cause a denial of service (integer underflow and memory
- -     corruption) via a crafted entry in a tar archive.</p></li>
+     <p>ФÑ?нкÑ?иÑ? phar_parse_tarfile в ext/phar/tar.c в PHP
+     до веÑ?Ñ?ии 5.4.41, 5.5.x до веÑ?Ñ?ии 5.5.25 и 5.6.x до веÑ?Ñ?ии 5.6.9
+     не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?ого, Ñ?Ñ?обÑ? пеÑ?вÑ?й Ñ?имвол имени Ñ?айла оÑ?лиÑ?аеÑ?Ñ?Ñ?
+     оÑ? Ñ?имвола \0, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+     вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (оÑ?Ñ?иÑ?аÑ?елÑ?ное пеÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел и повÑ?еждение
+     Ñ?одеÑ?жимого памÑ?Ñ?и) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованной запиÑ?и в аÑ?Ñ?иве tar.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4022";>CVE-2015-4022</a>
- -     <p>Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP
- -     before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows
- -     remote FTP servers to execute arbitrary code via a long reply to a
- -     LIST command, leading to a heap-based buffer overflow.</p></li>
+     <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?Ñ?нкÑ?ии ftp_genlist в ext/ftp/ftp.c в PHP
+     до веÑ?Ñ?ии 5.4.41, 5.5.x до веÑ?Ñ?ии 5.5.25 и 5.6.x до веÑ?Ñ?ии 5.6.9 позволÑ?еÑ?
+     Ñ?далÑ?ннÑ?м FTP-Ñ?еÑ?веÑ?ам вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? длинного оÑ?веÑ?а на
+     командÑ? LIST, Ñ?Ñ?о пÑ?иводиÑ? к пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4025";>CVE-2015-4025</a>
- -     <p>PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9
- -     truncates a pathname upon encountering a \x00 character in certain
- -     situations, which allows remote attackers to bypass intended
- -     extension restrictions and access files or directories with
- -     unexpected names via a crafted argument to (1) set_include_path,
- -     (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability
- -     exists because of an incomplete fix for <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243";>CVE-2006-7243</a>.</p></li>
+     <p>PHP до веÑ?Ñ?ии 5.4.41, 5.5.x до веÑ?Ñ?ии 5.5.25 и 5.6.x до веÑ?Ñ?ии 5.6.9
+     в опÑ?еделÑ?ннÑ?Ñ? Ñ?иÑ?Ñ?аÑ?иÑ?Ñ? обÑ?езаеÑ? пÑ?Ñ?Ñ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли в нÑ?м вÑ?Ñ?Ñ?еÑ?аеÑ?Ñ?Ñ?
+     Ñ?имвол \x00, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам обÑ?одиÑ?Ñ? Ñ?пеÑ?иалÑ?нÑ?е
+     огÑ?аниÑ?ениÑ? Ñ?аÑ?Ñ?иÑ?ений и полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к Ñ?айлам и каÑ?алогам Ñ?
+     неожиданнÑ?ми именами Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного аÑ?гÑ?менÑ?а (1) set_include_path,
+     (2) tempnam, (3) rmdir или (4) readlink. Ð?Ð?Ð?Ð?Ð?Ð?Ð?Ð?: Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ?
+     пÑ?иÑ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? в PHP из-за неполного иÑ?пÑ?авлениÑ? длÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243";>CVE-2006-7243</a>.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4026";>CVE-2015-4026</a>
- -     <p>The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before
- -     5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering
- -     a \x00 character, which might allow remote attackers to bypass
- -     intended extension restrictions and execute files with unexpected
- -     names via a crafted first argument. NOTE: this vulnerability exists
- -     because of an incomplete fix for <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243";>CVE-2006-7243</a>.</p></li>
+     <p>РеализаÑ?иÑ? pcntl_exec в PHP до веÑ?Ñ?ии 5.4.41, 5.5.x до веÑ?Ñ?ии
+     5.5.25 и 5.6.x до веÑ?Ñ?ии 5.6.9 обÑ?езаеÑ? пÑ?Ñ?Ñ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли в нÑ?м вÑ?Ñ?Ñ?еÑ?аеÑ?Ñ?Ñ?
+     Ñ?имвол \x00, Ñ?Ñ?о можеÑ? позволиÑ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам обÑ?одиÑ?Ñ?
+     Ñ?пеÑ?иалÑ?нÑ?е огÑ?аниÑ?ениÑ? Ñ?аÑ?Ñ?иÑ?ений и вÑ?полнÑ?Ñ?Ñ? Ñ?айлÑ? Ñ? неожиданнÑ?ми
+     именами Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного пеÑ?вого аÑ?гÑ?менÑ?а. Ð?Ð?Ð?Ð?Ð?Ð?Ð?Ð?: Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? пÑ?иÑ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?
+     в PHP из-за неполного иÑ?пÑ?авлениÑ? длÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243";>CVE-2006-7243</a>.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4147";>CVE-2015-4147</a>
- -     <p>The SoapClient::__call method in ext/soap/soap.c in PHP before
- -     5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not
- -     verify that __default_headers is an array, which allows remote
- -     attackers to execute arbitrary code by providing crafted
- -     serialized data with an unexpected data type, related to a <q>type
- -     confusion</q> issue.</p></li>
+     <p>Ð?еÑ?од SoapClient::__call в ext/soap/soap.c в PHP до веÑ?Ñ?ии
+     5.4.39, 5.5.x до веÑ?Ñ?ии 5.5.23 и 5.6.x до веÑ?Ñ?ии 5.6.7 не вÑ?полнÑ?еÑ?
+     пÑ?овеÑ?кÑ? Ñ?ого, Ñ?Ñ?о __default_headers Ñ?влÑ?еÑ?Ñ?Ñ? маÑ?Ñ?овом, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+     злоÑ?мÑ?Ñ?ленникам вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код, пеÑ?едаваÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?е
+     Ñ?еÑ?иализованнÑ?е даннÑ?е Ñ? неожиданнÑ?м Ñ?ипом даннÑ?Ñ?. ЭÑ?а пÑ?облема Ñ?вÑ?зана Ñ? пÑ?облемой
+     <q>Ñ?меÑ?ениÑ? Ñ?ипов</q>.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4148";>CVE-2015-4148</a>
- -     <p>The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39,
- -     5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that
- -     the uri property is a string, which allows remote attackers to
- -     obtain sensitive information by providing crafted serialized data
- -     with an int data type, related to a <q>type confusion</q> issue.</p></li>
+     <p>ФÑ?нкÑ?иÑ? do_soap_call в ext/soap/soap.c в PHP до веÑ?Ñ?ии 5.4.39,
+     5.5.x до веÑ?Ñ?ии 5.5.23 и 5.6.x до веÑ?Ñ?ии 5.6.7 не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?ого, Ñ?Ñ?о
+     Ñ?войÑ?Ñ?во URI Ñ?влÑ?еÑ?Ñ?Ñ? Ñ?Ñ?Ñ?окой, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+     полÑ?Ñ?аÑ?Ñ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?нÑ?Ñ? инÑ?оÑ?маÑ?иÑ?, пÑ?едаваÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?е Ñ?еÑ?иализованнÑ?е даннÑ?е
+     Ñ? Ñ?ипом даннÑ?Ñ? int. ЭÑ?а пÑ?облема Ñ?вÑ?зана Ñ? пÑ?облемой <q>Ñ?меÑ?ениÑ? Ñ?ипов</q>.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4598";>CVE-2015-4598</a>
- -     <p>Incorrect handling of paths with NULs.</p></li>
+     <p>Ð?епÑ?авилÑ?наÑ? обÑ?абоÑ?ка пÑ?Ñ?ей, Ñ?одеÑ?жаÑ?иÑ? NUL.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4599";>CVE-2015-4599</a>
- -     <p>Type confusion vulnerability in exception::getTraceAsString.</p></li>
+     <p>СмеÑ?ение Ñ?ипов в exception::getTraceAsString.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4600";>CVE-2015-4600</a> + <a href="https://security-tracker.debian.org/tracker/CVE-2015-4601";>CVE-2015-4601</a>
- -     <p>Added type checks.</p></li>
+     <p>Ð?обавленÑ? пÑ?овеÑ?ки Ñ?ипов.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4602";>CVE-2015-4602</a>
- -     <p>Type Confusion Infoleak Vulnerability in unserialize() with SoapFault.</p></li>
+     <p>СмеÑ?ение Ñ?ипов в unserialize() Ñ? SoapFault.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4604";>CVE-2015-4604</a> + <a href="https://security-tracker.debian.org/tracker/CVE-2015-4605";>CVE-2015-4605</a>
- -     <p>denial of service when processing a crafted file with Fileinfo
- -     (already fixed in  CVE-2015-temp-68819.patch).</p></li>
+     <p>Ð?Ñ?каз в обÑ?лÑ?живании пÑ?и обÑ?абоÑ?ке Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла Ñ? Fileinfo
+     (Ñ?же иÑ?пÑ?авлено в CVE-2015-temp-68819.patch).</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4643";>CVE-2015-4643</a>
- -     <p>Improved fix for bug #69545 (Integer overflow in ftp_genlist()
- -     resulting in heap overflow).</p></li>
+     <p>УлÑ?Ñ?Ñ?ено иÑ?пÑ?авление оÑ?ибки #69545 (пеÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в ftp_genlist(),
+     пÑ?иводÑ?Ñ?ее к пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и).</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4644";>CVE-2015-4644</a>
- -     <p>Fixed bug #69667 (segfault in php_pgsql_meta_data).</p></li>
+     <p>Ð?Ñ?пÑ?авлена оÑ?ибка #69667 (оÑ?ибка Ñ?егменÑ?иÑ?ованиÑ? в php_pgsql_meta_data).</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5589";>CVE-2015-5589</a>
- -     <p>Segfault in Phar::convertToData on invalid file.</p></li>
+     <p>Ð?Ñ?ибка Ñ?егменÑ?иÑ?ованиÑ? в Phar::convertToData пÑ?и Ñ?абоÑ?е Ñ? некоÑ?Ñ?екÑ?нÑ?м Ñ?айлом.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5590";>CVE-2015-5590</a>
- -     <p>Buffer overflow and stack smashing error in phar_fix_filepath.</p></li>
+     <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а и Ñ?азбиение Ñ?Ñ?ека в phar_fix_filepath.</p></li>
 </ul>
 </define-tag>
 
 # do not modify the following line
 #include "$(ENGLISHDIR)/security/2015/dla-307.data"
- -# $Id: dla-307.wml,v 1.3 2016/06/07 11:39:34 dogsleg Exp $
+# $Id: dla-307.wml,v 1.2 2016/04/07 20:24:54 djpig Exp $
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXVrL3AAoJEF7nbuICFtKlXh8P/1d4rN7JZ9zbX/31c8ZTKXKv
O/K/0EGgHilJd9iMqutMSvVedjlqrJuIOlDBpBP5vRYV6/VzYKNXBtcLwh1zXXhG
3lvnnZzVKTxCihoXQEEVLBdL83gBMfUI0lC6U//Gfhzj9uawQPE7i8Nghnzon3Sy
pYHK4R1sjbWrEF3zEyshd1kTf+e7c6l7wMilxDfrgCPj9ofdkyU08Ed18nAOrAsq
+FSmcreD5DcGwPGzO+mS8+HW2gG3xOVnvv51aRAkrKnqDQxtAHJKj8Tmw+lG62Fl
4IwgCIRFai/l9u5PLOMBhAtqNnsS+Q1sdlTZrXYgE6x7w8YPj3wwMIgE7vbfTTUc
wP6kH7UGZi79SAPHXDAwpmYHbuQlaMnPvoctzv2inMwEvgtchzxpAzhYEmMvWbyz
LRVMcMoAEafJZ/GeM3ShHEYX/OjX3YesP144IY26/r+A0f/8z2lIXpjZbssnMrHd
btwu/Y30fi7amQlpacl1PjxQ3Va50ImqlTezmHhh+pISzVERA6wZPzcTaO7lywee
eBKNbvUYM4e1bOp2YIw3PGWUsQKukRclYgufH1ngM4pNDt8bfv2YLju6I3X6rxAh
f0URjkhJNuz0vCLOjsnwyW72G599sZA1XJbz0JDbAly0SstAR1VeGcF5ehhOMZB2
DYAnk4ihWZf6FdwGyCu3
=567Q
-----END PGP SIGNATURE-----
Reply to: