[DONE] wml://{security/2015/dla-307.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2015/dla-307.wml 2016-06-07 16:39:34.000000000 +0500
+++ russian/security/2015/dla-307.wml 2016-06-07 16:40:10.760819072 +0500
@@ -1,93 +1,94 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3307">CVE-2015-3307</a>
- - <p>The phar_parse_metadata function in ext/phar/phar.c in PHP before
- - 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote
- - attackers to cause a denial of service (heap metadata corruption)
- - or possibly have unspecified other impact via a crafted tar archive.</p></li>
+ <p>ФÑ?нкÑ?иÑ? phar_parse_metadata в ext/phar/phar.c в PHP до веÑ?Ñ?ии
+ 5.4.40, 5.5.x до веÑ?Ñ?ии 5.5.24 и 5.6.x до веÑ?Ñ?ии 5.6.8 позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (повÑ?еждение меÑ?аданнÑ?Ñ? динамиÑ?еÑ?кой памÑ?Ñ?и)
+ или оказÑ?ваÑ?Ñ? какое-Ñ?о дÑ?Ñ?гое влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного аÑ?Ñ?ива tar.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-3411">CVE-2015-3411</a> + <a href="https://security-tracker.debian.org/tracker/CVE-2015-3412">CVE-2015-3412</a>
- - <p>Fixed bug #69353 (Missing null byte checks for paths in various
- - PHP extensions).</p></li>
+ <p>Ð?Ñ?пÑ?авлена оÑ?ибка #69353 (оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие пÑ?овеÑ?кой null-байÑ?ов длÑ? пÑ?Ñ?ей в Ñ?азлиÑ?нÑ?Ñ?
+ Ñ?аÑ?Ñ?иÑ?ениÑ?Ñ? PHP).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4021">CVE-2015-4021</a>
- - <p>The phar_parse_tarfile function in ext/phar/tar.c in PHP
- - before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9
- - does not verify that the first character of a filename is
- - different from the \0 character, which allows remote attackers
- - to cause a denial of service (integer underflow and memory
- - corruption) via a crafted entry in a tar archive.</p></li>
+ <p>ФÑ?нкÑ?иÑ? phar_parse_tarfile в ext/phar/tar.c в PHP
+ до веÑ?Ñ?ии 5.4.41, 5.5.x до веÑ?Ñ?ии 5.5.25 и 5.6.x до веÑ?Ñ?ии 5.6.9
+ не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?ого, Ñ?Ñ?обÑ? пеÑ?вÑ?й Ñ?имвол имени Ñ?айла оÑ?лиÑ?аеÑ?Ñ?Ñ?
+ оÑ? Ñ?имвола \0, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+ вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (оÑ?Ñ?иÑ?аÑ?елÑ?ное пеÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел и повÑ?еждение
+ Ñ?одеÑ?жимого памÑ?Ñ?и) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованной запиÑ?и в аÑ?Ñ?иве tar.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4022">CVE-2015-4022</a>
- - <p>Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP
- - before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows
- - remote FTP servers to execute arbitrary code via a long reply to a
- - LIST command, leading to a heap-based buffer overflow.</p></li>
+ <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?Ñ?нкÑ?ии ftp_genlist в ext/ftp/ftp.c в PHP
+ до веÑ?Ñ?ии 5.4.41, 5.5.x до веÑ?Ñ?ии 5.5.25 и 5.6.x до веÑ?Ñ?ии 5.6.9 позволÑ?еÑ?
+ Ñ?далÑ?ннÑ?м FTP-Ñ?еÑ?веÑ?ам вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? длинного оÑ?веÑ?а на
+ командÑ? LIST, Ñ?Ñ?о пÑ?иводиÑ? к пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4025">CVE-2015-4025</a>
- - <p>PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9
- - truncates a pathname upon encountering a \x00 character in certain
- - situations, which allows remote attackers to bypass intended
- - extension restrictions and access files or directories with
- - unexpected names via a crafted argument to (1) set_include_path,
- - (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability
- - exists because of an incomplete fix for <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243">CVE-2006-7243</a>.</p></li>
+ <p>PHP до веÑ?Ñ?ии 5.4.41, 5.5.x до веÑ?Ñ?ии 5.5.25 и 5.6.x до веÑ?Ñ?ии 5.6.9
+ в опÑ?еделÑ?ннÑ?Ñ? Ñ?иÑ?Ñ?аÑ?иÑ?Ñ? обÑ?езаеÑ? пÑ?Ñ?Ñ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли в нÑ?м вÑ?Ñ?Ñ?еÑ?аеÑ?Ñ?Ñ?
+ Ñ?имвол \x00, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам обÑ?одиÑ?Ñ? Ñ?пеÑ?иалÑ?нÑ?е
+ огÑ?аниÑ?ениÑ? Ñ?аÑ?Ñ?иÑ?ений и полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к Ñ?айлам и каÑ?алогам Ñ?
+ неожиданнÑ?ми именами Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного аÑ?гÑ?менÑ?а (1) set_include_path,
+ (2) tempnam, (3) rmdir или (4) readlink. Ð?Ð?Ð?Ð?Ð?Ð?Ð?Ð?: Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ?
+ пÑ?иÑ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? в PHP из-за неполного иÑ?пÑ?авлениÑ? длÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243">CVE-2006-7243</a>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4026">CVE-2015-4026</a>
- - <p>The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before
- - 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering
- - a \x00 character, which might allow remote attackers to bypass
- - intended extension restrictions and execute files with unexpected
- - names via a crafted first argument. NOTE: this vulnerability exists
- - because of an incomplete fix for <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243">CVE-2006-7243</a>.</p></li>
+ <p>РеализаÑ?иÑ? pcntl_exec в PHP до веÑ?Ñ?ии 5.4.41, 5.5.x до веÑ?Ñ?ии
+ 5.5.25 и 5.6.x до веÑ?Ñ?ии 5.6.9 обÑ?езаеÑ? пÑ?Ñ?Ñ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли в нÑ?м вÑ?Ñ?Ñ?еÑ?аеÑ?Ñ?Ñ?
+ Ñ?имвол \x00, Ñ?Ñ?о можеÑ? позволиÑ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам обÑ?одиÑ?Ñ?
+ Ñ?пеÑ?иалÑ?нÑ?е огÑ?аниÑ?ениÑ? Ñ?аÑ?Ñ?иÑ?ений и вÑ?полнÑ?Ñ?Ñ? Ñ?айлÑ? Ñ? неожиданнÑ?ми
+ именами Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного пеÑ?вого аÑ?гÑ?менÑ?а. Ð?Ð?Ð?Ð?Ð?Ð?Ð?Ð?: Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? пÑ?иÑ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?
+ в PHP из-за неполного иÑ?пÑ?авлениÑ? длÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243">CVE-2006-7243</a>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4147">CVE-2015-4147</a>
- - <p>The SoapClient::__call method in ext/soap/soap.c in PHP before
- - 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not
- - verify that __default_headers is an array, which allows remote
- - attackers to execute arbitrary code by providing crafted
- - serialized data with an unexpected data type, related to a <q>type
- - confusion</q> issue.</p></li>
+ <p>Ð?еÑ?од SoapClient::__call в ext/soap/soap.c в PHP до веÑ?Ñ?ии
+ 5.4.39, 5.5.x до веÑ?Ñ?ии 5.5.23 и 5.6.x до веÑ?Ñ?ии 5.6.7 не вÑ?полнÑ?еÑ?
+ пÑ?овеÑ?кÑ? Ñ?ого, Ñ?Ñ?о __default_headers Ñ?влÑ?еÑ?Ñ?Ñ? маÑ?Ñ?овом, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код, пеÑ?едаваÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?е
+ Ñ?еÑ?иализованнÑ?е даннÑ?е Ñ? неожиданнÑ?м Ñ?ипом даннÑ?Ñ?. ÐÑ?а пÑ?облема Ñ?вÑ?зана Ñ? пÑ?облемой
+ <q>Ñ?меÑ?ениÑ? Ñ?ипов</q>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4148">CVE-2015-4148</a>
- - <p>The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39,
- - 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that
- - the uri property is a string, which allows remote attackers to
- - obtain sensitive information by providing crafted serialized data
- - with an int data type, related to a <q>type confusion</q> issue.</p></li>
+ <p>ФÑ?нкÑ?иÑ? do_soap_call в ext/soap/soap.c в PHP до веÑ?Ñ?ии 5.4.39,
+ 5.5.x до веÑ?Ñ?ии 5.5.23 и 5.6.x до веÑ?Ñ?ии 5.6.7 не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?ого, Ñ?Ñ?о
+ Ñ?войÑ?Ñ?во URI Ñ?влÑ?еÑ?Ñ?Ñ? Ñ?Ñ?Ñ?окой, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+ полÑ?Ñ?аÑ?Ñ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?нÑ?Ñ? инÑ?оÑ?маÑ?иÑ?, пÑ?едаваÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?е Ñ?еÑ?иализованнÑ?е даннÑ?е
+ Ñ? Ñ?ипом даннÑ?Ñ? int. ÐÑ?а пÑ?облема Ñ?вÑ?зана Ñ? пÑ?облемой <q>Ñ?меÑ?ениÑ? Ñ?ипов</q>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4598">CVE-2015-4598</a>
- - <p>Incorrect handling of paths with NULs.</p></li>
+ <p>Ð?епÑ?авилÑ?наÑ? обÑ?абоÑ?ка пÑ?Ñ?ей, Ñ?одеÑ?жаÑ?иÑ? NUL.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4599">CVE-2015-4599</a>
- - <p>Type confusion vulnerability in exception::getTraceAsString.</p></li>
+ <p>СмеÑ?ение Ñ?ипов в exception::getTraceAsString.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4600">CVE-2015-4600</a> + <a href="https://security-tracker.debian.org/tracker/CVE-2015-4601">CVE-2015-4601</a>
- - <p>Added type checks.</p></li>
+ <p>Ð?обавленÑ? пÑ?овеÑ?ки Ñ?ипов.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4602">CVE-2015-4602</a>
- - <p>Type Confusion Infoleak Vulnerability in unserialize() with SoapFault.</p></li>
+ <p>СмеÑ?ение Ñ?ипов в unserialize() Ñ? SoapFault.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4604">CVE-2015-4604</a> + <a href="https://security-tracker.debian.org/tracker/CVE-2015-4605">CVE-2015-4605</a>
- - <p>denial of service when processing a crafted file with Fileinfo
- - (already fixed in CVE-2015-temp-68819.patch).</p></li>
+ <p>Ð?Ñ?каз в обÑ?лÑ?живании пÑ?и обÑ?абоÑ?ке Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла Ñ? Fileinfo
+ (Ñ?же иÑ?пÑ?авлено в CVE-2015-temp-68819.patch).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4643">CVE-2015-4643</a>
- - <p>Improved fix for bug #69545 (Integer overflow in ftp_genlist()
- - resulting in heap overflow).</p></li>
+ <p>УлÑ?Ñ?Ñ?ено иÑ?пÑ?авление оÑ?ибки #69545 (пеÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в ftp_genlist(),
+ пÑ?иводÑ?Ñ?ее к пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-4644">CVE-2015-4644</a>
- - <p>Fixed bug #69667 (segfault in php_pgsql_meta_data).</p></li>
+ <p>Ð?Ñ?пÑ?авлена оÑ?ибка #69667 (оÑ?ибка Ñ?егменÑ?иÑ?ованиÑ? в php_pgsql_meta_data).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5589">CVE-2015-5589</a>
- - <p>Segfault in Phar::convertToData on invalid file.</p></li>
+ <p>Ð?Ñ?ибка Ñ?егменÑ?иÑ?ованиÑ? в Phar::convertToData пÑ?и Ñ?абоÑ?е Ñ? некоÑ?Ñ?екÑ?нÑ?м Ñ?айлом.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5590">CVE-2015-5590</a>
- - <p>Buffer overflow and stack smashing error in phar_fix_filepath.</p></li>
+ <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а и Ñ?азбиение Ñ?Ñ?ека в phar_fix_filepath.</p></li>
</ul>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2015/dla-307.data"
- -# $Id: dla-307.wml,v 1.3 2016/06/07 11:39:34 dogsleg Exp $
+# $Id: dla-307.wml,v 1.2 2016/04/07 20:24:54 djpig Exp $
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXVrL3AAoJEF7nbuICFtKlXh8P/1d4rN7JZ9zbX/31c8ZTKXKv
O/K/0EGgHilJd9iMqutMSvVedjlqrJuIOlDBpBP5vRYV6/VzYKNXBtcLwh1zXXhG
3lvnnZzVKTxCihoXQEEVLBdL83gBMfUI0lC6U//Gfhzj9uawQPE7i8Nghnzon3Sy
pYHK4R1sjbWrEF3zEyshd1kTf+e7c6l7wMilxDfrgCPj9ofdkyU08Ed18nAOrAsq
+FSmcreD5DcGwPGzO+mS8+HW2gG3xOVnvv51aRAkrKnqDQxtAHJKj8Tmw+lG62Fl
4IwgCIRFai/l9u5PLOMBhAtqNnsS+Q1sdlTZrXYgE6x7w8YPj3wwMIgE7vbfTTUc
wP6kH7UGZi79SAPHXDAwpmYHbuQlaMnPvoctzv2inMwEvgtchzxpAzhYEmMvWbyz
LRVMcMoAEafJZ/GeM3ShHEYX/OjX3YesP144IY26/r+A0f/8z2lIXpjZbssnMrHd
btwu/Y30fi7amQlpacl1PjxQ3Va50ImqlTezmHhh+pISzVERA6wZPzcTaO7lywee
eBKNbvUYM4e1bOp2YIw3PGWUsQKukRclYgufH1ngM4pNDt8bfv2YLju6I3X6rxAh
f0URjkhJNuz0vCLOjsnwyW72G599sZA1XJbz0JDbAly0SstAR1VeGcF5ehhOMZB2
DYAnk4ihWZf6FdwGyCu3
=567Q
-----END PGP SIGNATURE-----
Reply to: