[DONE] wml://{security/2015/dla-165.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2015/dla-165.wml 2016-04-07 03:47:55.000000000 +0500
+++ russian/security/2015/dla-165.wml 2016-06-08 16:56:24.834147806 +0500
@@ -1,7 +1,8 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been fixed in eglibc, Debian's version of
- -the GNU C library.</p>
+<p>Ð? eglibc, веÑ?Ñ?ии библиоÑ?еки GNU C длÑ? Debian, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей.</p>
<ul>
@@ -9,118 +10,118 @@
<a href="https://security-tracker.debian.org/tracker/CVE-2015-1472">CVE-2015-1472</a>,
<a href="https://security-tracker.debian.org/tracker/CVE-2015-1473">CVE-2015-1473</a>
- - <p>The scanf family of functions do not properly limit stack
- - allocation, which allows context-dependent attackers to cause a
- - denial of service (crash) or possibly execute arbitrary code.</p>
+ <p>СемейÑ?Ñ?во Ñ?Ñ?нкÑ?ий scanf непÑ?авилÑ?но огÑ?аниÑ?иваеÑ? вÑ?деление
+ Ñ?Ñ?ека, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-3405">CVE-2012-3405</a>
- - <p>The printf family of functions do not properly calculate a buffer
- - length, which allows context-dependent attackers to bypass the
- - FORTIFY_SOURCE format-string protection mechanism and cause a
- - denial of service.</p></li>
+ <p>СемейÑ?Ñ?во Ñ?Ñ?нкÑ?ий printf непÑ?авилÑ?но вÑ?Ñ?иÑ?лÑ?еÑ? длинÑ?
+ бÑ?Ñ?еÑ?а, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а обÑ?одиÑ?Ñ?
+ меÑ?анизма заÑ?иÑ?Ñ? Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки FORTIFY_SOURCE и вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-3406">CVE-2012-3406</a>
- - <p>The printf family of functions do not properly limit stack
- - allocation, which allows context-dependent attackers to bypass the
- - FORTIFY_SOURCE format-string protection mechanism and cause a
- - denial of service (crash) or possibly execute arbitrary code via a
- - crafted format string.</p></li>
+ <p>СемейÑ?Ñ?во Ñ?Ñ?нкÑ?ий printf непÑ?авилÑ?но огÑ?аниÑ?иваеÑ? вÑ?деление
+ Ñ?Ñ?ека, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а обÑ?одиÑ?Ñ?
+ меÑ?анизм заÑ?иÑ?Ñ? Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки FORTIFY_SOURCE и вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ?
+ Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованной Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-3480">CVE-2012-3480</a>
- - <p>Multiple integer overflows in the strtod, strtof, strtold,
- - strtod_l, and other related functions allow local users to cause a
- - denial of service (application crash) and possibly execute
- - arbitrary code via a long string, which triggers a stack-based
- - buffer overflow.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е пеÑ?еполнениÑ? Ñ?елÑ?Ñ? Ñ?иÑ?ел в strtod, strtof, strtold,
+ strtod_l и дÑ?Ñ?гиÑ? Ñ?вÑ?заннÑ?Ñ? Ñ?Ñ?нкÑ?иÑ?Ñ? позволÑ?Ñ?Ñ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) и поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ?
+ пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? длиннÑ?Ñ? Ñ?Ñ?Ñ?ок, вÑ?зÑ?ваÑ?Ñ?иÑ? пеÑ?еполнение
+ бÑ?Ñ?еÑ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-4412">CVE-2012-4412</a>
- - <p>Integer overflow in the strcoll and wcscoll functions allows
- - context-dependent attackers to cause a denial of service (crash)
- - or possibly execute arbitrary code via a long string, which
- - triggers a heap-based buffer overflow.</p></li>
+ <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?Ñ?нкÑ?иÑ?Ñ? strcoll и wcscoll позволÑ?Ñ?Ñ?
+ злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка)
+ или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? длиннÑ?Ñ? Ñ?Ñ?Ñ?ок, вÑ?зÑ?ваÑ?Ñ?иÑ?
+ пеÑ?еполнение динамиÑ?еÑ?кой памÑ?Ñ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-4424">CVE-2012-4424</a>
- - <p>Stack-based buffer overflow in the strcoll and wcscoll functions
- - allows context-dependent attackers to cause a denial of service
- - (crash) or possibly execute arbitrary code via a long string that
- - triggers a malloc failure and use of the alloca function.</p></li>
+ <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в Ñ?Ñ?нкÑ?иÑ?Ñ? strcoll и wcscoll
+ позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+ (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? длиннÑ?Ñ? Ñ?Ñ?Ñ?ок,
+ вÑ?зÑ?ваÑ?Ñ?иÑ? оÑ?ибкÑ? malloc и иÑ?полÑ?зование Ñ?Ñ?нкÑ?ии alloca.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-0242">CVE-2013-0242</a>
- - <p>Buffer overflow in the extend_buffers function in the regular
- - expression matcher allows context-dependent attackers to cause a
- - denial of service (memory corruption and crash) via crafted
- - multibyte characters.</p></li>
+ <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в Ñ?Ñ?нкÑ?ии extend_buffers в коде Ñ?Ñ?авнениÑ?
+ длÑ? Ñ?егÑ?лÑ?Ñ?нÑ?Ñ? вÑ?Ñ?ажений позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании (повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и и аваÑ?ийнаÑ? оÑ?Ñ?ановка) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но
+ Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? многобайÑ?овÑ?Ñ? Ñ?имволов.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-1914">CVE-2013-1914</a>,
<a href="https://security-tracker.debian.org/tracker/CVE-2013-4458">CVE-2013-4458</a>
- - <p>Stack-based buffer overflow in the getaddrinfo function allows
- - remote attackers to cause a denial of service (crash) via a
- - hostname or IP address that triggers a large number of domain
- - conversion results.</p></li>
+ <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в Ñ?Ñ?нкÑ?ии getaddrinfo позволÑ?еÑ?
+ Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) Ñ? помоÑ?Ñ?Ñ?
+ имени Ñ?зла или IP адÑ?еÑ?а, коÑ?оÑ?Ñ?е пÑ?и иÑ? обÑ?абоÑ?ке кодом длÑ? пÑ?еобÑ?азованиÑ? домена
+ пÑ?иводÑ?Ñ? к поÑ?ождениÑ? болÑ?Ñ?ого Ñ?иÑ?ла Ñ?езÑ?лÑ?Ñ?аÑ?ов пÑ?еобÑ?азованиÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4237">CVE-2013-4237</a>
- - <p>readdir_r allows context-dependent attackers to cause a denial of
- - service (out-of-bounds write and crash) or possibly execute
- - arbitrary code via a malicious NTFS image or CIFS service.</p></li>
+ <p>readdir_r позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+ обÑ?лÑ?живании (запиÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и и аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ?
+ пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но подгоÑ?овленного обÑ?аза NTFS или Ñ?лÑ?жбÑ? CIFS.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4332">CVE-2013-4332</a>
- - <p>Multiple integer overflows in malloc/malloc.c allow
- - context-dependent attackers to cause a denial of service (heap
- - corruption) via a large value to the pvalloc, valloc,
- - posix_memalign, memalign, or aligned_alloc functions.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е пеÑ?еполнениÑ? Ñ?елÑ?Ñ? Ñ?иÑ?ел в malloc/malloc.c позволÑ?Ñ?Ñ?
+ злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (повÑ?еждение
+ Ñ?одеÑ?жимого динамиÑ?еÑ?кой памÑ?Ñ?и) Ñ? помоÑ?Ñ?Ñ? болÑ?Ñ?ого знаÑ?ениÑ?, пеÑ?едаваемого Ñ?Ñ?нкÑ?иÑ?м pvalloc,
+ valloc, posix_memalign, memalign или aligned_alloc.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4357">CVE-2013-4357</a>
- - <p>The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
- - getservbyname_r, getservbyport, getservbyport_r, and glob
- - functions do not properly limit stack allocation, which allows
- - context-dependent attackers to cause a denial of service (crash)
- - or possibly execute arbitrary code.</p></li>
+ <p>ФÑ?нкÑ?ии getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
+ getservbyname_r, getservbyport, getservbyport_r и glob
+ непÑ?авилÑ?но огÑ?аниÑ?иваÑ?Ñ? вÑ?деление Ñ?Ñ?ека, Ñ?Ñ?о позволÑ?еÑ?
+ злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка)
+ или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4788">CVE-2013-4788</a>
- - <p>When the GNU C library is statically linked into an executable,
- - the PTR_MANGLE implementation does not initialize the random value
- - for the pointer guard, so that various hardening mechanisms are not
- - effective.</p></li>
+ <p>Ð?Ñ?ли библиоÑ?ека GNU C Ñ?Ñ?аÑ?иÑ?еÑ?ки Ñ?компонована в вÑ?полнÑ?емÑ?й Ñ?айл,
+ Ñ?о Ñ?еализаÑ?иÑ? PTR_MANGLE не вÑ?полнÑ?еÑ? иниÑ?иализаÑ?иÑ? Ñ?лÑ?Ñ?айного знаÑ?ениÑ?
+ длÑ? заÑ?иÑ?ника Ñ?казаÑ?елей, поÑ?Ñ?омÑ? Ñ?азлиÑ?нÑ?е меÑ?анизмÑ? повÑ?Ñ?ениÑ? Ñ?Ñ?овнÑ? заÑ?иÑ?Ñ?нноÑ?Ñ?и
+ оказÑ?ваÑ?Ñ?Ñ?Ñ? неÑ?Ñ?Ñ?екÑ?ивнÑ?ми.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-7423">CVE-2013-7423</a>
- - <p>The send_dg function in resolv/res_send.c does not properly reuse
- - file descriptors, which allows remote attackers to send DNS
- - queries to unintended locations via a large number of requests that
- - trigger a call to the getaddrinfo function.</p></li>
+ <p>ФÑ?нкÑ?иÑ? send_dg в resolv/res_send.c непÑ?авилÑ?но повÑ?оÑ?но иÑ?полÑ?зÑ?еÑ?
+ Ñ?айловÑ?е деÑ?кÑ?ипÑ?оÑ?Ñ?, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленника оÑ?Ñ?Ñ?лаÑ?Ñ?
+ DNS-запÑ?оÑ?Ñ? в неожиданнÑ?е меÑ?Ñ?а Ñ? помоÑ?Ñ?Ñ? болÑ?Ñ?ого Ñ?иÑ?ла запÑ?оÑ?ов, пÑ?иводÑ?Ñ?иÑ?
+ к вÑ?зовÑ? Ñ?Ñ?нкÑ?ии getaddrinfo.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-7424">CVE-2013-7424</a>
- - <p>The getaddrinfo function may attempt to free an invalid pointer
- - when handling IDNs (Internationalised Domain Names), which allows
- - remote attackers to cause a denial of service (crash) or possibly
- - execute arbitrary code.</p></li>
+ <p>ФÑ?нкÑ?иÑ? getaddrinfo можеÑ? попÑ?Ñ?аÑ?Ñ?Ñ?Ñ? оÑ?вободиÑ?Ñ? некоÑ?Ñ?екÑ?нÑ?й Ñ?казаÑ?елÑ?
+ пÑ?и обÑ?абоÑ?ке IDN (инÑ?еÑ?наÑ?ионализиÑ?ованнÑ?Ñ? имÑ?н доменов), Ñ?Ñ?о позволÑ?еÑ?
+ Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но
+ вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-4043">CVE-2014-4043</a>
- - <p>The posix_spawn_file_actions_addopen function does not copy its
- - path argument in accordance with the POSIX specification, which
- - allows context-dependent attackers to trigger use-after-free
- - vulnerabilities.</p></li>
+ <p>ФÑ?нкÑ?иÑ? posix_spawn_file_actions_addopen не вÑ?полнÑ?еÑ? копиÑ?ование аÑ?гÑ?менÑ?а
+ пÑ?Ñ?и в Ñ?ооÑ?веÑ?Ñ?Ñ?вии Ñ?о Ñ?пеÑ?иÑ?икаÑ?ией POSIX, Ñ?Ñ?о
+ позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? иÑ?полÑ?зование
+ Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и.</p></li>
</ul>
- -<p>For the oldstable distribution (squeeze), these problems have been fixed
- -in version 2.11.3-4+deb6u5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 2.11.3-4+deb6u5.</p>
- -<p>For the stable distribution (wheezy), these problems were fixed in
- -version 2.13-38+deb7u8 or earlier.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (wheezy) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.13-38+deb7u8 или более Ñ?анниÑ?.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXWAfwAAoJEF7nbuICFtKlMqwP/RBpj1jyINXKnm+IR6c1hfG9
YwTLiLr6IEOeZCZ2ohxA3GEVkmRyGuMoxOhXemKKYu9W+ZX1ODusXptW2Da1T8BH
Ci5Dh7pfeeMpZCcEFQ/4CBB4RqJTkp9NMOCGNJFiyaB6lvc3T9X/1xECJ0Aj5rAN
KvDZWWIUg6um/vtQFJqhH/gvMxnmYfg5rnplBA0vHto/FawGUS02fRBP2IwkqqUD
MRE1oCfxlbGTuIiTKFwKizHbFlfiJYFNThOp1e9lBqXQRtCBv2XzQN566BKMLxMs
NhJjZLaxQqpfDeerwEN3ud+xS9XEWEBSGCTk3+C+2mZs7/HFr+F+GtwqNb466w3Z
FXYOc4WY45pTzSYl0LreaN+MhSMeKAWHZXPfIr1KVvgkZGmNR/zu+kjVmjM3iKXB
Aph7ZP0OaqDIywtHAxOa1OhRBs3XJ6xXmk2Fjgshj8rCcpR0hRBhnkztMtaH+t6H
iKt0lq0TpLF3Aczm7JMBYdrZUZVTmXswptn4h4u7j2YI0+QLBPMl9f7OkPpnJvtW
asjt6L/Q1YMomzziaGjcDurk1tZGZ1kFhGWUptyY/5Xt9d3f0H+8kfGN9IPbU6Lf
G+3jCCj+s2V5igRuA2jse+bJzupn7xbbKrJHYS01QSsZhBUdonrWXCye6Xr7wDVQ
5uyq0Ru3iNt9LlIAqJNy
=u8qH
-----END PGP SIGNATURE-----
Reply to: