[DONE] wml://{security/2015/dla-335.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2015/dla-335.wml 2016-04-08 01:24:54.000000000 +0500
+++ russian/security/2015/dla-335.wml 2016-06-08 23:22:32.308602334 +0500
@@ -1,148 +1,150 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>Several security issues where found in ntp:</p>
+<p>Ð? ntp бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко пÑ?облем безопаÑ?ноÑ?Ñ?и:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5146">CVE-2015-5146</a>
- - <p>A flaw was found in the way ntpd processed certain remote
- - configuration packets. An attacker could use a specially crafted
- - package to cause ntpd to crash if:</p>
+ <p>Ð?Ñ?ла обнаÑ?Ñ?жена Ñ?Ñ?звимоÑ?Ñ?Ñ? в Ñ?поÑ?обе, иÑ?полÑ?зÑ?емом ntpd длÑ? обÑ?абоÑ?ки опÑ?еделÑ?ннÑ?Ñ?
+ пакеÑ?ов Ñ?далÑ?нной наÑ?Ñ?Ñ?ойки. Ð?лоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й
+ пакеÑ? длÑ? вÑ?зова аваÑ?ийной оÑ?Ñ?ановки ntpd в Ñ?лÑ?Ñ?ае, еÑ?ли вÑ?полненÑ? Ñ?ледÑ?Ñ?Ñ?ие Ñ?Ñ?ловиÑ?:</p>
<ul>
- - <li>ntpd enabled remote configuration</li>
- - <li>The attacker had the knowledge of the configuration password</li>
- - <li>The attacker had access to a computer entrusted to perform remote
- - configuration</li>
+ <li>в ntpd вклÑ?Ñ?ена Ñ?далÑ?ннаÑ? наÑ?Ñ?Ñ?ойка,</li>
+ <li>злоÑ?мÑ?Ñ?ленник знаеÑ? паÑ?олÑ? длÑ? наÑ?Ñ?Ñ?ойки,</li>
+ <li>злоÑ?мÑ?Ñ?ленник имееÑ? доÑ?Ñ?Ñ?п к компÑ?Ñ?Ñ?еÑ?Ñ?, вÑ?одÑ?Ñ?емÑ? в Ñ?пиÑ?ок довеÑ?еннÑ?Ñ? компÑ?Ñ?Ñ?еÑ?ов, Ñ? коÑ?оÑ?Ñ?Ñ?
+ можно вÑ?полнÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?Ñ? наÑ?Ñ?Ñ?ойкÑ?.</li>
</ul>
- - <p>Note that remote configuration is disabled by default in NTP.</p></li>
+ <p>Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о Ñ?далÑ?ннаÑ? наÑ?Ñ?Ñ?ойка по Ñ?молÑ?аниÑ? оÑ?клÑ?Ñ?ена в NTP.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5194">CVE-2015-5194</a>
- - <p>It was found that ntpd could crash due to an uninitialized variable
- - when processing malformed logconfig configuration commands.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о ntpd аваÑ?ийно завеÑ?Ñ?аеÑ? Ñ?воÑ? Ñ?абоÑ?Ñ? из-за неиниÑ?иализиÑ?ованной пеÑ?еменной
+ пÑ?и обÑ?абоÑ?ке некоÑ?Ñ?екÑ?нÑ?Ñ? команд наÑ?Ñ?Ñ?ойки logconfig.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5195">CVE-2015-5195</a>
- - <p>It was found that ntpd exits with a segmentation fault when a
- - statistics type that was not enabled during compilation (e.g.
- - timingstats) is referenced by the statistics or filegen
- - configuration command</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о ntpd завеÑ?Ñ?аеÑ?Ñ?Ñ? Ñ? оÑ?ибкой Ñ?егменÑ?иÑ?ованиÑ? в Ñ?ом Ñ?лÑ?Ñ?ае,
+ еÑ?ли Ñ?ип Ñ?Ñ?аÑ?иÑ?Ñ?ики, коÑ?оÑ?Ñ?й не бÑ?л вклÑ?Ñ?ен в Ñ?оде компилÑ?Ñ?ии (напÑ?имеÑ?,
+ timingstats) Ñ?казÑ?ваеÑ?Ñ?Ñ? к команде наÑ?Ñ?Ñ?ойки statistics или
+ filegen</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5219">CVE-2015-5219</a>
- - <p>It was discovered that sntp program would hang in an infinite loop when
- - a crafted NTP packet was received, related to the conversion of the
- - precision value in the packet to double.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о пÑ?огÑ?амма sntp вÑ?одиÑ? в беÑ?конеÑ?нÑ?й Ñ?икл пÑ?и
+ полÑ?Ñ?ении Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного пакеÑ?а NTP. ÐÑ?а пÑ?облема Ñ?вÑ?зана Ñ? пÑ?еобÑ?азованием
+ Ñ?оÑ?ного знаÑ?ениÑ? в пакеÑ?е в веÑ?еÑ?Ñ?венное Ñ?иÑ?ло двойной Ñ?оÑ?ноÑ?Ñ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5300">CVE-2015-5300</a>
- - <p>It was found that ntpd did not correctly implement the -g option:</p>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о в ntpd непÑ?авилÑ?но Ñ?еализована опÑ?иÑ? -g:</p>
- - <p>Normally, ntpd exits with a message to the system log if the offset
- - exceeds the panic threshold, which is 1000 s by default. This
- - option allows the time to be set to any value without restriction;
- - however, this can happen only once. If the threshold is exceeded
- - after that, ntpd will exit with a message to the system log. This
- - option can be used with the -q and -x options.</p>
- -
- - <p>ntpd could actually step the clock multiple times by more than the
- - panic threshold if its clock discipline doesn't have enough time to
- - reach the sync state and stay there for at least one update. If a
- - man-in-the-middle attacker can control the NTP traffic since ntpd
- - was started (or maybe up to 15-30 minutes after that), they can
- - prevent the client from reaching the sync state and force it to step
- - its clock by any amount any number of times, which can be used by
- - attackers to expire certificates, etc.</p>
- -
- - <p>This is contrary to what the documentation says. Normally, the
- - assumption is that an MITM attacker can step the clock more than the
- - panic threshold only once when ntpd starts and to make a larger
- - adjustment the attacker has to divide it into multiple smaller
- - steps, each taking 15 minutes, which is slow.</p></li>
+ <p>Ð?Ñ?и обÑ?Ñ?нÑ?Ñ? обÑ?Ñ?оÑ?Ñ?елÑ?Ñ?Ñ?ваÑ? ntpd завеÑ?Ñ?аеÑ?Ñ?Ñ? Ñ? Ñ?ообÑ?ением в Ñ?иÑ?Ñ?емнÑ?й жÑ?Ñ?нал в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли
+ оÑ?Ñ?Ñ?Ñ?п пÑ?евÑ?Ñ?аеÑ? пÑ?еделÑ?нÑ?Ñ? длÑ? паники велиÑ?инÑ?, коÑ?оÑ?аÑ? по Ñ?молÑ?аниÑ? Ñ?авна 1000 Ñ?екÑ?нд. ÐÑ?а
+ опÑ?иÑ? позволÑ?еÑ? Ñ?Ñ?Ñ?анавливаÑ?Ñ? вÑ?емÑ? в лÑ?бое знаÑ?ение без огÑ?аниÑ?ений.
+ Тем не менее, Ñ?Ñ?о пÑ?оиÑ?Ñ?одиÑ? Ñ?олÑ?ко один Ñ?аз. Ð?Ñ?ли поÑ?ле Ñ?Ñ?ого пÑ?евÑ?Ñ?аеÑ?Ñ?Ñ?
+ пÑ?еделÑ?наÑ? велиÑ?ина, Ñ?о ntpd завеÑ?Ñ?аеÑ?Ñ?Ñ? Ñ? Ñ?ообÑ?ением в Ñ?иÑ?Ñ?емнÑ?й жÑ?Ñ?нал. ÐÑ?а
+ опÑ?иÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? Ñ? опÑ?иÑ?ми -q и -x.</p>
+
+ <p>ФакÑ?иÑ?еÑ?ки, ntpd должен изменÑ?Ñ?Ñ? вÑ?емÑ? неÑ?колÑ?ко Ñ?аз на более, Ñ?ем
+ пÑ?еделÑ?нÑ?Ñ? длÑ? паники велиÑ?инÑ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли поÑ?Ñ?док обÑ?лÑ?живаниÑ? Ñ?аÑ?ов не имееÑ? доÑ?Ñ?аÑ?оÑ?ного
+ колиÑ?еÑ?Ñ?ва вÑ?емени длÑ? доÑ?Ñ?ижениÑ? Ñ?оÑ?Ñ?оÑ?ниÑ? Ñ?инÑ?Ñ?онизаÑ?ии и оÑ?Ñ?аÑ?Ñ?Ñ?Ñ?
+ в Ñ?аком Ñ?оÑ?Ñ?оÑ?нии по менÑ?Ñ?ей меÑ?е одно обновление. Ð?Ñ?ли
+ злоÑ?мÑ?Ñ?ленник можеÑ? Ñ?пÑ?авлÑ?Ñ?Ñ? Ñ?Ñ?аÑ?иком NTP Ñ? моменÑ?а запÑ?Ñ?ка ntpd
+ (или вплоÑ?Ñ? до 15-30 минÑ?Ñ? поÑ?ле), Ñ?о он можеÑ?
+ не даÑ?Ñ? клиенÑ?Ñ? доÑ?Ñ?иÑ?Ñ? Ñ?оÑ?Ñ?оÑ?ниÑ? Ñ?инÑ?Ñ?онизаÑ?ии и заÑ?Ñ?авиÑ?Ñ? его пеÑ?евеÑ?Ñ?и
+ Ñ?аÑ?Ñ? на лÑ?бое колиÑ?еÑ?Ñ?во вÑ?емени лÑ?бое колиÑ?еÑ?Ñ?во Ñ?аз, Ñ?Ñ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+ злоÑ?мÑ?Ñ?ленниками длÑ? иÑ?кÑ?Ñ?Ñ?Ñ?венного оконÑ?аниÑ? дейÑ?Ñ?виÑ? Ñ?еÑ?Ñ?иÑ?икаÑ?ов и Ñ?. д.</p>
+
+ <p>ÐÑ?о поведение не Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?еÑ? Ñ?омÑ?, Ñ?Ñ?о напиÑ?ано в докÑ?менÑ?аÑ?ии. Ð?бÑ?Ñ?но
+ допÑ?Ñ?ение заклÑ?Ñ?аеÑ?Ñ?Ñ? в Ñ?ом, Ñ?Ñ?о MITM-злоÑ?мÑ?Ñ?ленник можеÑ? пеÑ?евеÑ?Ñ?и Ñ?аÑ?Ñ? на болÑ?Ñ?ее колиÑ?еÑ?Ñ?во
+ вÑ?емени за пÑ?еделÑ?нÑ?Ñ? длÑ? паники велиÑ?инÑ? Ñ?олÑ?ко один Ñ?аз в моменÑ? запÑ?Ñ?ка ntpd, и длÑ? Ñ?ого, Ñ?Ñ?обÑ? измениÑ?Ñ?
+ вÑ?емÑ? на какое-либо болÑ?Ñ?ое знаÑ?ение, злоÑ?мÑ?Ñ?ленникÑ? Ñ?ледÑ?еÑ? Ñ?азделиÑ?Ñ? Ñ?Ñ?о дейÑ?Ñ?вие на неÑ?колÑ?ко неболÑ?Ñ?иÑ?
+ Ñ?агов, каждÑ?й из коÑ?оÑ?Ñ?Ñ? занимаеÑ? 15 минÑ?Ñ?, Ñ?Ñ?о доволÑ?но медленно.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7691">CVE-2015-7691</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-7692">CVE-2015-7692</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-7702">CVE-2015-7702</a>
- - <p>It was found that the fix for <a href="https://security-tracker.debian.org/tracker/CVE-2014-9750">CVE-2014-9750</a> was incomplete: three
- - issues were found in the value length checks in ntp_crypto.c, where
- - a packet with particular autokey operations that contained malicious
- - data was not always being completely validated. Receipt of these
- - packets can cause ntpd to crash.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о иÑ?пÑ?авление длÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2014-9750">CVE-2014-9750</a> неполно: бÑ?ли
+ обнаÑ?Ñ?женÑ? пÑ?облемÑ? в пÑ?овеÑ?ке длинÑ? знаÑ?ениÑ? в ntp_crypto.c, где
+ пакеÑ? Ñ? опÑ?еделÑ?ннÑ?ми авÑ?оклÑ?Ñ?евÑ?ми опеÑ?аÑ?иÑ?ми, Ñ?одеÑ?жаÑ?ими некоÑ?Ñ?екÑ?нÑ?е
+ даннÑ?е, не вÑ?егда пÑ?овеÑ?Ñ?лÑ?Ñ? полноÑ?Ñ?Ñ?Ñ?. Ð?олÑ?Ñ?ение Ñ?Ñ?иÑ?
+ пакеÑ?ов пÑ?иводиÑ? к аваÑ?ийной оÑ?Ñ?ановке ntpd.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7701">CVE-2015-7701</a>
- - <p>A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is
- - configured to use autokey authentication, an attacker could send
- - packets to ntpd that would, after several days of ongoing attack,
- - cause it to run out of memory.</p></li>
+ <p>Ð? CRYPTO_ASSOC в ntpd бÑ?ла обнаÑ?Ñ?жена Ñ?Ñ?еÑ?ка памÑ?Ñ?и. Ð?Ñ?ли ntpd
+ наÑ?Ñ?Ñ?оен на иÑ?полÑ?зование авÑ?оклÑ?Ñ?евой аÑ?Ñ?енÑ?иÑ?икаÑ?ии, Ñ?о злоÑ?мÑ?Ñ?ленник можеÑ? оÑ?пÑ?авлÑ?Ñ?Ñ?
+ пакеÑ?Ñ? ntpd, коÑ?оÑ?Ñ?е по иÑ?Ñ?еÑ?ениÑ? неÑ?колÑ?киÑ? дней пÑ?одолжаÑ?Ñ?ей аÑ?аки
+ пÑ?иведÑ?Ñ? к иÑ?Ñ?оÑ?ениÑ? памÑ?Ñ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7703">CVE-2015-7703</a>
- - <p>Miroslav Lichvár of Red Hat found that the :config command can be
- - used to set the pidfile and driftfile paths without any
- - restrictions. A remote attacker could use this flaw to overwrite a
- - file on the file system with a file containing the pid of the ntpd
- - process (immediately) or the current estimated drift of the system
- - clock (in hourly intervals). For example:</p>
+ <p>Ð?иÑ?оÑ?лав Ð?иÑ?ваÑ? из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о команда :config можеÑ?
+ иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? Ñ?Ñ?Ñ?ановки пÑ?Ñ?ей к pid-Ñ?айлÑ? и drift-Ñ?айлÑ? без
+ какиÑ?-либо огÑ?аниÑ?ений. УдалÑ?ннÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? пеÑ?езапиÑ?и
+ Ñ?айла в Ñ?айловой Ñ?иÑ?Ñ?еме Ñ?айлом, Ñ?одеÑ?жаÑ?им pid пÑ?оÑ?еÑ?Ñ?а ntpd
+ или Ñ?екÑ?Ñ?ее оÑ?ениваемое Ñ?меÑ?ение Ñ?иÑ?Ñ?емнÑ?Ñ?
+ Ñ?аÑ?ов (в Ñ?аÑ?овÑ?Ñ? инÑ?еÑ?валаÑ?). Ð?апÑ?имеÑ?:</p>
<pre>
ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift'
</pre>
- - <p>In Debian ntpd is configured to drop root privileges, which limits
- - the impact of this issue.</p></li>
+ <p>Ð? Debian ntpd наÑ?Ñ?Ñ?оен Ñ?ак, Ñ?Ñ?обÑ? Ñ?бÑ?аÑ?Ñ?ваÑ?Ñ? пÑ?ивилегии Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?, Ñ?Ñ?о огÑ?аниÑ?иваеÑ?
+ влиÑ?ние Ñ?Ñ?ой пÑ?облемÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7704">CVE-2015-7704</a>
- - <p>When ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
- - from the server to reduce its polling rate, it doesn't check if the
- - originate timestamp in the reply matches the transmit timestamp from
- - its request. An off-path attacker can send a crafted KoD packet to
- - the client, which will increase the client's polling interval to a
- - large value and effectively disable synchronization with the server.</p></li>
+ <p>Ð?огда ntpd в каÑ?еÑ?Ñ?ве NTP-клиенÑ?а полÑ?Ñ?аеÑ? KoD-пакеÑ? (поÑ?елÑ?й Ñ?меÑ?Ñ?и)
+ оÑ? Ñ?еÑ?веÑ?а длÑ? Ñ?нижениÑ? Ñ?аÑ?Ñ?оÑ?Ñ? опÑ?оÑ?а, он не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?ого, Ñ?овпадаеÑ?
+ иниÑ?ииÑ?ованнаÑ? вÑ?еменнаÑ? оÑ?меÑ?ка в оÑ?веÑ?е Ñ? вÑ?еменной оÑ?меÑ?кой пеÑ?едаÑ?и из
+ запÑ?оÑ?а. Ð?лоÑ?мÑ?Ñ?ленник можеÑ? оÑ?пÑ?авиÑ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й KoD-пакеÑ?
+ клиенÑ?Ñ?, коÑ?оÑ?Ñ?й Ñ?велиÑ?иÑ? инÑ?еÑ?вал опÑ?оÑ?а клиенÑ?а
+ до болÑ?Ñ?ого знаÑ?ениÑ? и пÑ?иведÑ?Ñ? к оÑ?клÑ?Ñ?ениÑ? Ñ?инÑ?Ñ?онизаÑ?ии Ñ? Ñ?еÑ?веÑ?ом.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7850">CVE-2015-7850</a>
- - <p>An exploitable denial of service vulnerability exists in the remote
- - configuration functionality of the Network Time Protocol. A
- - specially crafted configuration file could cause an endless loop
- - resulting in a denial of service. An attacker could provide a the
- - malicious configuration file to trigger this vulnerability.</p></li>
+ <p>Ð? Ñ?далÑ?нной наÑ?Ñ?Ñ?ойке NTP имееÑ?Ñ?Ñ? оÑ?каз в обÑ?лÑ?живании, коÑ?оÑ?Ñ?й
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? злоÑ?мÑ?Ñ?ленниками. СпеÑ?иалÑ?но
+ Ñ?Ñ?оÑ?миÑ?ованнÑ?й Ñ?айл наÑ?Ñ?Ñ?ойки можеÑ? вÑ?зваÑ?Ñ? беÑ?конеÑ?нÑ?й Ñ?икл,
+ пÑ?иводÑ?Ñ?ий к оÑ?казÑ? в обÑ?лÑ?живании. Ð?лоÑ?мÑ?Ñ?ленник можеÑ? пеÑ?едаÑ?Ñ?
+ некоÑ?Ñ?екÑ?нÑ?й Ñ?айл наÑ?Ñ?Ñ?ойки Ñ? Ñ?елÑ?Ñ? вÑ?зова Ñ?казанной Ñ?Ñ?звимоÑ?Ñ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7851">CVE-2015-7851</a>
- - <p>A potential path traversal vulnerability exists in the config file
- - saving of ntpd on VMS. A specially crafted path could cause a path
- - traversal potentially resulting in files being overwritten. An
- - attacker could provide a malicious path to trigger this
- - vulnerability.</p>
+ <p>Ð? коде Ñ?оÑ?Ñ?анениÑ? Ñ?айла наÑ?Ñ?Ñ?ойки ntpd на VMS имееÑ?Ñ?Ñ? поÑ?енÑ?иалÑ?наÑ?
+ возможноÑ?Ñ?Ñ? обойÑ?и пÑ?Ñ?Ñ?. СпеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й пÑ?Ñ?Ñ? можеÑ? пÑ?иводиÑ?Ñ? к обÑ?одÑ?
+ пÑ?Ñ?и, Ñ?Ñ?о поÑ?енÑ?иалÑ?но пÑ?иводиÑ? к пеÑ?езапиÑ?и Ñ?айлов. Ð?лоÑ?мÑ?Ñ?ленник
+ можеÑ? пеÑ?едаÑ?Ñ? некоÑ?Ñ?екÑ?нÑ?й пÑ?Ñ?Ñ? Ñ? Ñ?елÑ?Ñ? вÑ?зова Ñ?казанной
+ Ñ?Ñ?звимоÑ?Ñ?и.</p>
- - <p>This issue does not affect Debian.</p></li>
+ <p>Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? не каÑ?аеÑ?Ñ?Ñ? Debian.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7852">CVE-2015-7852</a>
- - <p>A potential off by one vulnerability exists in the cookedprint
- - functionality of ntpq. A specially crafted buffer could cause a
- - buffer overflow potentially resulting in null byte being written out
- - of bounds.</p></li>
+ <p>Ð? cookedprint в ntpq имееÑ?Ñ?Ñ? поÑ?енÑ?иалÑ?наÑ? оÑ?ибка на
+ единиÑ?Ñ?. СпеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й бÑ?Ñ?еÑ? можеÑ? вÑ?зваÑ?Ñ?
+ пеÑ?еполнение бÑ?Ñ?еÑ?а, поÑ?енÑ?иалÑ?но пÑ?иводÑ?Ñ?ее к запиÑ?и null-байÑ?а за
+ пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7855">CVE-2015-7855</a>
- - <p>It was found that NTP's decodenetnum() would abort with an assertion
- - failure when processing a mode 6 or mode 7 packet containing an
- - unusually long data value where a network address was expected. This
- - could allow an authenticated attacker to crash ntpd.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? decodenetnum() в NTP пÑ?еÑ?Ñ?ваеÑ? Ñ?абоÑ?Ñ? Ñ?
+ оÑ?ибкой Ñ?Ñ?веÑ?ждениÑ? в Ñ?оде обÑ?абоÑ?ки пакеÑ?а Ñ?ежима 6 или Ñ?ежима 7, Ñ?одеÑ?жаÑ?его
+ необÑ?Ñ?но длинное знаÑ?ение даннÑ?Ñ? в меÑ?Ñ?е, где ожидаеÑ?Ñ?Ñ? Ñ?еÑ?евой адÑ?еÑ?. ÐÑ?о
+ можеÑ? позволиÑ?Ñ? аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованномÑ? злоÑ?мÑ?Ñ?ленникÑ? аваÑ?ийно завеÑ?Ñ?иÑ?Ñ? ntpd.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7871">CVE-2015-7871</a>
- - <p>An error handling logic error exists within ntpd that manifests due
- - to improper error condition handling associated with certain
- - crypto-NAK packets. An unauthenticated, off-path attacker can force
- - ntpd processes on targeted servers to peer with time sources of the
- - attacker's choosing by transmitting symmetric active crypto-NAK
- - packets to ntpd. This attack bypasses the authentication typically
- - required to establish a peer association and allows an attacker to
- - make arbitrary changes to system time.</p></li>
+ <p>Ð? ntpd имееÑ?Ñ?Ñ? оÑ?ибка в логике обÑ?абоÑ?ки оÑ?ибок, коÑ?оÑ?аÑ? пÑ?оÑ?влÑ?еÑ?Ñ?Ñ? из-за
+ некоÑ?Ñ?екÑ?ной обÑ?абоÑ?ки Ñ?оÑ?Ñ?оÑ?ниÑ? оÑ?ибки, Ñ?вÑ?занного Ñ? опÑ?еделÑ?ннÑ?ми
+ crypto-NAK пакеÑ?ов. Ð?еаÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? заÑ?Ñ?авиÑ?Ñ?
+ пÑ?оÑ?еÑ?Ñ? ntpd на Ñ?елевÑ?Ñ? Ñ?еÑ?веÑ?аÑ? обÑ?аÑ?иÑ?Ñ?Ñ?Ñ? к иÑ?Ñ?оÑ?никам вÑ?емени,
+ вÑ?бÑ?аннÑ?м злоÑ?мÑ?Ñ?ленникам, пÑ?Ñ?Ñ?м пеÑ?едаÑ?и ntpd Ñ?иммеÑ?Ñ?иÑ?нÑ?Ñ? акÑ?ивнÑ?Ñ? crypto-NAK
+ пакеÑ?ов. Ð?аннаÑ? аÑ?ака позволÑ?еÑ? обойÑ?и аÑ?Ñ?енÑ?иÑ?икаÑ?иÑ?, коÑ?оÑ?аÑ? обÑ?Ñ?но
+ Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ? длÑ? Ñ?Ñ?Ñ?ановлениÑ? Ñ?оединениÑ?, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ?
+ пÑ?оизволÑ?но менÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емное вÑ?емÑ?.</p></li>
</ul>
</define-tag>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXWGJrAAoJEF7nbuICFtKl/zIQAJTfMAQRIocGn6R7XDP255Qy
ZpLtzIFlmeG4E0oqNNLiY/0I4kXigsBHW5bOIWiKAke7f/Myt+ABTslTwvFJuCzS
Xa2ZavWAYHV8IVcetb2nHkPWgfXVT9AVyxTc9cbztVlOFxSus3jwNoL42JIBfmMh
gQRrcC/3sC8HIA6B1DYIaZFDM1GqTFhcrtFyE0UJnLna914tPMpmuxS3zDiAgFiy
GgOenK+zWjcx0zRRo2GNipPFvv/DTXi3MeohvlFmPstZxI/9VeSjcFgmhdBgxGsD
AaxyZdn6eYTW5hFHvJDH5JjCEU0uzAGQZPq8j7p5qjKN9UkwuTIKWjajCx+Aj3wn
5I6Og4xswSDV6b5j9qiJhBIw6JtXONhfJBDX4dd7+r8BRJcIRewfIbuuxQiz2/DG
fFAC9iIJ0THmJVZcKGLL2JNvaeaWXYazLfZV8NVyrREJkmbHYQruc04TFSmTV4wt
nTbBarUlLX2XLhGx7hwvouT/rExeRdaHrNwTGN7p7d+6ryFspU30gGfJVvsj3/Uk
MMC8utpEhC9I3Fi7Iex8asdOV9MHJugIDLA4JFdVjBbQ9rMl3qhmLeFH/TDK5GkW
clb6/wZkodqCW5QyErrvF/vYHVlhJZwvms0ok3YMm9D84A9kajuxX5RIvwVVrpte
zeULNkcMPKcNMYE1U2Hf
=HIRp
-----END PGP SIGNATURE-----
Reply to: