[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2006/dsa-9{56,88}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2006/dsa-956.wml	2006-01-26 14:55:55.000000000 +0500
+++ russian/security/2006/dsa-956.wml	2016-09-19 23:11:12.122081703 +0500
@@ -1,34 +1,35 @@
- -<define-tag description>filedescriptor leak</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>Ñ?Ñ?еÑ?ка Ñ?айловÑ?Ñ? деÑ?кÑ?ипÑ?оÑ?ов</define-tag>
 <define-tag moreinfo>
- -<p>Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2)
- -protocol server, leaks a couple of file descriptors, related to the
- -randomness generator, to user shells which are started by lshd.  A
- -local attacker can truncate the server's seed file, which may prevent
- -the server from starting, and with some more effort, maybe also crack
- -session keys.</p>
- -
- -<p>After applying this update, you should remove the server's seed file
- -(/var/spool/lsh/yarrow-seed-file) and then regenerate it with
- -"lsh-make-seed --server" as root.</p>
- -
- -<p>For security reasons, lsh-make-seed really needs to be run from the
- -console of the system you are running it on.  If you run lsh-make-seed
- -using a remote shell, the timing information lsh-make-seed uses for
- -its random seed creation is likely to be screwed.  If need be, you can
- -generate the random seed on a different system than that which it will
- -eventually be on, by installing the lsh-utils package and running
- -"lsh-make-seed -o my-other-server-seed-file".  You may then transfer
- -the seed to the destination system as using a secure connection.</p>
- -
- -<p>The old stable distribution (woody) may not be affected by this problem.</p>
+<p>ШÑ?еÑ?ан Ð?Ñ?еÑ?Ñ?инг обнаÑ?Ñ?жил, Ñ?Ñ?о в lshd, Ñ?еÑ?веÑ? пÑ?оÑ?окола Secure Shell
+v2 (SSH2), пÑ?оиÑ?Ñ?одиÑ? Ñ?Ñ?еÑ?ка паÑ?Ñ? Ñ?айловÑ?Ñ? деÑ?кÑ?ипÑ?оÑ?ов, Ñ?вÑ?заннÑ?Ñ? Ñ?
+генеÑ?аÑ?оÑ?ом Ñ?Ñ?оÑ?аÑ?Ñ?иÑ?ноÑ?Ñ?и, в команднÑ?е оболоÑ?ки полÑ?зоваÑ?елей, запÑ?Ñ?еннÑ?е lshd.
+Ð?окалÑ?нÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? обÑ?езаÑ?Ñ? Ñ?айл Ñ?еÑ?веÑ?а Ñ? наÑ?алÑ?нÑ?м Ñ?иÑ?лом, Ñ?Ñ?о можеÑ?
+не допÑ?Ñ?Ñ?иÑ?Ñ? запÑ?Ñ?к Ñ?еÑ?веÑ?а, а пÑ?и некоÑ?оÑ?Ñ?Ñ? дополниÑ?елÑ?нÑ?Ñ? Ñ?Ñ?илиÑ? можеÑ? пÑ?иводиÑ?Ñ?
+к взолмÑ? Ñ?еÑ?Ñ?ионнÑ?Ñ? клÑ?Ñ?ей.</p>
+
+<p>Ð?оÑ?ле пÑ?именениÑ? данного обновлениÑ? вам Ñ?ледÑ?еÑ? Ñ?далиÑ?Ñ? Ñ?айл Ñ?еÑ?веÑ?а Ñ? наÑ?алÑ?нÑ?м Ñ?иÑ?лом
+(/var/spool/lsh/yarrow-seed-file) и заново Ñ?оздаÑ?Ñ? его Ñ? помоÑ?Ñ?Ñ? командÑ?
+"lsh-make-seed --server" оÑ? лиÑ?е Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?.</p>
+
+<p>Ð? Ñ?елÑ?Ñ? безопаÑ?ноÑ?Ñ?и lsh-make-seed Ñ?ледÑ?еÑ? запÑ?Ñ?каÑ?Ñ? Ñ?олÑ?ко из
+конÑ?оли Ñ?иÑ?Ñ?емÑ?, на коÑ?оÑ?ой вÑ? запÑ?Ñ?каеÑ?е Ñ?еÑ?веÑ?.  Ð?Ñ?ли вÑ? запÑ?Ñ?каеÑ?е lsh-make-seed
+Ñ?еÑ?ез Ñ?далÑ?ннÑ?Ñ? команднÑ?Ñ? оболоÑ?кÑ?, Ñ?о инÑ?оÑ?маÑ?иÑ? о Ñ?аймингаÑ?, иÑ?полÑ?зÑ?емаÑ? lsh-make-seed длÑ?
+Ñ?озданиÑ? Ñ?лÑ?Ñ?айного наÑ?алÑ?ного Ñ?иÑ?ла, веÑ?оÑ?Ñ?нее вÑ?его бÑ?деÑ? иÑ?поÑ?Ñ?ена.  Ð?Ñ?ли вам нÑ?жно, Ñ?о
+вÑ? можеÑ?е Ñ?оздаÑ?Ñ? Ñ?лÑ?Ñ?айное наÑ?алÑ?ное Ñ?иÑ?ле на дÑ?Ñ?гой Ñ?иÑ?Ñ?еме, Ñ?ем Ñ?а, на коÑ?оÑ?ой
+оно бÑ?деÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?, Ñ?Ñ?Ñ?ановив пакеÑ? lsh-utils и запÑ?Ñ?Ñ?ив командÑ?
+"lsh-make-seed -o my-other-server-seed-file".  Ð?аÑ?ем вÑ? можеÑ?е пеÑ?едаÑ?Ñ?
+наÑ?алÑ?ное Ñ?иÑ?ло на Ñ?елевÑ?Ñ? Ñ?иÑ?Ñ?емÑ?, иÑ?полÑ?зÑ?Ñ? заÑ?иÑ?Ñ?нное Ñ?оединение.</p>
+
+<p>Ð?Ñ?едÑ?дÑ?Ñ?ий Ñ?Ñ?абилÑ?нÑ?й вÑ?пÑ?Ñ?к (woody) возможно не подвеÑ?жен Ñ?Ñ?ой пÑ?облеме.</p>
 
- -<p>For the stable distribution (sarge) this problem has been fixed in
- -version 2.0.1-3sarge1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sarge) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.0.1-3sarge1.</p>
 
- -<p>For the unstable distribution (sid) this problem has been fixed in
- -version 2.0.1cdbs-4.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.0.1cdbs-4.</p>
 
- -<p>We recommend that you upgrade your lsh-server package.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? lsh-server.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2006/dsa-988.wml	2014-04-30 13:16:10.000000000 +0600
+++ russian/security/2006/dsa-988.wml	2016-09-19 23:17:49.994829100 +0500
@@ -1,46 +1,47 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in Squirrelmail, a
- -commonly used webmail system.  The Common Vulnerabilities and
- -Exposures project identifies the following problems:</p>
+<p>Ð? Squirrelmail, Ñ?иÑ?око иÑ?полÑ?зÑ?емой Ñ?иÑ?Ñ?еме веб-поÑ?Ñ?Ñ?, бÑ?ло обнаÑ?Ñ?жено
+неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.  Ð?Ñ?оекÑ? Common Vulnerabilities and
+Exposures опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2006-0188";>CVE-2006-0188</a>
 
- -    <p>Martijn Brinkers and Ben Maurer found a flaw in webmail.php that
- -    allows remote attackers to inject arbitrary web pages into the right
- -    frame via a URL in the right_frame parameter.</p></li>
+    <p>Ð?аÑ?Ñ?ийн Ð?Ñ?инкеÑ?Ñ? и Ð?ен Ð?аÑ?Ñ?еÑ? обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?Ñ? в webmail.php, коÑ?оÑ?аÑ?
+    позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вводиÑ?Ñ? пÑ?оизволÑ?нÑ?е веб-Ñ?Ñ?Ñ?аниÑ?Ñ? в пÑ?авÑ?й
+    Ñ?Ñ?ейм Ñ? помоÑ?Ñ?Ñ? URL в паÑ?амеÑ?Ñ?е right_frame.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2006-0195";>CVE-2006-0195</a>
 
- -    <p>Martijn Brinkers and Scott Hughes discovered an interpretation
- -    conflict in the MagicHTML filter that allows remote attackers to
- -    conduct cross-site scripting (XSS) attacks via style sheet
- -    specifiers with invalid (1) "/*" and "*/" comments, or (2) slashes
- -    inside the "url" keyword, which is processed by some web browsers
- -    including Internet Explorer.</p></li>
+    <p>Ð?аÑ?Ñ?ийн Ð?Ñ?инкеÑ?Ñ? и СкоÑ?Ñ? Ð¥Ñ?Ñ? обнаÑ?Ñ?жили конÑ?ликÑ? инÑ?еÑ?пÑ?еÑ?аÑ?ий
+    в Ñ?илÑ?Ñ?Ñ?е MagicHTML, коÑ?оÑ?Ñ?й позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+    вÑ?зÑ?ваÑ?Ñ? межÑ?айÑ?овÑ?й Ñ?кÑ?ипÑ?инг (XSS) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иÑ?икаÑ?оÑ?ов
+    Ñ?Ñ?илей Ñ? некоÑ?Ñ?екÑ?нÑ?ми (1) комменÑ?аÑ?иÑ?ми "/*" и "*/", либо (2) коÑ?Ñ?ми
+    Ñ?еÑ?Ñ?ами внÑ?Ñ?Ñ?и клÑ?Ñ?евого Ñ?лова "url", коÑ?оÑ?Ñ?е обÑ?абаÑ?Ñ?ваÑ?Ñ?Ñ?Ñ? некоÑ?оÑ?Ñ?ми веб-бÑ?аÑ?зеÑ?ами,
+    вклÑ?Ñ?аÑ? Internet Explorer.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2006-0377";>CVE-2006-0377</a>
 
- -    <p>Vicente Aguilera of Internet Security Auditors, S.L. discovered a
- -    CRLF injection vulnerability, which allows remote attackers to
- -    inject arbitrary IMAP commands via newline characters in the mailbox
- -    parameter of the sqimap_mailbox_select command, aka "IMAP
- -    injection." There's no known way to exploit this yet.</p></li>
+    <p>Ð?инÑ?енÑ? Ð?гилеÑ?а из Internet Security Auditors, S.L. обнаÑ?Ñ?жил
+    CRLF-инÑ?екÑ?иÑ?, позволÑ?Ñ?Ñ?Ñ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+    вводиÑ?Ñ? пÑ?оизволÑ?нÑ?й командÑ? IMAP Ñ? помоÑ?Ñ?Ñ? Ñ?имволов новой Ñ?Ñ?Ñ?оки в паÑ?амеÑ?Ñ?е mailbox
+    командÑ? sqimap_mailbox_select, Ñ?Ñ?о Ñ?акже извеÑ?Ñ?но как "IMAP-инÑ?екÑ?иÑ?".
+    Ð?ока Ñ?поÑ?об иÑ?полÑ?зованиÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и не извеÑ?Ñ?ен.</p></li>
 
 </ul>
 
- -<p>For the old stable distribution (woody) these problems have been fixed in
- -version 1.2.6-5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (woody) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.2.6-5.</p>
 
- -<p>For the stable distribution (sarge) these problems have been fixed in
- -version 2:1.4.4-8.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sarge) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2:1.4.4-8.</p>
 
- -<p>For the unstable distribution (sid) these problems have been fixed in
- -version 2:1.4.6-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2:1.4.6-1.</p>
 
- -<p>We recommend that you upgrade your squirrelmail package.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ? squirrelmail.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX4CvQAAoJEF7nbuICFtKlNnwP/3cV8DhQfdSTbThk5if5U+e+
5FB1ZSImTnckWsEaGlMOd1kDFDJlY3u08zv7xsgCCm/kRwgBJyEqelERUE83TKzc
dJWF04LshIH4HCjHiJJhZM+9/jZBPXAPmkPh52boLmk697snPHeFrSjlgqQtCwUL
ObnvCTji7X21T+UQo4/Z3mxj21XzUFMv0vtfU/EaNpr9n7HkaLuKIP80HIOcFKIf
bsoB3CSIlBycgdAnF9M5fba5j4kjIiNsBV1Rp96Zy4s+yRMtd7iebbZv5OQ2BzYe
xAEKF4cp8NSfC8zMT6Ngt5iQTNtLfnyNf6dKbaIlsdgzNBVAkw/hpuopWv08PL5b
vZ/nTVNeULWkjdvlCsN3aRiEEfPvZxQWIKbqNceivL3aayaJerr1hfTT0uWYLXGm
9Sbl96zBJ5xEcEKouDkMAzcASeKOlgToVnBfUO2R8f3HMY5XujNs8rpHCA3r4DJh
t0ABf5uw6sS8oBm+NvtCEpEYleLFuiwFOQPXhC+DYXucS6s+cNtLKQm3Sct3DuRN
KfBCyjpj+vYpPA4jsh/h1llOVwSF3BSTaPcFiNhm9qEjnncGA5FzV0j4ETZrcObr
bR2Dn0mqBQ0idQQEXQQ/5F/7PVKH76OXzslvnuQMxDHEUdc5K5lIx/L1bMHP/g3C
cGhg2m1H8fP7cJtTQv9y
=s0wh
-----END PGP SIGNATURE-----
Reply to: