[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2017/dsa-3791.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2017/dsa-3791.wml	2017-02-23 11:37:04.000000000 +0500
+++ russian/security/2017/dsa-3791.wml	2017-02-23 12:05:05.668457762 +0500
@@ -1,108 +1,109 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or have other
- -impacts.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или оказÑ?ваÑ?Ñ?
+дÑ?Ñ?гое влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6786";>CVE-2016-6786</a> / <a href="https://security-tracker.debian.org/tracker/CVE-2016-6787";>CVE-2016-6787</a>
 
- -    <p>It was discovered that the performance events subsystem does not
- -    properly manage locks during certain migrations, allowing a local
- -    attacker to escalate privileges.  This can be mitigated by
- -    disabling unprivileged use of performance events:
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о подÑ?иÑ?Ñ?ема Ñ?обÑ?Ñ?ий пÑ?оизводиÑ?елÑ?ноÑ?Ñ?и непÑ?авилÑ?но
+    обÑ?абаÑ?Ñ?ваÑ?Ñ? блокиÑ?овки в Ñ?оде опÑ?еделÑ?ннÑ?Ñ? пеÑ?емеÑ?ений, Ñ?Ñ?о позволÑ?еÑ? локалÑ?номÑ?
+    злоÑ?мÑ?Ñ?ленникÑ? повÑ?Ñ?аÑ?Ñ? пÑ?ивилегии. Ð?паÑ?ноÑ?Ñ?Ñ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно Ñ?низиÑ?Ñ?
+    пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? непÑ?ивилегиÑ?ованного иÑ?полÑ?зованиÑ? Ñ?обÑ?Ñ?ий пÑ?оизводиÑ?елÑ?ноÑ?Ñ?и:
     <code>sysctl kernel.perf_event_paranoid=3</code></p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-8405";>CVE-2016-8405</a>
 
- -    <p>Peter Pi of Trend Micro discovered that the frame buffer video
- -    subsystem does not properly check bounds while copying color maps to
- -    userspace, causing a heap buffer out-of-bounds read, leading to
- -    information disclosure.</p></li>
+    <p>Ð?иÑ?еÑ? Ð?ай из Trend Micro обнаÑ?Ñ?жил, Ñ?Ñ?о видео-подÑ?иÑ?Ñ?ема бÑ?Ñ?еÑ?а кадÑ?а
+    непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? гÑ?аниÑ? маÑ?Ñ?ива в Ñ?оде копиÑ?ованиÑ? каÑ?Ñ?Ñ?
+    Ñ?веÑ?ов в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во полÑ?зоваÑ?елÑ?, пÑ?иводÑ? к Ñ?Ñ?ениÑ? за пÑ?еделами вÑ?деленного
+    бÑ?Ñ?еÑ?а динамиÑ?еÑ?кой памÑ?Ñ?и, Ñ?Ñ?о пÑ?иводиÑ? к Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-9191";>CVE-2016-9191</a>
 
- -    <p>CAI Qian discovered that reference counting is not properly handled
- -    within proc_sys_readdir in the sysctl implementation, allowing a
- -    local denial of service (system hang) or possibly privilege
- -    escalation.</p></li>
+    <p>ЦÑ?нÑ? Ð?ай обнаÑ?Ñ?жил, Ñ?Ñ?о в proc_sys_readdir в Ñ?еализаÑ?ии sysctl
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?Ñ?Ñ? подÑ?Ñ?Ñ?Ñ? Ñ?Ñ?Ñ?лок, Ñ?Ñ?о позволÑ?еÑ? вÑ?зÑ?ваÑ?Ñ?
+    локалÑ?нÑ?й оÑ?каз в обÑ?лÑ?живании (завиÑ?ание Ñ?иÑ?Ñ?емÑ?) или поÑ?енÑ?иалÑ?но
+    повÑ?Ñ?аÑ?Ñ? пÑ?ивилегии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-2583";>CVE-2017-2583</a>
 
- -    <p>Xiaohan Zhang reported that KVM for amd64 does not correctly
- -    emulate loading of a null stack selector.  This can be used by a
- -    user in a guest VM for denial of service (on an Intel CPU) or to
- -    escalate privileges within the VM (on an AMD CPU).</p></li>
+    <p>СÑ?нÑ?Ñ?анÑ? Чжан Ñ?ообÑ?ил, Ñ?Ñ?о KVM длÑ? amd64 непÑ?авилÑ?но Ñ?мÑ?лиÑ?Ñ?еÑ? загÑ?Ñ?зкÑ?
+    Ñ?елекÑ?оÑ?а null-Ñ?Ñ?ека. ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? полÑ?зоваÑ?елем
+    в гоÑ?Ñ?евой виÑ?Ñ?Ñ?алÑ?ной маÑ?ине длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (на ЦÐ? Intel) или длÑ?
+    повÑ?Ñ?ениÑ? пÑ?ивилегий в виÑ?Ñ?Ñ?алÑ?ной маÑ?ине (на ЦÐ? AMD).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-2584";>CVE-2017-2584</a>
 
- -    <p>Dmitry Vyukov reported that KVM for x86 does not correctly emulate
- -    memory access by the SGDT and SIDT instructions, which can result
- -    in a use-after-free and information leak.</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о KVM длÑ? x86 непÑ?авилÑ?но Ñ?мÑ?лиÑ?Ñ?еÑ? доÑ?Ñ?Ñ?п
+    к памÑ?Ñ?и Ñ? помоÑ?Ñ?Ñ? инÑ?Ñ?Ñ?Ñ?кÑ?ий SGDT и SIDT, Ñ?Ñ?о можеÑ? пÑ?иводиÑ?Ñ? к иÑ?полÑ?зованиÑ?
+    Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и или Ñ?Ñ?еÑ?ке инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-2596";>CVE-2017-2596</a>
 
- -    <p>Dmitry Vyukov reported that KVM leaks page references when
- -    emulating a VMON for a nested hypervisor.  This can be used by a
- -    privileged user in a guest VM for denial of service or possibly
- -    to gain privileges in the host.</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о в KVM пÑ?оиÑ?Ñ?одÑ?Ñ? Ñ?Ñ?еÑ?ки Ñ?казаÑ?елей на Ñ?Ñ?Ñ?аниÑ?Ñ?
+    пÑ?и Ñ?мÑ?лÑ?Ñ?ии VMON длÑ? вложенном гипеÑ?визоÑ?е. ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+    пÑ?ивилегиÑ?ованнÑ?м полÑ?зоваÑ?елем в гоÑ?Ñ?евой виÑ?Ñ?Ñ?алÑ?ной маÑ?ине длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании
+    или поÑ?енÑ?иалÑ?ного полÑ?Ñ?ениÑ? пÑ?ивилегий в оÑ?новной Ñ?иÑ?Ñ?еме.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-2618";>CVE-2017-2618</a>
 
- -    <p>It was discovered that an off-by-one in the handling of SELinux
- -    attributes in /proc/pid/attr could result in local denial of
- -    service.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о оÑ?ибка на единиÑ?Ñ? в код длÑ? обÑ?абоÑ?ки аÑ?Ñ?ибÑ?Ñ?ов SELinux
+    в /proc/pid/attr можеÑ? пÑ?иводиÑ?Ñ? к локалÑ?номÑ? оÑ?казÑ? в
+    обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5549";>CVE-2017-5549</a>
 
- -    <p>It was discovered that the KLSI KL5KUSB105 serial USB device
- -    driver could log the contents of uninitialised kernel memory,
- -    resulting in an information leak.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о дÑ?айвеÑ? поÑ?ледоваÑ?елÑ?ного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва KLSI
+    KL5KUSB105 можеÑ? запиÑ?Ñ?ваÑ?Ñ? в жÑ?Ñ?нал Ñ?одеÑ?жимое неиниÑ?иализиÑ?ованной памÑ?Ñ?и
+    Ñ?дÑ?а, Ñ?Ñ?о пÑ?иводиÑ? к Ñ?Ñ?еÑ?ке инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5551";>CVE-2017-5551</a>
 
- -    <p>Jan Kara found that changing the POSIX ACL of a file on tmpfs never
- -    cleared its set-group-ID flag, which should be done if the user
- -    changing it is not a member of the group-owner. In some cases, this
- -    would allow the user-owner of an executable to gain the privileges
- -    of the group-owner.</p></li>
+    <p>Ян Ð?аÑ?а обнаÑ?Ñ?жил, Ñ?Ñ?о изменение POSIX ACL Ñ?айла в Ñ?айловой Ñ?иÑ?Ñ?еме tmpfs никогда
+    не пÑ?иводиÑ? к оÑ?иÑ?Ñ?ке Ñ?лага иденÑ?иÑ?икаÑ?оÑ?а гÑ?Ñ?ппÑ? Ñ? Ñ?Ñ?ого Ñ?айла, Ñ?Ñ?о должно вÑ?полнÑ?Ñ?Ñ?Ñ?Ñ?
+    в Ñ?лÑ?Ñ?ае, еÑ?ли полÑ?зоваÑ?елÑ?, изменÑ?Ñ?Ñ?ий Ñ?казаннÑ?й Ñ?лаг, не Ñ?влÑ?еÑ?Ñ?Ñ? Ñ?леном гÑ?Ñ?ппÑ? владелÑ?Ñ?а
+    Ñ?айла. Ð? некоÑ?оÑ?Ñ?Ñ? Ñ?лÑ?Ñ?аÑ?Ñ? Ñ?Ñ?о можеÑ? позволиÑ?Ñ? полÑ?зоваÑ?елÑ?-владелÑ?Ñ?Ñ? иÑ?полнÑ?емого Ñ?айла полÑ?Ñ?аÑ?Ñ?
+    пÑ?ава гÑ?Ñ?ппÑ?-владелÑ?Ñ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5897";>CVE-2017-5897</a>
 
- -    <p>Andrey Konovalov discovered an out-of-bounds read flaw in the
- -    ip6gre_err function in the IPv6 networking code.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов обнаÑ?Ñ?жил  Ñ?Ñ?ение за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и в
+    Ñ?Ñ?нкÑ?ии ip6gre_err в Ñ?еÑ?евом коде IPv6.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5970";>CVE-2017-5970</a>
 
- -    <p>Andrey Konovalov discovered a denial-of-service flaw in the IPv4
- -    networking code.  This can be triggered by a local or remote
- -    attacker if a local UDP or raw socket has the IP_RETOPTS option
- -    enabled.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов обнаÑ?Ñ?жил оÑ?каз в обÑ?лÑ?живании в Ñ?еÑ?евом коде IPv4.
+    ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? бÑ?Ñ?Ñ? вÑ?звана локалÑ?нÑ?м или Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленником,
+    еÑ?ли Ñ? локалÑ?ного UDP или пÑ?оÑ?Ñ?ого Ñ?океÑ?а вклÑ?Ñ?ена опÑ?иÑ?
+    IP_RETOPTS.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6001";>CVE-2017-6001</a>
 
- -    <p>Di Shen discovered a race condition between concurrent calls to
- -    the performance events subsystem, allowing a local attacker to
- -    escalate privileges. This flaw exists because of an incomplete fix
- -    of <a href="https://security-tracker.debian.org/tracker/CVE-2016-6786";>CVE-2016-6786</a>.
- -    This can be mitigated by disabling unprivileged use of performance
- -    events: <code>sysctl kernel.perf_event_paranoid=3</code></p></li>
+    <p>Ð?и Шен обнаÑ?Ñ?жил Ñ?оÑ?Ñ?оÑ?ние гонки междÑ? одновÑ?еменнÑ?ми вÑ?зовами подÑ?иÑ?Ñ?емÑ?
+    Ñ?обÑ?Ñ?ий пÑ?оизводиÑ?елÑ?ноÑ?Ñ?и, позволÑ?Ñ?Ñ?ее локалÑ?номÑ? злоÑ?мÑ?Ñ?ленникÑ? повÑ?Ñ?аÑ?Ñ?
+    пÑ?ивилегии. ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? имееÑ? меÑ?Ñ?о из-за неполного иÑ?пÑ?авлениÑ?
+    <a href="https://security-tracker.debian.org/tracker/CVE-2016-6786";>CVE-2016-6786</a>.
+    Ð?паÑ?ноÑ?Ñ?Ñ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можеÑ? бÑ?Ñ?Ñ? Ñ?нижена пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? непÑ?ивилегиÑ?ованного иÑ?полÑ?зованиÑ?
+    Ñ?обÑ?Ñ?ий пÑ?оизводиÑ?елÑ?ноÑ?Ñ?и: <code>sysctl kernel.perf_event_paranoid=3</code></p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6074";>CVE-2017-6074</a>
 
- -    <p>Andrey Konovalov discovered a use-after-free vulnerability in the
- -    DCCP networking code, which could result in denial of service or
- -    local privilege escalation.  On systems that do not already have
- -    the dccp module loaded, this can be mitigated by disabling it:
+    <p>Ð?ндÑ?ей Ð?оновалов обнаÑ?Ñ?жил иÑ?полÑ?зование Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и в
+    Ñ?еÑ?евом коде DCCP, коÑ?оÑ?ое можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании или локалÑ?номÑ?
+    повÑ?Ñ?ениÑ? пÑ?ивилегий. Ð? Ñ?иÑ?Ñ?емаÑ?, на коÑ?оÑ?Ñ?Ñ? модÑ?лÑ? dccp Ñ?же загÑ?Ñ?жен, опаÑ?ноÑ?Ñ?Ñ?
+    Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? Ñ?Ñ?ого модÑ?лÑ?:
     <code>echo >> /etc/modprobe.d/disable-dccp.conf install dccp false</code></p></li>
 
 </ul>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 3.16.39-1+deb8u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.16.39-1+deb8u1.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAliuiaYACgkQXudu4gIW
0qWkKg/7B680f5NR7+UX7Jv6ieFhAuAsBnf5p2KGvNz0JaKg6G995tGwLgkv10Eq
qrF1yKB3ND8kfzcWH0vOjZpq7wQ7RoAk5l7+5AwNjC5A+Wlxxhr6aTQqmzuSd5NM
30eS5P5hon6QByJriRVkhJil3krMtzsTLnHm+VwKH0bR5tW3lAjpMuFlSjzounpo
6TKnLMdTLu0/IlLxaGSN7plKgopPOdBupeNAAb3T2RwCLJdqcPCjYY2lfQKEZddj
zhZHT0sHF0/KkGuLdf4bIRB0kis0JFnj9X2mDv3i8gRvT8Z7Db0DyXNuK22RehlW
mVI423eHN5+aYmn7jcGRTA2DZeazYGEwNxlegXELQIyUKbxtHuTF/X1e0bdF7JzK
oLHgsDDFoGoV2bRsPS24FJ6BU26oWwzVhwlTRV5rS0LOPQNX3G8XsjtMVLDRA1or
6l1Q+Nict6Q+rzXkthsSEPRw+LUcFAyFh6OkKSvje+xY3+FA72Y1iJEFTy1TwlDm
n4qYSmZ2hCxuRmzR4rC8TEioMEwNIIUO2hxCvirk7hUZ0Cbc714lcSFL6PlO+dym
iIN5OTuLAyVTRO+0UH8AsV2mxxEIQA/6xMdi2MkmSkxwK2AadPSKBkKR1iia2ewT
R/j8Ha4bGA7EpR8QBIN1eu8I81ybGL95QwIgVZEUc0i4cxoZkIg=
=6chs
-----END PGP SIGNATURE-----
Reply to: