[DONE] wml://{security/2017/dsa-3804.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2017/dsa-3804.wml 2017-03-08 22:42:39.000000000 +0500
+++ russian/security/2017/dsa-3804.wml 2017-03-08 23:15:49.074933727 +0500
@@ -1,84 +1,87 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or have other
- -impacts.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? в повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или оказÑ?ваÑ?Ñ?
+дÑ?Ñ?гое влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-9588">CVE-2016-9588</a>
- - <p>Jim Mattson discovered that the KVM implementation for Intel x86
- - processors does not properly handle #BP and #OF exceptions in an
- - L2 (nested) virtual machine. A local attacker in an L2 guest VM
- - can take advantage of this flaw to cause a denial of service for
- - the L1 guest VM.</p></li>
+ <p>Ð?жим Ð?Ñ?Ñ?Ñ?он обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel x86
+ непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? иÑ?клÑ?Ñ?ениÑ? #BP и #OF в L2 (вложенной)
+ виÑ?Ñ?Ñ?алÑ?ной маÑ?ине. Ð?окалÑ?нÑ?й злоÑ?мÑ?Ñ?ленник в L2 гоÑ?Ñ?евой виÑ?Ñ?Ñ?алÑ?ной маÑ?ине
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании в
+ L1 гоÑ?Ñ?евой виÑ?Ñ?Ñ?алÑ?ной маÑ?ине.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-2636">CVE-2017-2636</a>
- - <p>Alexander Popov discovered a race condition flaw in the n_hdlc
- - line discipline that can lead to a double free. A local
- - unprivileged user can take advantage of this flaw for privilege
- - escalation. On systems that do not already have the n_hdlc module
- - loaded, this can be mitigated by disabling it:
+ <p>Ð?лекÑ?андÑ? Ð?опов обнаÑ?Ñ?жил Ñ?оÑ?Ñ?оÑ?ние гонки в пÑ?оÑ?околе Ñ?абоÑ?Ñ? линии
+ n_hdlc, коÑ?оÑ?ое можеÑ? пÑ?иводиÑ?Ñ? к двойномÑ? оÑ?вобождениÑ? памÑ?Ñ?и. Ð?окалÑ?нÑ?й
+ непÑ?ивилегиÑ?ованнÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? повÑ?Ñ?ениÑ?
+ пÑ?ивилегий. Ð? Ñ?иÑ?Ñ?емаÑ?, в коÑ?оÑ?Ñ?Ñ? модÑ?лÑ? n_hdlc пока не загÑ?Ñ?жен
+ вÑ?ед оÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? модÑ?лÑ?:
<code>echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false</code></p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5669">CVE-2017-5669</a>
- - <p>Gareth Evans reported that privileged users can map memory at
- - address 0 through the shmat() system call. This could make it
- - easier to exploit other kernel security vulnerabilities via a
- - set-UID program.</p></li>
+ <p>Ð?аÑ?еÑ? ÐванÑ? Ñ?ообÑ?ил, Ñ?Ñ?о пÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?ели могÑ?Ñ? Ñ?оздаваÑ?Ñ?
+ каÑ?Ñ?Ñ? оÑ?обÑ?ажениÑ? памÑ?Ñ?и по адÑ?еÑ?Ñ? 0 Ñ?еÑ?ез Ñ?иÑ?Ñ?емнÑ?й вÑ?зов shmat(). ÐÑ?о можеÑ?
+ облегÑ?иÑ?Ñ? иÑ?полÑ?зование дÑ?Ñ?гиÑ? Ñ?Ñ?звимоÑ?Ñ?ей Ñ?дÑ?а пÑ?и помоÑ?и
+ пÑ?огÑ?амм, имеÑ?Ñ?иÑ? Ñ?лаг пÑ?ав доÑ?Ñ?Ñ?па, позволÑ?Ñ?Ñ?ий запÑ?Ñ?каÑ?Ñ? иÑ? оÑ? лиÑ?а владелÑ?Ñ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5986">CVE-2017-5986</a>
- - <p>Alexander Popov reported a race condition in the SCTP
- - implementation that can be used by local users to cause a
- - denial-of-service (crash). The initial fix for this was incorrect
- - and introduced further security issues (<a href="https://security-tracker.debian.org/tracker/CVE-2017-6353">
- - CVE-2017-6353</a>). This update includes a later fix that
- - avoids those. On systems that do not already have the sctp
- - module loaded, this can be mitigated by disabling it:
+ <p>Ð?лекÑ?андÑ? Ð?опов Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в Ñ?еализаÑ?ии SCTP,
+ коÑ?оÑ?ое можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? локалÑ?нÑ?ми полÑ?зоваÑ?елÑ?ми длÑ? вÑ?зова оÑ?каза
+ в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка). Ð?знаÑ?алÑ?ное иÑ?пÑ?авление Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?Ñ? оказалоÑ?Ñ?
+ некоÑ?Ñ?екÑ?нÑ?м и пÑ?ивели к дÑ?Ñ?гим пÑ?облемам безопаÑ?ноÑ?Ñ?и
+ (<a href="https://security-tracker.debian.org/tracker/CVE-2017-6353">
+ CVE-2017-6353</a>). Ð?анное обновление вклÑ?Ñ?аеÑ? в Ñ?ебÑ? более позднее иÑ?пÑ?авление, коÑ?оÑ?ое
+ не пÑ?иводиÑ? к поÑ?влениÑ? Ñ?казаннÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?ей. Ð? Ñ?иÑ?Ñ?емаÑ?, в коÑ?оÑ?Ñ?Ñ? модÑ?лÑ? sctp
+ пока не загÑ?Ñ?жен, вÑ?ед оÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? модÑ?лÑ?:
<code>echo >> /etc/modprobe.d/disable-sctp.conf install sctp false</code></p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6214">CVE-2017-6214</a>
- - <p>Dmitry Vyukov reported a bug in the TCP implementation's handling
- - of urgent data in the splice() system call. This can be used by a
- - remote attacker for denial-of-service (hang) against applications
- - that read from TCP sockets with splice().</p></li>
+ <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил об оÑ?ибке в коде Ñ?еализаÑ?ии TCP длÑ? обÑ?абоÑ?ки
+ Ñ?Ñ?оÑ?нÑ?Ñ? даннÑ?Ñ? в Ñ?иÑ?Ñ?емном вÑ?зове splice(). ÐÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можно иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+ Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленником длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (завиÑ?ание) в пÑ?иложениÑ?Ñ?,
+ вÑ?полнÑ?Ñ?Ñ?иÑ? Ñ?Ñ?ение из TCP-Ñ?океÑ?ов Ñ? помоÑ?Ñ?Ñ? splice().</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6345">CVE-2017-6345</a>
- - <p>Andrey Konovalov reported that the LLC type 2 implementation
- - incorrectly assigns socket buffer ownership. This can be used
- - by a local user to cause a denial-of-service (crash). On systems
- - that do not already have the llc2 module loaded, this can be
- - mitigated by disabling it:
+ <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? LLC type 2 непÑ?авилÑ?но
+ назнаÑ?аеÑ? владелÑ?Ñ?а бÑ?Ñ?еÑ?а Ñ?океÑ?а. ÐÑ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+ локалÑ?нÑ?м полÑ?зоваÑ?елем длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка). Ð? Ñ?иÑ?Ñ?емаÑ?,
+ в коÑ?оÑ?Ñ?Ñ? модÑ?лÑ? llc2 пока не загÑ?Ñ?жен, вÑ?ед оÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно
+ Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? модÑ?лÑ?:
<code>echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false</code></p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6346">CVE-2017-6346</a>
- - <p>Dmitry Vyukov reported a race condition in the raw packet (af_packet)
- - fanout feature. Local users with the CAP_NET_RAW capability (in any
- - user namespace) can use this for denial-of-service and possibly for
- - privilege escalation.</p></li>
+ <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в возможноÑ?Ñ?и fanout длÑ? неконвеÑ?Ñ?иÑ?ованнÑ?Ñ?
+ пакеÑ?ов (af_packet). Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели, имеÑ?Ñ?ие возможноÑ?Ñ?Ñ? CAP_NET_RAW (в лÑ?бом
+ полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве имÑ?н), могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+ оÑ?каза в обÑ?лÑ?живании или длÑ? возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6348">CVE-2017-6348</a>
- - <p>Dmitry Vyukov reported that the general queue implementation in
- - the IrDA subsystem does not properly manage multiple locks,
- - possibly allowing local users to cause a denial-of-service
- - (deadlock) via crafted operations on IrDA devices.</p></li>
+ <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? обÑ?ей оÑ?еÑ?еди в подÑ?иÑ?Ñ?еме
+ IrDA непÑ?авилÑ?но Ñ?пÑ?авлÑ?еÑ? множеÑ?Ñ?веннÑ?ми блокиÑ?овками, Ñ?Ñ?о поÑ?енÑ?иалÑ?но
+ позволÑ?еÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+ (взаимнаÑ? блокиÑ?овка) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? опеÑ?аÑ?иÑ? на IrDA-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ваÑ?.</p></li>
</ul>
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 3.16.39-1+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.16.39-1+deb8u2.</p>
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2017/dsa-3804.data"
# $Id: dsa-3804.wml,v 1.1 2017/03/08 17:42:39 dogsleg Exp $
+
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAljASlwACgkQXudu4gIW
0qWk8A//fQJXPeWqBIq0hNjBTAHLzxhTNp78P0AhuieGN1IzQ9jrchwBCDgQm1q1
8bCMS9y4coECIQPZOZr9xVXeIlUoQPYhPnV3vrXJRJzbQw+m9rUH+PsbP5ejwqwc
dWbMW1fcfb5kqcWfykaIqzb88FQADZ8qNMbFm7USyCVitOPkl4B7grLdp41JLRuT
5Nsl6Ox7g8AWJViV+PC0V9EbWsZy0WKObFOh8gXUhSkgDlrdI9YLLEzUkSXqavxj
INk2nFLqtG43/RbHbhLqlg90yo1jFv89Fyu/AE3NvU8sKQ+YLr0Yb+ozOvovxG9G
ECbAT0OT281tfMPWkNOB3Gk3zORrKGvBV626yvqKDbsY3IrpuQF2af/i9xJYJJg8
h5CyCLb5S9E4dG9Hrd2dxPg7+SOu45iYU2ioxM+wcOuGY/C2Q78FDD+1YKu8qcyh
VQqjxTRMuB0t0v58t85HvcI3IviOIuYuJt0iTNLkqs7S1QnGDUdVePT3bUy8t9eg
vkn112cj3OROnrr0z9YTdnDLPPH/zzkYxC1OuK9X+0BYR0+ifri0HMP9ks47j5+m
bcpAOZDw9iHbiAW0stGb4F+AXPgxBT/hoZDaOH03M6PpnLCiROUnlInA24oi0nGt
cag7NOObECFyR4+IFd9144hvYlwQyQ+LDaLmjtvak6beBmCJCfE=
=HnSP
-----END PGP SIGNATURE-----
Reply to: