[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2017/dsa-3804.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2017/dsa-3804.wml	2017-03-08 22:42:39.000000000 +0500
+++ russian/security/2017/dsa-3804.wml	2017-03-08 23:15:49.074933727 +0500
@@ -1,84 +1,87 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or have other
- -impacts.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? в повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или оказÑ?ваÑ?Ñ?
+дÑ?Ñ?гое влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-9588";>CVE-2016-9588</a>
 
- -    <p>Jim Mattson discovered that the KVM implementation for Intel x86
- -    processors does not properly handle #BP and #OF exceptions in an
- -    L2 (nested) virtual machine. A local attacker in an L2 guest VM
- -    can take advantage of this flaw to cause a denial of service for
- -    the L1 guest VM.</p></li>
+    <p>Ð?жим Ð?Ñ?Ñ?Ñ?он обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel x86
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? иÑ?клÑ?Ñ?ениÑ? #BP и #OF в L2 (вложенной)
+    виÑ?Ñ?Ñ?алÑ?ной маÑ?ине. Ð?окалÑ?нÑ?й злоÑ?мÑ?Ñ?ленник в L2 гоÑ?Ñ?евой виÑ?Ñ?Ñ?алÑ?ной маÑ?ине
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании в
+    L1 гоÑ?Ñ?евой виÑ?Ñ?Ñ?алÑ?ной маÑ?ине.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-2636";>CVE-2017-2636</a>
 
- -    <p>Alexander Popov discovered a race condition flaw in the n_hdlc
- -    line discipline that can lead to a double free. A local
- -    unprivileged user can take advantage of this flaw for privilege
- -    escalation. On systems that do not already have the n_hdlc module
- -    loaded, this can be mitigated by disabling it:
+    <p>Ð?лекÑ?андÑ? Ð?опов обнаÑ?Ñ?жил Ñ?оÑ?Ñ?оÑ?ние гонки в пÑ?оÑ?околе Ñ?абоÑ?Ñ? линии
+    n_hdlc, коÑ?оÑ?ое можеÑ? пÑ?иводиÑ?Ñ? к двойномÑ? оÑ?вобождениÑ? памÑ?Ñ?и. Ð?окалÑ?нÑ?й
+    непÑ?ивилегиÑ?ованнÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? повÑ?Ñ?ениÑ?
+    пÑ?ивилегий. Ð? Ñ?иÑ?Ñ?емаÑ?, в коÑ?оÑ?Ñ?Ñ? модÑ?лÑ? n_hdlc пока не загÑ?Ñ?жен
+    вÑ?ед оÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? модÑ?лÑ?:
     <code>echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false</code></p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5669";>CVE-2017-5669</a>
 
- -    <p>Gareth Evans reported that privileged users can map memory at
- -    address 0 through the shmat() system call. This could make it
- -    easier to exploit other kernel security vulnerabilities via a
- -    set-UID program.</p></li>
+    <p>Ð?аÑ?еÑ? ЭванÑ? Ñ?ообÑ?ил, Ñ?Ñ?о пÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?ели могÑ?Ñ? Ñ?оздаваÑ?Ñ?
+    каÑ?Ñ?Ñ? оÑ?обÑ?ажениÑ? памÑ?Ñ?и по адÑ?еÑ?Ñ? 0 Ñ?еÑ?ез Ñ?иÑ?Ñ?емнÑ?й вÑ?зов shmat(). ЭÑ?о можеÑ?
+    облегÑ?иÑ?Ñ? иÑ?полÑ?зование дÑ?Ñ?гиÑ? Ñ?Ñ?звимоÑ?Ñ?ей Ñ?дÑ?а пÑ?и помоÑ?и
+    пÑ?огÑ?амм, имеÑ?Ñ?иÑ? Ñ?лаг пÑ?ав доÑ?Ñ?Ñ?па, позволÑ?Ñ?Ñ?ий запÑ?Ñ?каÑ?Ñ? иÑ? оÑ? лиÑ?а владелÑ?Ñ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5986";>CVE-2017-5986</a>
 
- -    <p>Alexander Popov reported a race condition in the SCTP
- -    implementation that can be used by local users to cause a
- -    denial-of-service (crash). The initial fix for this was incorrect
- -    and introduced further security issues (<a href="https://security-tracker.debian.org/tracker/CVE-2017-6353";>
- -    CVE-2017-6353</a>). This update includes a later fix that
- -    avoids those. On systems that do not already have the sctp
- -    module loaded, this can be mitigated by disabling it:
+    <p>Ð?лекÑ?андÑ? Ð?опов Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в Ñ?еализаÑ?ии SCTP,
+    коÑ?оÑ?ое можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? локалÑ?нÑ?ми полÑ?зоваÑ?елÑ?ми длÑ? вÑ?зова оÑ?каза
+    в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка). Ð?знаÑ?алÑ?ное иÑ?пÑ?авление Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?Ñ? оказалоÑ?Ñ?
+    некоÑ?Ñ?екÑ?нÑ?м и пÑ?ивели к дÑ?Ñ?гим пÑ?облемам безопаÑ?ноÑ?Ñ?и
+    (<a href="https://security-tracker.debian.org/tracker/CVE-2017-6353";>
+    CVE-2017-6353</a>). Ð?анное обновление вклÑ?Ñ?аеÑ? в Ñ?ебÑ? более позднее иÑ?пÑ?авление, коÑ?оÑ?ое
+    не пÑ?иводиÑ? к поÑ?влениÑ? Ñ?казаннÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?ей. Ð? Ñ?иÑ?Ñ?емаÑ?, в коÑ?оÑ?Ñ?Ñ? модÑ?лÑ? sctp
+    пока не загÑ?Ñ?жен, вÑ?ед оÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? модÑ?лÑ?:
     <code>echo >> /etc/modprobe.d/disable-sctp.conf install sctp false</code></p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6214";>CVE-2017-6214</a>
 
- -    <p>Dmitry Vyukov reported a bug in the TCP implementation's handling
- -    of urgent data in the splice() system call. This can be used by a
- -    remote attacker for denial-of-service (hang) against applications
- -    that read from TCP sockets with splice().</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил об оÑ?ибке в коде Ñ?еализаÑ?ии TCP длÑ? обÑ?абоÑ?ки
+    Ñ?Ñ?оÑ?нÑ?Ñ? даннÑ?Ñ? в Ñ?иÑ?Ñ?емном вÑ?зове splice(). ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можно иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+    Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленником длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (завиÑ?ание) в пÑ?иложениÑ?Ñ?,
+    вÑ?полнÑ?Ñ?Ñ?иÑ? Ñ?Ñ?ение из TCP-Ñ?океÑ?ов Ñ? помоÑ?Ñ?Ñ? splice().</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6345";>CVE-2017-6345</a>
 
- -    <p>Andrey Konovalov reported that the LLC type 2 implementation
- -    incorrectly assigns socket buffer ownership. This can be used
- -    by a local user to cause a denial-of-service (crash). On systems
- -    that do not already have the llc2 module loaded, this can be
- -    mitigated by disabling it:
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? LLC type 2 непÑ?авилÑ?но
+    назнаÑ?аеÑ? владелÑ?Ñ?а бÑ?Ñ?еÑ?а Ñ?океÑ?а. ЭÑ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+    локалÑ?нÑ?м полÑ?зоваÑ?елем длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка). Ð? Ñ?иÑ?Ñ?емаÑ?,
+    в коÑ?оÑ?Ñ?Ñ? модÑ?лÑ? llc2 пока не загÑ?Ñ?жен, вÑ?ед оÑ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно
+    Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? модÑ?лÑ?:
     <code>echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false</code></p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6346";>CVE-2017-6346</a>
 
- -    <p>Dmitry Vyukov reported a race condition in the raw packet (af_packet)
- -    fanout feature. Local users with the CAP_NET_RAW capability (in any
- -    user namespace) can use this for denial-of-service and possibly for
- -    privilege escalation.</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в возможноÑ?Ñ?и fanout длÑ? неконвеÑ?Ñ?иÑ?ованнÑ?Ñ?
+    пакеÑ?ов (af_packet). Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели, имеÑ?Ñ?ие возможноÑ?Ñ?Ñ? CAP_NET_RAW (в лÑ?бом
+    полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве имÑ?н), могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+    оÑ?каза в обÑ?лÑ?живании или длÑ? возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-6348";>CVE-2017-6348</a>
 
- -    <p>Dmitry Vyukov reported that the general queue implementation in
- -    the IrDA subsystem does not properly manage multiple locks,
- -    possibly allowing local users to cause a denial-of-service
- -    (deadlock) via crafted operations on IrDA devices.</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? обÑ?ей оÑ?еÑ?еди в подÑ?иÑ?Ñ?еме
+    IrDA непÑ?авилÑ?но Ñ?пÑ?авлÑ?еÑ? множеÑ?Ñ?веннÑ?ми блокиÑ?овками, Ñ?Ñ?о поÑ?енÑ?иалÑ?но
+    позволÑ?еÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+    (взаимнаÑ? блокиÑ?овка) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? опеÑ?аÑ?иÑ? на IrDA-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ваÑ?.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 3.16.39-1+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.16.39-1+deb8u2.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 </define-tag>
 
 # do not modify the following line
 #include "$(ENGLISHDIR)/security/2017/dsa-3804.data"
 # $Id: dsa-3804.wml,v 1.1 2017/03/08 17:42:39 dogsleg Exp $
+
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAljASlwACgkQXudu4gIW
0qWk8A//fQJXPeWqBIq0hNjBTAHLzxhTNp78P0AhuieGN1IzQ9jrchwBCDgQm1q1
8bCMS9y4coECIQPZOZr9xVXeIlUoQPYhPnV3vrXJRJzbQw+m9rUH+PsbP5ejwqwc
dWbMW1fcfb5kqcWfykaIqzb88FQADZ8qNMbFm7USyCVitOPkl4B7grLdp41JLRuT
5Nsl6Ox7g8AWJViV+PC0V9EbWsZy0WKObFOh8gXUhSkgDlrdI9YLLEzUkSXqavxj
INk2nFLqtG43/RbHbhLqlg90yo1jFv89Fyu/AE3NvU8sKQ+YLr0Yb+ozOvovxG9G
ECbAT0OT281tfMPWkNOB3Gk3zORrKGvBV626yvqKDbsY3IrpuQF2af/i9xJYJJg8
h5CyCLb5S9E4dG9Hrd2dxPg7+SOu45iYU2ioxM+wcOuGY/C2Q78FDD+1YKu8qcyh
VQqjxTRMuB0t0v58t85HvcI3IviOIuYuJt0iTNLkqs7S1QnGDUdVePT3bUy8t9eg
vkn112cj3OROnrr0z9YTdnDLPPH/zzkYxC1OuK9X+0BYR0+ifri0HMP9ks47j5+m
bcpAOZDw9iHbiAW0stGb4F+AXPgxBT/hoZDaOH03M6PpnLCiROUnlInA24oi0nGt
cag7NOObECFyR4+IFd9144hvYlwQyQ+LDaLmjtvak6beBmCJCfE=
=HnSP
-----END PGP SIGNATURE-----
Reply to: