[DONE] wml://{security/2017/dsa-3981.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2017/dsa-3981.wml 2017-09-21 09:54:42.000000000 +0500
+++ russian/security/2017/dsa-3981.wml 2017-09-21 11:44:22.353512174 +0500
@@ -1,186 +1,187 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е могÑ?Ñ?
+пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или Ñ?Ñ?еÑ?кам
+инÑ?оÑ?маÑ?ии.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7518">CVE-2017-7518</a>
- - <p>Andy Lutomirski discovered that KVM is prone to an incorrect debug
- - exception (#DB) error occurring while emulating a syscall
- - instruction. A process inside a guest can take advantage of this
- - flaw for privilege escalation inside a guest.</p></li>
+ <p>Ðнди Ð?Ñ?Ñ?омиÑ?Ñ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о KVM можеÑ? вÑ?даваÑ?Ñ? оÑ?ибкÑ? из-за некоÑ?Ñ?екÑ?ного
+ оÑ?ладоÑ?ного иÑ?клÑ?Ñ?ениÑ? (#DB), возникаÑ?Ñ?Ñ?Ñ? во вÑ?емÑ? Ñ?мÑ?лÑ?Ñ?ии инÑ?Ñ?Ñ?Ñ?кÑ?ии Ñ?иÑ?Ñ?емного
+ вÑ?зова. Ð?Ñ?оÑ?еÑ?Ñ? в гоÑ?Ñ?евой Ñ?иÑ?Ñ?еме можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+ длÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий внÑ?Ñ?Ñ?и гоÑ?Ñ?евой Ñ?иÑ?Ñ?емÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7558">CVE-2017-7558</a>
- - (stretch only)
+ (Ñ?олÑ?ко stretch)
- - <p>Stefano Brivio of Red Hat discovered that the SCTP subsystem is
- - prone to a data leak vulnerability due to an out-of-bounds read
- - flaw, allowing to leak up to 100 uninitialized bytes to userspace.</p></li>
+ <p>СÑ?еÑ?ано Ð?Ñ?ивио из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема SCTP Ñ?Ñ?звима
+ к Ñ?Ñ?еÑ?ке даннÑ?Ñ? из-за Ñ?Ñ?ениÑ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и,
+ коÑ?оÑ?ое пÑ?иводиÑ? к Ñ?Ñ?еканиÑ? 100 неиниÑ?иализиÑ?ованнÑ?Ñ? байÑ? в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во полÑ?зоваÑ?елÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-10661">CVE-2017-10661</a>
- - (jessie only)
+ (Ñ?олÑ?ко jessie)
- - <p>Dmitry Vyukov of Google reported that the timerfd facility does
- - not properly handle certain concurrent operations on a single file
- - descriptor. This allows a local attacker to cause a denial of
- - service or potentially execute arbitrary code.</p></li>
+ <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков из Google Ñ?ообÑ?ил, Ñ?Ñ?о timerfd непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+ опÑ?еделÑ?ннÑ?е многопоÑ?оÑ?нÑ?е опеÑ?аÑ?ии на одном Ñ?айловом деÑ?кÑ?ипÑ?оÑ?е.
+ ÐÑ?о позволÑ?еÑ? локалÑ?номÑ? злоÑ?мÑ?Ñ?ленникÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании или
+ поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11600">CVE-2017-11600</a>
- - <p>Bo Zhang reported that the xfrm subsystem does not properly
- - validate one of the parameters to a netlink message. Local users
- - with the CAP_NET_ADMIN capability can use this to cause a denial
- - of service or potentially to execute arbitrary code.</p></li>
+ <p>Ð?о Чжан Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема xfrm непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ?
+ одного из паÑ?амеÑ?Ñ?ов, пеÑ?едаваемÑ?Ñ? netlink-Ñ?ообÑ?ениÑ?. Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели,
+ имеÑ?Ñ?ие возможноÑ?Ñ?Ñ? CAP_NET_ADMIN, могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+ оÑ?каза в обÑ?лÑ?живании или поÑ?енÑ?иалÑ?ного вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12134">CVE-2017-12134</a>
/ #866511 / XSA-229
- - <p>Jan H. Schoenherr of Amazon discovered that when Linux is running
- - in a Xen PV domain on an x86 system, it may incorrectly merge
- - block I/O requests. A buggy or malicious guest may trigger this
- - bug in dom0 or a PV driver domain, causing a denial of service or
- - potentially execution of arbitrary code.</p>
+ <p>Ян ШÑ?нгеÑ? из Amazon обнаÑ?Ñ?жил, Ñ?Ñ?о еÑ?ли Linux запÑ?Ñ?ен в домене
+ Xen PV на Ñ?иÑ?Ñ?еме x86, Ñ?о Ñ?дÑ?о можеÑ? непÑ?авилÑ?но обÑ?единÑ?Ñ?Ñ? блоÑ?нÑ?е запÑ?оÑ?Ñ?
+ ввода/вÑ?вода. Ð?Ñ?едоноÑ?наÑ? гоÑ?Ñ?еваÑ? Ñ?иÑ?Ñ?ема или гоÑ?Ñ?еваÑ? Ñ?иÑ?Ñ?ема Ñ? оÑ?ибками могÑ?Ñ? вÑ?зваÑ?Ñ?
+ Ñ?Ñ?Ñ? оÑ?ибкÑ? в dom0 или дÑ?айвеÑ?е домена PV, Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании или
+ поÑ?енÑ?иалÑ?номÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p>
- - <p>This issue can be mitigated by disabling merges on the underlying
- - back-end block devices, e.g.:
+ <p>Ð?паÑ?ноÑ?Ñ?Ñ? Ñ?Ñ?ой пÑ?облемÑ? можно Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? обÑ?единениÑ? на подлежаÑ?иÑ?
+ конеÑ?нÑ?Ñ? блоÑ?нÑ?Ñ? Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ваÑ?, напÑ?.:
<code>echo 2 > /sys/block/nvme0n1/queue/nomerges</code></p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12146">CVE-2017-12146</a>
- - (stretch only)
+ (Ñ?олÑ?ко stretch)
- - <p>Adrian Salido of Google reported a race condition in access to the
- - <q>driver_override</q> attribute for platform devices in sysfs. If
- - unprivileged users are permitted to access this attribute, this
- - might allow them to gain privileges.</p></li>
+ <p>Ð?дÑ?иан Салидо из Google Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки к коде длÑ? доÑ?Ñ?Ñ?па к
+ аÑ?Ñ?ибÑ?Ñ?Ñ? <q>driver_override</q> длÑ? плаÑ?Ñ?оÑ?меннÑ?Ñ? Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?в в sysfs. Ð?Ñ?ли
+ непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?ели имеÑ?Ñ? доÑ?Ñ?Ñ?п к Ñ?Ñ?омÑ? аÑ?Ñ?ибÑ?Ñ?Ñ?, Ñ?о
+ Ñ?Ñ?о можеÑ? позволиÑ?Ñ? им полÑ?Ñ?иÑ?Ñ? Ñ?пеÑ?иалÑ?нÑ?е пÑ?ивилегии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12153">CVE-2017-12153</a>
- - <p>bo Zhang reported that the cfg80211 (wifi) subsystem does not
- - properly validate the parameters to a netlink message. Local users
- - with the CAP_NET_ADMIN capability (in any user namespace with a
- - wifi device) can use this to cause a denial of service.</p></li>
+ <p>Ð?о Чжан Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема cfg80211 (wifi) непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ?
+ паÑ?амеÑ?Ñ?ов, пеÑ?едаваемÑ?Ñ? netlink-Ñ?ообÑ?ениÑ?. Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели, имеÑ?Ñ?ие
+ возможноÑ?Ñ?Ñ? CAP_NET_ADMIN (в лÑ?бой полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве Ñ?
+ wifi-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вом), могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12154">CVE-2017-12154</a>
- - <p>Jim Mattson of Google reported that the KVM implementation for
- - Intel x86 processors did not correctly handle certain nested
- - hypervisor configurations. A malicious guest (or nested guest in a
- - suitable L1 hypervisor) could use this for denial of service.</p></li>
+ <p>Ð?жим Ð?Ñ?Ñ?Ñ?он из Google Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel x86
+ непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е Ñ?иÑ?Ñ?аÑ?ии Ñ? вложеннÑ?ми гипеÑ?визоÑ?ами.
+ Ð?Ñ?едоноÑ?наÑ? гоÑ?Ñ?еваÑ? Ñ?иÑ?Ñ?ема (или вложеннаÑ? гоÑ?Ñ?еваÑ? Ñ?иÑ?Ñ?ема в подÑ?одÑ?Ñ?ем
+ гипеÑ?визоÑ?е L1) можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14106">CVE-2017-14106</a>
- - <p>Andrey Konovalov discovered that a user-triggerable division by
- - zero in the tcp_disconnect() function could result in local denial
- - of service.</p></li>
+ <p>Ð?ндÑ?ей Ð?оновалов обнаÑ?Ñ?жил, Ñ?Ñ?о вÑ?зÑ?ваемое полÑ?зоваÑ?елем деление на
+ нолÑ? в Ñ?Ñ?нкÑ?ии tcp_disconnect() можеÑ? пÑ?иводиÑ?Ñ? к локалÑ?номÑ? оÑ?казÑ?
+ в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14140">CVE-2017-14140</a>
- - <p>Otto Ebeling reported that the move_pages() system call performed
- - insufficient validation of the UIDs of the calling and target
- - processes, resulting in a partial ASLR bypass. This made it easier
- - for local users to exploit vulnerabilities in programs installed
- - with the set-UID permission bit set.</p></li>
+ <p>Ð?Ñ?Ñ?о Ðбелинг Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?иÑ?Ñ?емнÑ?й вÑ?зов move_pages() вÑ?полнÑ?еÑ?
+ недоÑ?Ñ?аÑ?оÑ?нÑ?Ñ? пÑ?овеÑ?кÑ? UID вÑ?зÑ?ваÑ?Ñ?иÑ? и Ñ?елевÑ?Ñ? пÑ?оÑ?еÑ?Ñ?оÑ?, Ñ?Ñ?о пÑ?иводиÑ?
+ к Ñ?аÑ?Ñ?иÑ?номÑ? обÑ?одÑ? ASLR. ÐÑ?о облегÑ?аеÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м
+ возможноÑ?Ñ?Ñ? иÑ?полÑ?зованиÑ? Ñ?Ñ?звимоÑ?Ñ?ей в пÑ?огÑ?аммаÑ?, имеÑ?Ñ?иÑ? биÑ? пÑ?ав доÑ?Ñ?Ñ?па,
+ позволÑ?Ñ?Ñ?ий вÑ?полнÑ?Ñ?Ñ? иÑ? оÑ? лиÑ?а владелÑ?Ñ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14156">CVE-2017-14156</a>
- - <p><q>sohu0106</q> reported an information leak in the atyfb video driver.
- - A local user with access to a framebuffer device handled by this
- - driver could use this to obtain sensitive information.</p></li>
+ <p><q>sohu0106</q> Ñ?ообÑ?ил об Ñ?Ñ?еÑ?ке инÑ?оÑ?маÑ?ии в видеодÑ?айвеÑ?е atyfb.
+ Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий доÑ?Ñ?Ñ?п к Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вÑ? кадÑ?ового бÑ?Ñ?еÑ?а, обÑ?лÑ?живаемомÑ? Ñ?казаннÑ?м
+ дÑ?айвеÑ?ом, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14340">CVE-2017-14340</a>
- - <p>Richard Wareing discovered that the XFS implementation allows the
- - creation of files with the <q>realtime</q> flag on a filesystem with no
- - realtime device, which can result in a crash (oops). A local user
- - with access to an XFS filesystem that does not have a realtime
- - device can use this for denial of service.</p></li>
+ <p>РиÑ?аÑ?д Уаинг обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? XFS позволÑ?еÑ? Ñ?оздаваÑ?Ñ? Ñ?айлÑ?
+ Ñ? Ñ?лагом <q>realtime</q> в Ñ?айловой Ñ?иÑ?Ñ?еме без Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва Ñ?абоÑ?Ñ? в Ñ?еалÑ?ном
+ вÑ?емени, Ñ?Ñ?о можеÑ? пÑ?иводиÑ?Ñ? к аваÑ?ийнÑ?м оÑ?Ñ?ановкам (oops). Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?,
+ имеÑ?Ñ?ий доÑ?Ñ?Ñ?п к Ñ?айловой Ñ?иÑ?Ñ?еме XFS, не имеÑ?Ñ?ей Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва Ñ?абоÑ?Ñ? в Ñ?еалÑ?ном вÑ?емени,
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14489">CVE-2017-14489</a>
- - <p>ChunYu Wang of Red Hat discovered that the iSCSI subsystem does not
- - properly validate the length of a netlink message, leading to
- - memory corruption. A local user with permission to manage iSCSI
- - devices can use this for denial of service or possibly to execute
- - arbitrary code.</p></li>
+ <p>ЧÑ?нÑ?Юй Ð?ан из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема iSCSI непÑ?авилÑ?но вÑ?полнÑ?еÑ?
+ пÑ?овеÑ?кÑ? длинÑ? netlink-Ñ?ообÑ?ениÑ?, Ñ?Ñ?о пÑ?иводиÑ? к повÑ?еждениÑ? Ñ?одеÑ?жимого
+ памÑ?Ñ?и. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава доÑ?Ñ?Ñ?па на Ñ?пÑ?авление Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вами
+ iSCSI, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или
+ длÑ? поÑ?енÑ?иалÑ?ного вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14497">CVE-2017-14497</a>
- - (stretch only)
+ (Ñ?олÑ?ко stretch)
- - <p>Benjamin Poirier of SUSE reported that vnet headers are not
- - properly handled within the tpacket_rcv() function in the raw
- - packet (af_packet) feature. A local user with the CAP_NET_RAW
- - capability can take advantage of this flaw to cause a denial of
- - service (buffer overflow, and disk and memory corruption) or have
- - other impact.</p></li>
+ <p>Ð?енджамин Ð?оиÑ?Ñ? из SUSE Ñ?ообÑ?ил, Ñ?Ñ?о обÑ?абоÑ?ка заголовков vnet
+ в Ñ?Ñ?нкÑ?ии tpacket_rcv() в коде Ñ?абоÑ?Ñ? Ñ? Ñ?Ñ?Ñ?Ñ?ми (af_packet) пакеÑ?ами
+ вÑ?полнÑ?еÑ?Ñ?Ñ? непÑ?авилÑ?но. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий возможноÑ?Ñ?Ñ?
+ CAP_NET_RAW, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в
+ обÑ?лÑ?живании (пеÑ?еполнение бÑ?Ñ?еÑ?а, повÑ?еждение Ñ?одеÑ?жимого диÑ?ка и
+ памÑ?Ñ?и), либо длÑ? оказаниÑ? дÑ?Ñ?гого влиÑ?ниÑ? на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000111">CVE-2017-1000111</a>
- - <p>Andrey Konovalov of Google reported a race condition in the raw
- - packet (af_packet) feature. Local users with the CAP_NET_RAW
- - capability can use this for denial of service or possibly to
- - execute arbitrary code.</p></li>
+ <p>Ð?ндÑ?ей Ð?оновалов из Google Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в коде Ñ?абоÑ?Ñ? Ñ? Ñ?Ñ?Ñ?Ñ?ми
+ (af_packet) пакеÑ?ами. Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели, имеÑ?Ñ?ие возможноÑ?Ñ?Ñ? CAP_NET_RAW,
+ могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или длÑ? возможного
+ вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000112">CVE-2017-1000112</a>
- - <p>Andrey Konovalov of Google reported a race condition flaw in the
- - UDP Fragmentation Offload (UFO) code. A local user can use this
- - flaw for denial of service or possibly to execute arbitrary code.</p></li>
+ <p>Ð?ндÑ?ей Ð?оновалов из Google Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в коде
+ UDP Fragmentation Offload (UFO). Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+ Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или длÑ? поÑ?енÑ?иалÑ?ного вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000251">CVE-2017-1000251</a>
/ #875881
- - <p>Armis Labs discovered that the Bluetooth subsystem does not
- - properly validate L2CAP configuration responses, leading to a
- - stack buffer overflow. This is one of several vulnerabilities
- - dubbed <q>Blueborne</q>. A nearby attacker can use this to cause a
- - denial of service or possibly to execute arbitrary code on a
- - system with Bluetooth enabled.</p></li>
+ <p>СоÑ?Ñ?Ñ?дники Armis Labs обнаÑ?Ñ?жили, Ñ?Ñ?о подÑ?иÑ?Ñ?ема Bluetooth непÑ?авилÑ?но вÑ?полнÑ?еÑ?
+ пÑ?овеÑ?кÑ? конÑ?игÑ?Ñ?аÑ?ионнÑ?Ñ? оÑ?веÑ?ов L2CAP, Ñ?Ñ?о пÑ?иводиÑ? к пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а.
+ ÐÑ?о — одна из неÑ?колÑ?киÑ? Ñ?Ñ?звимоÑ?Ñ?ей, полÑ?Ñ?ивÑ?иÑ? название <q>Blueborne</q>.
+ Ð?лоÑ?мÑ?Ñ?ленник, наÑ?одÑ?Ñ?ийÑ?Ñ? в непоÑ?Ñ?едÑ?Ñ?венной близоÑ?Ñ?и, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ?
+ Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или поÑ?енÑ?иалÑ?ного вÑ?полнениÑ? пÑ?оизволÑ?ного
+ кода в Ñ?иÑ?Ñ?еме Ñ? вклÑ?Ñ?Ñ?ннÑ?м Bluetooth.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000252">CVE-2017-1000252</a>
- - (stretch only)
+ (Ñ?олÑ?ко stretch)
- - <p>Jan H. Schoenherr of Amazon reported that the KVM implementation
- - for Intel x86 processors did not correctly validate interrupt
- - injection requests. A local user with permission to use KVM could
- - use this for denial of service.</p></li>
+ <p>Ян ШÑ?нгеÑ? из Amazon Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel x86
+ непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? запÑ?оÑ?ов введениÑ? пÑ?еÑ?Ñ?ваний. Ð?окалÑ?нÑ?й
+ полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава на иÑ?полÑ?зование KVM, можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+ Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000370">CVE-2017-1000370</a>
- - <p>The Qualys Research Labs reported that a large argument or
- - environment list can result in ASLR bypass for 32-bit PIE binaries.</p></li>
+ <p>СоÑ?Ñ?Ñ?дники Qualys Research Labs Ñ?ообÑ?или, Ñ?Ñ?о болÑ?Ñ?ой аÑ?гÑ?менÑ? или Ñ?пиÑ?ок
+ окÑ?Ñ?жениÑ? можеÑ? пÑ?иводиÑ?Ñ? к обÑ?одÑ? ASLR длÑ? 32-биÑ?нÑ?Ñ? двоиÑ?нÑ?Ñ? Ñ?айлов Ñ? PIE.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000371">CVE-2017-1000371</a>
- - <p>The Qualys Research Labs reported that a large argument
- - orenvironment list can result in a stack/heap clash for 32-bit
- - PIE binaries.</p></li>
+ <p>СоÑ?Ñ?Ñ?дники Qualys Research Labs Ñ?ообÑ?или, Ñ?Ñ?о болÑ?Ñ?ой аÑ?гÑ?менÑ?
+ или Ñ?пиÑ?ок окÑ?Ñ?жениÑ? можеÑ? пÑ?иводиÑ?Ñ? к коллизии Ñ?Ñ?ека длÑ? 32-биÑ?нÑ?Ñ?
+ двоиÑ?нÑ?Ñ? Ñ?айлов Ñ? PIE.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000380">CVE-2017-1000380</a>
- - <p>Alexander Potapenko of Google reported a race condition in the ALSA
- - (sound) timer driver, leading to an information leak. A local user
- - with permission to access sound devices could use this to obtain
- - sensitive information.</p></li>
+ <p>Ð?лекÑ?андÑ? Ð?оÑ?апенко из Google Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в дÑ?айвеÑ?е Ñ?аймеÑ?а ALSA
+ (sound), пÑ?иводÑ?Ñ?ей к Ñ?Ñ?еÑ?ке инÑ?оÑ?маÑ?ии. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава
+ на полÑ?Ñ?ение доÑ?Ñ?Ñ?па к звÑ?ковÑ?м Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вам, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+ длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
</ul>
- -<p>Debian disables unprivileged user namespaces by default, but if they
- -are enabled (via the kernel.unprivileged_userns_clone sysctl) then
- -<a href="https://security-tracker.debian.org/tracker/CVE-2017-11600">CVE-2017-11600</a>,
- -<a href="https://security-tracker.debian.org/tracker/CVE-2017-14497">CVE-2017-14497</a> and
- -<a href="https://security-tracker.debian.org/tracker/CVE-2017-1000111">CVE-2017-1000111</a>
- -can be exploited by any local user.</p>
+<p>Ð? Debian по Ñ?молÑ?аниÑ? оÑ?клÑ?Ñ?енÑ? непÑ?ивилегиÑ?ованнÑ?е пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва полÑ?зоваÑ?елÑ?, но еÑ?ли они
+вклÑ?Ñ?енÑ? (Ñ? помоÑ?Ñ?Ñ? опÑ?ии sysctl kernel.unprivileged_userns_clone), Ñ?о Ñ?Ñ?звимоÑ?Ñ?и
+<a href="https://security-tracker.debian.org/tracker/CVE-2017-11600">CVE-2017-11600</a>,
+<a href="https://security-tracker.debian.org/tracker/CVE-2017-14497">CVE-2017-14497</a> и
+<a href="https://security-tracker.debian.org/tracker/CVE-2017-1000111">CVE-2017-1000111</a>
+могÑ? иÑ?полÑ?зоваÑ?Ñ? лÑ?бÑ?м локалÑ?нÑ?м полÑ?зоваÑ?елем.</p>
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 3.16.43-2+deb8u5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 3.16.43-2+deb8u5.</p>
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 4.9.30-2+deb9u5.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.9.30-2+deb9u5.</p>
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlnDX9gACgkQXudu4gIW
0qXdQA/8Dh0rCBhgZeN95LQp4XMa5H2O0KmVUtu1DQvMiLRrNTY3XW/eYuequEZK
ro2UkiJrD6feVnhW3YY+qlG6AotSwcV+FF6nbYQW1AiXeZUapEROAX3TEad3GG2F
UytU6qaA1T2lDC/hzolHGcG1/UGWaqeEfmgc+XQI0aA8cxQrHGKdQJnEDpze9NKP
BOHU+KkGL4/x/Gt26hiip06TXNgktop9sbwd/1a10QMVMS42u6EuE0vuPFDzH58N
DLQGwwRcoypqT+RzDx+tWy2aGxq6ryqO1LjPJjaMoeoBuGL9H3l7N2o7UNYEl8C0
rq9ES4zY+qQNqNUy7SB3d+oSijKImLJViIlw3jOpGd7xzeCHtRUHIlAGxkyJI7ML
2dB4TeHVwrBDyGVuf1hUMw19xmXINcSU/xGr3b2edYvYM/MZ6J/Ey8FKEy6viiq+
63h4hgjjf7pALHwtx1Tq2pLRu8bTBGUOwXHgST1qb1YQDqZqCxQRrYqSmntl0vx1
4jQlloI7mKuRFG+uXecUicWW16Dw0OS8zhDNQykHjZGEhdhsgOBzKXPDP5lZvJhx
SQmUIlfnOkUXOc8ex7c6KyL90ntpoeHwOSZHAOGFLKu3ol8exqYGMxpFMmNSnkJV
YDo5KDifMpXGxiQYqdGw5C71vRrFR42NA8QXa5t1dsRycplUb9g=
=8jqT
-----END PGP SIGNATURE-----
Reply to: