[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2017/dsa-3981.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2017/dsa-3981.wml	2017-09-21 09:54:42.000000000 +0500
+++ russian/security/2017/dsa-3981.wml	2017-09-21 11:44:22.353512174 +0500
@@ -1,186 +1,187 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е могÑ?Ñ?
+пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или Ñ?Ñ?еÑ?кам
+инÑ?оÑ?маÑ?ии.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7518";>CVE-2017-7518</a>
 
- -    <p>Andy Lutomirski discovered that KVM is prone to an incorrect debug
- -    exception (#DB) error occurring while emulating a syscall
- -    instruction. A process inside a guest can take advantage of this
- -    flaw for privilege escalation inside a guest.</p></li>
+    <p>Энди Ð?Ñ?Ñ?омиÑ?Ñ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о KVM можеÑ? вÑ?даваÑ?Ñ? оÑ?ибкÑ? из-за некоÑ?Ñ?екÑ?ного
+    оÑ?ладоÑ?ного иÑ?клÑ?Ñ?ениÑ? (#DB), возникаÑ?Ñ?Ñ?Ñ? во вÑ?емÑ? Ñ?мÑ?лÑ?Ñ?ии инÑ?Ñ?Ñ?Ñ?кÑ?ии Ñ?иÑ?Ñ?емного
+    вÑ?зова. Ð?Ñ?оÑ?еÑ?Ñ? в гоÑ?Ñ?евой Ñ?иÑ?Ñ?еме можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий внÑ?Ñ?Ñ?и гоÑ?Ñ?евой Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7558";>CVE-2017-7558</a>
- -    (stretch only)
+    (Ñ?олÑ?ко stretch)
 
- -    <p>Stefano Brivio of Red Hat discovered that the SCTP subsystem is
- -    prone to a data leak vulnerability due to an out-of-bounds read
- -    flaw, allowing to leak up to 100 uninitialized bytes to userspace.</p></li>
+    <p>СÑ?еÑ?ано Ð?Ñ?ивио из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема SCTP Ñ?Ñ?звима
+    к Ñ?Ñ?еÑ?ке даннÑ?Ñ? из-за Ñ?Ñ?ениÑ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и,
+    коÑ?оÑ?ое пÑ?иводиÑ? к Ñ?Ñ?еканиÑ? 100 неиниÑ?иализиÑ?ованнÑ?Ñ? байÑ? в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во полÑ?зоваÑ?елÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-10661";>CVE-2017-10661</a>
- -    (jessie only)
+    (Ñ?олÑ?ко jessie)
 
- -    <p>Dmitry Vyukov of Google reported that the timerfd facility does
- -    not properly handle certain concurrent operations on a single file
- -    descriptor.  This allows a local attacker to cause a denial of
- -    service or potentially execute arbitrary code.</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков из Google Ñ?ообÑ?ил, Ñ?Ñ?о timerfd непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+    опÑ?еделÑ?ннÑ?е многопоÑ?оÑ?нÑ?е опеÑ?аÑ?ии на одном Ñ?айловом деÑ?кÑ?ипÑ?оÑ?е.
+    ЭÑ?о позволÑ?еÑ? локалÑ?номÑ? злоÑ?мÑ?Ñ?ленникÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании или
+    поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11600";>CVE-2017-11600</a>
 
- -    <p>Bo Zhang reported that the xfrm subsystem does not properly
- -    validate one of the parameters to a netlink message. Local users
- -    with the CAP_NET_ADMIN capability can use this to cause a denial
- -    of service or potentially to execute arbitrary code.</p></li>
+    <p>Ð?о Чжан Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема xfrm непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ?
+    одного из паÑ?амеÑ?Ñ?ов, пеÑ?едаваемÑ?Ñ? netlink-Ñ?ообÑ?ениÑ?. Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели,
+    имеÑ?Ñ?ие возможноÑ?Ñ?Ñ? CAP_NET_ADMIN, могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+    оÑ?каза в обÑ?лÑ?живании или поÑ?енÑ?иалÑ?ного вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12134";>CVE-2017-12134</a>
     / #866511 / XSA-229
 
- -    <p>Jan H. Schoenherr of Amazon discovered that when Linux is running
- -    in a Xen PV domain on an x86 system, it may incorrectly merge
- -    block I/O requests.  A buggy or malicious guest may trigger this
- -    bug in dom0 or a PV driver domain, causing a denial of service or
- -    potentially execution of arbitrary code.</p>
+    <p>Ян ШÑ?нгеÑ? из Amazon обнаÑ?Ñ?жил, Ñ?Ñ?о еÑ?ли Linux запÑ?Ñ?ен в домене
+    Xen PV на Ñ?иÑ?Ñ?еме x86, Ñ?о Ñ?дÑ?о можеÑ? непÑ?авилÑ?но обÑ?единÑ?Ñ?Ñ? блоÑ?нÑ?е запÑ?оÑ?Ñ?
+    ввода/вÑ?вода. Ð?Ñ?едоноÑ?наÑ? гоÑ?Ñ?еваÑ? Ñ?иÑ?Ñ?ема или гоÑ?Ñ?еваÑ? Ñ?иÑ?Ñ?ема Ñ? оÑ?ибками могÑ?Ñ? вÑ?зваÑ?Ñ?
+    Ñ?Ñ?Ñ? оÑ?ибкÑ? в dom0 или дÑ?айвеÑ?е домена PV, Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании или
+    поÑ?енÑ?иалÑ?номÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p>
 
- -    <p>This issue can be mitigated by disabling merges on the underlying
- -    back-end block devices, e.g.:
+    <p>Ð?паÑ?ноÑ?Ñ?Ñ? Ñ?Ñ?ой пÑ?облемÑ? можно Ñ?низиÑ?Ñ? пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? обÑ?единениÑ? на подлежаÑ?иÑ?
+    конеÑ?нÑ?Ñ? блоÑ?нÑ?Ñ? Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ваÑ?, напÑ?.:
         <code>echo 2 > /sys/block/nvme0n1/queue/nomerges</code></p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12146";>CVE-2017-12146</a>
- -    (stretch only)
+    (Ñ?олÑ?ко stretch)
 
- -    <p>Adrian Salido of Google reported a race condition in access to the
- -    <q>driver_override</q> attribute for platform devices in sysfs. If
- -    unprivileged users are permitted to access this attribute, this
- -    might allow them to gain privileges.</p></li>
+    <p>Ð?дÑ?иан Салидо из Google Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки к коде длÑ? доÑ?Ñ?Ñ?па к
+    аÑ?Ñ?ибÑ?Ñ?Ñ? <q>driver_override</q> длÑ? плаÑ?Ñ?оÑ?меннÑ?Ñ? Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?в в sysfs. Ð?Ñ?ли
+    непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?ели имеÑ?Ñ? доÑ?Ñ?Ñ?п к Ñ?Ñ?омÑ? аÑ?Ñ?ибÑ?Ñ?Ñ?, Ñ?о
+    Ñ?Ñ?о можеÑ? позволиÑ?Ñ? им полÑ?Ñ?иÑ?Ñ? Ñ?пеÑ?иалÑ?нÑ?е пÑ?ивилегии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12153";>CVE-2017-12153</a>
 
- -    <p>bo Zhang reported that the cfg80211 (wifi) subsystem does not
- -    properly validate the parameters to a netlink message. Local users
- -    with the CAP_NET_ADMIN capability (in any user namespace with a
- -    wifi device) can use this to cause a denial of service.</p></li>
+    <p>Ð?о Чжан Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема cfg80211 (wifi) непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ?
+    паÑ?амеÑ?Ñ?ов, пеÑ?едаваемÑ?Ñ? netlink-Ñ?ообÑ?ениÑ?. Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели, имеÑ?Ñ?ие
+    возможноÑ?Ñ?Ñ? CAP_NET_ADMIN (в лÑ?бой полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве Ñ?
+    wifi-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вом), могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12154";>CVE-2017-12154</a>
 
- -    <p>Jim Mattson of Google reported that the KVM implementation for
- -    Intel x86 processors did not correctly handle certain nested
- -    hypervisor configurations. A malicious guest (or nested guest in a
- -    suitable L1 hypervisor) could use this for denial of service.</p></li>
+    <p>Ð?жим Ð?Ñ?Ñ?Ñ?он из Google Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel x86
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е Ñ?иÑ?Ñ?аÑ?ии Ñ? вложеннÑ?ми гипеÑ?визоÑ?ами.
+    Ð?Ñ?едоноÑ?наÑ? гоÑ?Ñ?еваÑ? Ñ?иÑ?Ñ?ема (или вложеннаÑ? гоÑ?Ñ?еваÑ? Ñ?иÑ?Ñ?ема в подÑ?одÑ?Ñ?ем
+    гипеÑ?визоÑ?е L1) можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14106";>CVE-2017-14106</a>
 
- -    <p>Andrey Konovalov discovered that a user-triggerable division by
- -    zero in the tcp_disconnect() function could result in local denial
- -    of service.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов обнаÑ?Ñ?жил, Ñ?Ñ?о вÑ?зÑ?ваемое полÑ?зоваÑ?елем деление на
+    нолÑ? в Ñ?Ñ?нкÑ?ии tcp_disconnect() можеÑ? пÑ?иводиÑ?Ñ? к локалÑ?номÑ? оÑ?казÑ?
+    в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14140";>CVE-2017-14140</a>
 
- -    <p>Otto Ebeling reported that the move_pages() system call performed
- -    insufficient validation of the UIDs of the calling and target
- -    processes, resulting in a partial ASLR bypass. This made it easier
- -    for local users to exploit vulnerabilities in programs installed
- -    with the set-UID permission bit set.</p></li>
+    <p>Ð?Ñ?Ñ?о Эбелинг Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?иÑ?Ñ?емнÑ?й вÑ?зов move_pages() вÑ?полнÑ?еÑ?
+    недоÑ?Ñ?аÑ?оÑ?нÑ?Ñ? пÑ?овеÑ?кÑ? UID вÑ?зÑ?ваÑ?Ñ?иÑ? и Ñ?елевÑ?Ñ? пÑ?оÑ?еÑ?Ñ?оÑ?, Ñ?Ñ?о пÑ?иводиÑ?
+    к Ñ?аÑ?Ñ?иÑ?номÑ? обÑ?одÑ? ASLR. ЭÑ?о облегÑ?аеÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м
+    возможноÑ?Ñ?Ñ? иÑ?полÑ?зованиÑ? Ñ?Ñ?звимоÑ?Ñ?ей в пÑ?огÑ?аммаÑ?, имеÑ?Ñ?иÑ? биÑ? пÑ?ав доÑ?Ñ?Ñ?па,
+    позволÑ?Ñ?Ñ?ий вÑ?полнÑ?Ñ?Ñ? иÑ? оÑ? лиÑ?а владелÑ?Ñ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14156";>CVE-2017-14156</a>
 
- -    <p><q>sohu0106</q> reported an information leak in the atyfb video driver.
- -    A local user with access to a framebuffer device handled by this
- -    driver could use this to obtain sensitive information.</p></li>
+    <p><q>sohu0106</q> Ñ?ообÑ?ил об Ñ?Ñ?еÑ?ке инÑ?оÑ?маÑ?ии в видеодÑ?айвеÑ?е atyfb.
+    Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий доÑ?Ñ?Ñ?п к Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вÑ? кадÑ?ового бÑ?Ñ?еÑ?а, обÑ?лÑ?живаемомÑ? Ñ?казаннÑ?м
+    дÑ?айвеÑ?ом, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14340";>CVE-2017-14340</a>
 
- -    <p>Richard Wareing discovered that the XFS implementation allows the
- -    creation of files with the <q>realtime</q> flag on a filesystem with no
- -    realtime device, which can result in a crash (oops). A local user
- -    with access to an XFS filesystem that does not have a realtime
- -    device can use this for denial of service.</p></li>
+    <p>РиÑ?аÑ?д Уаинг обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? XFS позволÑ?еÑ? Ñ?оздаваÑ?Ñ? Ñ?айлÑ?
+    Ñ? Ñ?лагом <q>realtime</q> в Ñ?айловой Ñ?иÑ?Ñ?еме без Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва Ñ?абоÑ?Ñ? в Ñ?еалÑ?ном
+    вÑ?емени, Ñ?Ñ?о можеÑ? пÑ?иводиÑ?Ñ? к аваÑ?ийнÑ?м оÑ?Ñ?ановкам (oops). Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?,
+    имеÑ?Ñ?ий доÑ?Ñ?Ñ?п к Ñ?айловой Ñ?иÑ?Ñ?еме XFS, не имеÑ?Ñ?ей Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва Ñ?абоÑ?Ñ? в Ñ?еалÑ?ном вÑ?емени,
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14489";>CVE-2017-14489</a>
 
- -    <p>ChunYu Wang of Red Hat discovered that the iSCSI subsystem does not
- -    properly validate the length of a netlink message, leading to
- -    memory corruption. A local user with permission to manage iSCSI
- -    devices can use this for denial of service or possibly to execute
- -    arbitrary code.</p></li>
+    <p>ЧÑ?нÑ?Юй Ð?ан из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема iSCSI непÑ?авилÑ?но вÑ?полнÑ?еÑ?
+    пÑ?овеÑ?кÑ? длинÑ? netlink-Ñ?ообÑ?ениÑ?, Ñ?Ñ?о пÑ?иводиÑ? к повÑ?еждениÑ? Ñ?одеÑ?жимого
+    памÑ?Ñ?и. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава доÑ?Ñ?Ñ?па на Ñ?пÑ?авление Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вами
+    iSCSI, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или
+    длÑ? поÑ?енÑ?иалÑ?ного вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-14497";>CVE-2017-14497</a>
- -    (stretch only)
+    (Ñ?олÑ?ко stretch)
 
- -    <p>Benjamin Poirier of SUSE reported that vnet headers are not
- -    properly handled within the tpacket_rcv() function in the raw
- -    packet (af_packet) feature. A local user with the CAP_NET_RAW
- -    capability can take advantage of this flaw to cause a denial of
- -    service (buffer overflow, and disk and memory corruption) or have
- -    other impact.</p></li>
+    <p>Ð?енджамин Ð?оиÑ?Ñ? из SUSE Ñ?ообÑ?ил, Ñ?Ñ?о обÑ?абоÑ?ка заголовков vnet
+    в Ñ?Ñ?нкÑ?ии tpacket_rcv() в коде Ñ?абоÑ?Ñ? Ñ? Ñ?Ñ?Ñ?Ñ?ми (af_packet) пакеÑ?ами
+    вÑ?полнÑ?еÑ?Ñ?Ñ? непÑ?авилÑ?но. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий возможноÑ?Ñ?Ñ?
+    CAP_NET_RAW, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в
+    обÑ?лÑ?живании (пеÑ?еполнение бÑ?Ñ?еÑ?а, повÑ?еждение Ñ?одеÑ?жимого диÑ?ка и
+    памÑ?Ñ?и), либо длÑ? оказаниÑ? дÑ?Ñ?гого влиÑ?ниÑ? на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000111";>CVE-2017-1000111</a>
 
- -    <p>Andrey Konovalov of Google reported a race condition in the raw
- -    packet (af_packet) feature. Local users with the CAP_NET_RAW
- -    capability can use this for denial of service or possibly to
- -    execute arbitrary code.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов из Google Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в коде Ñ?абоÑ?Ñ? Ñ? Ñ?Ñ?Ñ?Ñ?ми
+    (af_packet) пакеÑ?ами. Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели, имеÑ?Ñ?ие возможноÑ?Ñ?Ñ? CAP_NET_RAW,
+    могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или длÑ? возможного
+    вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000112";>CVE-2017-1000112</a>
 
- -    <p>Andrey Konovalov of Google reported a race condition flaw in the
- -    UDP Fragmentation Offload (UFO) code. A local user can use this
- -    flaw for denial of service or possibly to execute arbitrary code.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов из Google Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в коде
+    UDP Fragmentation Offload (UFO). Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или длÑ? поÑ?енÑ?иалÑ?ного вÑ?полнениÑ? пÑ?оизволÑ?ного кода.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000251";>CVE-2017-1000251</a>
     / #875881
 
- -    <p>Armis Labs discovered that the Bluetooth subsystem does not
- -    properly validate L2CAP configuration responses, leading to a
- -    stack buffer overflow. This is one of several vulnerabilities
- -    dubbed <q>Blueborne</q>. A nearby attacker can use this to cause a
- -    denial of service or possibly to execute arbitrary code on a
- -    system with Bluetooth enabled.</p></li>
+    <p>СоÑ?Ñ?Ñ?дники Armis Labs обнаÑ?Ñ?жили, Ñ?Ñ?о подÑ?иÑ?Ñ?ема Bluetooth непÑ?авилÑ?но вÑ?полнÑ?еÑ?
+    пÑ?овеÑ?кÑ? конÑ?игÑ?Ñ?аÑ?ионнÑ?Ñ? оÑ?веÑ?ов L2CAP, Ñ?Ñ?о пÑ?иводиÑ? к пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а.
+    ЭÑ?о &mdash; одна из неÑ?колÑ?киÑ? Ñ?Ñ?звимоÑ?Ñ?ей, полÑ?Ñ?ивÑ?иÑ? название <q>Blueborne</q>.
+    Ð?лоÑ?мÑ?Ñ?ленник, наÑ?одÑ?Ñ?ийÑ?Ñ? в непоÑ?Ñ?едÑ?Ñ?венной близоÑ?Ñ?и, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ?
+    Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или поÑ?енÑ?иалÑ?ного вÑ?полнениÑ? пÑ?оизволÑ?ного
+    кода в Ñ?иÑ?Ñ?еме Ñ? вклÑ?Ñ?Ñ?ннÑ?м Bluetooth.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000252";>CVE-2017-1000252</a>
- -    (stretch only)
+    (Ñ?олÑ?ко stretch)
 
- -    <p>Jan H. Schoenherr of Amazon reported that the KVM implementation
- -    for Intel x86 processors did not correctly validate interrupt
- -    injection requests. A local user with permission to use KVM could
- -    use this for denial of service.</p></li>
+    <p>Ян ШÑ?нгеÑ? из Amazon Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel x86
+    непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? запÑ?оÑ?ов введениÑ? пÑ?еÑ?Ñ?ваний. Ð?окалÑ?нÑ?й
+    полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава на иÑ?полÑ?зование KVM, можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000370";>CVE-2017-1000370</a>
 
- -    <p>The Qualys Research Labs reported that a large argument or
- -    environment list can result in ASLR bypass for 32-bit PIE binaries.</p></li>
+    <p>СоÑ?Ñ?Ñ?дники Qualys Research Labs Ñ?ообÑ?или, Ñ?Ñ?о болÑ?Ñ?ой аÑ?гÑ?менÑ? или Ñ?пиÑ?ок
+    окÑ?Ñ?жениÑ? можеÑ? пÑ?иводиÑ?Ñ? к обÑ?одÑ? ASLR длÑ? 32-биÑ?нÑ?Ñ? двоиÑ?нÑ?Ñ? Ñ?айлов Ñ? PIE.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000371";>CVE-2017-1000371</a>
 
- -    <p>The Qualys Research Labs reported that a large argument
- -    orenvironment list can result in a stack/heap clash for 32-bit
- -    PIE binaries.</p></li>
+    <p>СоÑ?Ñ?Ñ?дники Qualys Research Labs Ñ?ообÑ?или, Ñ?Ñ?о болÑ?Ñ?ой аÑ?гÑ?менÑ?
+    или Ñ?пиÑ?ок окÑ?Ñ?жениÑ? можеÑ? пÑ?иводиÑ?Ñ? к коллизии Ñ?Ñ?ека длÑ? 32-биÑ?нÑ?Ñ?
+    двоиÑ?нÑ?Ñ? Ñ?айлов Ñ? PIE.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000380";>CVE-2017-1000380</a>
 
- -    <p>Alexander Potapenko of Google reported a race condition in the ALSA
- -    (sound) timer driver, leading to an information leak. A local user
- -    with permission to access sound devices could use this to obtain
- -    sensitive information.</p></li>
+    <p>Ð?лекÑ?андÑ? Ð?оÑ?апенко из Google Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в дÑ?айвеÑ?е Ñ?аймеÑ?а ALSA
+    (sound), пÑ?иводÑ?Ñ?ей к Ñ?Ñ?еÑ?ке инÑ?оÑ?маÑ?ии. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава
+    на полÑ?Ñ?ение доÑ?Ñ?Ñ?па к звÑ?ковÑ?м Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вам, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
 
 </ul>
 
- -<p>Debian disables unprivileged user namespaces by default, but if they
- -are enabled (via the kernel.unprivileged_userns_clone sysctl) then
- -<a href="https://security-tracker.debian.org/tracker/CVE-2017-11600";>CVE-2017-11600</a>, 
- -<a href="https://security-tracker.debian.org/tracker/CVE-2017-14497";>CVE-2017-14497</a> and 
- -<a href="https://security-tracker.debian.org/tracker/CVE-2017-1000111";>CVE-2017-1000111</a> 
- -can be exploited by any local user.</p>
+<p>Ð? Debian по Ñ?молÑ?аниÑ? оÑ?клÑ?Ñ?енÑ? непÑ?ивилегиÑ?ованнÑ?е пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва полÑ?зоваÑ?елÑ?, но еÑ?ли они
+вклÑ?Ñ?енÑ? (Ñ? помоÑ?Ñ?Ñ? опÑ?ии sysctl kernel.unprivileged_userns_clone), Ñ?о Ñ?Ñ?звимоÑ?Ñ?и
+<a href="https://security-tracker.debian.org/tracker/CVE-2017-11600";>CVE-2017-11600</a>,
+<a href="https://security-tracker.debian.org/tracker/CVE-2017-14497";>CVE-2017-14497</a> и
+<a href="https://security-tracker.debian.org/tracker/CVE-2017-1000111";>CVE-2017-1000111</a>
+могÑ? иÑ?полÑ?зоваÑ?Ñ? лÑ?бÑ?м локалÑ?нÑ?м полÑ?зоваÑ?елем.</p>
 
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 3.16.43-2+deb8u5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 3.16.43-2+deb8u5.</p>
 
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 4.9.30-2+deb9u5.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.9.30-2+deb9u5.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlnDX9gACgkQXudu4gIW
0qXdQA/8Dh0rCBhgZeN95LQp4XMa5H2O0KmVUtu1DQvMiLRrNTY3XW/eYuequEZK
ro2UkiJrD6feVnhW3YY+qlG6AotSwcV+FF6nbYQW1AiXeZUapEROAX3TEad3GG2F
UytU6qaA1T2lDC/hzolHGcG1/UGWaqeEfmgc+XQI0aA8cxQrHGKdQJnEDpze9NKP
BOHU+KkGL4/x/Gt26hiip06TXNgktop9sbwd/1a10QMVMS42u6EuE0vuPFDzH58N
DLQGwwRcoypqT+RzDx+tWy2aGxq6ryqO1LjPJjaMoeoBuGL9H3l7N2o7UNYEl8C0
rq9ES4zY+qQNqNUy7SB3d+oSijKImLJViIlw3jOpGd7xzeCHtRUHIlAGxkyJI7ML
2dB4TeHVwrBDyGVuf1hUMw19xmXINcSU/xGr3b2edYvYM/MZ6J/Ey8FKEy6viiq+
63h4hgjjf7pALHwtx1Tq2pLRu8bTBGUOwXHgST1qb1YQDqZqCxQRrYqSmntl0vx1
4jQlloI7mKuRFG+uXecUicWW16Dw0OS8zhDNQykHjZGEhdhsgOBzKXPDP5lZvJhx
SQmUIlfnOkUXOc8ex7c6KyL90ntpoeHwOSZHAOGFLKu3ol8exqYGMxpFMmNSnkJV
YDo5KDifMpXGxiQYqdGw5C71vRrFR42NA8QXa5t1dsRycplUb9g=
=8jqT
-----END PGP SIGNATURE-----
Reply to: