[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2017/dsa-4073.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2017/dsa-4073.wml	2017-12-24 09:25:18.000000000 +0500
+++ russian/security/2017/dsa-4073.wml	2017-12-25 00:16:22.616412887 +0500
@@ -1,161 +1,164 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е могÑ?Ñ?
+пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казам в обÑ?лÑ?живании или Ñ?Ñ?еÑ?кам
+инÑ?оÑ?маÑ?ии.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8824";>CVE-2017-8824</a>
 
- -    <p>Mohamed Ghannam discovered that the DCCP implementation did not
- -    correctly manage resources when a socket is disconnected and
- -    reconnected, potentially leading to a use-after-free.  A local
- -    user could use this for denial of service (crash or data
- -    corruption) or possibly for privilege escalation.  On systems that
- -    do not already have the dccp module loaded, this can be mitigated
- -    by disabling it:
+    <p>Ð?оÑ?амед Ð?аннам обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? DCCP непÑ?авилÑ?но Ñ?пÑ?авлÑ?еÑ?
+    Ñ?еÑ?Ñ?Ñ?Ñ?ами в Ñ?лÑ?Ñ?ае оÑ?клÑ?Ñ?ениÑ? и повÑ?оÑ?ного подклÑ?Ñ?ениÑ? Ñ?океÑ?а,
+    Ñ?Ñ?о поÑ?енÑ?иалÑ?но пÑ?иводиÑ? к иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и. Ð?окалÑ?нÑ?й
+    полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+    или повÑ?еждение даннÑ?Ñ?) или возможномÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий. Ð? Ñ?иÑ?Ñ?емаÑ?, в коÑ?оÑ?Ñ?Ñ?
+    модÑ?лÑ? dccp не загÑ?Ñ?жен, опаÑ?ноÑ?Ñ?Ñ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно
+    Ñ?низиÑ?Ñ?, оÑ?клÑ?Ñ?ив Ñ?казаннÑ?й модÑ?лÑ?:
     echo >> /etc/modprobe.d/disable-dccp.conf install dccp false</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16538";>CVE-2017-16538</a>
 
- -    <p>Andrey Konovalov reported that the dvb-usb-lmedm04 media driver
- -    did not correctly handle some error conditions during
- -    initialisation.  A physically present user with a specially
- -    designed USB device can use this to cause a denial of service
- -    (crash).</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о дÑ?айвеÑ? dvb-usb-lmedm04
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ?
+    иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но
+    подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+    оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16644";>CVE-2017-16644</a>
 
- -    <p>Andrey Konovalov reported that the hdpvr media driver did not
- -    correctly handle some error conditions during initialisation.  A
- -    physically present user with a specially designed USB device can
- -    use this to cause a denial of service (crash).</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о дÑ?айвеÑ? hdpvr
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ?
+    иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но
+    подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+    оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16995";>CVE-2017-16995</a>
 
- -    <p>Jann Horn discovered that the Extended BPF verifier did not
- -    correctly model the behaviour of 32-bit load instructions.  A
- -    local user can use this for privilege escalation.</p></li>
+    <p>Ян ХоÑ?н обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF непÑ?авилÑ?но
+    моделиÑ?Ñ?еÑ? поведение 32-биÑ?нÑ?Ñ? инÑ?Ñ?Ñ?Ñ?кÑ?ий загÑ?Ñ?зки. Ð?окалÑ?нÑ?й
+    полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17448";>CVE-2017-17448</a>
 
- -    <p>Kevin Cernekee discovered that the netfilter subsystem allowed
- -    users with the CAP_NET_ADMIN capability in any user namespace, not
- -    just the root namespace, to enable and disable connection tracking
- -    helpers.  This could lead to denial of service, violation of
- -    network security policy, or have other impact.</p></li>
+    <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+    имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве, а не
+    пÑ?оÑ?Ñ?о в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?, вклÑ?Ñ?аÑ?Ñ? и оÑ?клÑ?Ñ?аÑ?Ñ? вÑ?помогаÑ?елÑ?нÑ?е
+    Ñ?Ñ?илиÑ?Ñ? длÑ? оÑ?Ñ?леживаниÑ? Ñ?оединений. ЭÑ?о можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании, наÑ?Ñ?Ñ?ении
+    пÑ?авил безопаÑ?ноÑ?Ñ?и Ñ?еÑ?и или можеÑ? оказÑ?ваÑ?Ñ? дÑ?Ñ?гое влиÑ?ние на Ñ?абоÑ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17449";>CVE-2017-17449</a>
 
- -    <p>Kevin Cernekee discovered that the netlink subsystem allowed
- -    users with the CAP_NET_ADMIN capability in any user namespace
- -    to monitor netlink traffic in all net namespaces, not just
- -    those owned by that user namespace.  This could lead to
- -    exposure of sensitive information.</p></li>
+    <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+    имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве,
+    оÑ?Ñ?леживаÑ?Ñ? Ñ?Ñ?аÑ?ик netlink во вÑ?еÑ? Ñ?еÑ?евÑ?Ñ? пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ваÑ? имÑ?н, а не Ñ?олÑ?ко Ñ?еÑ?,
+    владелÑ?Ñ?ем коÑ?оÑ?Ñ?Ñ? Ñ?влÑ?еÑ?Ñ?Ñ? данное полÑ?зоваÑ?елÑ?Ñ?кое пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во. ЭÑ?о можеÑ? пÑ?иводиÑ?Ñ? к
+    Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17450";>CVE-2017-17450</a>
 
- -    <p>Kevin Cernekee discovered that the xt_osf module allowed users
- -    with the CAP_NET_ADMIN capability in any user namespace to modify
- -    the global OS fingerprint list.</p></li>
+    <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о модÑ?лÑ? xt_osf позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+    имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве, изменÑ?Ñ?Ñ?
+    глобалÑ?нÑ?й Ñ?пиÑ?ок оÑ?пеÑ?аÑ?ков опеÑ?аÑ?ионной Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17558";>CVE-2017-17558</a>
 
- -    <p>Andrey Konovalov reported that that USB core did not correctly
- -    handle some error conditions during initialisation.  A physically
- -    present user with a specially designed USB device can use this to
- -    cause a denial of service (crash or memory corruption), or
- -    possibly for privilege escalation.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?дÑ?о USB непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+    некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ? иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким
+    доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+    или повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и), либо длÑ? возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17712";>CVE-2017-17712</a>
 
- -    <p>Mohamed Ghannam discovered a race condition in the IPv4 raw socket
- -    implementation.  A local user could use this to obtain sensitive
- -    information from the kernel.</p></li>
+    <p>Ð?оÑ?амед Ð?аннам обнаÑ?Ñ?жил Ñ?оÑ?Ñ?оÑ?ние гонки в Ñ?еализаÑ?ии Ñ?Ñ?Ñ?Ñ?Ñ? Ñ?океÑ?ов
+    IPv4. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ?
+    Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии из Ñ?дÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17741";>CVE-2017-17741</a>
 
- -    <p>Dmitry Vyukov reported that the KVM implementation for x86 would
- -    over-read data from memory when emulating an MMIO write if the
- -    kvm_mmio tracepoint was enabled.  A guest virtual machine might be
- -    able to use this to cause a denial of service (crash).</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86 пÑ?оизводиÑ? Ñ?Ñ?ение
+    даннÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и пÑ?и Ñ?мÑ?лÑ?Ñ?ии опеÑ?аÑ?ии запиÑ?и MMIO
+    в Ñ?лÑ?Ñ?ае вклÑ?Ñ?ениÑ? Ñ?оÑ?ки оÑ?Ñ?леживаниÑ? kvm_mmio. Ð?оÑ?Ñ?еваÑ? виÑ?Ñ?Ñ?алÑ?наÑ? маÑ?ина можеÑ?
+    иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17805";>CVE-2017-17805</a>
 
- -    <p>It was discovered that some implementations of the Salsa20 block
- -    cipher did not correctly handle zero-length input.  A local user
- -    could use this to cause a denial of service (crash) or possibly
- -    have other security impact.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о некоÑ?оÑ?Ñ?е Ñ?еализаÑ?ии блоÑ?ного Ñ?иÑ?Ñ?а Salsa20
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваÑ?Ñ? вÑ?однÑ?е даннÑ?е нÑ?левой длинÑ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или
+    длÑ? оказаниÑ? дÑ?Ñ?гого возможного влиÑ?ниÑ? на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17806";>CVE-2017-17806</a>
 
- -    <p>It was discovered that the HMAC implementation could be used with
- -    an underlying hash algorithm that requires a key, which was not
- -    intended.  A local user could use this to cause a denial of
- -    service (crash or memory corruption), or possibly for privilege
- -    escalation.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?еализаÑ?иÑ? HMAC можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? вмеÑ?Ñ?е Ñ?
+    базовÑ?м алгоÑ?иÑ?мом Ñ?Ñ?Ñ?иÑ?ованиÑ?, длÑ? коÑ?оÑ?ого Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ? клÑ?Ñ?, Ñ?Ñ?о пÑ?и Ñ?азÑ?абоÑ?ке
+    не пÑ?едполагалоÑ?Ñ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+    оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка или повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и) или длÑ?
+    возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17807";>CVE-2017-17807</a>
 
- -    <p>Eric Biggers discovered that the KEYS subsystem lacked a check for
- -    write permission when adding keys to a process's default keyring.
- -    A local user could use this to cause a denial of service or to
- -    obtain sensitive information.</p></li>
+    <p>ЭÑ?ик Ð?иггеÑ?Ñ? обнаÑ?Ñ?жил, Ñ?Ñ?о в подÑ?иÑ?Ñ?еме KEYS оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? пÑ?овеÑ?ка пÑ?ав запиÑ?и
+    пÑ?и добавлении клÑ?Ñ?ей в Ñ?вÑ?зкÑ? клÑ?Ñ?ей пÑ?оÑ?еÑ?Ñ?а по Ñ?молÑ?аниÑ?.
+    Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или
+    длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17862";>CVE-2017-17862</a>
 
- -    <p>Alexei Starovoitov discovered that the Extended BPF verifier
- -    ignored unreachable code, even though it would still be processed
- -    by JIT compilers.  This could possibly be used by local users for
- -    denial of service.  It also increases the severity of bugs in
- -    determining unreachable code.</p></li>
+    <p>Ð?лекÑ?ей СÑ?аÑ?овойÑ?ов обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF
+    игноÑ?иÑ?Ñ?еÑ? недоÑ?Ñ?ижимÑ?й код, Ñ?оÑ?Ñ? он вÑ?Ñ? еÑ?Ñ? обÑ?абаÑ?Ñ?ваеÑ?Ñ?Ñ?
+    JIT-компилÑ?Ñ?оÑ?ами. ЭÑ?о можеÑ? поÑ?енÑ?иалÑ?но иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? локалÑ?нÑ?ми полÑ?зоваÑ?елÑ?ми длÑ?
+    вÑ?зова оÑ?каза в обÑ?лÑ?живании. Ð?Ñ?оме Ñ?ого, Ñ?Ñ?о Ñ?велиÑ?иваеÑ? Ñ?еÑ?Ñ?Ñ?зноÑ?Ñ?Ñ? оÑ?ибок в
+    Ñ?Ñ?Ñ?ановлении недоÑ?Ñ?ижимого кода.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17863";>CVE-2017-17863</a>
 
- -    <p>Jann Horn discovered that the Extended BPF verifier did not
- -    correctly model pointer arithmetic on the stack frame pointer.
- -    A local user can use this for privilege escalation.</p></li>
+    <p>Ян ХоÑ?н обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF непÑ?авилÑ?но
+    моделиÑ?Ñ?еÑ? аÑ?иÑ?меÑ?иÑ?еÑ?кие опеÑ?аÑ?ии над Ñ?казаÑ?елÑ?ми на Ñ?казаÑ?еле Ñ?Ñ?екового Ñ?Ñ?ейма.
+    Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17864";>CVE-2017-17864</a>
 
- -    <p>Jann Horn discovered that the Extended BPF verifier could fail to
- -    detect pointer leaks from conditional code.  A local user could
- -    use this to obtain sensitive information in order to exploit
- -    other vulnerabilities.</p></li>
+    <p>Ян ХоÑ?н обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF можеÑ? не обнаÑ?Ñ?жиÑ?Ñ?
+    Ñ?Ñ?еÑ?ки Ñ?казаÑ?елей из Ñ?Ñ?ловного кода. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии Ñ? Ñ?елÑ?Ñ? иÑ?полÑ?зованиÑ?
+    дÑ?Ñ?гиÑ? Ñ?Ñ?звимоÑ?Ñ?ей.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000407";>CVE-2017-1000407</a>
 
- -    <p>Andrew Honig reported that the KVM implementation for Intel
- -    processors allowed direct access to host I/O port 0x80, which
- -    is not generally safe.  On some systems this allows a guest
- -    VM to cause a denial of service (crash) of the host.</p></li>
+    <p>ЭндÑ?Ñ? Хониг Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel позволÑ?еÑ?
+    полÑ?Ñ?аÑ?Ñ? пÑ?Ñ?мой доÑ?Ñ?Ñ?п к поÑ?Ñ?Ñ? ввода/вÑ?вода 0x80 оÑ?новной маÑ?инÑ?, Ñ?Ñ?о
+    в обÑ?ем Ñ?лÑ?Ñ?ае не Ñ?влÑ?еÑ?Ñ?Ñ? безопаÑ?нÑ?м. Ð? некоÑ?оÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емаÑ? Ñ?Ñ?о позволÑ?еÑ? гоÑ?Ñ?евой
+    виÑ?Ñ?Ñ?алÑ?ной маÑ?ине вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) в оÑ?новной Ñ?иÑ?Ñ?еме.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000410";>CVE-2017-1000410</a>
 
- -    <p>Ben Seri reported that the Bluetooth subsystem did not correctly
- -    handle short EFS information elements in L2CAP messages.  An
- -    attacker able to communicate over Bluetooth could use this to
- -    obtain sensitive information from the kernel.</p></li>
+    <p>Ð?ен СеÑ?и Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема Bluetooth непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+    коÑ?оÑ?кие инÑ?оÑ?маÑ?ионнÑ?е EFS-Ñ?леменÑ?Ñ? в L2CAP-Ñ?ообÑ?ениÑ?Ñ?. Ð?лоÑ?мÑ?Ñ?ленник,
+    Ñ?поÑ?обнÑ?й взаимодейÑ?Ñ?воваÑ?Ñ? Ñ?еÑ?ез Bluetooth Ñ? Ñ?Ñ?звимой Ñ?иÑ?Ñ?емой, можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии из Ñ?дÑ?а.</p></li>
 
 </ul>
 
- -<p>The various problems in the Extended BPF verifier can be mitigated by
- -disabling use of Extended BPF by unprivileged users:
+<p>Ð?паÑ?ноÑ?Ñ?Ñ? Ñ?азлиÑ?нÑ?Ñ? пÑ?облем в коде длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF можеÑ?
+бÑ?Ñ?Ñ? Ñ?нижена пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? иÑ?полÑ?зованиÑ? Extended BPF непÑ?ивилегиÑ?ованнÑ?ми полÑ?зоваÑ?елÑ?ми:
 sysctl kernel.unprivileged_bpf_disabled=1</p>
 
- -<p>Debian disables unprivileged user namespaces by default, but if they
- -are enabled (via the kernel.unprivileged_userns_clone sysctl) then
+<p>Ð?о Ñ?молÑ?аниÑ? в Debian непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?елÑ?Ñ?кие пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва оÑ?клÑ?Ñ?енÑ?, но еÑ?ли
+они вклÑ?Ñ?енÑ? (Ñ? помоÑ?Ñ?Ñ? kernel.unprivileged_userns_clone sysctl), Ñ?о
 <a href="https://security-tracker.debian.org/tracker/CVE-2017-17448";>\
- -CVE-2017-17448</a> can be exploited by any local user.</p>
+CVE-2017-17448</a> можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? лÑ?бÑ?м локалÑ?нÑ?м полÑ?зоваÑ?елем.</p>
 
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 4.9.65-3+deb9u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.9.65-3+deb9u1.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 
- -<p>For the detailed security status of linux please refer to its security
- -tracker page at: <a href="https://security-tracker.debian.org/tracker/linux";>\
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и linux можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
+<a href="https://security-tracker.debian.org/tracker/linux";>\
 https://security-tracker.debian.org/tracker/linux</a></p>
 </define-tag>
 
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlo//Q8ACgkQXudu4gIW
0qXasRAAr+JsLIgCYsKrGihMHpaEjCvUEhO/be0aS2ero2UF6qQp6HCgUMhT4y4e
Cf2FMmfdz3q0RaV7gMNqj1mx/uMVFevwzySXE+tdZzrGwbJkyIyMwNnF/rLmXkjM
+e4Df7imLxAvY2umANT0czOXKG17lgWcy6bP3czZzRJg5EFIHbItuILhaDnQnAsu
lPyJ27Z90xLpdUPPrbLrcdYYQj48xdaSa6palnDSmghvib6oMx73dsMbjN8JVvCc
XaOLdrJa2QowNn+tR1yWhuHhT4tr/HIoTjnawLfKQaXsWp0xSsuioH8Y+Qs3bGNb
2nkWrblmKnkqppqsxkowhT2jjaNlBqgYVLd8CTqxY5PZ9WHERAKf3R5xcTim0gbA
GJcu05smr1zSdLkqIPP+K+OouOTse15b3IKdzPFz9BQomIZem781wsrZS5UJ1+nX
DOZynNeex9497fcAw2sxEUXtcGc6mRPuP3dpCQwlayembo3lKspZy/GDJh1ZKmfL
yFjvy6Slgy33JUcKkSMuL95MkqhqJonOYy0qUTfKQ8shwSBwpDUfZbbppYRwCn1U
xtBaEOB749EZ3OcTm9qa4cEe/pOPSYb0ETIiXZcTkuBnlw5BYhjJKpcItRFrhPCv
YXhCT6h7jZclkdkNGuUvOBbEYsZBkL5W/aGGvVTinRteImaEKUw=
=udlT
-----END PGP SIGNATURE-----
Reply to: