[DONE] wml://{security/2017/dsa-3896.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2017/dsa-3896.wml 2017-06-23 00:44:29.000000000 +0500
+++ russian/security/2017/dsa-3896.wml 2017-06-23 01:03:21.249324135 +0500
@@ -1,55 +1,56 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been found in the Apache HTTPD server.</p>
+<p>Ð? HTTPD-Ñ?еÑ?веÑ?е Apache бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-3167">CVE-2017-3167</a>
- - <p>Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by
- - third-party modules outside of the authentication phase may lead to
- - authentication requirements being bypassed.</p></li>
+ <p>ÐмманÑ?Ñ?лÑ? Ð?Ñ?ейÑ?Ñ?Ñ? Ñ?ообÑ?ил, Ñ?Ñ?о иÑ?полÑ?зование ap_get_basic_auth_pw()
+ Ñ?Ñ?оÑ?онними модÑ?лÑ?ми за пÑ?еделами Ñ?азÑ? аÑ?Ñ?енÑ?иÑ?икаÑ?ии можеÑ? пÑ?иводиÑ?Ñ? к
+ обÑ?одÑ? Ñ?Ñ?ебований аÑ?Ñ?енÑ?иÑ?икаÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-3169">CVE-2017-3169</a>
- - <p>Vasileios Panopoulos of AdNovum Informatik AG discovered that
- - mod_ssl may dereference a NULL pointer when third-party modules call
- - ap_hook_process_connection() during an HTTP request to an HTTPS port
- - leading to a denial of service.</p></li>
+ <p>Ð?аÑ?илеоÑ? Ð?анопÑ?лоÑ? из AdNovum Informatik AG обнаÑ?Ñ?жил, Ñ?Ñ?о в модÑ?ле
+ mod_ssl можеÑ? пÑ?оиÑ?Ñ?одиÑ?Ñ? Ñ?азÑ?менование NULL-Ñ?казаÑ?елÑ? пÑ?и вÑ?зове
+ ap_hook_process_connection() Ñ?Ñ?оÑ?онними модÑ?лÑ?ми во вÑ?емÑ? HTTP-запÑ?оÑ?а на поÑ?Ñ? HTTPS,
+ Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7659">CVE-2017-7659</a>
- - <p>Robert Swiecki reported that a specially crafted HTTP/2 request
- - could cause mod_http2 to dereference a NULL pointer and crash the
- - server process.</p></li>
+ <p>РобеÑ?Ñ? Свики Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й запÑ?оÑ? HTTP/2
+ можеÑ? пÑ?иводиÑ?Ñ? к Ñ?омÑ?, Ñ?Ñ?о модÑ?лÑ? mod_http2 вÑ?полнÑ?еÑ? Ñ?азÑ?менование NULL-Ñ?казаÑ?елÑ? и
+ аваÑ?ийно завеÑ?Ñ?аеÑ? Ñ?абоÑ?Ñ? Ñ?еÑ?веÑ?ного пÑ?оÑ?еÑ?Ñ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7668">CVE-2017-7668</a>
- - <p>Javier Jimenez reported that the HTTP strict parsing contains a
- - flaw leading to a buffer overread in ap_find_token(). A remote
- - attacker can take advantage of this flaw by carefully crafting a
- - sequence of request headers to cause a segmentation fault, or to
- - force ap_find_token() to return an incorrect value.</p></li>
+ <p>ХавÑ?еÑ? Хименез Ñ?ообÑ?ил, Ñ?Ñ?о в коде длÑ? Ñ?Ñ?Ñ?огого гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а HTTP
+ Ñ?одеÑ?жиÑ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?, пÑ?иводÑ?Ñ?аÑ? к Ñ?Ñ?ениÑ? за пÑ?еделами бÑ?Ñ?еÑ?а в ap_find_token(). УдалÑ?ннÑ?й
+ злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованной
+ поÑ?ледоваÑ?елÑ?ноÑ?Ñ?и заголовков запÑ?оÑ?ов длÑ? вÑ?зова оÑ?ибки Ñ?егменÑ?иÑ?ованиÑ?, либо длÑ?
+ Ñ?ого, Ñ?Ñ?обÑ? Ñ?Ñ?нкÑ?иÑ? ap_find_token() веÑ?нÑ?лÑ?Ñ? некоÑ?Ñ?екÑ?ное знаÑ?ение.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7679">CVE-2017-7679</a>
- - <p>ChenQin and Hanno Boeck reported that mod_mime can read one byte
- - past the end of a buffer when sending a malicious Content-Type
- - response header.</p></li>
+ <p>ЧÑ?нÑ? ЦинÑ? и Ханно Ð?Ñ?к Ñ?ообÑ?или, Ñ?Ñ?о модÑ?лÑ? mod_mime можеÑ? вÑ?полнÑ?Ñ?Ñ? Ñ?Ñ?ение одного байÑ?а
+ за пÑ?еделами бÑ?Ñ?еÑ?а пÑ?и оÑ?пÑ?авке вÑ?едоноÑ?ного заголовка Content-Type
+ оÑ?веÑ?а.</p></li>
</ul>
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 2.4.10-10+deb8u9. The oldstable distribution (jessie) is not
- -affected by <a href="https://security-tracker.debian.org/tracker/CVE-2017-7659">CVE-2017-7659</a>.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 2.4.10-10+deb8u9. Ð?Ñ?едÑ?дÑ?Ñ?ий Ñ?Ñ?абилÑ?нÑ?й вÑ?пÑ?Ñ?к (jessie) не
+подвеÑ?жен <a href="https://security-tracker.debian.org/tracker/CVE-2017-7659">CVE-2017-7659</a>.</p>
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 2.4.25-3+deb9u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.4.25-3+deb9u1.</p>
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 2.4.25-4.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.4.25-4.</p>
- -<p>We recommend that you upgrade your apache2 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? apache2.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAllMIo0ACgkQXudu4gIW
0qXvRQ//ZXwZJ1PHoqXT5kl2vsugMHper3xb6dHE8AMxklPdOSFiiFn7h60APpiZ
q+1yo70O84TLLCAgyLF0UICtIv85IQk9TCOE4kC1uhlV4uUNqu/NAEKBdONOo2eV
55q9noxzcLodzlIQs1p2O65JzuCIRc6IFa1TwuKN9hVFk2N6uYKrWkK5OzdvBhSH
rcpfX7AVxnQIBYBI+1lyX+tCeRpWv6gT8OyWGW+UkuEELtPusuMwZF6bdY9iaEge
W+g94J7zLMmSkozwTD2ZIRTlVImRGvMDWe6+xeh+7S2CMR184Nc5Utd2On6m6Lzl
1wbldue3kOsduJcTciLjguHb27AjB4klB1YwVvj4DeSSCEGR07wOCnIYnOoA4SAO
0L5q0ERulhSZF9TtqhH6NLxB/paFyB4evqDUJMOLecWpT5K6JLnXUoFab5bY89Vh
1CZyOmYteoMd3c52rscp3weX0wBiFNjyyzjnjwGDbRnjy+ycUbCmM/EyvFdh1KUD
YzJ4q2ZjO8W0/mrAGAgjQpClMXETXXCwDNnccpZpPzhyQhc25TnQ+IcIdK5mKy2V
HctodaUEEjkZxTp7ckrM4IBOIfLxOSXGvG4Ys31MsvBFMxWFGc6uvzOnItSDphcw
Poijp0hMNBLoM5CgxgXMaV+FDFt0tN6qL/9YLexSZmlScA+T3k4=
=gnlX
-----END PGP SIGNATURE-----
Reply to: