[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2017/dsa-3896.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2017/dsa-3896.wml	2017-06-23 00:44:29.000000000 +0500
+++ russian/security/2017/dsa-3896.wml	2017-06-23 01:03:21.249324135 +0500
@@ -1,55 +1,56 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been found in the Apache HTTPD server.</p>
+<p>Ð? HTTPD-Ñ?еÑ?веÑ?е Apache бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-3167";>CVE-2017-3167</a>
 
- -    <p>Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by
- -    third-party modules outside of the authentication phase may lead to
- -    authentication requirements being bypassed.</p></li>
+    <p>ЭмманÑ?Ñ?лÑ? Ð?Ñ?ейÑ?Ñ?Ñ? Ñ?ообÑ?ил, Ñ?Ñ?о иÑ?полÑ?зование ap_get_basic_auth_pw()
+    Ñ?Ñ?оÑ?онними модÑ?лÑ?ми за пÑ?еделами Ñ?азÑ? аÑ?Ñ?енÑ?иÑ?икаÑ?ии можеÑ? пÑ?иводиÑ?Ñ? к
+    обÑ?одÑ? Ñ?Ñ?ебований аÑ?Ñ?енÑ?иÑ?икаÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-3169";>CVE-2017-3169</a>
 
- -    <p>Vasileios Panopoulos of AdNovum Informatik AG discovered that
- -    mod_ssl may dereference a NULL pointer when third-party modules call
- -    ap_hook_process_connection() during an HTTP request to an HTTPS port
- -    leading to a denial of service.</p></li>
+    <p>Ð?аÑ?илеоÑ? Ð?анопÑ?лоÑ? из AdNovum Informatik AG обнаÑ?Ñ?жил, Ñ?Ñ?о в модÑ?ле
+    mod_ssl можеÑ? пÑ?оиÑ?Ñ?одиÑ?Ñ? Ñ?азÑ?менование NULL-Ñ?казаÑ?елÑ? пÑ?и вÑ?зове
+    ap_hook_process_connection() Ñ?Ñ?оÑ?онними модÑ?лÑ?ми во вÑ?емÑ? HTTP-запÑ?оÑ?а на поÑ?Ñ? HTTPS,
+    Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7659";>CVE-2017-7659</a>
 
- -    <p>Robert Swiecki reported that a specially crafted HTTP/2 request
- -    could cause mod_http2 to dereference a NULL pointer and crash the
- -    server process.</p></li>
+    <p>РобеÑ?Ñ? Свики Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й запÑ?оÑ? HTTP/2
+    можеÑ? пÑ?иводиÑ?Ñ? к Ñ?омÑ?, Ñ?Ñ?о модÑ?лÑ? mod_http2 вÑ?полнÑ?еÑ? Ñ?азÑ?менование NULL-Ñ?казаÑ?елÑ? и
+    аваÑ?ийно завеÑ?Ñ?аеÑ? Ñ?абоÑ?Ñ? Ñ?еÑ?веÑ?ного пÑ?оÑ?еÑ?Ñ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7668";>CVE-2017-7668</a>
 
- -    <p>Javier Jimenez reported that the HTTP strict parsing contains a
- -    flaw leading to a buffer overread in ap_find_token(). A remote
- -    attacker can take advantage of this flaw by carefully crafting a
- -    sequence of request headers to cause a segmentation fault, or to
- -    force ap_find_token() to return an incorrect value.</p></li>
+    <p>ХавÑ?еÑ? Хименез Ñ?ообÑ?ил, Ñ?Ñ?о в коде длÑ? Ñ?Ñ?Ñ?огого гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а HTTP
+    Ñ?одеÑ?жиÑ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?, пÑ?иводÑ?Ñ?аÑ? к Ñ?Ñ?ениÑ? за пÑ?еделами бÑ?Ñ?еÑ?а в ap_find_token(). УдалÑ?ннÑ?й
+    злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованной
+    поÑ?ледоваÑ?елÑ?ноÑ?Ñ?и заголовков запÑ?оÑ?ов длÑ? вÑ?зова оÑ?ибки Ñ?егменÑ?иÑ?ованиÑ?, либо длÑ?
+    Ñ?ого, Ñ?Ñ?обÑ? Ñ?Ñ?нкÑ?иÑ? ap_find_token() веÑ?нÑ?лÑ?Ñ? некоÑ?Ñ?екÑ?ное знаÑ?ение.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7679";>CVE-2017-7679</a>
 
- -    <p>ChenQin and Hanno Boeck reported that mod_mime can read one byte
- -    past the end of a buffer when sending a malicious Content-Type
- -    response header.</p></li>
+    <p>ЧÑ?нÑ? ЦинÑ? и Ханно Ð?Ñ?к Ñ?ообÑ?или, Ñ?Ñ?о модÑ?лÑ? mod_mime можеÑ? вÑ?полнÑ?Ñ?Ñ? Ñ?Ñ?ение одного байÑ?а
+    за пÑ?еделами бÑ?Ñ?еÑ?а пÑ?и оÑ?пÑ?авке вÑ?едоноÑ?ного заголовка Content-Type
+    оÑ?веÑ?а.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 2.4.10-10+deb8u9. The oldstable distribution (jessie) is not
- -affected by <a href="https://security-tracker.debian.org/tracker/CVE-2017-7659";>CVE-2017-7659</a>.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 2.4.10-10+deb8u9. Ð?Ñ?едÑ?дÑ?Ñ?ий Ñ?Ñ?абилÑ?нÑ?й вÑ?пÑ?Ñ?к (jessie) не
+подвеÑ?жен <a href="https://security-tracker.debian.org/tracker/CVE-2017-7659";>CVE-2017-7659</a>.</p>
 
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 2.4.25-3+deb9u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.4.25-3+deb9u1.</p>
 
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 2.4.25-4.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.4.25-4.</p>
 
- -<p>We recommend that you upgrade your apache2 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? apache2.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAllMIo0ACgkQXudu4gIW
0qXvRQ//ZXwZJ1PHoqXT5kl2vsugMHper3xb6dHE8AMxklPdOSFiiFn7h60APpiZ
q+1yo70O84TLLCAgyLF0UICtIv85IQk9TCOE4kC1uhlV4uUNqu/NAEKBdONOo2eV
55q9noxzcLodzlIQs1p2O65JzuCIRc6IFa1TwuKN9hVFk2N6uYKrWkK5OzdvBhSH
rcpfX7AVxnQIBYBI+1lyX+tCeRpWv6gT8OyWGW+UkuEELtPusuMwZF6bdY9iaEge
W+g94J7zLMmSkozwTD2ZIRTlVImRGvMDWe6+xeh+7S2CMR184Nc5Utd2On6m6Lzl
1wbldue3kOsduJcTciLjguHb27AjB4klB1YwVvj4DeSSCEGR07wOCnIYnOoA4SAO
0L5q0ERulhSZF9TtqhH6NLxB/paFyB4evqDUJMOLecWpT5K6JLnXUoFab5bY89Vh
1CZyOmYteoMd3c52rscp3weX0wBiFNjyyzjnjwGDbRnjy+ycUbCmM/EyvFdh1KUD
YzJ4q2ZjO8W0/mrAGAgjQpClMXETXXCwDNnccpZpPzhyQhc25TnQ+IcIdK5mKy2V
HctodaUEEjkZxTp7ckrM4IBOIfLxOSXGvG4Ys31MsvBFMxWFGc6uvzOnItSDphcw
Poijp0hMNBLoM5CgxgXMaV+FDFt0tN6qL/9YLexSZmlScA+T3k4=
=gnlX
-----END PGP SIGNATURE-----
Reply to: