[DONE] wml://{security/2017/dsa-3904.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2017/dsa-3904.wml 2017-07-08 21:02:11.000000000 +0500
+++ russian/security/2017/dsa-3904.wml 2017-07-08 22:31:20.308870023 +0500
@@ -1,41 +1,42 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS
- -server implementation. They allow an attacker to bypass TSIG authentication by
- -sending crafted DNS packets to a server.</p>
+<p>Ð?леман Ð?еÑ?Ñ?о из Synaktiv обнаÑ?Ñ?жил две Ñ?Ñ?звимоÑ?Ñ?и в BIND, Ñ?еализаÑ?ии
+DNS-Ñ?еÑ?веÑ?а. Ð?ни позволÑ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленникÑ? обÑ?одиÑ? TSIG-аÑ?Ñ?енÑ?иÑ?икаÑ?иÑ?
+пÑ?Ñ?Ñ?м оÑ?пÑ?авки на Ñ?еÑ?веÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? DNS-пакеÑ?ов.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-3142">CVE-2017-3142</a>
- - <p>An attacker who is able to send and receive messages to an authoritative
- - DNS server and who has knowledge of a valid TSIG key name may be able to
- - circumvent TSIG authentication of AXFR requests via a carefully constructed
- - request packet. A server that relies solely on TSIG keys for protection
- - with no other ACL protection could be manipulated into:
+ <p>Ð?лоÑ?мÑ?Ñ?ленник, Ñ?поÑ?обнÑ?й оÑ?пÑ?авлÑ?Ñ?Ñ? Ñ?ообÑ?ениÑ? авÑ?оÑ?иÑ?еÑ?номÑ? DNS-Ñ?еÑ?веÑ?Ñ? и
+ полÑ?Ñ?аÑ?Ñ? его оÑ?веÑ?Ñ?, а Ñ?акже знаÑ?Ñ?ий имÑ? коÑ?Ñ?екÑ?ного TSIG-клÑ?Ñ?а, можеÑ?
+ обойÑ?и TSIG-аÑ?Ñ?енÑ?иÑ?икаÑ?иÑ? AXFR-запÑ?оÑ?ов Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного
+ пакеÑ?а запÑ?оÑ?а. СеÑ?веÑ?, иÑ?полÑ?зÑ?Ñ?Ñ?ий длÑ? заÑ?иÑ?Ñ? Ñ?олÑ?ко TSIG-клÑ?Ñ?и
+ без какого-либо дополниÑ?елÑ?ного Ñ?пиÑ?ка конÑ?Ñ?олÑ? доÑ?Ñ?Ñ?па, можеÑ?
</p>
<ul>
- - <li>providing an AXFR of a zone to an unauthorized recipient</li>
- - <li>accepting bogus NOTIFY packets</li>
+ <li>пÑ?едоÑ?Ñ?авиÑ?Ñ? AXFR зонÑ? неавÑ?оÑ?изованномÑ? полÑ?Ñ?аÑ?елÑ?</li>
+ <li>пÑ?инÑ?Ñ?Ñ? подделÑ?нÑ?е NOTIFY-пакеÑ?Ñ?</li>
</ul>
</li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-3143">CVE-2017-3143</a>
- - <p>An attacker who is able to send and receive messages to an authoritative
- - DNS server and who has knowledge of a valid TSIG key name for the zone and
- - service being targeted may be able to manipulate BIND into accepting an
- - unauthorized dynamic update. </p></li>
+ <p>Ð?лоÑ?мÑ?Ñ?ленник, Ñ?поÑ?обнÑ?й оÑ?пÑ?авиÑ?Ñ? Ñ?ообÑ?ениÑ? авÑ?оÑ?иÑ?еÑ?номÑ? DNS-Ñ?еÑ?веÑ?Ñ? и полÑ?Ñ?аÑ?Ñ?
+ его оÑ?веÑ?Ñ?, а Ñ?акже знаÑ?Ñ?ий имÑ? коÑ?Ñ?екÑ?ного TSIG-клÑ?Ñ?а длÑ? зонÑ? и избÑ?анной в каÑ?еÑ?Ñ?ве
+ Ñ?ели Ñ?лÑ?жбÑ?, можеÑ? вÑ?зваÑ?Ñ? Ñ?иÑ?Ñ?аÑ?иÑ?, пÑ?и коÑ?оÑ?ой BIND пÑ?имеÑ?
+ неавÑ?оÑ?изованное динамиÑ?еÑ?кое обновление. </p></li>
</ul>
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 1:9.9.5.dfsg-9+deb8u12.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 1:9.9.5.dfsg-9+deb8u12.</p>
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 1:9.10.3.dfsg.P4-12.4.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1:9.10.3.dfsg.P4-12.4.</p>
- -<p>We recommend that you upgrade your bind9 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? bind9.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAllhFusACgkQXudu4gIW
0qUabxAAk5EqICfIL7qA9t1P6+EYu0aJTo+jYE5rTCxzT9zb5m4sRmvEZBQzmXTB
VPss9sbDHIV4acpOA6DHV5V5bm9SOAtLBi49LOY4iRliBX70bR4b/htRdNJuiuaE
sEel1C0la+YvTsKsr7DJX8JB2eqcKntQ5CtDZ53M1h1DrqsD3AiFdhe4f90nOeYK
VXtZOhtGU4orx/NEXUsV22SpaTEJOOF8prLt/UyIEIkXV3mP7+faV6HDM0q6cCUy
shDEM83BU8ZSNrusPqtjtMpXWUgvwhgas13oNS2ZrRWFfEjJZSmKIcpxgfUmnbJx
OlX5aP4LsSa+rKZCbGhgnT99IOmg1z4NbyMB7sWppI7UyQUg1meIUt+PMZpi4G0W
PG7cAHuwSqG5NfWx5uDwLVTFFkrisJ7NH6dbPP6tqkXlGs0Ari+Qnr5TpldowywN
3EAN9Bjrgo/kfv8ug3hhQyUj1u8CwNgJTwCELORMP+ZQyLYbv/U176RMwVaRsz6U
s+8+y3AlDk76dd2VDdiGUm2wDViQ/QvdOsHass+vj6zBPQBPNDmpQKSmCPHMw+Hw
Qo93+FpkJH/RhVfnN6MEYKJj5/A5TLm0LBRPUvUDwm70HhdlBa1be0lebusvkve3
SLFh/wFlRlfnSkqmbGMIvnEcCEXnWEnWYieW6gizU+gjIolt2kc=
=cmqy
-----END PGP SIGNATURE-----
Reply to: