[DONE] wml://{security/2017/dsa-4073.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2017/dsa-4073.wml 2017-12-24 09:25:18.000000000 +0500
+++ russian/security/2017/dsa-4073.wml 2017-12-25 00:16:22.616412887 +0500
@@ -1,161 +1,164 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е могÑ?Ñ?
+пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казам в обÑ?лÑ?живании или Ñ?Ñ?еÑ?кам
+инÑ?оÑ?маÑ?ии.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8824">CVE-2017-8824</a>
- - <p>Mohamed Ghannam discovered that the DCCP implementation did not
- - correctly manage resources when a socket is disconnected and
- - reconnected, potentially leading to a use-after-free. A local
- - user could use this for denial of service (crash or data
- - corruption) or possibly for privilege escalation. On systems that
- - do not already have the dccp module loaded, this can be mitigated
- - by disabling it:
+ <p>Ð?оÑ?амед Ð?аннам обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? DCCP непÑ?авилÑ?но Ñ?пÑ?авлÑ?еÑ?
+ Ñ?еÑ?Ñ?Ñ?Ñ?ами в Ñ?лÑ?Ñ?ае оÑ?клÑ?Ñ?ениÑ? и повÑ?оÑ?ного подклÑ?Ñ?ениÑ? Ñ?океÑ?а,
+ Ñ?Ñ?о поÑ?енÑ?иалÑ?но пÑ?иводиÑ? к иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и. Ð?окалÑ?нÑ?й
+ полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+ или повÑ?еждение даннÑ?Ñ?) или возможномÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий. Ð? Ñ?иÑ?Ñ?емаÑ?, в коÑ?оÑ?Ñ?Ñ?
+ модÑ?лÑ? dccp не загÑ?Ñ?жен, опаÑ?ноÑ?Ñ?Ñ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно
+ Ñ?низиÑ?Ñ?, оÑ?клÑ?Ñ?ив Ñ?казаннÑ?й модÑ?лÑ?:
echo >> /etc/modprobe.d/disable-dccp.conf install dccp false</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16538">CVE-2017-16538</a>
- - <p>Andrey Konovalov reported that the dvb-usb-lmedm04 media driver
- - did not correctly handle some error conditions during
- - initialisation. A physically present user with a specially
- - designed USB device can use this to cause a denial of service
- - (crash).</p></li>
+ <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о дÑ?айвеÑ? dvb-usb-lmedm04
+ непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ?
+ иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но
+ подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+ оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16644">CVE-2017-16644</a>
- - <p>Andrey Konovalov reported that the hdpvr media driver did not
- - correctly handle some error conditions during initialisation. A
- - physically present user with a specially designed USB device can
- - use this to cause a denial of service (crash).</p></li>
+ <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о дÑ?айвеÑ? hdpvr
+ непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ?
+ иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но
+ подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+ оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16995">CVE-2017-16995</a>
- - <p>Jann Horn discovered that the Extended BPF verifier did not
- - correctly model the behaviour of 32-bit load instructions. A
- - local user can use this for privilege escalation.</p></li>
+ <p>Ян ХоÑ?н обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF непÑ?авилÑ?но
+ моделиÑ?Ñ?еÑ? поведение 32-биÑ?нÑ?Ñ? инÑ?Ñ?Ñ?Ñ?кÑ?ий загÑ?Ñ?зки. Ð?окалÑ?нÑ?й
+ полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17448">CVE-2017-17448</a>
- - <p>Kevin Cernekee discovered that the netfilter subsystem allowed
- - users with the CAP_NET_ADMIN capability in any user namespace, not
- - just the root namespace, to enable and disable connection tracking
- - helpers. This could lead to denial of service, violation of
- - network security policy, or have other impact.</p></li>
+ <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+ имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве, а не
+ пÑ?оÑ?Ñ?о в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?, вклÑ?Ñ?аÑ?Ñ? и оÑ?клÑ?Ñ?аÑ?Ñ? вÑ?помогаÑ?елÑ?нÑ?е
+ Ñ?Ñ?илиÑ?Ñ? длÑ? оÑ?Ñ?леживаниÑ? Ñ?оединений. ÐÑ?о можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании, наÑ?Ñ?Ñ?ении
+ пÑ?авил безопаÑ?ноÑ?Ñ?и Ñ?еÑ?и или можеÑ? оказÑ?ваÑ?Ñ? дÑ?Ñ?гое влиÑ?ние на Ñ?абоÑ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17449">CVE-2017-17449</a>
- - <p>Kevin Cernekee discovered that the netlink subsystem allowed
- - users with the CAP_NET_ADMIN capability in any user namespace
- - to monitor netlink traffic in all net namespaces, not just
- - those owned by that user namespace. This could lead to
- - exposure of sensitive information.</p></li>
+ <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+ имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве,
+ оÑ?Ñ?леживаÑ?Ñ? Ñ?Ñ?аÑ?ик netlink во вÑ?еÑ? Ñ?еÑ?евÑ?Ñ? пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ваÑ? имÑ?н, а не Ñ?олÑ?ко Ñ?еÑ?,
+ владелÑ?Ñ?ем коÑ?оÑ?Ñ?Ñ? Ñ?влÑ?еÑ?Ñ?Ñ? данное полÑ?зоваÑ?елÑ?Ñ?кое пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во. ÐÑ?о можеÑ? пÑ?иводиÑ?Ñ? к
+ Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17450">CVE-2017-17450</a>
- - <p>Kevin Cernekee discovered that the xt_osf module allowed users
- - with the CAP_NET_ADMIN capability in any user namespace to modify
- - the global OS fingerprint list.</p></li>
+ <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о модÑ?лÑ? xt_osf позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+ имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве, изменÑ?Ñ?Ñ?
+ глобалÑ?нÑ?й Ñ?пиÑ?ок оÑ?пеÑ?аÑ?ков опеÑ?аÑ?ионной Ñ?иÑ?Ñ?емÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17558">CVE-2017-17558</a>
- - <p>Andrey Konovalov reported that that USB core did not correctly
- - handle some error conditions during initialisation. A physically
- - present user with a specially designed USB device can use this to
- - cause a denial of service (crash or memory corruption), or
- - possibly for privilege escalation.</p></li>
+ <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?дÑ?о USB непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+ некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ? иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким
+ доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+ или повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и), либо длÑ? возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17712">CVE-2017-17712</a>
- - <p>Mohamed Ghannam discovered a race condition in the IPv4 raw socket
- - implementation. A local user could use this to obtain sensitive
- - information from the kernel.</p></li>
+ <p>Ð?оÑ?амед Ð?аннам обнаÑ?Ñ?жил Ñ?оÑ?Ñ?оÑ?ние гонки в Ñ?еализаÑ?ии Ñ?Ñ?Ñ?Ñ?Ñ? Ñ?океÑ?ов
+ IPv4. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ?
+ Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии из Ñ?дÑ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17741">CVE-2017-17741</a>
- - <p>Dmitry Vyukov reported that the KVM implementation for x86 would
- - over-read data from memory when emulating an MMIO write if the
- - kvm_mmio tracepoint was enabled. A guest virtual machine might be
- - able to use this to cause a denial of service (crash).</p></li>
+ <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86 пÑ?оизводиÑ? Ñ?Ñ?ение
+ даннÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и пÑ?и Ñ?мÑ?лÑ?Ñ?ии опеÑ?аÑ?ии запиÑ?и MMIO
+ в Ñ?лÑ?Ñ?ае вклÑ?Ñ?ениÑ? Ñ?оÑ?ки оÑ?Ñ?леживаниÑ? kvm_mmio. Ð?оÑ?Ñ?еваÑ? виÑ?Ñ?Ñ?алÑ?наÑ? маÑ?ина можеÑ?
+ иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17805">CVE-2017-17805</a>
- - <p>It was discovered that some implementations of the Salsa20 block
- - cipher did not correctly handle zero-length input. A local user
- - could use this to cause a denial of service (crash) or possibly
- - have other security impact.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о некоÑ?оÑ?Ñ?е Ñ?еализаÑ?ии блоÑ?ного Ñ?иÑ?Ñ?а Salsa20
+ непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваÑ?Ñ? вÑ?однÑ?е даннÑ?е нÑ?левой длинÑ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или
+ длÑ? оказаниÑ? дÑ?Ñ?гого возможного влиÑ?ниÑ? на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17806">CVE-2017-17806</a>
- - <p>It was discovered that the HMAC implementation could be used with
- - an underlying hash algorithm that requires a key, which was not
- - intended. A local user could use this to cause a denial of
- - service (crash or memory corruption), or possibly for privilege
- - escalation.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?еализаÑ?иÑ? HMAC можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? вмеÑ?Ñ?е Ñ?
+ базовÑ?м алгоÑ?иÑ?мом Ñ?Ñ?Ñ?иÑ?ованиÑ?, длÑ? коÑ?оÑ?ого Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ? клÑ?Ñ?, Ñ?Ñ?о пÑ?и Ñ?азÑ?абоÑ?ке
+ не пÑ?едполагалоÑ?Ñ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+ оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка или повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и) или длÑ?
+ возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17807">CVE-2017-17807</a>
- - <p>Eric Biggers discovered that the KEYS subsystem lacked a check for
- - write permission when adding keys to a process's default keyring.
- - A local user could use this to cause a denial of service or to
- - obtain sensitive information.</p></li>
+ <p>ÐÑ?ик Ð?иггеÑ?Ñ? обнаÑ?Ñ?жил, Ñ?Ñ?о в подÑ?иÑ?Ñ?еме KEYS оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? пÑ?овеÑ?ка пÑ?ав запиÑ?и
+ пÑ?и добавлении клÑ?Ñ?ей в Ñ?вÑ?зкÑ? клÑ?Ñ?ей пÑ?оÑ?еÑ?Ñ?а по Ñ?молÑ?аниÑ?.
+ Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или
+ длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17862">CVE-2017-17862</a>
- - <p>Alexei Starovoitov discovered that the Extended BPF verifier
- - ignored unreachable code, even though it would still be processed
- - by JIT compilers. This could possibly be used by local users for
- - denial of service. It also increases the severity of bugs in
- - determining unreachable code.</p></li>
+ <p>Ð?лекÑ?ей СÑ?аÑ?овойÑ?ов обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF
+ игноÑ?иÑ?Ñ?еÑ? недоÑ?Ñ?ижимÑ?й код, Ñ?оÑ?Ñ? он вÑ?Ñ? еÑ?Ñ? обÑ?абаÑ?Ñ?ваеÑ?Ñ?Ñ?
+ JIT-компилÑ?Ñ?оÑ?ами. ÐÑ?о можеÑ? поÑ?енÑ?иалÑ?но иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? локалÑ?нÑ?ми полÑ?зоваÑ?елÑ?ми длÑ?
+ вÑ?зова оÑ?каза в обÑ?лÑ?живании. Ð?Ñ?оме Ñ?ого, Ñ?Ñ?о Ñ?велиÑ?иваеÑ? Ñ?еÑ?Ñ?Ñ?зноÑ?Ñ?Ñ? оÑ?ибок в
+ Ñ?Ñ?Ñ?ановлении недоÑ?Ñ?ижимого кода.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17863">CVE-2017-17863</a>
- - <p>Jann Horn discovered that the Extended BPF verifier did not
- - correctly model pointer arithmetic on the stack frame pointer.
- - A local user can use this for privilege escalation.</p></li>
+ <p>Ян ХоÑ?н обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF непÑ?авилÑ?но
+ моделиÑ?Ñ?еÑ? аÑ?иÑ?меÑ?иÑ?еÑ?кие опеÑ?аÑ?ии над Ñ?казаÑ?елÑ?ми на Ñ?казаÑ?еле Ñ?Ñ?екового Ñ?Ñ?ейма.
+ Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17864">CVE-2017-17864</a>
- - <p>Jann Horn discovered that the Extended BPF verifier could fail to
- - detect pointer leaks from conditional code. A local user could
- - use this to obtain sensitive information in order to exploit
- - other vulnerabilities.</p></li>
+ <p>Ян ХоÑ?н обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF можеÑ? не обнаÑ?Ñ?жиÑ?Ñ?
+ Ñ?Ñ?еÑ?ки Ñ?казаÑ?елей из Ñ?Ñ?ловного кода. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+ Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии Ñ? Ñ?елÑ?Ñ? иÑ?полÑ?зованиÑ?
+ дÑ?Ñ?гиÑ? Ñ?Ñ?звимоÑ?Ñ?ей.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000407">CVE-2017-1000407</a>
- - <p>Andrew Honig reported that the KVM implementation for Intel
- - processors allowed direct access to host I/O port 0x80, which
- - is not generally safe. On some systems this allows a guest
- - VM to cause a denial of service (crash) of the host.</p></li>
+ <p>ÐндÑ?Ñ? Хониг Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel позволÑ?еÑ?
+ полÑ?Ñ?аÑ?Ñ? пÑ?Ñ?мой доÑ?Ñ?Ñ?п к поÑ?Ñ?Ñ? ввода/вÑ?вода 0x80 оÑ?новной маÑ?инÑ?, Ñ?Ñ?о
+ в обÑ?ем Ñ?лÑ?Ñ?ае не Ñ?влÑ?еÑ?Ñ?Ñ? безопаÑ?нÑ?м. Ð? некоÑ?оÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емаÑ? Ñ?Ñ?о позволÑ?еÑ? гоÑ?Ñ?евой
+ виÑ?Ñ?Ñ?алÑ?ной маÑ?ине вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) в оÑ?новной Ñ?иÑ?Ñ?еме.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000410">CVE-2017-1000410</a>
- - <p>Ben Seri reported that the Bluetooth subsystem did not correctly
- - handle short EFS information elements in L2CAP messages. An
- - attacker able to communicate over Bluetooth could use this to
- - obtain sensitive information from the kernel.</p></li>
+ <p>Ð?ен СеÑ?и Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема Bluetooth непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+ коÑ?оÑ?кие инÑ?оÑ?маÑ?ионнÑ?е EFS-Ñ?леменÑ?Ñ? в L2CAP-Ñ?ообÑ?ениÑ?Ñ?. Ð?лоÑ?мÑ?Ñ?ленник,
+ Ñ?поÑ?обнÑ?й взаимодейÑ?Ñ?воваÑ?Ñ? Ñ?еÑ?ез Bluetooth Ñ? Ñ?Ñ?звимой Ñ?иÑ?Ñ?емой, можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+ Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии из Ñ?дÑ?а.</p></li>
</ul>
- -<p>The various problems in the Extended BPF verifier can be mitigated by
- -disabling use of Extended BPF by unprivileged users:
+<p>Ð?паÑ?ноÑ?Ñ?Ñ? Ñ?азлиÑ?нÑ?Ñ? пÑ?облем в коде длÑ? вÑ?полнениÑ? пÑ?овеÑ?ки Extended BPF можеÑ?
+бÑ?Ñ?Ñ? Ñ?нижена пÑ?Ñ?Ñ?м оÑ?клÑ?Ñ?ениÑ? иÑ?полÑ?зованиÑ? Extended BPF непÑ?ивилегиÑ?ованнÑ?ми полÑ?зоваÑ?елÑ?ми:
sysctl kernel.unprivileged_bpf_disabled=1</p>
- -<p>Debian disables unprivileged user namespaces by default, but if they
- -are enabled (via the kernel.unprivileged_userns_clone sysctl) then
+<p>Ð?о Ñ?молÑ?аниÑ? в Debian непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?елÑ?Ñ?кие пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва оÑ?клÑ?Ñ?енÑ?, но еÑ?ли
+они вклÑ?Ñ?енÑ? (Ñ? помоÑ?Ñ?Ñ? kernel.unprivileged_userns_clone sysctl), Ñ?о
<a href="https://security-tracker.debian.org/tracker/CVE-2017-17448">\
- -CVE-2017-17448</a> can be exploited by any local user.</p>
+CVE-2017-17448</a> можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? лÑ?бÑ?м локалÑ?нÑ?м полÑ?зоваÑ?елем.</p>
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 4.9.65-3+deb9u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.9.65-3+deb9u1.</p>
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
- -<p>For the detailed security status of linux please refer to its security
- -tracker page at: <a href="https://security-tracker.debian.org/tracker/linux">\
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и linux можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
+<a href="https://security-tracker.debian.org/tracker/linux">\
https://security-tracker.debian.org/tracker/linux</a></p>
</define-tag>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlo//Q8ACgkQXudu4gIW
0qXasRAAr+JsLIgCYsKrGihMHpaEjCvUEhO/be0aS2ero2UF6qQp6HCgUMhT4y4e
Cf2FMmfdz3q0RaV7gMNqj1mx/uMVFevwzySXE+tdZzrGwbJkyIyMwNnF/rLmXkjM
+e4Df7imLxAvY2umANT0czOXKG17lgWcy6bP3czZzRJg5EFIHbItuILhaDnQnAsu
lPyJ27Z90xLpdUPPrbLrcdYYQj48xdaSa6palnDSmghvib6oMx73dsMbjN8JVvCc
XaOLdrJa2QowNn+tR1yWhuHhT4tr/HIoTjnawLfKQaXsWp0xSsuioH8Y+Qs3bGNb
2nkWrblmKnkqppqsxkowhT2jjaNlBqgYVLd8CTqxY5PZ9WHERAKf3R5xcTim0gbA
GJcu05smr1zSdLkqIPP+K+OouOTse15b3IKdzPFz9BQomIZem781wsrZS5UJ1+nX
DOZynNeex9497fcAw2sxEUXtcGc6mRPuP3dpCQwlayembo3lKspZy/GDJh1ZKmfL
yFjvy6Slgy33JUcKkSMuL95MkqhqJonOYy0qUTfKQ8shwSBwpDUfZbbppYRwCn1U
xtBaEOB749EZ3OcTm9qa4cEe/pOPSYb0ETIiXZcTkuBnlw5BYhjJKpcItRFrhPCv
YXhCT6h7jZclkdkNGuUvOBbEYsZBkL5W/aGGvVTinRteImaEKUw=
=udlT
-----END PGP SIGNATURE-----
Reply to: