[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2018/dsa-4082.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2018/dsa-4082.wml	2018-01-09 21:45:13.000000000 +0500
+++ russian/security/2018/dsa-4082.wml	2018-01-09 22:14:26.586141417 +0500
@@ -1,145 +1,148 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или
+Ñ?Ñ?еÑ?кам инÑ?оÑ?маÑ?ии.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5754";>CVE-2017-5754</a>
 
- -    <p>Multiple researchers have discovered a vulnerability in Intel
- -    processors, enabling an attacker controlling an unprivileged
- -    process to read memory from arbitrary addresses, including from
- -    the kernel and all other processes running on the system.</p>
- -
- -    <p>This specific attack has been named Meltdown and is addressed in
- -    the Linux kernel for the Intel x86-64 architecture by a patch set
- -    named Kernel Page Table Isolation, enforcing a near complete
- -    separation of the kernel and userspace address maps and preventing
- -    the attack. This solution might have a performance impact, and can
- -    be disabled at boot time by passing <code>pti=off</code> to the kernel
- -    command line.</p></li>
+    <p>Ð?еÑ?колÑ?ко иÑ?Ñ?ледоваÑ?елей обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?Ñ? в пÑ?оÑ?еÑ?Ñ?оÑ?аÑ? Intel,
+    позволÑ?Ñ?Ñ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленникÑ?, Ñ?пÑ?авлÑ?Ñ?Ñ?емÑ? непÑ?ивилегиÑ?ованнÑ?м пÑ?оÑ?еÑ?Ñ?ом,
+    Ñ?иÑ?аÑ?Ñ? Ñ?одеÑ?жимое памÑ?Ñ?и из пÑ?оизволÑ?ного адÑ?еÑ?а, вклÑ?Ñ?аÑ? памÑ?Ñ?Ñ?
+    Ñ?дÑ?а и вÑ?еÑ? оÑ?Ñ?алÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?ов, запÑ?Ñ?еннÑ?Ñ? в Ñ?иÑ?Ñ?еме.</p>
+
+    <p>Ð?аннаÑ? конкÑ?еÑ?наÑ? аÑ?ака полÑ?Ñ?ила название Meltdown и иÑ?пÑ?авлена
+    в Ñ?дÑ?е Linux длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? Intel x86-64 Ñ? помоÑ?Ñ?Ñ? набоÑ?а заплаÑ?
+    под обÑ?им названием Kernel Page Table Isolation, коÑ?оÑ?Ñ?е Ñ?Ñ?Ñ?анавливаÑ?Ñ?
+    поÑ?Ñ?и полнÑ?Ñ? изолÑ?Ñ?иÑ? адÑ?еÑ?нÑ?Ñ? Ñ?аблиÑ? Ñ?дÑ?а и полÑ?зоваÑ?елÑ?Ñ?кого пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва
+    и пÑ?едоÑ?вÑ?аÑ?аÑ?Ñ? даннÑ?Ñ? аÑ?акÑ?. Ð?анное Ñ?еÑ?ение можеÑ? оказаÑ?Ñ? влиÑ?ние на
+    пÑ?оизводиÑ?елÑ?ноÑ?Ñ?Ñ?, и можеÑ? бÑ?Ñ?Ñ? оÑ?клÑ?Ñ?ено во вÑ?емÑ? загÑ?Ñ?зки пÑ?Ñ?Ñ?м
+    пеÑ?едаÑ?и Ñ?дÑ?Ñ? командÑ? <code>pti=off</code>.</p>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8824";>CVE-2017-8824</a>
 
- -    <p>Mohamed Ghannam discovered that the DCCP implementation did not
- -    correctly manage resources when a socket is disconnected and
- -    reconnected, potentially leading to a use-after-free.  A local
- -    user could use this for denial of service (crash or data
- -    corruption) or possibly for privilege escalation.  On systems that
- -    do not already have the dccp module loaded, this can be mitigated
- -    by disabling it:
+    <p>Ð?оÑ?амед Ð?аннам обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? DCCP непÑ?авилÑ?но Ñ?пÑ?авлÑ?еÑ?
+    Ñ?еÑ?Ñ?Ñ?Ñ?ами в Ñ?лÑ?Ñ?ае оÑ?клÑ?Ñ?ениÑ? и повÑ?оÑ?ного подклÑ?Ñ?ениÑ? Ñ?океÑ?а,
+    Ñ?Ñ?о поÑ?енÑ?иалÑ?но пÑ?иводиÑ? к иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и. Ð?окалÑ?нÑ?й
+    полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+    или повÑ?еждение даннÑ?Ñ?) или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий. Ð? Ñ?иÑ?Ñ?емаÑ?, в коÑ?оÑ?Ñ?Ñ?
+    модÑ?лÑ? dccp не загÑ?Ñ?жен, опаÑ?ноÑ?Ñ?Ñ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно
+    Ñ?низиÑ?Ñ?, оÑ?клÑ?Ñ?ив Ñ?казаннÑ?й модÑ?лÑ?:
     <code>echo >> /etc/modprobe.d/disable-dccp.conf install dccp false</code></p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15868";>CVE-2017-15868</a>
 
- -    <p>Al Viro found that the Bluebooth Network Encapsulation Protocol
- -    (BNEP) implementation did not validate the type of the second
- -    socket passed to the BNEPCONNADD ioctl(), which could lead to
- -    memory corruption.  A local user with the CAP_NET_ADMIN capability
- -    can use this for denial of service (crash or data corruption) or
- -    possibly for privilege escalation.</p></li>
+    <p>Эл Ð?иÑ?о обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? Bluebooth Network Encapsulation Protocol
+    (BNEP) не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?ипа вÑ?оÑ?ого Ñ?океÑ?а, пеÑ?едаваемого
+    BNEPCONNADD ioctl(), Ñ?Ñ?о можеÑ? пÑ?иводиÑ?Ñ? к повÑ?еждениÑ? Ñ?одеÑ?жимого
+    памÑ?Ñ?и. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава CAP_NET_ADMIN,
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+    или повÑ?еждение даннÑ?Ñ?) или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16538";>CVE-2017-16538</a>
 
- -    <p>Andrey Konovalov reported that the dvb-usb-lmedm04 media driver
- -    did not correctly handle some error conditions during
- -    initialisation.  A physically present user with a specially
- -    designed USB device can use this to cause a denial of service
- -    (crash).</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о дÑ?айвеÑ? dvb-usb-lmedm04
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ?
+    иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но
+    подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+    оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16939";>CVE-2017-16939</a>
 
- -    <p>Mohamed Ghannam reported (through Beyond Security's SecuriTeam
- -    Secure Disclosure program) that the IPsec (xfrm) implementation
- -    did not correctly handle some failure cases when dumping policy
- -    information through netlink.  A local user with the CAP_NET_ADMIN
- -    capability can use this for denial of service (crash or data
- -    corruption) or possibly for privilege escalation.</p></li>
+    <p>Ð?оÑ?амед Ð?аннам Ñ?ообÑ?ил (Ñ?еÑ?ез пÑ?огÑ?аммÑ? Beyond Security's SecuriTeam
+    Secure Disclosure), Ñ?Ñ?о Ñ?еализаÑ?иÑ? IPsec (xfrm) непÑ?авилÑ?но
+    обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е оÑ?ибки пÑ?и вÑ?воде дампа пÑ?авил Ñ?еÑ?ез
+    netlink. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава CAP_NET_ADMIN,
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+    или повÑ?еждение даннÑ?Ñ?) или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17448";>CVE-2017-17448</a>
 
- -    <p>Kevin Cernekee discovered that the netfilter subsystem allowed
- -    users with the CAP_NET_ADMIN capability in any user namespace, not
- -    just the root namespace, to enable and disable connection tracking
- -    helpers.  This could lead to denial of service, violation of
- -    network security policy, or have other impact.</p></li>
+    <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+    имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве, а не
+    пÑ?оÑ?Ñ?о в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?, вклÑ?Ñ?аÑ?Ñ? и оÑ?клÑ?Ñ?аÑ?Ñ? вÑ?помогаÑ?елÑ?нÑ?е
+    Ñ?Ñ?илиÑ?Ñ? длÑ? оÑ?Ñ?леживаниÑ? Ñ?оединений. ЭÑ?о можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании, наÑ?Ñ?Ñ?ениÑ?
+    пÑ?авил безопаÑ?ноÑ?Ñ?и Ñ?еÑ?и или можеÑ? оказÑ?ваÑ?Ñ? дÑ?Ñ?гое влиÑ?ние на Ñ?абоÑ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17449";>CVE-2017-17449</a>
 
- -    <p>Kevin Cernekee discovered that the netlink subsystem allowed
- -    users with the CAP_NET_ADMIN capability in any user namespace
- -    to monitor netlink traffic in all net namespaces, not just
- -    those owned by that user namespace.  This could lead to
- -    exposure of sensitive information.</p></li>
+    <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+    имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве,
+    оÑ?Ñ?леживаÑ?Ñ? Ñ?Ñ?аÑ?ик netlink во вÑ?еÑ? Ñ?еÑ?евÑ?Ñ? пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ваÑ? имÑ?н, а не Ñ?олÑ?ко Ñ?еÑ?,
+    владелÑ?Ñ?ем коÑ?оÑ?Ñ?Ñ? Ñ?влÑ?еÑ?Ñ?Ñ? данное полÑ?зоваÑ?елÑ?Ñ?кое пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во. ЭÑ?о можеÑ? пÑ?иводиÑ?Ñ? к
+    Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17450";>CVE-2017-17450</a>
 
- -    <p>Kevin Cernekee discovered that the xt_osf module allowed users
- -    with the CAP_NET_ADMIN capability in any user namespace to modify
- -    the global OS fingerprint list.</p></li>
+    <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о модÑ?лÑ? xt_osf позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+    имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве, изменÑ?Ñ?Ñ?
+    глобалÑ?нÑ?й Ñ?пиÑ?ок оÑ?пеÑ?аÑ?ков опеÑ?аÑ?ионной Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17558";>CVE-2017-17558</a>
 
- -    <p>Andrey Konovalov reported that that USB core did not correctly
- -    handle some error conditions during initialisation.  A physically
- -    present user with a specially designed USB device can use this to
- -    cause a denial of service (crash or memory corruption), or
- -    possibly for privilege escalation.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?дÑ?о USB непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+    некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ? иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким
+    доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+    или повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и), либо длÑ? возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17741";>CVE-2017-17741</a>
 
- -    <p>Dmitry Vyukov reported that the KVM implementation for x86 would
- -    over-read data from memory when emulating an MMIO write if the
- -    kvm_mmio tracepoint was enabled.  A guest virtual machine might be
- -    able to use this to cause a denial of service (crash).</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86
+    пÑ?оизводиÑ? Ñ?Ñ?ение даннÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и пÑ?и Ñ?мÑ?лÑ?Ñ?ии MMIO-запиÑ?и
+    в Ñ?лÑ?Ñ?ае вклÑ?Ñ?ениÑ? Ñ?оÑ?ки оÑ?Ñ?леживаниÑ? kvm_mmio. Ð?оÑ?Ñ?еваÑ? виÑ?Ñ?Ñ?алÑ?наÑ? маÑ?ина можеÑ?
+    иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17805";>CVE-2017-17805</a>
 
- -    <p>Dmitry Vyukov reported that the KVM implementation for x86 would
- -    over-read data from memory when emulating an MMIO write if the
- -    kvm_mmio tracepoint was enabled.  A guest virtual machine might be
- -    able to use this to cause a denial of service (crash).</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86
+    пÑ?оизводиÑ? Ñ?Ñ?ение даннÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и пÑ?и Ñ?мÑ?лÑ?Ñ?ии MMIO-запиÑ?и
+    в Ñ?лÑ?Ñ?ае вклÑ?Ñ?ениÑ? Ñ?оÑ?ки оÑ?Ñ?леживаниÑ? kvm_mmio. Ð?оÑ?Ñ?еваÑ? виÑ?Ñ?Ñ?алÑ?наÑ? маÑ?ина можеÑ?
+    иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17806";>CVE-2017-17806</a>
 
- -    <p>It was discovered that the HMAC implementation could be used with
- -    an underlying hash algorithm that requires a key, which was not
- -    intended.  A local user could use this to cause a denial of
- -    service (crash or memory corruption), or possibly for privilege
- -    escalation.</p></li>
+    <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17806";>CVE-2017-17806</a>
+
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?еализаÑ?иÑ? HMAC можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? вмеÑ?Ñ?е Ñ?
+    базовÑ?м алгоÑ?иÑ?мом Ñ?Ñ?Ñ?иÑ?ованиÑ?, длÑ? коÑ?оÑ?ого Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ? клÑ?Ñ?, Ñ?Ñ?о пÑ?и Ñ?азÑ?абоÑ?ке
+    не пÑ?едполагалоÑ?Ñ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+    оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка или повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и) или длÑ?
+    возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17807";>CVE-2017-17807</a>
 
- -    <p>Eric Biggers discovered that the KEYS subsystem lacked a check for
- -    write permission when adding keys to a process's default keyring.
- -    A local user could use this to cause a denial of service or to
- -    obtain sensitive information.</p></li>
+    <p>ЭÑ?ик Ð?иггеÑ?Ñ? обнаÑ?Ñ?жил, Ñ?Ñ?о в подÑ?иÑ?Ñ?еме KEYS оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? пÑ?овеÑ?ка пÑ?ав запиÑ?и
+    пÑ?и добавлении клÑ?Ñ?ей в Ñ?вÑ?зкÑ? клÑ?Ñ?ей пÑ?оÑ?еÑ?Ñ?а по Ñ?молÑ?аниÑ?.
+    Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или
+    длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000407";>CVE-2017-1000407</a>
 
- -    <p>Andrew Honig reported that the KVM implementation for Intel
- -    processors allowed direct access to host I/O port 0x80, which
- -    is not generally safe.  On some systems this allows a guest
- -    VM to cause a denial of service (crash) of the host.</p></li>
+    <p>ЭндÑ?Ñ? Хониг Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel позволÑ?еÑ?
+    полÑ?Ñ?аÑ?Ñ? пÑ?Ñ?мой доÑ?Ñ?Ñ?п к поÑ?Ñ?Ñ? ввода/вÑ?вода 0x80 оÑ?новной маÑ?инÑ?, Ñ?Ñ?о
+    в обÑ?ем Ñ?лÑ?Ñ?ае не Ñ?влÑ?еÑ?Ñ?Ñ? безопаÑ?нÑ?м. Ð? некоÑ?оÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емаÑ? Ñ?Ñ?о позволÑ?еÑ? гоÑ?Ñ?евой
+    виÑ?Ñ?Ñ?алÑ?ной маÑ?ине вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) в оÑ?новной Ñ?иÑ?Ñ?еме.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000410";>CVE-2017-1000410</a>
 
- -    <p>Ben Seri reported that the Bluetooth subsystem did not correctly
- -    handle short EFS information elements in L2CAP messages.  An
- -    attacker able to communicate over Bluetooth could use this to
- -    obtain sensitive information from the kernel.</p></li>
+    <p>Ð?ен СеÑ?и Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема Bluetooth непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+    коÑ?оÑ?кие инÑ?оÑ?маÑ?ионнÑ?е EFS-Ñ?леменÑ?Ñ? в L2CAP-Ñ?ообÑ?ениÑ?Ñ?. Ð?лоÑ?мÑ?Ñ?ленник,
+    Ñ?поÑ?обнÑ?й взаимодейÑ?Ñ?воваÑ?Ñ? Ñ?еÑ?ез Bluetooth Ñ? Ñ?Ñ?звимой Ñ?иÑ?Ñ?емой, можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии из Ñ?дÑ?а.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 3.16.51-3+deb8u1.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 3.16.51-3+deb8u1.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 
- -<p>For the detailed security status of linux please refer to its security
- -tracker page at:
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и linux можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
 <a href="https://security-tracker.debian.org/tracker/linux";>\
 https://security-tracker.debian.org/tracker/linux</a></p>
 </define-tag>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlpU+HkACgkQXudu4gIW
0qU7ug/+NBVQDIFDyFx65qGfv0Wdtc5FGIm2fAvwJWasGwz4E76Xepkqt6m0Qb0m
6sLplybfhO/9iE64Lx4EfA/1tlu+ikEl1fy7yCI4DY8gDaaZpAhasZNqqthLwiNd
Ug/mKYOGPAOMuc0R3AzUYLEoUoNjHbKWLW4ppjtewDoslsEgf5t1DbOIFzUaYpe/
jYmSuiMoy5n/T6MJTg6YraxkvsfJeygFUMybvjOxF72WVXDs6uyeImvW5aXEnBMq
TOrjWoswfNjtA/jgf6WGDNvpOQj6EsDEmCvCSNl2NnZU4/7PGKVKrqxYtW8PNZ3l
ssAEy62uam9FZsoY+C4qEJBeRKTNP5AIojveANa+PRJUP2pF3ZKZLEcjCO94A9Zs
RYgXcBTQD/FdFol0vGuC3Bx+hCpfNSW+NHT9IQVqzzL4QSB6DwQg4bl92fmVmmeG
KG2+vc+srMIGcMGOnd1H9iKU3xY6KsrwO0riMIhq3qhGQweZQMq6JroQqnR44khW
P9NRkcOPJO8Pl0hZKoSZYcpP1luO9rCWbam2TJiewG8v8rq8LX9r+fvhrJenVT46
7512ZFMdli1f4QXFN8+ZTGDUVshZW+HpfWjQ1IoS2a4Tp0ddraBFoW0JXF5dzrxj
Wu1LGa+hTvbWiqtTSPm3usxr7iTQilXCTSGsnnKYlRZVjQf/pPc=
=II7c
-----END PGP SIGNATURE-----
Reply to: