[DONE] wml://{security/2018/dsa-4082.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2018/dsa-4082.wml 2018-01-09 21:45:13.000000000 +0500
+++ russian/security/2018/dsa-4082.wml 2018-01-09 22:14:26.586141417 +0500
@@ -1,145 +1,148 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или
+Ñ?Ñ?еÑ?кам инÑ?оÑ?маÑ?ии.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5754">CVE-2017-5754</a>
- - <p>Multiple researchers have discovered a vulnerability in Intel
- - processors, enabling an attacker controlling an unprivileged
- - process to read memory from arbitrary addresses, including from
- - the kernel and all other processes running on the system.</p>
- -
- - <p>This specific attack has been named Meltdown and is addressed in
- - the Linux kernel for the Intel x86-64 architecture by a patch set
- - named Kernel Page Table Isolation, enforcing a near complete
- - separation of the kernel and userspace address maps and preventing
- - the attack. This solution might have a performance impact, and can
- - be disabled at boot time by passing <code>pti=off</code> to the kernel
- - command line.</p></li>
+ <p>Ð?еÑ?колÑ?ко иÑ?Ñ?ледоваÑ?елей обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?Ñ? в пÑ?оÑ?еÑ?Ñ?оÑ?аÑ? Intel,
+ позволÑ?Ñ?Ñ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленникÑ?, Ñ?пÑ?авлÑ?Ñ?Ñ?емÑ? непÑ?ивилегиÑ?ованнÑ?м пÑ?оÑ?еÑ?Ñ?ом,
+ Ñ?иÑ?аÑ?Ñ? Ñ?одеÑ?жимое памÑ?Ñ?и из пÑ?оизволÑ?ного адÑ?еÑ?а, вклÑ?Ñ?аÑ? памÑ?Ñ?Ñ?
+ Ñ?дÑ?а и вÑ?еÑ? оÑ?Ñ?алÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?ов, запÑ?Ñ?еннÑ?Ñ? в Ñ?иÑ?Ñ?еме.</p>
+
+ <p>Ð?аннаÑ? конкÑ?еÑ?наÑ? аÑ?ака полÑ?Ñ?ила название Meltdown и иÑ?пÑ?авлена
+ в Ñ?дÑ?е Linux длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? Intel x86-64 Ñ? помоÑ?Ñ?Ñ? набоÑ?а заплаÑ?
+ под обÑ?им названием Kernel Page Table Isolation, коÑ?оÑ?Ñ?е Ñ?Ñ?Ñ?анавливаÑ?Ñ?
+ поÑ?Ñ?и полнÑ?Ñ? изолÑ?Ñ?иÑ? адÑ?еÑ?нÑ?Ñ? Ñ?аблиÑ? Ñ?дÑ?а и полÑ?зоваÑ?елÑ?Ñ?кого пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва
+ и пÑ?едоÑ?вÑ?аÑ?аÑ?Ñ? даннÑ?Ñ? аÑ?акÑ?. Ð?анное Ñ?еÑ?ение можеÑ? оказаÑ?Ñ? влиÑ?ние на
+ пÑ?оизводиÑ?елÑ?ноÑ?Ñ?Ñ?, и можеÑ? бÑ?Ñ?Ñ? оÑ?клÑ?Ñ?ено во вÑ?емÑ? загÑ?Ñ?зки пÑ?Ñ?Ñ?м
+ пеÑ?едаÑ?и Ñ?дÑ?Ñ? командÑ? <code>pti=off</code>.</p>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8824">CVE-2017-8824</a>
- - <p>Mohamed Ghannam discovered that the DCCP implementation did not
- - correctly manage resources when a socket is disconnected and
- - reconnected, potentially leading to a use-after-free. A local
- - user could use this for denial of service (crash or data
- - corruption) or possibly for privilege escalation. On systems that
- - do not already have the dccp module loaded, this can be mitigated
- - by disabling it:
+ <p>Ð?оÑ?амед Ð?аннам обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? DCCP непÑ?авилÑ?но Ñ?пÑ?авлÑ?еÑ?
+ Ñ?еÑ?Ñ?Ñ?Ñ?ами в Ñ?лÑ?Ñ?ае оÑ?клÑ?Ñ?ениÑ? и повÑ?оÑ?ного подклÑ?Ñ?ениÑ? Ñ?океÑ?а,
+ Ñ?Ñ?о поÑ?енÑ?иалÑ?но пÑ?иводиÑ? к иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и. Ð?окалÑ?нÑ?й
+ полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+ или повÑ?еждение даннÑ?Ñ?) или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий. Ð? Ñ?иÑ?Ñ?емаÑ?, в коÑ?оÑ?Ñ?Ñ?
+ модÑ?лÑ? dccp не загÑ?Ñ?жен, опаÑ?ноÑ?Ñ?Ñ? Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и можно
+ Ñ?низиÑ?Ñ?, оÑ?клÑ?Ñ?ив Ñ?казаннÑ?й модÑ?лÑ?:
<code>echo >> /etc/modprobe.d/disable-dccp.conf install dccp false</code></p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15868">CVE-2017-15868</a>
- - <p>Al Viro found that the Bluebooth Network Encapsulation Protocol
- - (BNEP) implementation did not validate the type of the second
- - socket passed to the BNEPCONNADD ioctl(), which could lead to
- - memory corruption. A local user with the CAP_NET_ADMIN capability
- - can use this for denial of service (crash or data corruption) or
- - possibly for privilege escalation.</p></li>
+ <p>Ðл Ð?иÑ?о обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? Bluebooth Network Encapsulation Protocol
+ (BNEP) не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?ипа вÑ?оÑ?ого Ñ?океÑ?а, пеÑ?едаваемого
+ BNEPCONNADD ioctl(), Ñ?Ñ?о можеÑ? пÑ?иводиÑ?Ñ? к повÑ?еждениÑ? Ñ?одеÑ?жимого
+ памÑ?Ñ?и. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава CAP_NET_ADMIN,
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+ или повÑ?еждение даннÑ?Ñ?) или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16538">CVE-2017-16538</a>
- - <p>Andrey Konovalov reported that the dvb-usb-lmedm04 media driver
- - did not correctly handle some error conditions during
- - initialisation. A physically present user with a specially
- - designed USB device can use this to cause a denial of service
- - (crash).</p></li>
+ <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о дÑ?айвеÑ? dvb-usb-lmedm04
+ непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ?
+ иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но
+ подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+ оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16939">CVE-2017-16939</a>
- - <p>Mohamed Ghannam reported (through Beyond Security's SecuriTeam
- - Secure Disclosure program) that the IPsec (xfrm) implementation
- - did not correctly handle some failure cases when dumping policy
- - information through netlink. A local user with the CAP_NET_ADMIN
- - capability can use this for denial of service (crash or data
- - corruption) or possibly for privilege escalation.</p></li>
+ <p>Ð?оÑ?амед Ð?аннам Ñ?ообÑ?ил (Ñ?еÑ?ез пÑ?огÑ?аммÑ? Beyond Security's SecuriTeam
+ Secure Disclosure), Ñ?Ñ?о Ñ?еализаÑ?иÑ? IPsec (xfrm) непÑ?авилÑ?но
+ обÑ?абаÑ?Ñ?ваеÑ? некоÑ?оÑ?Ñ?е оÑ?ибки пÑ?и вÑ?воде дампа пÑ?авил Ñ?еÑ?ез
+ netlink. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава CAP_NET_ADMIN,
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+ или повÑ?еждение даннÑ?Ñ?) или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17448">CVE-2017-17448</a>
- - <p>Kevin Cernekee discovered that the netfilter subsystem allowed
- - users with the CAP_NET_ADMIN capability in any user namespace, not
- - just the root namespace, to enable and disable connection tracking
- - helpers. This could lead to denial of service, violation of
- - network security policy, or have other impact.</p></li>
+ <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+ имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве, а не
+ пÑ?оÑ?Ñ?о в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?, вклÑ?Ñ?аÑ?Ñ? и оÑ?клÑ?Ñ?аÑ?Ñ? вÑ?помогаÑ?елÑ?нÑ?е
+ Ñ?Ñ?илиÑ?Ñ? длÑ? оÑ?Ñ?леживаниÑ? Ñ?оединений. ÐÑ?о можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании, наÑ?Ñ?Ñ?ениÑ?
+ пÑ?авил безопаÑ?ноÑ?Ñ?и Ñ?еÑ?и или можеÑ? оказÑ?ваÑ?Ñ? дÑ?Ñ?гое влиÑ?ние на Ñ?абоÑ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17449">CVE-2017-17449</a>
- - <p>Kevin Cernekee discovered that the netlink subsystem allowed
- - users with the CAP_NET_ADMIN capability in any user namespace
- - to monitor netlink traffic in all net namespaces, not just
- - those owned by that user namespace. This could lead to
- - exposure of sensitive information.</p></li>
+ <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+ имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве,
+ оÑ?Ñ?леживаÑ?Ñ? Ñ?Ñ?аÑ?ик netlink во вÑ?еÑ? Ñ?еÑ?евÑ?Ñ? пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ваÑ? имÑ?н, а не Ñ?олÑ?ко Ñ?еÑ?,
+ владелÑ?Ñ?ем коÑ?оÑ?Ñ?Ñ? Ñ?влÑ?еÑ?Ñ?Ñ? данное полÑ?зоваÑ?елÑ?Ñ?кое пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во. ÐÑ?о можеÑ? пÑ?иводиÑ?Ñ? к
+ Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17450">CVE-2017-17450</a>
- - <p>Kevin Cernekee discovered that the xt_osf module allowed users
- - with the CAP_NET_ADMIN capability in any user namespace to modify
- - the global OS fingerprint list.</p></li>
+ <p>Ð?евин СеÑ?неки обнаÑ?Ñ?жил, Ñ?Ñ?о модÑ?лÑ? xt_osf позволÑ?еÑ? полÑ?зоваÑ?елÑ?м,
+ имеÑ?Ñ?им пÑ?ава CAP_NET_ADMIN в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве, изменÑ?Ñ?Ñ?
+ глобалÑ?нÑ?й Ñ?пиÑ?ок оÑ?пеÑ?аÑ?ков опеÑ?аÑ?ионной Ñ?иÑ?Ñ?емÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17558">CVE-2017-17558</a>
- - <p>Andrey Konovalov reported that that USB core did not correctly
- - handle some error conditions during initialisation. A physically
- - present user with a specially designed USB device can use this to
- - cause a denial of service (crash or memory corruption), or
- - possibly for privilege escalation.</p></li>
+ <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?дÑ?о USB непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+ некоÑ?оÑ?Ñ?е оÑ?ибоÑ?нÑ?е Ñ?оÑ?Ñ?оÑ?ниÑ? во вÑ?емÑ? иниÑ?иализаÑ?ии. Ð?олÑ?зоваÑ?елÑ? Ñ? Ñ?изиÑ?еÑ?ким
+ доÑ?Ñ?Ñ?пом к маÑ?ине пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но подгоÑ?овленного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+ или повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и), либо длÑ? возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17741">CVE-2017-17741</a>
- - <p>Dmitry Vyukov reported that the KVM implementation for x86 would
- - over-read data from memory when emulating an MMIO write if the
- - kvm_mmio tracepoint was enabled. A guest virtual machine might be
- - able to use this to cause a denial of service (crash).</p></li>
+ <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86
+ пÑ?оизводиÑ? Ñ?Ñ?ение даннÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и пÑ?и Ñ?мÑ?лÑ?Ñ?ии MMIO-запиÑ?и
+ в Ñ?лÑ?Ñ?ае вклÑ?Ñ?ениÑ? Ñ?оÑ?ки оÑ?Ñ?леживаниÑ? kvm_mmio. Ð?оÑ?Ñ?еваÑ? виÑ?Ñ?Ñ?алÑ?наÑ? маÑ?ина можеÑ?
+ иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17805">CVE-2017-17805</a>
- - <p>Dmitry Vyukov reported that the KVM implementation for x86 would
- - over-read data from memory when emulating an MMIO write if the
- - kvm_mmio tracepoint was enabled. A guest virtual machine might be
- - able to use this to cause a denial of service (crash).</p></li>
+ <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86
+ пÑ?оизводиÑ? Ñ?Ñ?ение даннÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и пÑ?и Ñ?мÑ?лÑ?Ñ?ии MMIO-запиÑ?и
+ в Ñ?лÑ?Ñ?ае вклÑ?Ñ?ениÑ? Ñ?оÑ?ки оÑ?Ñ?леживаниÑ? kvm_mmio. Ð?оÑ?Ñ?еваÑ? виÑ?Ñ?Ñ?алÑ?наÑ? маÑ?ина можеÑ?
+ иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17806">CVE-2017-17806</a>
- - <p>It was discovered that the HMAC implementation could be used with
- - an underlying hash algorithm that requires a key, which was not
- - intended. A local user could use this to cause a denial of
- - service (crash or memory corruption), or possibly for privilege
- - escalation.</p></li>
+ <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17806">CVE-2017-17806</a>
+
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?еализаÑ?иÑ? HMAC можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? вмеÑ?Ñ?е Ñ?
+ базовÑ?м алгоÑ?иÑ?мом Ñ?Ñ?Ñ?иÑ?ованиÑ?, длÑ? коÑ?оÑ?ого Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ? клÑ?Ñ?, Ñ?Ñ?о пÑ?и Ñ?азÑ?абоÑ?ке
+ не пÑ?едполагалоÑ?Ñ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова
+ оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка или повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и) или длÑ?
+ возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17807">CVE-2017-17807</a>
- - <p>Eric Biggers discovered that the KEYS subsystem lacked a check for
- - write permission when adding keys to a process's default keyring.
- - A local user could use this to cause a denial of service or to
- - obtain sensitive information.</p></li>
+ <p>ÐÑ?ик Ð?иггеÑ?Ñ? обнаÑ?Ñ?жил, Ñ?Ñ?о в подÑ?иÑ?Ñ?еме KEYS оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? пÑ?овеÑ?ка пÑ?ав запиÑ?и
+ пÑ?и добавлении клÑ?Ñ?ей в Ñ?вÑ?зкÑ? клÑ?Ñ?ей пÑ?оÑ?еÑ?Ñ?а по Ñ?молÑ?аниÑ?.
+ Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или
+ длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000407">CVE-2017-1000407</a>
- - <p>Andrew Honig reported that the KVM implementation for Intel
- - processors allowed direct access to host I/O port 0x80, which
- - is not generally safe. On some systems this allows a guest
- - VM to cause a denial of service (crash) of the host.</p></li>
+ <p>ÐндÑ?Ñ? Хониг Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? KVM длÑ? пÑ?оÑ?еÑ?Ñ?оÑ?ов Intel позволÑ?еÑ?
+ полÑ?Ñ?аÑ?Ñ? пÑ?Ñ?мой доÑ?Ñ?Ñ?п к поÑ?Ñ?Ñ? ввода/вÑ?вода 0x80 оÑ?новной маÑ?инÑ?, Ñ?Ñ?о
+ в обÑ?ем Ñ?лÑ?Ñ?ае не Ñ?влÑ?еÑ?Ñ?Ñ? безопаÑ?нÑ?м. Ð? некоÑ?оÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емаÑ? Ñ?Ñ?о позволÑ?еÑ? гоÑ?Ñ?евой
+ виÑ?Ñ?Ñ?алÑ?ной маÑ?ине вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) в оÑ?новной Ñ?иÑ?Ñ?еме.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000410">CVE-2017-1000410</a>
- - <p>Ben Seri reported that the Bluetooth subsystem did not correctly
- - handle short EFS information elements in L2CAP messages. An
- - attacker able to communicate over Bluetooth could use this to
- - obtain sensitive information from the kernel.</p></li>
+ <p>Ð?ен СеÑ?и Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема Bluetooth непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+ коÑ?оÑ?кие инÑ?оÑ?маÑ?ионнÑ?е EFS-Ñ?леменÑ?Ñ? в L2CAP-Ñ?ообÑ?ениÑ?Ñ?. Ð?лоÑ?мÑ?Ñ?ленник,
+ Ñ?поÑ?обнÑ?й взаимодейÑ?Ñ?воваÑ?Ñ? Ñ?еÑ?ез Bluetooth Ñ? Ñ?Ñ?звимой Ñ?иÑ?Ñ?емой, можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+ Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии из Ñ?дÑ?а.</p></li>
</ul>
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 3.16.51-3+deb8u1.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 3.16.51-3+deb8u1.</p>
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
- -<p>For the detailed security status of linux please refer to its security
- -tracker page at:
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и linux можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
<a href="https://security-tracker.debian.org/tracker/linux">\
https://security-tracker.debian.org/tracker/linux</a></p>
</define-tag>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlpU+HkACgkQXudu4gIW
0qU7ug/+NBVQDIFDyFx65qGfv0Wdtc5FGIm2fAvwJWasGwz4E76Xepkqt6m0Qb0m
6sLplybfhO/9iE64Lx4EfA/1tlu+ikEl1fy7yCI4DY8gDaaZpAhasZNqqthLwiNd
Ug/mKYOGPAOMuc0R3AzUYLEoUoNjHbKWLW4ppjtewDoslsEgf5t1DbOIFzUaYpe/
jYmSuiMoy5n/T6MJTg6YraxkvsfJeygFUMybvjOxF72WVXDs6uyeImvW5aXEnBMq
TOrjWoswfNjtA/jgf6WGDNvpOQj6EsDEmCvCSNl2NnZU4/7PGKVKrqxYtW8PNZ3l
ssAEy62uam9FZsoY+C4qEJBeRKTNP5AIojveANa+PRJUP2pF3ZKZLEcjCO94A9Zs
RYgXcBTQD/FdFol0vGuC3Bx+hCpfNSW+NHT9IQVqzzL4QSB6DwQg4bl92fmVmmeG
KG2+vc+srMIGcMGOnd1H9iKU3xY6KsrwO0riMIhq3qhGQweZQMq6JroQqnR44khW
P9NRkcOPJO8Pl0hZKoSZYcpP1luO9rCWbam2TJiewG8v8rq8LX9r+fvhrJenVT46
7512ZFMdli1f4QXFN8+ZTGDUVshZW+HpfWjQ1IoS2a4Tp0ddraBFoW0JXF5dzrxj
Wu1LGa+hTvbWiqtTSPm3usxr7iTQilXCTSGsnnKYlRZVjQf/pPc=
=II7c
-----END PGP SIGNATURE-----
Reply to: