[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2009/dsa-1863.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2009/dsa-1863.wml	2017-11-01 10:11:10.051826477 +0500
+++ russian/security/2009/dsa-1863.wml	2018-02-22 10:13:16.514355093 +0500
@@ -1,46 +1,47 @@
- -<define-tag description>several vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+<define-tag description>неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей</define-tag>
 <define-tag moreinfo>
- -<p>Several remote vulnerabilities have been discovered in the zope,
- -a feature-rich web application server written in python, that could
- -lead to arbitrary code execution in the worst case.  The Common
- -Vulnerabilities and Exposures project identified the following problems:</p>
+<p>Ð? zope, полноÑ?Ñ?нкÑ?ионалÑ?ном Ñ?еÑ?веÑ?е веб-пÑ?иложений на Ñ?зÑ?ке Python, бÑ?ло
+обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?далÑ?ннÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е в Ñ?Ñ?дÑ?ем Ñ?лÑ?Ñ?ае могÑ?Ñ?
+пÑ?иводиÑ?Ñ? к вÑ?полнениÑ? пÑ?оизволÑ?ного кода. Ð?Ñ?оекÑ? Common
+Vulnerabilities and Exposures опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-0668";>CVE-2009-0668</a>
- -<p>Due to a programming error an authorization method in the StorageServer
- -component of ZEO was not used as an internal method.  This allows a
- -malicious client to bypass authentication when connecting to a ZEO server
- -by simply calling this authorization method.</p></li>
+<p>Ð?з-за оÑ?ибки пÑ?огÑ?аммиÑ?ованиÑ? меÑ?од авÑ?оÑ?изаÑ?ии в компоненÑ?е StorageServer
+длÑ? ZEO не иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? как внÑ?Ñ?Ñ?енний меÑ?од. ЭÑ?о позволÑ?еÑ?
+злоÑ?мÑ?Ñ?ленникÑ? обÑ?одиÑ?Ñ? аÑ?Ñ?енÑ?иÑ?икаÑ?иÑ? пÑ?и подклÑ?Ñ?ении к Ñ?еÑ?веÑ?Ñ? ZEO,
+лиÑ?Ñ? вÑ?зÑ?ваÑ? Ñ?Ñ?оÑ? меÑ?од авÑ?оÑ?изаÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-0668";>CVE-2009-0668</a>
- -<p>The ZEO server doesn't restrict the callables when unpickling data received
- -from a malicious client which can be used by an attacker to execute
- -arbitrary python code on the server by sending certain exception pickles.
- -This also allows an attacker to import any importable module as ZEO is
- -importing the module containing a callable specified in a pickle to test
- -for a certain flag.</p></li>
- -
- -<li><p>The update also limits the number of new object ids a client can request
- -to 100 as it would be possible to consume huge amounts of resources by
- -requesting a big batch of new object ids. No CVE id has been assigned to
- -this.</p></li>
+<p>СеÑ?веÑ? ZEO не огÑ?аниÑ?иваеÑ? вÑ?зÑ?ваемÑ?е Ñ?еÑ?мÑ? пÑ?и деÑ?еÑ?иализаÑ?ии Ñ? помоÑ?Ñ?Ñ? unpickle даннÑ?Ñ?,
+полÑ?Ñ?еннÑ?Ñ? оÑ? злоÑ?мÑ?Ñ?ленника, Ñ?Ñ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? поÑ?ледним длÑ? вÑ?полнениÑ?
+пÑ?оизволÑ?ного кода на Ñ?зÑ?ке Python на Ñ?Ñ?оÑ?оне Ñ?еÑ?веÑ?а пÑ?Ñ?Ñ?м оÑ?пÑ?авки опÑ?еделÑ?ннÑ?Ñ? иÑ?клÑ?Ñ?ений.
+Ð?Ñ?оме Ñ?ого, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ? импоÑ?Ñ?иÑ?оваÑ?Ñ? лÑ?бой доÑ?Ñ?Ñ?пнÑ?й длÑ? импоÑ?Ñ?а модÑ?лÑ?,
+поÑ?колÑ?кÑ? ZEO импоÑ?Ñ?иÑ?Ñ?еÑ? модÑ?лÑ?, Ñ?одеÑ?жаÑ?ий вÑ?зÑ?ваемÑ?й Ñ?еÑ?м, Ñ?казаннÑ?й в pickle длÑ?
+пÑ?овеÑ?ки налиÑ?иÑ? опÑ?еделÑ?нного Ñ?лага.</p></li>
+
+<li><p>Также данное обновление огÑ?аниÑ?иваеÑ? Ñ?иÑ?ло новÑ?Ñ? иденÑ?иÑ?икаÑ?оÑ?ов обÑ?екÑ?ов, коÑ?оÑ?Ñ?е можеÑ?
+запÑ?оÑ?иÑ?Ñ? клиенÑ?, Ñ?иÑ?лом 100, Ñ?ак как запÑ?оÑ? болÑ?Ñ?ого Ñ?иÑ?ла новÑ?Ñ? иденÑ?иÑ?икаÑ?оÑ?ов обÑ?екÑ?ов Ñ?Ñ?о можеÑ?
+иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? Ñ?Ñ?езмеÑ?ного поÑ?Ñ?еблениÑ? Ñ?еÑ?Ñ?Ñ?Ñ?ов. ЭÑ?ой пÑ?облеме иденÑ?иÑ?икаÑ?оÑ? CVE назнаÑ?ен
+не бÑ?л.</p></li>
 
 </ul>
 
- -<p>The oldstable distribution (etch), this problem has been fixed in
- -version 2.9.6-4etch2 of zope2.9.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (etch) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.9.6-4etch2 пакеÑ?а zope2.9.</p>
 
- -<p>For the stable distribution (lenny), this problem has been fixed in
- -version 2.10.6-1+lenny1 of zope2.10.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (lenny) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.10.6-1+lenny1 пакеÑ?а zope2.10.</p>
 
- -<p>For the testing distribution (squeeze), this problem will be fixed soon.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?а пÑ?облема бÑ?деÑ? иÑ?пÑ?авлена позже.</p>
 
- -<p>For the unstable distribution (sid), this problem has been fixed in
- -version 2.10.9-1 of zope2.10.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в
+веÑ?Ñ?ии 2.10.9-1 пакеÑ?а zope2.10.</p>
 
 
- -<p>We recommend that you upgrade your zope2.10/zope2.9 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? zope2.10/zope2.9.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqOUXIACgkQXudu4gIW
0qXpNRAAmUgM1hePI8jyk0FNS5uuJ0eOPlNWnBfQ+ZHfmX7egj2GRzoRn7rKzJPY
JIJin0SBPuwmyRaAOmSXiUcFYrGwsmWLOnjlxbFeZoFd707/J65r2tLIloptvH2T
ruBU0M2y6JJ5qHI4gX/H8ALw40gffImVS6DxTFohmbMfvf3vKICJ54Y8xRPj9wed
ZiSYx0w5zTP025mYPlz9qLRsuBACPlPGPRTxTbyJFKby1jYyjvH0+tRgWftT5770
t2BBIjBxqfzAazhnxNyn9vPdNPojpxnC34prmaWnkOf0EAlLQP2cIQL2YvevUnDG
CmLT2wM2PPO5guEB/eWtMrxbVeM3kQwAN3TQXdhoe/612rm3PUuZeYqqPFmHRG1G
QtB8CsfI/i9pEEFsFKXAfQqD00reOa7vo+E9MMz3cJWeVGWZjIsW3qzKyykcjpdi
ZNpg7XhGkqDCj0B7Ebv8FoyXyUSv+UhDMSTgNW3LFUbtbSa1YO3o5cb0VtIKKNw4
lGz+EfDXh8tQAH/uDlTBfRvmhKbX+f75vpiqK/7DOwR9oFkkkWRskf8ZSCgo/8MH
sWdOX3uq6DSWcLq95xezRHf8XMQ3WMPEb5X5zGDNP8JtXkITd/CWiBwbXizsJa25
/PgOtmMbuRzdzwxEpz8I1Cw6dixHoSOLONiTT4q2q64U0DYM4hM=
=IgGn
-----END PGP SIGNATURE-----
Reply to: