[DONE] wml://{security/2018/dsa-4120.wml}

[Lev Lamberov <dogsleg@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2018/dsa-4120.wml	2018-02-22 22:09:31.000000000 +0500
+++ russian/security/2018/dsa-4120.wml	2018-02-22 23:38:58.016112385 +0500
@@ -1,85 +1,88 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that may
- -lead to a privilege escalation, denial of service or information leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е могÑ?Ñ? пÑ?иводиÑ?Ñ?
+к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или Ñ?Ñ?еÑ?кам инÑ?оÑ?маÑ?ии.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5715";>CVE-2017-5715</a>
 
- -    <p>Multiple researchers have discovered a vulnerability in various
- -    processors supporting speculative execution, enabling an attacker
- -    controlling an unprivileged process to read memory from arbitrary
- -    addresses, including from the kernel and all other processes running on
- -    the system.</p>
- -
- -    <p>This specific attack has been named Spectre variant 2 (branch target
- -    injection) and is mitigated in the Linux kernel for the Intel x86-64
- -    architecture by using the <q>retpoline</q> compiler feature which allows
- -    indirect branches to be isolated from speculative execution.</p></li>
+    <p>РазнообÑ?азнÑ?е иÑ?Ñ?ледоваÑ?ели обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?Ñ? в Ñ?азлиÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?оÑ?аÑ?,
+    поддеÑ?живаÑ?Ñ?иÑ? Ñ?пекÑ?лÑ?Ñ?ивное вÑ?полнение команд, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ?,
+    Ñ?пÑ?авлÑ?Ñ?Ñ?емÑ? непÑ?ивилегиÑ?ованнÑ?м пÑ?оÑ?еÑ?Ñ?ом, Ñ?иÑ?аÑ?Ñ? Ñ?одеÑ?жимое памÑ?Ñ?и по пÑ?оизволÑ?номÑ?
+    адÑ?еÑ?Ñ?, вклÑ?Ñ?аÑ? памÑ?Ñ?Ñ? Ñ?дÑ?а и вÑ?еÑ? оÑ?Ñ?алÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?оÑ?, запÑ?Ñ?еннÑ?Ñ? в
+    Ñ?иÑ?Ñ?еме.</p>
+
+    <p>Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? полÑ?Ñ?ила название Spectre ваÑ?ианÑ? 2 (введение веÑ?влений),
+    а еÑ? оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?е поÑ?ледÑ?Ñ?виÑ? бÑ?ли минимизиÑ?ованÑ? в Ñ?дÑ?е Linux длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? Intel x86-64
+    пÑ?Ñ?Ñ?м иÑ?полÑ?зованиÑ? возможноÑ?Ñ?и компилÑ?Ñ?оÑ?а <q>retpoline</q>, позволÑ?Ñ?Ñ?ей
+    изолиÑ?оваÑ?Ñ? непÑ?Ñ?мое веÑ?вление оÑ? Ñ?пекÑ?лÑ?Ñ?ивного вÑ?полнениÑ? команд.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5754";>CVE-2017-5754</a>
 
- -    <p>Multiple researchers have discovered a vulnerability in Intel
- -    processors, enabling an attacker controlling an unprivileged process to
- -    read memory from arbitrary addresses, including from the kernel and all
- -    other processes running on the system.</p>
- -
- -    <p>This specific attack has been named Meltdown and is addressed in the
- -    Linux kernel on the powerpc/ppc64el architectures by flushing the L1
- -    data cache on exit from kernel mode to user mode (or from hypervisor to
- -    kernel).</p>
- -    
- -    <p>This works on Power7, Power8 and Power9 processors.</p></li>
+    <p>РазнообÑ?азнÑ?е иÑ?Ñ?ледоваÑ?ели обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?Ñ? в пÑ?оÑ?еÑ?Ñ?оÑ?аÑ? Intel,
+    позволÑ?Ñ?Ñ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленникÑ?, Ñ?пÑ?авлÑ?Ñ?Ñ?емÑ? непÑ?ивилегиÑ?ованнÑ?м пÑ?оÑ?еÑ?Ñ?ом, Ñ?иÑ?аÑ?Ñ?
+    Ñ?одеÑ?жимое памÑ?Ñ?и по пÑ?оизволÑ?номÑ? адÑ?еÑ?Ñ?, вклÑ?Ñ?аÑ? памÑ?Ñ?Ñ? Ñ?дÑ?а и вÑ?еÑ? оÑ?Ñ?алÑ?нÑ?Ñ?
+    пÑ?оÑ?еÑ?Ñ?ов, запÑ?Ñ?еннÑ?Ñ? в Ñ?иÑ?Ñ?еме.</p>
+
+    <p>Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? полÑ?Ñ?ила название Meltdown и бÑ?ла иÑ?пÑ?авлена в Ñ?дÑ?е
+    Linux длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ? powerpc/ppc64el пÑ?Ñ?Ñ?м Ñ?бÑ?аÑ?Ñ?ваниÑ? кÑ?Ñ?а даннÑ?Ñ? L1
+    пÑ?и пеÑ?еÑ?оде из Ñ?ежима Ñ?дÑ?а в полÑ?зоваÑ?елÑ?Ñ?кий Ñ?ежим (или оÑ? гипеÑ?визоÑ?а к
+    Ñ?дÑ?Ñ?).</p>
+
+    <p>Ð?Ñ?пÑ?авление Ñ?абоÑ?аеÑ? на пÑ?оÑ?еÑ?Ñ?оÑ?аÑ? Power7, Power8 и Power9.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-13166";>CVE-2017-13166</a>
 
- -    <p>A bug in the 32-bit compatibility layer of the v4l2 IOCTL handling code
- -    has been found. Memory protections ensuring user-provided buffers always
- -    point to userland memory were disabled, allowing destination address to
- -    be in kernel space. This bug could be exploited by an attacker to
- -    overwrite kernel memory from an unprivileged userland process, leading
- -    to privilege escalation.</p></li>
+    <p>Ð?Ñ?ла обнаÑ?Ñ?жена оÑ?ибка в пÑ?оÑ?лойке 32-биÑ?ной Ñ?овмеÑ?Ñ?имоÑ?Ñ?и в коде
+    обÑ?абоÑ?ки IOCTL v4l2. Ð?Ñ?ли оÑ?клÑ?Ñ?енÑ? меÑ?анизмÑ? заÑ?иÑ?Ñ? памÑ?Ñ?и, гаÑ?анÑ?иÑ?Ñ?Ñ?Ñ?ие, Ñ?Ñ?о
+    пÑ?едоÑ?Ñ?авлÑ?емÑ?е полÑ?зоваÑ?елем бÑ?Ñ?еÑ?Ñ? вÑ?егда бÑ?дÑ?Ñ? Ñ?казÑ?ваÑ?Ñ? на памÑ?Ñ?Ñ? пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва
+    полÑ?зоваÑ?елÑ?, Ñ?Ñ?о Ñ?азÑ?еÑ?аеÑ? адÑ?еÑ?Ñ? назнаÑ?ениÑ? наÑ?одиÑ?Ñ?Ñ? в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве Ñ?дÑ?а. ЭÑ?а оÑ?ибка
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленником длÑ? пеÑ?езапиÑ?и Ñ?одеÑ?жимого памÑ?Ñ?и Ñ?дÑ?а из непÑ?ивилегиÑ?ованного
+    пÑ?оÑ?еÑ?Ñ?а в пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве полÑ?зоваÑ?елÑ?, Ñ?Ñ?о пÑ?иводиÑ? к повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5750";>CVE-2018-5750</a>
 
- -    <p>An information leak has been found in the Linux kernel. The
- -    acpi_smbus_hc_add() prints a kernel address in the kernel log at every
- -    boot, which could be used by an attacker on the system to defeat kernel
+    <p>Ð? Ñ?дÑ?е Linux бÑ?ла обнаÑ?Ñ?жена Ñ?Ñ?еÑ?ка инÑ?оÑ?маÑ?ии. ФÑ?нкÑ?иÑ?
+    acpi_smbus_hc_add() пÑ?и каждой загÑ?Ñ?зке вÑ?водиÑ? адÑ?еÑ? Ñ?дÑ?а в
+    жÑ?Ñ?нал Ñ?дÑ?а, Ñ?Ñ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленником длÑ? оÑ?лаблениÑ?
     ASLR.</p></li>
 </ul>
 
- -<p>Additionnaly to those vulnerability, some mitigations for <a href="https://security-tracker.debian.org/tracker/CVE-2017-5753";>CVE-2017-5753</a> are
- -included in this release.</p>
+<p>Ð?омимо Ñ?казаннÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?ей в даннÑ?й вÑ?пÑ?Ñ?к воÑ?ли некоÑ?оÑ?Ñ?е изменениÑ?, минимизиÑ?Ñ?Ñ?Ñ?ие
+оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?е поÑ?ледÑ?Ñ?виÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2017-5753";>\
+CVE-2017-5753</a>.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5753";>CVE-2017-5753</a>
 
- -    <p>Multiple researchers have discovered a vulnerability in various
- -    processors supporting speculative execution, enabling an attacker
- -    controlling an unprivileged process to read memory from arbitrary
- -    addresses, including from the kernel and all other processes running on
- -    the system.</p>
- -
- -    <p>This specific attack has been named Spectre variant 1 (bounds-check
- -    bypass) and is mitigated in the Linux kernel architecture by identifying
- -    vulnerable code sections (array bounds checking followed by array
- -    access) and replacing the array access with the speculation-safe
- -    array_index_nospec() function.</p>
+    <p>РазнообÑ?азнÑ?е иÑ?Ñ?ледоваÑ?ели обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?Ñ? в Ñ?азлиÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?оÑ?аÑ?,
+    поддеÑ?живаÑ?Ñ?иÑ? Ñ?пекÑ?лÑ?Ñ?ивное вÑ?полнение команд, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ?,
+    Ñ?пÑ?авлÑ?Ñ?Ñ?емÑ? непÑ?ивилегиÑ?ованнÑ?м пÑ?оÑ?еÑ?Ñ?ом, Ñ?иÑ?аÑ?Ñ? Ñ?одеÑ?жимое памÑ?Ñ?и по пÑ?оизволÑ?номÑ?
+    адÑ?еÑ?Ñ?, вклÑ?Ñ?аÑ? памÑ?Ñ?Ñ? Ñ?дÑ?а и вÑ?еÑ? оÑ?Ñ?алÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?оÑ?, запÑ?Ñ?еннÑ?Ñ? в
+    Ñ?иÑ?Ñ?еме.</p>
+
+    <p>Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? полÑ?Ñ?ила название Spectre ваÑ?ианÑ? 1 (обÑ?од пÑ?овеÑ?ки
+    гÑ?аниÑ? бÑ?Ñ?еÑ?а), а еÑ? оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?е поÑ?ледÑ?Ñ?виÑ? бÑ?ли минимизиÑ?ованÑ? в Ñ?дÑ?е Linux пÑ?Ñ?Ñ?м опÑ?еделениÑ?
+    Ñ?Ñ?звимÑ?Ñ? Ñ?азделов кода (пÑ?овеÑ?ка гÑ?аниÑ? маÑ?Ñ?ива поÑ?ле обÑ?аÑ?ениÑ? к
+    маÑ?Ñ?ивÑ?) и заменÑ? обÑ?аÑ?ениÑ? к маÑ?Ñ?ивÑ? на безопаÑ?нÑ?Ñ? пÑ?и иÑ?полÑ?зовании Ñ?пекÑ?лÑ?Ñ?ивного
+    вÑ?полнениÑ? Ñ?Ñ?нкÑ?иÑ? array_index_nospec().</p>
 
- -    <p>More use sites will be added over time.</p></li>
+    <p>Со вÑ?еменем бÑ?дÑ?Ñ? добавленÑ? дополниÑ?елÑ?нÑ?е меÑ?Ñ?а в коде.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 4.9.82-1+deb9u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.9.82-1+deb9u2.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 
- -<p>For the detailed security status of linux please refer to
- -its security tracker page at:
- -<a href="https://security-tracker.debian.org/tracker/linux";>https://security-tracker.debian.org/tracker/linux</a></p>
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и linux можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
+<a href="https://security-tracker.debian.org/tracker/linux";>\
+https://security-tracker.debian.org/tracker/linux</a></p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqPDkoACgkQXudu4gIW
0qW9Bw/9FN+OpGK8y29+pNESAtBmfIcHGobSrg0mxB3aFWmJzK1eaNClECvXsaBu
a//OMv89uZ+dIz9AJQRHlE3klTRgWVhh0ph1/UMV9ch8kyTmOUNRJPkaqwIXuBVO
JtaT8gVc7LXxCLIA29xw4USUq1S6zHnBqMMofcdG7S1V5r91fGVU0ApOgscKr8EX
vQmyQT+JKygG8PFRNxVKBznf274JCEDCYux0EKQYQ14g4qx/BgXt74kUK9sf4j2q
NRuvZD1chqStKVCIQYWzz5Fuan0itoO2lV0nv8Ar37jxRkKUYgN4YCk+/G6UuF0d
1MA2cUa2sw83jDYh7wkbt5kS/6Fvq1MfWYx/XYfCGhh7crcmlj7In7PHNT56Rbhz
FP60xg9W0987fjengHVAWHQlYbykm4DAzSjo3bzjobL2Xd5Zw/vc0m5eqlhXYq2g
h7quVE5Q/3q2bjLUebITjIU+G6dThKBB9DcXbzJHmEyLD0QWlRFTv/Bg4DECCjxJ
Hn4ydYen59s2eye4EJQsb2JiCnx3Ir6gtXhoV5s3ZN7xNPFhe1xKsSAR9YVd1KK+
XZCKq/j/BjiORwpAYEtnHJlkgLMX/X3ebviPMa6BZ1QB8vsCdVB75HZRznRIanbU
4UEDH9SZtieS8em/SPPF/f4mAO0z4OIIBIwkN52H6A7zFbyL8ic=
=udHW
-----END PGP SIGNATURE-----