[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2018/dsa-4127.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2018/dsa-4127.wml	2018-03-02 13:36:06.000000000 +0500
+++ russian/security/2018/dsa-4127.wml	2018-03-02 13:54:01.953180682 +0500
@@ -1,73 +1,74 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in SimpleSAMLphp, a
- -framework for authentication, primarily via the SAML protocol.</p>
+<p>Ð? SimpleSAMLphp, инÑ?Ñ?аÑ?Ñ?Ñ?Ñ?кÑ?Ñ?Ñ?е длÑ? аÑ?Ñ?енÑ?иÑ?икаÑ?ии в оÑ?новном по
+пÑ?оÑ?околÑ? SAML, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12867";>CVE-2017-12867</a>
 
- -     <p>Attackers with access to a secret token could extend its validity
- -     period by manipulating the prepended time offset.</p></li>
+    <p>Ð?лоÑ?мÑ?Ñ?ленники, имеÑ?Ñ?ие доÑ?Ñ?Ñ?п к Ñ?екÑ?еÑ?номÑ? Ñ?окенÑ?, могÑ?Ñ? пÑ?одлиÑ?Ñ? его Ñ?Ñ?ок
+    дейÑ?Ñ?виÑ?, изменÑ?Ñ? Ñ?меÑ?ение вÑ?емени.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12869";>CVE-2017-12869</a>
 
- -    <p>When using the multiauth module, attackers can bypass authentication
- -    context restrictions and use any authentication source defined in
- -    the config.</p></li>
+    <p>Ð?Ñ?и иÑ?полÑ?зовании модÑ?лÑ? multiauth злоÑ?мÑ?Ñ?ленник можеÑ? обÑ?одиÑ?Ñ? огÑ?аниÑ?ениÑ?
+    конÑ?екÑ?Ñ?а аÑ?Ñ?енÑ?иÑ?икаÑ?ии и иÑ?полÑ?зоваÑ?Ñ? лÑ?бой иÑ?Ñ?оÑ?ник аÑ?Ñ?енÑ?иÑ?икаÑ?ии, опÑ?еделÑ?ннÑ?е
+    в наÑ?Ñ?Ñ?ойкаÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12873";>CVE-2017-12873</a>
 
- -    <p>Defensive measures have been taken to prevent the administrator
- -    from misconfiguring persistent NameIDs to avoid identifier clash.
- -    (Affects Debian 8 Jesse only.)</p></li>
+    <p>Ð?Ñ?ли пÑ?едпÑ?инÑ?Ñ?Ñ? заÑ?иÑ?нÑ?е меÑ?Ñ? Ñ? Ñ?елÑ?Ñ? пÑ?едоÑ?вÑ?аÑ?ениÑ? некоÑ?Ñ?екÑ?нÑ?й наÑ?Ñ?Ñ?оек
+    поÑ?Ñ?оÑ?ннÑ?Ñ? NameID админиÑ?Ñ?Ñ?аÑ?оÑ?ом, Ñ?Ñ?обÑ? не пÑ?оиÑ?Ñ?одили конÑ?ликÑ?Ñ? иденÑ?иÑ?икаÑ?оÑ?ов.
+    (ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? каÑ?аеÑ?Ñ?Ñ? Ñ?олÑ?ко Debian 8 Jessie.)</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-12874";>CVE-2017-12874</a>
 
- -    <p>The InfoCard module could accept incorrectly signed XML messages
- -    in rare occasions.</p></li>
+    <p>Ð?одÑ?лÑ? InfoCard в Ñ?едкиÑ? Ñ?лÑ?Ñ?аÑ?Ñ? можеÑ? пÑ?инимаÑ?Ñ? непÑ?авилÑ?но подпиÑ?аннÑ?е
+    XML-Ñ?ообÑ?ениÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18121";>CVE-2017-18121</a>
 
- -    <p>The consentAdmin module was vulnerable to a Cross-Site Scripting
- -    attack, allowing an attacker to craft links that could execute
- -     arbitrary JavaScript code in the victim's browser.</p></li>
+    <p>Ð?одÑ?лÑ? consentAdmin Ñ?Ñ?звим к межÑ?айÑ?овом Ñ?кÑ?ипÑ?ингÑ?, Ñ?Ñ?о позволÑ?еÑ?
+    злоÑ?мÑ?Ñ?ленникÑ? подделÑ?ваÑ?Ñ? Ñ?Ñ?Ñ?лки, обÑ?аÑ?ение к коÑ?оÑ?Ñ?м пÑ?иводиÑ? к вÑ?полнениÑ?
+    пÑ?оизволÑ?ного кода на Ñ?зÑ?ке JavaScript в бÑ?аÑ?зеÑ?е жеÑ?Ñ?вÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18122";>CVE-2017-18122</a>
 
- -    <p>The (deprecated) SAML 1.1 implementation would regard as valid any
- -    unsigned SAML response containing more than one signed assertion,
- -    provided that the signature of at least one of the assertions was
- -    valid, allowing an attacker that could obtain a valid signed
- -    assertion from an IdP to impersonate users from that IdP.</p></li>
+    <p>РеализаÑ?иÑ? SAML 1.1 (Ñ?Ñ?Ñ?аÑ?евÑ?аÑ?) Ñ?аÑ?Ñ?маÑ?Ñ?иваеÑ? в каÑ?еÑ?Ñ?ве пÑ?авилÑ?ного лÑ?бой
+    неподпиÑ?аннÑ?й SAML-оÑ?веÑ?, Ñ?одеÑ?жаÑ?ий более одного подпиÑ?анного Ñ?Ñ?веÑ?ждениÑ?
+    пÑ?и Ñ?Ñ?ловии, Ñ?Ñ?о подпиÑ?Ñ? Ñ?оÑ?Ñ? бÑ? одного из Ñ?Ñ?веÑ?ждений Ñ?влÑ?еÑ?Ñ?Ñ? веÑ?ной.
+    ЭÑ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ?, обладаÑ?Ñ?емÑ? Ñ?Ñ?веÑ?ждением Ñ? пÑ?авилÑ?ной подпиÑ?Ñ?Ñ?
+    оÑ? IdP вÑ?даваÑ?Ñ? Ñ?ебÑ? за полÑ?зоваÑ?елей Ñ?Ñ?ого IdP.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6519";>CVE-2018-6519</a>
 
- -    <p>Regular expression denial of service when parsing extraordinarily
- -    long timestamps.</p></li>
+    <p>Ð?Ñ?каз в обÑ?лÑ?живании в Ñ?егÑ?лÑ?Ñ?ном вÑ?Ñ?ажении пÑ?и вÑ?полнении гÑ?аммаÑ?иÑ?еÑ?кого
+    Ñ?азбоÑ?а длиннÑ?Ñ? вÑ?еменнÑ?Ñ? меÑ?ок.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6521";>CVE-2018-6521</a>
 
- -    <p>Change sqlauth module MySQL charset from utf8 to utf8mb to
- -    prevent theoretical query truncation that could allow remote
- -    attackers to bypass intended access restrictions</p></li>
+    <p>Ð?зменена кодиÑ?овка Ñ?имволов в модÑ?ле sqlauth длÑ? MySQL Ñ? utf8 на utf8mb
+    Ñ? Ñ?елÑ?Ñ? пÑ?едоÑ?вÑ?аÑ?ениÑ? Ñ?еоÑ?еÑ?иÑ?еÑ?кого обÑ?езаниÑ? запÑ?оÑ?а, Ñ?Ñ?о можеÑ? позволиÑ?Ñ?
+    Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам обÑ?одиÑ?Ñ? огÑ?аниÑ?ениÑ? доÑ?Ñ?Ñ?па</p></li>
 
- -<li>SSPSA-201802-01 (no CVE yet)
+<li>SSPSA-201802-01 (иденÑ?иÑ?икаÑ?оÑ? CVE пока оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?)
 
- -    <p>Critical signature validation vulnerability.</p></li>
+    <p>Ð?Ñ?иÑ?иÑ?еÑ?каÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? в коде пÑ?овеÑ?ки подпиÑ?и.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 1.13.1-2+deb8u1.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 1.13.1-2+deb8u1.</p>
 
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 1.14.11-1+deb9u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.14.11-1+deb9u1.</p>
 
- -<p>We recommend that you upgrade your simplesamlphp packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? simplesamlphp.</p>
 
- -<p>For the detailed security status of simplesamlphp please refer to
- -its security tracker page at:
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и simplesamlphp можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
 <a href="https://security-tracker.debian.org/tracker/simplesamlphp";>\
 https://security-tracker.debian.org/tracker/simplesamlphp</a></p>
 </define-tag>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqZETAACgkQXudu4gIW
0qXfUg/9Ek2LJn4K0xDDO+SxHJaKVkf/yFHVgfAYjz+6OBXalrzdysGkamLQr3vB
DtySz40MsgMKVLhec95WgmFwc3Hk/mkjjOh1SK2p0wyb/wY+/ciQkYoRo1aIOD6l
/T9w8X4YwSGmyr0WC/Hpc8gZVnreGLYQVPT2FEWIKkyZbBSedvkLGXaHj/cvsZST
Lulr3JUimM1U9lUWWN1Drjh26Vc4yUKm/YSIzgzfJYlB49WSrY4jd944DvJ3xAfK
RkdvyZq+yASwlAVwnqovVPrMr7nPlxsVvEG/DpNEBAowpKLqAxcjsa95vPz/zghi
cf3oel2hpdJXPkbk+hTIMzn9Ye29MkwA/o5shfe6pHRgMEcVCNLZ9u8OBdbgGaFP
CT6NW8wy0d901Bbq2E9eqKcOYaon8qlheLsxNpWdi3RhA767n5GyE9zLaxjzRm3T
Rg1uyzbZRe4/zJLGn8vKrY+O6Ccil2/9pfy9KnTw19mgYLysEtquL77ojbrf8rww
pu8B7Uea6eHEAsGvBML+D94fzuHFLApyi+/0U5QaBAfFxQPtfGHPSrSr5G/n8Fux
twoWgbltSJ2FI0nnhrorNVoFmZigssA1s27jTIyn2hzniAiKK2Qk/dDp9UGOldgE
Cm05/2miXJQsLIcScPcTNNk5Xj004QlQeVObsMoNH9rI8Ku7Ap4=
=Miy8
-----END PGP SIGNATURE-----
Reply to: