[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2002/dsa-148.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2002/dsa-148.wml	2017-11-01 10:11:09.079763113 +0500
+++ russian/security/2002/dsa-148.wml	2018-03-22 14:14:57.465602410 +0500
@@ -1,43 +1,44 @@
- -<define-tag description>buffer overflows and format string vulnerabilities</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а и Ñ?Ñ?звимоÑ?Ñ?и Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки</define-tag>
 <define-tag moreinfo>
- -<p>A set of problems have been discovered in Hylafax, a flexible
- -client/server fax software distributed with many GNU/Linux
- -distributions.  Quoting SecurityFocus the problems are in detail:</p>
+<p>Ð? Hylafax, гибком Ñ?акÑ?овом Ð?Ð? Ñ? клиенÑ?-Ñ?еÑ?веÑ?ной аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?ой, поÑ?Ñ?авлÑ?емой
+многими диÑ?Ñ?Ñ?ибÑ?Ñ?ивами GNU/Linux, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко пÑ?облем. Ð?одÑ?обное
+опиÑ?ание пÑ?облем пÑ?иводиÑ?Ñ?Ñ? по инÑ?оÑ?маÑ?ии SecurityFocus.</p>
 
 <ul>
- -<li>A format string vulnerability makes it possible for users to
- -   potentially execute arbitrary code on some implementations.  Due to
- -   insufficient checking of input, it's possible to execute a format
- -   string attack.  Since this only affects systems with the faxrm and
- -   faxalter programs installed setuid, Debian is not vulnerable.</li>
- -
- -<li>A buffer overflow has been reported in Hylafax.  A malicious fax
- -   transmission may include a long scan line that will overflow a
- -   memory buffer, corrupting adjacent memory.  An exploit may result
- -   in a denial of service condition, or possibly the execution of
- -   arbitrary code with root privileges.</li>
- -
- -<li>A format string vulnerability has been discovered in faxgetty.
- -   Incoming fax messages include a Transmitting Subscriber
- -   Identification (TSI) string, used to identify the sending fax
- -   machine.  Hylafax uses this data as part of a format string without
- -   properly sanitizing the input.  Malicious fax data may cause the
- -   server to crash, resulting in a denial of service condition.</li>
- -
- -<li>Marcin Dawcewicz discovered a format string vulnerability in hfaxd,
- -   which will crash hfaxd under certain circumstances.  Since Debian
- -   doesn't have hfaxd installed setuid root, this problem cannot
- -   directly lead into a vulnerability.  This has been fixed by Darren
- -   Nickerson, which was already present in newer versions, but not in
- -   the potato version.</li>
+<li>УÑ?звимоÑ?Ñ?Ñ? Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки позволÑ?еÑ? полÑ?зоваÑ?елÑ?м на некоÑ?оÑ?Ñ?Ñ?
+   Ñ?еализаÑ?иÑ?Ñ? поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код. Ð?з-за
+   недоÑ?Ñ?аÑ?оÑ?ной пÑ?овеÑ?ки вÑ?однÑ?Ñ? даннÑ?Ñ? можно вÑ?полниÑ?Ñ? аÑ?акÑ? Ñ?еÑ?ез
+   Ñ?оÑ?маÑ?нÑ?Ñ? Ñ?Ñ?Ñ?окÑ?. Ð?оÑ?колÑ?кÑ? Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? каÑ?аеÑ?Ñ?Ñ? Ñ?олÑ?ко Ñ?иÑ?Ñ?ем, в коÑ?оÑ?Ñ?Ñ?
+   пÑ?огÑ?аммÑ? faxrm и faxalter имеÑ?Ñ? Ñ?лаг setuid, она не каÑ?аеÑ?Ñ?Ñ? Debian.</li>
+
+<li>Ð?Ñ?ло Ñ?ообÑ?ено о пеÑ?еполнении бÑ?Ñ?еÑ?а в Hylafax. Ð?Ñ?едоноÑ?наÑ? Ñ?акÑ?имилÑ?наÑ?
+   пеÑ?едаÑ?а можеÑ? вклÑ?Ñ?аÑ?Ñ? длиннÑ?Ñ? линиÑ? Ñ?каниÑ?ованиÑ?, коÑ?оÑ?аÑ? пÑ?иводиÑ? к
+   пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а, повÑ?еждениÑ? Ñ?одеÑ?жимого Ñ?межнÑ?Ñ? бÑ?Ñ?еÑ?ов памÑ?Ñ?и. УÑ?звимоÑ?Ñ?Ñ? можеÑ?
+   пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании или поÑ?енÑ?иалÑ?номÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного
+   кода пÑ?авами Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?.</li>
+
+<li>Ð? faxgetty бÑ?ла обнаÑ?Ñ?жена Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки.
+   Ð?Ñ?одÑ?Ñ?ие Ñ?акÑ?имилÑ?нÑ?е Ñ?ообÑ?ениÑ? вклÑ?Ñ?аÑ?Ñ? Ñ?Ñ?Ñ?окÑ? Ñ? кадÑ?ом иденÑ?иÑ?икаÑ?ии
+   пеÑ?едаÑ?Ñ?его абоненÑ?а (TSI), иÑ?полÑ?зÑ?емÑ?Ñ? длÑ? опÑ?еделениÑ? оÑ?пÑ?авлÑ?Ñ?Ñ?его
+   Ñ?акÑ?имилÑ?ного аппаÑ?аÑ?а. Hylafax иÑ?полÑ?зÑ?еÑ? Ñ?Ñ?и даннÑ?е как Ñ?аÑ?Ñ?Ñ? Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки без
+   Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей оÑ?иÑ?Ñ?ки. Ð?Ñ?едоноÑ?нÑ?е Ñ?акÑ?имилÑ?нÑ?е даннÑ?е могÑ?Ñ? вÑ?зÑ?ваÑ?Ñ?
+   аваÑ?ийнÑ?Ñ? оÑ?Ñ?ановкÑ? Ñ?еÑ?веÑ?а, Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании.</li>
+
+<li>Ð?аÑ?Ñ?ин Ð?авÑ?евиÑ? обнаÑ?Ñ?жил Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки в hfaxd,
+   коÑ?оÑ?аÑ? пÑ?и опÑ?еделÑ?ннÑ?Ñ? Ñ?Ñ?ловиÑ?Ñ? пÑ?иводиÑ? к аваÑ?ийной оÑ?Ñ?ановке hfaxd. Ð?оÑ?колÑ?кÑ? в
+   Debian пÑ?огÑ?амма hfaxd не имееÑ? Ñ?лага setuid длÑ? запÑ?Ñ?ка оÑ? лиÑ?а Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?, даннаÑ?
+   пÑ?облема не можеÑ? напÑ?Ñ?мÑ?Ñ? пÑ?иводиÑ?Ñ? к Ñ?Ñ?звимоÑ?Ñ?и. Ð?Ñ?облема бÑ?ла иÑ?пÑ?авлена Ð?аÑ?еном
+   Ð?икеÑ?Ñ?оном, иÑ?пÑ?авление Ñ?же имееÑ?Ñ?Ñ? в более новÑ?Ñ? веÑ?Ñ?иÑ?Ñ?, но не в веÑ?Ñ?ии,
+   вÑ?одÑ?Ñ?ей в Ñ?оÑ?Ñ?ав potato.</li>
 </ul>
 
- -<p>These problems have been fixed in version 4.0.2-14.3 for the old
- -stable distribution (potato), in version 4.1.1-1.1 for the current
- -stable distribution (woody) and in version 4.1.2-2.1 for the unstable
- -distribution (sid).</p>
+<p>ЭÑ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 4.0.2-14.3 длÑ? пÑ?едÑ?дÑ?Ñ?его
+Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (potato), в веÑ?Ñ?ии 4.1.1-1.1 длÑ? Ñ?екÑ?Ñ?его
+Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (woody) и в веÑ?Ñ?ии 4.1.2-2.1 длÑ? неÑ?Ñ?абилÑ?ного
+вÑ?пÑ?Ñ?ка (sid).</p>
 
- -<p>We recommend that you upgrade your hylafax packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? hylafax.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqzdBcACgkQXudu4gIW
0qUetg//eBzUetEz4skc7js5kLmo4MeBnnknq1PaayRqR8hwnY8d6dhqHk4ICLpf
dbjVbjMteCG1P5c6LKo3xJXA+fIR5En/7+43FMXAHitwZUnpKYbgAyayGpZkXmP3
wAyx+hr/kUaYoZptRwB/Yw6NS1BiG1wGXj/OFYDFHPzWV3q/Xb845uRJefnZyQOf
LnCZyAVWT6PObkn/ZmKWcQqIM0RWP5QXa8837H8A83MEALD5ud6qba3NLP+QiBIL
NnUm7iM/fjWCbC7aBuAmtezC9hyGwu3DBE8qAe3Z/RAQYT4BXvTmtn4200dUnxrG
3Y91T2PnkPbU2ViBU7fwTb3y4k6blwMsqCVq2UebUReqpbL84iCXJSabtA+ntZJB
G8gaSsJM1MNecKWEyru24lOd5DO5BczstBWpOKHAlLS05TJqDSKN1jm64BFsyUma
Ui5R7cZieDejFYEgBbs7MTrbL20+eIgfjMLqutM25RoIkfA6naFml3VBIooRLpYD
XOz3Sc7Wpy0YlXFZIpqJb5qmxjnNXulQcF6DTy083dALYqWBxzWA+RKybuHFz652
fqluX9K0/xdnHGD+GRmnveT+pBc3erwEDqGeSgp1+op81aQgC8J+8Wrp4r14LcOP
bmXMfPlKYK7orUjdfjrz9s9s1bB9m/2Te7gCQYVW3HScyfW7QVE=
=6e6o
-----END PGP SIGNATURE-----
Reply to: