[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2018/dsa-4188.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- ../../english/security/2018/dsa-4188.wml	2018-05-02 11:53:24.000000000 +0500
+++ 2018/dsa-4188.wml	2018-05-02 11:52:39.779225627 +0500
@@ -1,224 +1,225 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.2" mindelta="1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или
+Ñ?Ñ?еÑ?кам инÑ?оÑ?маÑ?ии.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5715";>CVE-2017-5715</a>
 
- -    <p>Multiple researchers have discovered a vulnerability in various
- -    processors supporting speculative execution, enabling an attacker
- -    controlling an unprivileged process to read memory from arbitrary
- -    addresses, including from the kernel and all other processes
- -    running on the system.</p>
- -
- -    <p>This specific attack has been named Spectre variant 2 (branch
- -    target injection) and is mitigated for the x86 architecture (amd64
- -    and i386) by using the <q>retpoline</q> compiler feature which allows
- -    indirect branches to be isolated from speculative execution.</p></li>
+    <p>Ð?еÑ?колÑ?ко иÑ?Ñ?ледоваÑ?елей обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?Ñ? в Ñ?азлиÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?оÑ?аÑ?,
+    поддеÑ?живаÑ?Ñ?иÑ? Ñ?пекÑ?лÑ?Ñ?ивное вÑ?полнение кода, коÑ?оÑ?аÑ? позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ?,
+    Ñ?пÑ?авлÑ?Ñ?Ñ?емÑ? непÑ?ивелигиÑ?ованнÑ?м пÑ?оÑ?еÑ?Ñ?ом, Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ? Ñ?одеÑ?жимое памÑ?Ñ?и по пÑ?оизволÑ?номÑ?
+    адÑ?еÑ?Ñ?, вклÑ?Ñ?аÑ? памÑ?Ñ?Ñ? Ñ?дÑ?а и вÑ?еÑ? оÑ?Ñ?алÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?ов, запÑ?Ñ?еннÑ?Ñ?
+    в Ñ?иÑ?Ñ?еме.</p>
+
+    <p>Ð?аннаÑ? аÑ?ака полÑ?Ñ?ила название Spectre ваÑ?ианÑ? 2 (введение веÑ?влений),
+    а еÑ? оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?е поÑ?ледÑ?Ñ?виÑ? бÑ?ли минимизиÑ?ованÑ? длÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86 (amd64 и i386)
+    пÑ?Ñ?Ñ?м иÑ?полÑ?зованиÑ? возможноÑ?Ñ?и компилÑ?Ñ?оÑ?а <q>retpoline</q>, позволÑ?Ñ?Ñ?ей изолиÑ?оваÑ?Ñ?
+    непÑ?Ñ?мое веÑ?вление оÑ? Ñ?пекÑ?лÑ?Ñ?ивного вÑ?полнениÑ? команд.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-5753";>CVE-2017-5753</a>
 
- -    <p>Multiple researchers have discovered a vulnerability in various
- -    processors supporting speculative execution, enabling an attacker
- -    controlling an unprivileged process to read memory from arbitrary
- -    addresses, including from the kernel and all other processes
- -    running on the system.</p>
- -
- -    <p>This specific attack has been named Spectre variant 1
- -    (bounds-check bypass) and is mitigated by identifying vulnerable
- -    code sections (array bounds checking followed by array access) and
- -    replacing the array access with the speculation-safe
- -    array_index_nospec() function.</p>
+    <p>Ð?еÑ?колÑ?ко иÑ?Ñ?ледоваÑ?елей обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?Ñ? в Ñ?азлиÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?оÑ?аÑ?,
+    поддеÑ?живаÑ?Ñ?иÑ? Ñ?пекÑ?лÑ?Ñ?ивное вÑ?полнение кода, коÑ?оÑ?аÑ? позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникÑ?,
+    Ñ?пÑ?авлÑ?Ñ?Ñ?емÑ? непÑ?ивелигиÑ?ованнÑ?м пÑ?оÑ?еÑ?Ñ?ом, Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ? Ñ?одеÑ?жимое памÑ?Ñ?и по пÑ?оизволÑ?номÑ?
+    адÑ?еÑ?Ñ?, вклÑ?Ñ?аÑ? памÑ?Ñ?Ñ? Ñ?дÑ?а и вÑ?еÑ? оÑ?Ñ?алÑ?нÑ?Ñ? пÑ?оÑ?еÑ?Ñ?ов, запÑ?Ñ?еннÑ?Ñ?
+    в Ñ?иÑ?Ñ?еме.</p>
+
+    <p>Ð?аннаÑ? аÑ?ака полÑ?Ñ?ила название Spectre ваÑ?ианÑ? 1 (обÑ?од пÑ?овеÑ?ки гÑ?аниÑ? бÑ?Ñ?еÑ?а),
+    а еÑ? оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?е поÑ?ледÑ?Ñ?виÑ? бÑ?ли минимизиÑ?ованÑ? пÑ?Ñ?Ñ?м опÑ?еделениÑ? Ñ?Ñ?звимÑ?Ñ? Ñ?азделов
+    кода (пÑ?овеÑ?ка гÑ?аниÑ? маÑ?Ñ?ива поÑ?ле обÑ?аÑ?ениÑ? к маÑ?Ñ?ивÑ?) и заменÑ? обÑ?аÑ?ениÑ? к маÑ?Ñ?ивÑ?
+    на безопаÑ?нÑ?Ñ? пÑ?и иÑ?полÑ?зовании Ñ?пекÑ?лÑ?Ñ?ивного вÑ?полнениÑ?
+    Ñ?Ñ?нкÑ?иÑ? array_index_nospec().
 
- -    <p>More use sites will be added over time.</p></li>
+    <p>Со вÑ?еменем бÑ?дÑ?Ñ? добавленÑ? дополниÑ?елÑ?нÑ?е меÑ?Ñ?а в коде.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17975";>CVE-2017-17975</a>
 
- -    <p>Tuba Yavuz reported a use-after-free flaw in the USBTV007
- -    audio-video grabber driver. A local user could use this for denial
- -    of service by triggering failure of audio registration.</p></li>
+    <p>ТÑ?ба ЯвÑ?з Ñ?ообÑ?ил об иÑ?полÑ?зовании Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и в дÑ?айвеÑ?е
+    аÑ?дио-видео заÑ?ваÑ?а USBTV007. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании пÑ?Ñ?Ñ?м вÑ?зова оÑ?ибки Ñ?егиÑ?Ñ?Ñ?аÑ?ии аÑ?дио.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18193";>CVE-2017-18193</a>
 
- -    <p>Yunlei He reported that the f2fs implementation does not properly
- -    handle extent trees, allowing a local user to cause a denial of
- -    service via an application with multiple threads.</p></li>
+    <p>ЮнÑ?лÑ?й Ð¥Ñ? Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? f2fs непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ?
+    деÑ?евÑ?Ñ? непÑ?еÑ?Ñ?внÑ?Ñ? облаÑ?Ñ?ей, позволÑ?Ñ? локалÑ?номÑ? полÑ?зоваÑ?елÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+    обÑ?лÑ?живании Ñ? помоÑ?Ñ?Ñ? пÑ?иложениÑ? Ñ? неÑ?колÑ?кими поÑ?оками.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18216";>CVE-2017-18216</a>
 
- -    <p>Alex Chen reported that the OCFS2 filesystem failed to hold a
- -    necessary lock during nodemanager sysfs file operations,
- -    potentially leading to a null pointer dereference.  A local user
- -    could use this for denial of service.</p></li>
+    <p>Ð?лекÑ? Чен Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?айловаÑ? Ñ?иÑ?Ñ?ема OCFS2 не вÑ?полнÑ?еÑ? необÑ?одимÑ?Ñ? блокиÑ?овкÑ?
+    во вÑ?емÑ? Ñ?айловÑ?Ñ? опеÑ?аÑ?ий nodemanager sysfs,
+    Ñ?Ñ?о поÑ?енÑ?иалÑ?но пÑ?иводиÑ? к Ñ?азÑ?менованиÑ? null-Ñ?казаÑ?елÑ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? пÑ?облемÑ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18218";>CVE-2017-18218</a>
 
- -    <p>Jun He reported a use-after-free flaw in the Hisilicon HNS ethernet
- -    driver. A local user could use this for denial of service.</p></li>
+    <p>ЦзÑ?нÑ? Ð¥Ñ? Ñ?ообÑ?ил об иÑ?полÑ?зовании Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и в дÑ?айвеÑ?е пÑ?оводной Ñ?еÑ?и
+    Hisilicon HNS. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18222";>CVE-2017-18222</a>
 
- -    <p>It was reported that the Hisilicon Network Subsystem (HNS) driver
- -    implementation does not properly handle ethtool private flags. A
- -    local user could use this for denial of service or possibly have
- -    other impact.</p></li>
+    <p>Ð?Ñ?ло Ñ?ообÑ?ено, Ñ?Ñ?о Ñ?еализаÑ?иÑ? дÑ?айвеÑ?а Hisilicon Network Subsystem (HNS)
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? закÑ?Ñ?Ñ?Ñ?е Ñ?лаги ethtool. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или оказÑ?ваÑ?Ñ?
+    дÑ?Ñ?гое влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18224";>CVE-2017-18224</a>
 
- -    <p>Alex Chen reported that the OCFS2 filesystem omits the use of a
- -    semaphore and consequently has a race condition for access to the
- -    extent tree during read operations in DIRECT mode. A local user
- -    could use this for denial of service.</p></li>
+    <p>Ð?лекÑ? Чен Ñ?ообÑ?ил, Ñ?Ñ?о в Ñ?айловой Ñ?иÑ?Ñ?еме OCFS2 не иÑ?полÑ?зÑ?Ñ?Ñ?Ñ?Ñ? Ñ?емаÑ?оÑ?Ñ?,
+    а поÑ?омÑ? пÑ?и обÑ?аÑ?ении к деÑ?евÑ?Ñ?м непÑ?еÑ?Ñ?внÑ?Ñ? облаÑ?Ñ?ей возникаеÑ? Ñ?оÑ?Ñ?оÑ?ние гонки во
+    вÑ?емÑ? вÑ?полнении опеÑ?аÑ?ий Ñ?Ñ?ениÑ? в Ñ?ежиме DIRECT. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18241";>CVE-2017-18241</a>
 
- -    <p>Yunlei He reported that the f2fs implementation does not properly
- -    initialise its state if the <q>noflush_merge</q> mount option is used.
- -    A local user with access to a filesystem mounted with this option
- -    could use this to cause a denial of service.</p></li>
+    <p>ЮнÑ?лÑ?й Ð¥Ñ? Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? f2fs непÑ?авилÑ?но иниÑ?иализиÑ?Ñ?еÑ?
+    Ñ?воÑ? Ñ?оÑ?Ñ?оÑ?ние пÑ?и иÑ?полÑ?зовании опÑ?ии монÑ?иÑ?ованиÑ? <q>noflush_merge</q>.
+    Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий доÑ?Ñ?Ñ?п к Ñ?айловой Ñ?иÑ?Ñ?еме, Ñ?монÑ?иÑ?ованной Ñ? Ñ?казанной
+    опÑ?ией, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-18257";>CVE-2017-18257</a>
 
- -    <p>It was reported that the f2fs implementation is prone to an infinite
- -    loop caused by an integer overflow in the __get_data_block()
- -    function. A local user can use this for denial of service via
- -    crafted use of the open and fallocate system calls with an
+    <p>Ð?Ñ?ло Ñ?ообÑ?ено, Ñ?Ñ?о в Ñ?еализаÑ?ии f2fs можеÑ? возникаÑ?Ñ? беÑ?конеÑ?нÑ?й Ñ?икл из-за
+    пеÑ?еполнениÑ? Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?Ñ?нкÑ?ии __get_data_block(). Ð?окалÑ?нÑ?й
+    полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании Ñ? помоÑ?Ñ?Ñ?
+    Ñ?пеÑ?иалÑ?ного иÑ?полÑ?зовании Ñ?иÑ?Ñ?емнÑ?Ñ? вÑ?зовов open и fallocate Ñ?
     FS_IOC_FIEMAP ioctl.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1065";>CVE-2018-1065</a>
 
- -    <p>The syzkaller tool found a NULL pointer dereference flaw in the
- -    netfilter subsystem when handling certain malformed iptables
- -    rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN
- -    capability (in any user namespace) could use this to cause a denial
- -    of service. Debian disables unprivileged user namespaces by default.</p></li>
+    <p>С помоÑ?Ñ?Ñ? инÑ?Ñ?Ñ?Ñ?менÑ?а syzkaller бÑ?ло обнаÑ?Ñ?жено Ñ?азÑ?менование NULL-Ñ?казаÑ?елÑ? в подÑ?иÑ?Ñ?еме
+    netfilter, возникаÑ?Ñ?ее пÑ?и обÑ?абоÑ?ке опÑ?еделÑ?ннÑ?Ñ? некоÑ?Ñ?екÑ?нÑ?Ñ? набоÑ?ов пÑ?авил iptables.
+    Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава CAP_NET_RAW или CAP_NET_ADMIN (в лÑ?бом полÑ?зоваÑ?елÑ?Ñ?ком
+    пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве имÑ?н), можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании. Ð?
+    Debian по Ñ?молÑ?аниÑ? непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?елÑ?Ñ?кие пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва имÑ?н оÑ?клÑ?Ñ?енÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1066";>CVE-2018-1066</a>
 
- -    <p>Dan Aloni reported to Red Hat that the CIFS client implementation
- -    would dereference a null pointer if the server sent an invalid
- -    response during NTLMSSP setup negotiation.  This could be used
- -    by a malicious server for denial of service.</p></li>
+    <p>Ð?Ñ?н Ð?лони Ñ?ообÑ?ил Red Hat, Ñ?Ñ?о Ñ?еализаÑ?иÑ? клиенÑ?а CIFS вÑ?полнÑ?еÑ?
+    Ñ?азÑ?менование null-Ñ?казаÑ?елÑ? в Ñ?лÑ?Ñ?ае, еÑ?ли Ñ?еÑ?веÑ? оÑ?пÑ?авлÑ?еÑ? некоÑ?Ñ?екÑ?нÑ?й
+    оÑ?веÑ? в Ñ?оде Ñ?оглаÑ?ованиÑ? NTLMSSP. ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+    вÑ?едоноÑ?нÑ?м Ñ?еÑ?веÑ?ом длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1068";>CVE-2018-1068</a>
 
- -    <p>The syzkaller tool found that the 32-bit compatibility layer of
- -    ebtables did not sufficiently validate offset values. On a 64-bit
- -    kernel, a local user with the CAP_NET_ADMIN capability (in any user
- -    namespace) could use this to overwrite kernel memory, possibly
- -    leading to privilege escalation. Debian disables unprivileged user
- -    namespaces by default.</p></li>
+    <p>С помоÑ?Ñ?Ñ? инÑ?Ñ?Ñ?Ñ?менÑ?а syzkaller бÑ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о пÑ?оÑ?лойка 32-биÑ?ной Ñ?овмеÑ?Ñ?имоÑ?Ñ?и
+    ebtables недоÑ?Ñ?аÑ?оÑ?но пÑ?овеÑ?Ñ?еÑ? знаÑ?ениÑ? оÑ?Ñ?Ñ?Ñ?пов. Ð?а 64-биÑ?нÑ?Ñ? Ñ?дÑ?аÑ?
+    локалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий пÑ?ава CAP_NET_ADMIN (в лÑ?бом пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ве имÑ?н
+    полÑ?зоваÑ?елÑ?), можеÑ? иÑ?полÑ?зоваÑ?Ñ? даннÑ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? пеÑ?езапиÑ?и памÑ?Ñ?и Ñ?дÑ?а, Ñ?Ñ?о
+    поÑ?енÑ?иалÑ?но пÑ?иводиÑ? к повÑ?Ñ?ениÑ? пÑ?ивилегий. Ð? Debian непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?елÑ?Ñ?кие
+    пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва имÑ?н по Ñ?молÑ?аниÑ? оÑ?клÑ?Ñ?енÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1092";>CVE-2018-1092</a>
 
- -    <p>Wen Xu reported that a crafted ext4 filesystem image would
- -    trigger a null dereference when mounted.  A local user able
- -    to mount arbitrary filesystems could use this for denial of
- -    service.</p></li>
+    <p>Ð?Ñ?нÑ? СÑ?й Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й обÑ?аз Ñ?айловой Ñ?иÑ?Ñ?емÑ? ext4
+    пÑ?и его монÑ?иÑ?овании вÑ?зÑ?ваеÑ? Ñ?азÑ?менование null-Ñ?казаÑ?елÑ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?,
+    Ñ?поÑ?обнÑ?й монÑ?иÑ?оваÑ?Ñ? пÑ?оизволÑ?нÑ?е Ñ?айловÑ?е Ñ?иÑ?Ñ?емÑ?, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1093";>CVE-2018-1093</a>
 
- -    <p>Wen Xu reported that a crafted ext4 filesystem image could trigger
- -    an out-of-bounds read in the ext4_valid_block_bitmap() function. A
- -    local user able to mount arbitrary filesystems could use this for
- -    denial of service.</p></li>
+    <p>Ð?Ñ?нÑ? СÑ?й Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й обÑ?аз Ñ?айловой Ñ?иÑ?Ñ?емÑ? ext4 можеÑ?
+    пÑ?иводиÑ?Ñ? к Ñ?Ñ?ениÑ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и в Ñ?Ñ?нкÑ?ии ext4_valid_block_bitmap().
+    Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, Ñ?поÑ?обнÑ?й монÑ?иÑ?оваÑ?Ñ? пÑ?оизволÑ?нÑ?е Ñ?айловÑ?е Ñ?иÑ?Ñ?емÑ?, можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1108";>CVE-2018-1108</a>
 
- -    <p>Jann Horn reported that crng_ready() does not properly handle the
- -    crng_init variable states and the RNG could be treated as
- -    cryptographically safe too early after system boot.</p></li>
+    <p>Ян ХоÑ?н Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? crng_ready() непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? Ñ?оÑ?Ñ?оÑ?ниÑ?
+    crng_init, а RNG можеÑ? Ñ?Ñ?иÑ?аÑ?Ñ?Ñ?Ñ? кÑ?ипÑ?огÑ?аÑ?иÑ?еÑ?ки безопаÑ?нÑ?м на Ñ?лиÑ?ком Ñ?аннем Ñ?Ñ?апе
+    поÑ?ле загÑ?Ñ?зки Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5803";>CVE-2018-5803</a>
 
- -    <p>Alexey Kodanev reported that the SCTP protocol did not range-check
- -    the length of chunks to be created.  A local or remote user could
- -    use this to cause a denial of service.</p></li>
+    <p>Ð?леÑ?ей Ð?оданев Ñ?ообÑ?ил, Ñ?Ñ?о в пÑ?оÑ?околе SCTP не вÑ?полнÑ?еÑ?Ñ?Ñ? пÑ?овеÑ?ка гÑ?аниÑ? маÑ?Ñ?ива
+    длÑ? длин Ñ?оздаваемÑ?Ñ? поÑ?Ñ?ий даннÑ?Ñ?. Ð?окалÑ?нÑ?й или Ñ?далÑ?ннÑ?й полÑ?зоваÑ?елÑ? могÑ?Ñ?
+    иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-7480";>CVE-2018-7480</a>
 
- -    <p>Hou Tao discovered a double-free flaw in the blkcg_init_queue()
- -    function in block/blk-cgroup.c. A local user could use this to cause
- -    a denial of service or have other impact.</p></li>
+    <p>ХоÑ? Тао обнаÑ?Ñ?жил двойное оÑ?вобождение памÑ?Ñ?и в Ñ?Ñ?нкÑ?ии blkcg_init_queue()
+    в block/blk-cgroup.c. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ?
+    вÑ?зова оÑ?каза в обÑ?лÑ?живании или оказÑ?ваÑ?Ñ? дÑ?Ñ?гое влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-7566";>CVE-2018-7566</a>
 
- -    <p>Fan LongFei reported a race condition in the ALSA (sound)
- -    sequencer core, between write and ioctl operations.  This could
- -    lead to an out-of-bounds access or use-after-free.  A local user
- -    with access to a sequencer device could use this for denial of
- -    service or possibly for privilege escalation.</p></li>
+    <p>ФанÑ? Ð?Ñ?нФÑ?й Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в Ñ?дÑ?е планиÑ?овÑ?ика ALSA (sound)
+    междÑ? опеÑ?аÑ?иÑ?ми запиÑ?и и ioctl. ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? пÑ?иводиÑ?Ñ? к
+    обÑ?аÑ?ениÑ? в памÑ?Ñ?и за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а или иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей
+    поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий доÑ?Ñ?Ñ?п к
+    Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вÑ? планиÑ?овÑ?ика можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в
+    обÑ?лÑ?живании или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-7740";>CVE-2018-7740</a>
 
- -    <p>Nic Losby reported that the hugetlbfs filesystem's mmap operation
- -    did not properly range-check the file offset.  A local user with
- -    access to files on a hugetlbfs filesystem could use this to cause
- -    a denial of service.</p></li>
+    <p>Ð?ик Ð?оÑ?Ñ?би Ñ?ообÑ?ил, Ñ?Ñ?о опеÑ?аÑ?иÑ? mmap Ñ?айловой Ñ?иÑ?Ñ?емÑ? hugetlbfs
+    непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? гÑ?аниÑ? маÑ?Ñ?ива длÑ? Ñ?айлового оÑ?Ñ?Ñ?Ñ?па. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?,
+    имеÑ?Ñ?ий доÑ?Ñ?Ñ?п к Ñ?айлам в Ñ?айловой Ñ?иÑ?Ñ?еме hugetlbfs, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-7757";>CVE-2018-7757</a>
 
- -    <p>Jason Yan reported a memory leak in the SAS (Serial-Attached
- -    SCSI) subsystem.  A local user on a system with SAS devices
- -    could use this to cause a denial of service.</p></li>
+    <p>Ð?жейÑ?он Ян Ñ?ообÑ?ил об Ñ?Ñ?еÑ?ке памÑ?Ñ?и в подÑ?иÑ?Ñ?еме SAS (Serial-Attached
+    SCSI). Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? в Ñ?иÑ?Ñ?еме Ñ? SAS-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вами
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-7995";>CVE-2018-7995</a>
 
- -    <p>Seunghun Han reported a race condition in the x86 MCE
- -    (Machine Check Exception) driver.  This is unlikely to have
- -    any security impact.</p></li>
+    <p>СÑ?нÑ?Ñ?нÑ? ХанÑ? Ñ?ообÑ?ил о Ñ?оÑ?Ñ?оÑ?нии гонки в дÑ?айвеÑ?е x86 MCE
+    (Machine Check Exception). ЭÑ?а пÑ?облема Ñ?коÑ?ее вÑ?его не имееÑ?
+    влиÑ?ниÑ? на безопаÑ?ноÑ?Ñ?Ñ? Ñ?иÑ?Ñ?емÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-8087";>CVE-2018-8087</a>
 
- -    <p>A memory leak flaw was found in the hwsim_new_radio_nl() function in
- -    the simulated radio testing tool driver for mac80211, allowing a
- -    local user to cause a denial of service.</p></li>
+    <p>Ð? Ñ?Ñ?нкÑ?ии hwsim_new_radio_nl() из дÑ?айвеÑ?а длÑ? Ñ?еÑ?Ñ?иÑ?ованиÑ? моделиÑ?ованного Ñ?адио
+    длÑ? mac80211 бÑ?ла обнаÑ?Ñ?жена Ñ?Ñ?еÑ?ка памÑ?Ñ?и, позволÑ?Ñ?Ñ?аÑ? локалÑ?номÑ? полÑ?зоваÑ?елÑ?
+    вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-8781";>CVE-2018-8781</a>
 
- -    <p>Eyal Itkin reported that the udl (DisplayLink) driver's mmap
- -    operation did not properly range-check the file offset.  A local
- -    user with access to a udl framebuffer device could exploit this to
- -    overwrite kernel memory, leading to privilege escalation.</p></li>
+    <p>ЭÑ?лÑ? Ð?Ñ?кин Ñ?ообÑ?ил, Ñ?Ñ?о опеÑ?аÑ?иÑ? mmap дÑ?айвеÑ?а udl (DisplayLink)
+    непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? гÑ?аниÑ? маÑ?Ñ?ива длÑ? Ñ?айлового оÑ?Ñ?Ñ?Ñ?па. Ð?окалÑ?нÑ?й
+    полÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий доÑ?Ñ?Ñ?п к Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?вÑ? udl можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? пеÑ?езапиÑ?и памÑ?Ñ?и Ñ?дÑ?а, Ñ?Ñ?о пÑ?иводиÑ? к повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-8822";>CVE-2018-8822</a>
 
- -    <p>Dr Silvio Cesare of InfoSect reported that the ncpfs client
- -    implementation did not validate reply lengths from the server.  An
- -    ncpfs server could use this to cause a denial of service or
- -    remote code execution in the client.</p></li>
+    <p>Ð?-Ñ? СилÑ?вио ЦезаÑ?е из InfoSect Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? клиенÑ?а ncpfs
+    не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? длинÑ? оÑ?веÑ?ов Ñ?еÑ?веÑ?а. СеÑ?веÑ? ncpfs
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или
+    Ñ?далÑ?нного вÑ?полнениÑ? кода на Ñ?Ñ?оÑ?оне клиенÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-10323";>CVE-2018-10323</a>
 
- -    <p>Wen Xu reported a NULL pointer dereference flaw in the
- -    xfs_bmapi_write() function triggered when mounting and operating a
- -    crafted xfs filesystem image. A local user able to mount arbitrary
- -    filesystems could use this for denial of service.</p></li>
+    <p>Ð?Ñ?нÑ? СÑ?й Ñ?ообÑ?ил о Ñ?азÑ?меновании NULL-Ñ?казаÑ?елÑ? в Ñ?Ñ?нкÑ?ии xfs_bmapi_write(),
+    коÑ?оÑ?ое возникаеÑ? пÑ?и монÑ?иÑ?овании и Ñ?абоÑ?е Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?м обÑ?азом
+    Ñ?айловой Ñ?иÑ?Ñ?емÑ? xfs. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ?, Ñ?поÑ?обнÑ?й монÑ?иÑ?оваÑ?Ñ? пÑ?оизволÑ?нÑ?е Ñ?айловÑ?е
+    Ñ?иÑ?Ñ?емÑ?, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1000199";>CVE-2018-1000199</a>
 
- -    <p>Andy Lutomirski discovered that the ptrace subsystem did not
- -    sufficiently validate hardware breakpoint settings.  Local users
- -    can use this to cause a denial of service, or possibly for
- -    privilege escalation, on x86 (amd64 and i386) and possibly other
- -    architectures.</p></li>
+    <p>Энди Ð?Ñ?Ñ?омиÑ?Ñ?кий обнаÑ?Ñ?жил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема ptrace недоÑ?Ñ?аÑ?оÑ?но
+    пÑ?овеÑ?Ñ?еÑ? наÑ?Ñ?Ñ?ойки аппаÑ?аÑ?нÑ?Ñ? Ñ?оÑ?ке оÑ?Ñ?анова. Ð?окалÑ?нÑ?е полÑ?зоваÑ?ели могÑ?Ñ?
+    иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании или возможного
+    повÑ?Ñ?ениÑ? пÑ?ивилегий на аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?е x86 (amd64 и i386), а Ñ?акже поÑ?енÑ?иалÑ?но и на
+    дÑ?Ñ?гиÑ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?аÑ?.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (stretch), these problems have been fixed in
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
 version 4.9.88-1.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 
- -<p>For the detailed security status of linux please refer to its security
- -tracker page at:
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и linux можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
 <a href="https://security-tracker.debian.org/tracker/linux";>\
 https://security-tracker.debian.org/tracker/linux</a></p>
 </define-tag>
 
 # do not modify the following line
 #include "$(ENGLISHDIR)/security/2018/dsa-4188.data"
- -# $Id: dsa-4188.wml,v 1.2 2018/05/02 06:53:24 dogsleg Exp $
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlrpYHkACgkQXudu4gIW
0qW3sQ//X0LoGv9Kp+PBVzyP4g6W15EHJC9s4hcizqT4LJQT1gdk6hZd/CKj7ISb
mztRiCdejrBhek7oMUymwR+mATVvswdnTQrFzCE+WeNV1tyqBmpksPV31oo2rPsN
06Ixv1wIBO36nlM2uc7O459OPZ/z8jAN8tj91Il168DHUOeQGWf0YbEn7v5V2Jhh
EGpltOKctIkOMD4MQQieG5woNRDPNIZlqdBT7LF1IufInFmuEvJ6PYbxWMY2ztEn
a4YLqDTcvknVHw/H7DiFMgCj95YNV0D3r14U3KrGbpbSR+nr5Oxp3ezNOGBt9VFz
UnmtLxrDIG7FbT5+WmApqeIYN5WjVLBfJDmO344UdiOPfwmenHmBEbjP/AjVVnj9
Lb5gGWyVM8cKQ6J+pBcGyJtoXmQg4oaDEixt4gT64cUN7kT8OHnJd/oNUgYaaAYd
wL45ZTKo1TfwGfawqBUyzXjF6z7h+zKGUHYkxsYeIc+qfMuye97T7ssOTUxVE/Se
jiGrnHtm9QUfBickQpCsPCiIrcCNgScS0Y1f4I9pIu8dbaf//0OaxeptkgSnaM+g
5GOdRMEylEUgBZ56b0y5gh5bUMXUXAxPVUJu1z/rUljys0QLCWDCYryvB1ClTWEQ
BZUu7p4wrbR/UwuadlZgxMpDzI+H8mfammkDKE9PFQWqF2woJJo=
=wA7/
-----END PGP SIGNATURE-----
Reply to: