[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2018/dsa-4164.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- ../../english/security/2018/dsa-4164.wml	2018-04-03 21:02:47.000000000 +0500
+++ 2018/dsa-4164.wml	2018-04-03 23:14:26.990206851 +0500
@@ -1,67 +1,68 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" mindelta="1"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been found in the Apache HTTPD server.</p>
+<p>Ð? HTTPD-Ñ?еÑ?веÑ?е Apache бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15710";>CVE-2017-15710</a>
 
- -    <p>Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if
- -    configured with AuthLDAPCharsetConfig, could cause an of bound write
- -    if supplied with a crafted Accept-Language header. This could
- -    potentially be used for a Denial of Service attack.</p></li>
+    <p>Ð?лекÑ? Ð?иÑ?олÑ? и Якоб ХиÑ?Ñ? Ñ?ообÑ?или, Ñ?Ñ?о модÑ?лÑ? mod_authnz_ldap в Ñ?лÑ?Ñ?ае его
+    наÑ?Ñ?Ñ?ойки Ñ? AuthLDAPCharsetConfig можеÑ? вÑ?зÑ?ваÑ?Ñ? запиÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а
+    памÑ?Ñ?и пÑ?и полÑ?Ñ?ении Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного заголовка Accept-Language. ЭÑ?о поÑ?енÑ?иалÑ?но
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? вÑ?зва оÑ?каза в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15715";>CVE-2017-15715</a>
 
- -    <p>Elar Lang discovered that expression specified in <FilesMatch> could
- -    match '$' to a newline character in a malicious filename, rather
- -    than matching only the end of the filename. This could be exploited
- -    in environments where uploads of some files are are externally
- -    blocked, but only by matching the trailing portion of the filename.</p></li>
+    <p>ЭлаÑ? Ð?анг обнаÑ?Ñ?жил, Ñ?Ñ?о вÑ?Ñ?ажение, Ñ?казÑ?ваемое в <FilesMatch> можеÑ?
+    пÑ?иводиÑ?Ñ? в Ñ?ооÑ?веÑ?Ñ?Ñ?вие '$' Ñ? Ñ?имволом новой Ñ?Ñ?Ñ?оки в имени Ñ?айла, а
+    не Ñ?олÑ?ко конÑ?Ñ? имени Ñ?айла. ЭÑ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? в окÑ?Ñ?жениÑ?Ñ?,
+    в коÑ?оÑ?Ñ?Ñ? загÑ?Ñ?зки некоÑ?оÑ?Ñ?Ñ? Ñ?айлов блокиÑ?Ñ?Ñ?Ñ?Ñ?Ñ? внеÑ?ними Ñ?Ñ?едÑ?Ñ?вами,
+    но лиÑ?Ñ? по оконÑ?аниÑ? имени Ñ?айла.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1283";>CVE-2018-1283</a>
 
- -    <p>When mod_session is configured to forward its session data to CGI
- -    applications (SessionEnv on, not the default), a remote user could
- -    influence their content by using a <q>Session</q> header.</p></li>
+    <p>Ð?Ñ?ли модÑ?лÑ? mod_session наÑ?Ñ?Ñ?оен на пеÑ?енапÑ?авление даннÑ?Ñ? Ñ?еÑ?Ñ?ии в CGI-пÑ?иложениÑ?
+    (SessionEnv on, не по Ñ?молÑ?аниÑ?), Ñ?далÑ?ннÑ?й полÑ?зоваÑ?елÑ? можеÑ? повлиÑ?Ñ?Ñ? на
+    иÑ? Ñ?одеÑ?жимое Ñ? помоÑ?Ñ?Ñ? заголовка <q>Session</q>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1301";>CVE-2018-1301</a>
 
- -    <p>Robert Swiecki reported that a specially crafted request could have
- -    crashed the Apache HTTP Server, due to an out of bound access after
- -    a size limit is reached by reading the HTTP header.</p></li>
+    <p>РобеÑ?Ñ? Свики Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й запÑ?оÑ? можеÑ? вÑ?зваÑ?Ñ? аваÑ?ийнÑ?Ñ?
+    оÑ?Ñ?ановкÑ? HTTP-Ñ?еÑ?веÑ?а Apache из-за обÑ?аÑ?ениÑ? к облаÑ?Ñ?и памÑ?Ñ?и за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а
+    поÑ?ле доÑ?Ñ?ижениÑ? огÑ?аниÑ?ениÑ? Ñ?азмеÑ?а по Ñ?Ñ?ениÑ? HTTP-заголовка.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1303";>CVE-2018-1303</a>
 
- -    <p>Robert Swiecki reported that a specially crafted HTTP request header
- -    could have crashed the Apache HTTP Server if using
- -    mod_cache_socache, due to an out of bound read while preparing data
- -    to be cached in shared memory.</p></li>
+    <p>РобеÑ?Ñ? Свики Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й заголовок HTTP-запÑ?оÑ?а
+    можеÑ? вÑ?зваÑ?Ñ? аваÑ?ийнÑ?Ñ? оÑ?Ñ?ановкÑ? HTTP-Ñ?еÑ?веÑ?а Apache в Ñ?лÑ?Ñ?ае иÑ?полÑ?зованиÑ?
+    модÑ?лÑ? mod_cache_socache. Ð?Ñ?облема возникаеÑ? из-за Ñ?Ñ?ениÑ? облаÑ?Ñ?и памÑ?Ñ?и за пÑ?еделами вÑ?деленного
+    бÑ?Ñ?еÑ?а в Ñ?оде подгоÑ?овки даннÑ?Ñ? длÑ? иÑ? кÑ?Ñ?иÑ?ованиÑ? в Ñ?овмеÑ?Ñ?но иÑ?полÑ?зÑ?емÑ?Ñ? памÑ?Ñ?Ñ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1312";>CVE-2018-1312</a>
 
- -    <p>Nicolas Daniels discovered that when generating an HTTP Digest
- -    authentication challenge, the nonce sent by mod_auth_digest to
- -    prevent reply attacks was not correctly generated using a
- -    pseudo-random seed. In a cluster of servers using a common Digest
- -    authentication configuration, HTTP requests could be replayed across
- -    servers by an attacker without detection.</p></li>
+    <p>Ð?иколаÑ? Ð?Ñ?ниелÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о пÑ?и Ñ?оздании вÑ?зова дайджеÑ?Ñ?-аÑ?Ñ?енÑ?иÑ?икаÑ?ии
+    Ñ?лÑ?Ñ?айнÑ?й код, оÑ?пÑ?авлÑ?емÑ?й модÑ?лем mod_auth_digest Ñ? Ñ?елÑ?Ñ? пÑ?едоÑ?вÑ?аÑ?ениÑ?
+    аÑ?ак по оÑ?веÑ?ам, Ñ?оздаÑ?Ñ?Ñ?Ñ? непÑ?авилÑ?но Ñ? иÑ?полÑ?зованием пÑ?евдоÑ?лÑ?Ñ?айного
+    векÑ?оÑ?а генеÑ?аÑ?ии. Ð? клаÑ?Ñ?еÑ?е Ñ?еÑ?веÑ?ов, иÑ?полÑ?зÑ?Ñ?Ñ?иÑ? обÑ?ие наÑ?Ñ?Ñ?ойки
+    дайджеÑ?Ñ?-аÑ?Ñ?енÑ?иÑ?икаÑ?ии, HTTP-запÑ?оÑ?Ñ? могÑ?Ñ? без обнаÑ?Ñ?жениÑ? бÑ?Ñ?Ñ? повÑ?оÑ?енÑ?
+    злоÑ?мÑ?Ñ?ленником длÑ? неÑ?колÑ?киÑ? Ñ?еÑ?веÑ?ов.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 2.4.10-10+deb8u12.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 2.4.10-10+deb8u12.</p>
 
- -<p>For the stable distribution (stretch), these problems have been fixed in
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
 version 2.4.25-3+deb9u4.</p>
 
- -<p>We recommend that you upgrade your apache2 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? apache2.</p>
 
- -<p>For the detailed security status of apache2 please refer to its security
- -tracker page at:
- -<a href="https://security-tracker.debian.org/tracker/apache2";>https://security-tracker.debian.org/tracker/apache2</a></p>
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и apache2 можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
+<a href="https://security-tracker.debian.org/tracker/apache2";>\
+https://security-tracker.debian.org/tracker/apache2</a></p>
 </define-tag>
 
 # do not modify the following line
 #include "$(ENGLISHDIR)/security/2018/dsa-4164.data"
- -# $Id: dsa-4164.wml,v 1.1 2018/04/03 16:02:47 carnil Exp $
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlrDxJQACgkQXudu4gIW
0qXqchAAk07Af23aR+Y5o0kx/gUX59IclnRw1yu/XduvwXB2AinP2yA/xPjEV/uq
9l2W47aRw6FZUr2pn2M+aC5z8QsobspF0yLlGIuuCp0BT8cPciFfv1H3YuqgzFQ7
o0a8lOPEZEh6TXu7Xxch3R7e3HTyf29YM3hazeqFOUmnC4eRSP7DghxkZV86aa0B
2rVCL3nBJWO+86RWl41Autf7WTzqAICHr2qT59tv3UVBZZt6geaWh9Y5s+96Lfg6
nvasg8mll6rDmdNRWa7tqYwTtEIUFALk29cZQeeHdUfPHyf/91jyohfwJ+/eFRoC
canugs/L0btNUiKHScPf/QCvuJjySBr/6FIuCZylVyuyi0K4YqxWVkvivmsNUjsr
QYFDzmSILiwhz8B04INaMjE0y16KOBDt9GBUzG/pM7rDBQNRFmAW4ccrRxmbJ7LZ
VAMZ2e/7KaqOQsYq6QKT5C/sOl8qlHqb/ZChC0OqhEXQgiHi9B3jVUQuDesWj9sR
X/mGyr2cooOy0oU4uhBkVySuAtaQT0IvVQWb1uMf7EKpWePmpKvYXtPx44cn7DzF
avrRACaGOeHNrZYV8WXxdYjNu9BpWE8v/7kunpkSFHpM5iAZYyOfOTV+oQM+1gh+
0wtzTTTePyoO/pjjvHTPGpp3LX3L+Vkhd2WDTpGkN/y/0dGaEn0=
=Ex0h
-----END PGP SIGNATURE-----
Reply to: