[DONE] wml://security/2018/dsa-4164.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- ../../english/security/2018/dsa-4164.wml 2018-04-03 21:02:47.000000000 +0500
+++ 2018/dsa-4164.wml 2018-04-03 23:14:26.990206851 +0500
@@ -1,67 +1,68 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" mindelta="1"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been found in the Apache HTTPD server.</p>
+<p>Ð? HTTPD-Ñ?еÑ?веÑ?е Apache бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15710">CVE-2017-15710</a>
- - <p>Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if
- - configured with AuthLDAPCharsetConfig, could cause an of bound write
- - if supplied with a crafted Accept-Language header. This could
- - potentially be used for a Denial of Service attack.</p></li>
+ <p>Ð?лекÑ? Ð?иÑ?олÑ? и Якоб ХиÑ?Ñ? Ñ?ообÑ?или, Ñ?Ñ?о модÑ?лÑ? mod_authnz_ldap в Ñ?лÑ?Ñ?ае его
+ наÑ?Ñ?Ñ?ойки Ñ? AuthLDAPCharsetConfig можеÑ? вÑ?зÑ?ваÑ?Ñ? запиÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а
+ памÑ?Ñ?и пÑ?и полÑ?Ñ?ении Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного заголовка Accept-Language. ÐÑ?о поÑ?енÑ?иалÑ?но
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? длÑ? вÑ?зва оÑ?каза в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15715">CVE-2017-15715</a>
- - <p>Elar Lang discovered that expression specified in <FilesMatch> could
- - match '$' to a newline character in a malicious filename, rather
- - than matching only the end of the filename. This could be exploited
- - in environments where uploads of some files are are externally
- - blocked, but only by matching the trailing portion of the filename.</p></li>
+ <p>ÐлаÑ? Ð?анг обнаÑ?Ñ?жил, Ñ?Ñ?о вÑ?Ñ?ажение, Ñ?казÑ?ваемое в <FilesMatch> можеÑ?
+ пÑ?иводиÑ?Ñ? в Ñ?ооÑ?веÑ?Ñ?Ñ?вие '$' Ñ? Ñ?имволом новой Ñ?Ñ?Ñ?оки в имени Ñ?айла, а
+ не Ñ?олÑ?ко конÑ?Ñ? имени Ñ?айла. ÐÑ?о можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? в окÑ?Ñ?жениÑ?Ñ?,
+ в коÑ?оÑ?Ñ?Ñ? загÑ?Ñ?зки некоÑ?оÑ?Ñ?Ñ? Ñ?айлов блокиÑ?Ñ?Ñ?Ñ?Ñ?Ñ? внеÑ?ними Ñ?Ñ?едÑ?Ñ?вами,
+ но лиÑ?Ñ? по оконÑ?аниÑ? имени Ñ?айла.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1283">CVE-2018-1283</a>
- - <p>When mod_session is configured to forward its session data to CGI
- - applications (SessionEnv on, not the default), a remote user could
- - influence their content by using a <q>Session</q> header.</p></li>
+ <p>Ð?Ñ?ли модÑ?лÑ? mod_session наÑ?Ñ?Ñ?оен на пеÑ?енапÑ?авление даннÑ?Ñ? Ñ?еÑ?Ñ?ии в CGI-пÑ?иложениÑ?
+ (SessionEnv on, не по Ñ?молÑ?аниÑ?), Ñ?далÑ?ннÑ?й полÑ?зоваÑ?елÑ? можеÑ? повлиÑ?Ñ?Ñ? на
+ иÑ? Ñ?одеÑ?жимое Ñ? помоÑ?Ñ?Ñ? заголовка <q>Session</q>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1301">CVE-2018-1301</a>
- - <p>Robert Swiecki reported that a specially crafted request could have
- - crashed the Apache HTTP Server, due to an out of bound access after
- - a size limit is reached by reading the HTTP header.</p></li>
+ <p>РобеÑ?Ñ? Свики Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й запÑ?оÑ? можеÑ? вÑ?зваÑ?Ñ? аваÑ?ийнÑ?Ñ?
+ оÑ?Ñ?ановкÑ? HTTP-Ñ?еÑ?веÑ?а Apache из-за обÑ?аÑ?ениÑ? к облаÑ?Ñ?и памÑ?Ñ?и за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а
+ поÑ?ле доÑ?Ñ?ижениÑ? огÑ?аниÑ?ениÑ? Ñ?азмеÑ?а по Ñ?Ñ?ениÑ? HTTP-заголовка.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1303">CVE-2018-1303</a>
- - <p>Robert Swiecki reported that a specially crafted HTTP request header
- - could have crashed the Apache HTTP Server if using
- - mod_cache_socache, due to an out of bound read while preparing data
- - to be cached in shared memory.</p></li>
+ <p>РобеÑ?Ñ? Свики Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й заголовок HTTP-запÑ?оÑ?а
+ можеÑ? вÑ?зваÑ?Ñ? аваÑ?ийнÑ?Ñ? оÑ?Ñ?ановкÑ? HTTP-Ñ?еÑ?веÑ?а Apache в Ñ?лÑ?Ñ?ае иÑ?полÑ?зованиÑ?
+ модÑ?лÑ? mod_cache_socache. Ð?Ñ?облема возникаеÑ? из-за Ñ?Ñ?ениÑ? облаÑ?Ñ?и памÑ?Ñ?и за пÑ?еделами вÑ?деленного
+ бÑ?Ñ?еÑ?а в Ñ?оде подгоÑ?овки даннÑ?Ñ? длÑ? иÑ? кÑ?Ñ?иÑ?ованиÑ? в Ñ?овмеÑ?Ñ?но иÑ?полÑ?зÑ?емÑ?Ñ? памÑ?Ñ?Ñ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1312">CVE-2018-1312</a>
- - <p>Nicolas Daniels discovered that when generating an HTTP Digest
- - authentication challenge, the nonce sent by mod_auth_digest to
- - prevent reply attacks was not correctly generated using a
- - pseudo-random seed. In a cluster of servers using a common Digest
- - authentication configuration, HTTP requests could be replayed across
- - servers by an attacker without detection.</p></li>
+ <p>Ð?иколаÑ? Ð?Ñ?ниелÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о пÑ?и Ñ?оздании вÑ?зова дайджеÑ?Ñ?-аÑ?Ñ?енÑ?иÑ?икаÑ?ии
+ Ñ?лÑ?Ñ?айнÑ?й код, оÑ?пÑ?авлÑ?емÑ?й модÑ?лем mod_auth_digest Ñ? Ñ?елÑ?Ñ? пÑ?едоÑ?вÑ?аÑ?ениÑ?
+ аÑ?ак по оÑ?веÑ?ам, Ñ?оздаÑ?Ñ?Ñ?Ñ? непÑ?авилÑ?но Ñ? иÑ?полÑ?зованием пÑ?евдоÑ?лÑ?Ñ?айного
+ векÑ?оÑ?а генеÑ?аÑ?ии. Ð? клаÑ?Ñ?еÑ?е Ñ?еÑ?веÑ?ов, иÑ?полÑ?зÑ?Ñ?Ñ?иÑ? обÑ?ие наÑ?Ñ?Ñ?ойки
+ дайджеÑ?Ñ?-аÑ?Ñ?енÑ?иÑ?икаÑ?ии, HTTP-запÑ?оÑ?Ñ? могÑ?Ñ? без обнаÑ?Ñ?жениÑ? бÑ?Ñ?Ñ? повÑ?оÑ?енÑ?
+ злоÑ?мÑ?Ñ?ленником длÑ? неÑ?колÑ?киÑ? Ñ?еÑ?веÑ?ов.</p></li>
</ul>
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 2.4.10-10+deb8u12.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 2.4.10-10+deb8u12.</p>
- -<p>For the stable distribution (stretch), these problems have been fixed in
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
version 2.4.25-3+deb9u4.</p>
- -<p>We recommend that you upgrade your apache2 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? apache2.</p>
- -<p>For the detailed security status of apache2 please refer to its security
- -tracker page at:
- -<a href="https://security-tracker.debian.org/tracker/apache2">https://security-tracker.debian.org/tracker/apache2</a></p>
+<p>С подÑ?обнÑ?м Ñ?Ñ?аÑ?Ñ?Ñ?ом поддеÑ?жки безопаÑ?ноÑ?Ñ?и apache2 можно ознакомиÑ?Ñ?Ñ?Ñ? на
+Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?ей Ñ?Ñ?Ñ?аниÑ?е оÑ?Ñ?леживаниÑ? безопаÑ?ноÑ?Ñ?и по адÑ?еÑ?Ñ?
+<a href="https://security-tracker.debian.org/tracker/apache2">\
+https://security-tracker.debian.org/tracker/apache2</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2018/dsa-4164.data"
- -# $Id: dsa-4164.wml,v 1.1 2018/04/03 16:02:47 carnil Exp $
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlrDxJQACgkQXudu4gIW
0qXqchAAk07Af23aR+Y5o0kx/gUX59IclnRw1yu/XduvwXB2AinP2yA/xPjEV/uq
9l2W47aRw6FZUr2pn2M+aC5z8QsobspF0yLlGIuuCp0BT8cPciFfv1H3YuqgzFQ7
o0a8lOPEZEh6TXu7Xxch3R7e3HTyf29YM3hazeqFOUmnC4eRSP7DghxkZV86aa0B
2rVCL3nBJWO+86RWl41Autf7WTzqAICHr2qT59tv3UVBZZt6geaWh9Y5s+96Lfg6
nvasg8mll6rDmdNRWa7tqYwTtEIUFALk29cZQeeHdUfPHyf/91jyohfwJ+/eFRoC
canugs/L0btNUiKHScPf/QCvuJjySBr/6FIuCZylVyuyi0K4YqxWVkvivmsNUjsr
QYFDzmSILiwhz8B04INaMjE0y16KOBDt9GBUzG/pM7rDBQNRFmAW4ccrRxmbJ7LZ
VAMZ2e/7KaqOQsYq6QKT5C/sOl8qlHqb/ZChC0OqhEXQgiHi9B3jVUQuDesWj9sR
X/mGyr2cooOy0oU4uhBkVySuAtaQT0IvVQWb1uMf7EKpWePmpKvYXtPx44cn7DzF
avrRACaGOeHNrZYV8WXxdYjNu9BpWE8v/7kunpkSFHpM5iAZYyOfOTV+oQM+1gh+
0wtzTTTePyoO/pjjvHTPGpp3LX3L+Vkhd2WDTpGkN/y/0dGaEn0=
=Ex0h
-----END PGP SIGNATURE-----
Reply to: