-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2005/dsa-695.wml 2005-03-22 01:44:24.000000000 +0500 +++ russian/security/2005/dsa-695.wml 2016-08-29 13:03:08.095998731 +0500 @@ -1,39 +1,40 @@ - -<define-tag description>buffer overflow, input sanitising, integer overflow</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>пеÑеполнение бÑÑеÑа, оÑиÑÑка Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ , пеÑеполнение ÑелÑÑ ÑиÑел</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in xli, an image viewer - -for X11. The Common Vulnerabilities and Exposures project identifies - -the following problems:</p> +<p>Ð xli, пÑоÑмоÑÑÑике изобÑажений Ð´Ð»Ñ X11, бÑло обнаÑÑжено неÑколÑко +ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0775">CAN-2001-0775</a> - - <p>A buffer overflow in the decoder for FACES format images could be - - exploited by an attacker to execute arbitrary code. This problem - - has already been fixed in xloadimage in + <p>ÐеÑеполнение бÑÑеÑа в декодеÑе изобÑажений в ÑоÑмаÑе FACES Ð¼Ð¾Ð¶ÐµÑ + иÑполÑзоваÑÑÑÑ Ð·Ð»Ð¾ÑмÑÑленником Ð´Ð»Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода. ÐÑа пÑоблема + Ñже бÑла иÑпÑавлена в xloadimage в <a href="../2001/dsa-069">DSA 069</a>.</p> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0638">CAN-2005-0638</a> - - <p>Tavis Ormandy of the Gentoo Linux Security Audit Team has reported - - a flaw in the handling of compressed images, where shell - - meta-characters are not adequately escaped.</p> + <p>ТÑÐ²Ð¸Ñ ÐÑманди из ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð°ÑдиÑа безопаÑноÑÑи Gentoo Linux ÑообÑил + об ÑÑзвимоÑÑи в коде обÑабоÑки ÑжаÑÑÑ Ð¸Ð·Ð¾Ð±Ñажений, пÑи коÑоÑой + меÑаÑÐ¸Ð¼Ð²Ð¾Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð¹ оболоÑки ÑкÑаниÑÑÑÑÑÑ Ð½ÐµÐ´Ð¾ÑÑаÑоÑнÑм обÑазом.</p> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0639">CAN-2005-0639</a> - - <p>Insufficient validation of image properties in have been - - discovered which could potentially result in buffer management - - errors.</p> + <p>ÐÑла обнаÑÑÐ¶ÐµÐ½Ñ Ð½ÐµÐ´Ð¾ÑÑаÑоÑÐ½Ð°Ñ Ð¿ÑовеÑка ÑвойÑÑв изобÑажениÑ, + коÑоÑÐ°Ñ Ð¿Ð¾ÑенÑиалÑно Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº оÑибкам в ÑпÑавлении + бÑÑеÑом.</p> </ul> - -<p>For the stable distribution (woody) these problems have been fixed in - -version 1.17.0-11woody1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (woody) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.17.0-11woody1.</p> - -<p>For the unstable distribution (sid) these problems have been fixed in - -version 1.17.0-18.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.17.0-18.</p> - -<p>We recommend that you upgrade your xli package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ xli.</p> </define-tag> # do not modify the following line - --- english/security/2005/dsa-846.wml 2005-10-07 21:51:35.000000000 +0600 +++ russian/security/2005/dsa-846.wml 2016-08-29 13:07:55.579840313 +0500 @@ -1,38 +1,39 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Two vulnerabilities have been discovered in cpio, a program to manage - -archives of files. The Common Vulnerabilities and Exposures project - -identifies the following problems:</p> +<p>Ð cpio, пÑогÑамме Ð´Ð»Ñ ÑабоÑÑ Ñ Ð°ÑÑ Ð¸Ð²Ð°Ð¼Ð¸ Ñайлов, бÑли обнаÑÑÐ¶ÐµÐ½Ñ Ð´Ð²Ðµ +ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures +опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1111">CAN-2005-1111</a> - - <p>Imran Ghory discovered a race condition in setting the file - - permissions of files extracted from cpio archives. A local - - attacker with write access to the target directory could exploit - - this to alter the permissions of arbitrary files the extracting - - user has write permissions for.</p></li> + <p>ÐмÑан ÐоÑи обнаÑÑжил ÑоÑÑоÑние гонки в коде ÑÑÑановки пÑав доÑÑÑпа + к Ñайлам, ÑаÑпакованнÑм из аÑÑ Ð¸Ð²Ð¾Ð² cpio. ÐокалÑнÑй + злоÑмÑÑленник, имеÑÑий доÑÑÑп Ñ Ð¿Ñавами на запиÑÑ Ð² Ñелевой каÑалог, Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ + ÑÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¿Ñав доÑÑÑпа пÑоизволÑнÑÑ Ñайлов, пÑава на запиÑÑ Ð² коÑоÑÑе Ð¸Ð¼ÐµÐµÑ + полÑзоваÑÐµÐ»Ñ Ð²ÑполнÑÑÑий ÑаÑпаковкÑ.</p></li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1229">CAN-2005-1229</a> - - <p>Imran Ghory discovered that cpio does not sanitise the path of - - extracted files even if the --no-absolute-filenames option was - - specified. This can be exploited to install files in arbitrary - - locations where the extracting user has write permissions to.</p></li> + <p>ÐмÑан ÐоÑи обнаÑÑжил, ÑÑо cpio не вÑполнÑÐµÑ Ð¾ÑиÑÑÐºÑ Ð¿ÑÑи + ÑаÑпакованнÑÑ Ñайлов даже в ÑлÑÑае иÑполÑзовании опÑии + --no-absolute-filenames. ÐÑа ÑÑзвимоÑÑÑ Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð´Ð»Ñ ÑÑÑановки Ñайлов + в пÑоизволÑнÑе меÑÑа, пÑава на запиÑÑ Ð² коÑоÑÑе Ð¸Ð¼ÐµÐµÑ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ Ð²ÑполнÑÑÑий ÑаÑпаковкÑ.</p></li> </ul> - -<p>For the old stable distribution (woody) these problems have been fixed in - -version 2.4.2-39woody2.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (woody) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.4.2-39woody2.</p> - -<p>For the stable distribution (sarge) these problems have been fixed in - -version 2.5-1.3.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (sarge) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.5-1.3.</p> - -<p>For the unstable distribution (sid) these problems have been fixed in - -version 2.6-6.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.6-6.</p> - -<p>We recommend that you upgrade your cpio package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ cpio.</p> </define-tag> # do not modify the following line - --- english/security/2005/dsa-897.wml 2012-12-17 01:12:33.000000000 +0600 +++ russian/security/2005/dsa-897.wml 2016-08-29 12:58:58.679011986 +0500 @@ -1,38 +1,39 @@ - -<define-tag description>programming errors</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>оÑибки пÑогÑаммиÑованиÑ</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in phpsysinfo, a PHP - -based host information application. The Common Vulnerabilities and - -Exposures project identifies the following problems: </p> +<p>Ð phpsysinfo, пÑиложении Ð´Ð»Ñ Ð¿Ð¾Ð»ÑÑÐµÐ½Ð¸Ñ Ð¸Ð½ÑоÑмаÑии об Ñзле на ÑзÑке PHP, +бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and +Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ: </p> <ul> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0870">CVE-2005-0870</a> - - <p>Maksymilian Arciemowicz discovered several cross site scripting - - problems, of which not all were fixed in DSA <a href="dsa-724">724</a>.</p></li> + <p>ÐакÑимилиан ÐÑÑÐµÐ¼Ð¾Ð²Ð¸Ñ Ð¾Ð±Ð½Ð°ÑÑжил неÑколÑко ÑлÑÑаем межÑайÑового ÑкÑипÑинга, + из коÑоÑÑÑ Ð½Ðµ вÑе бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² DSA <a href="dsa-724">724</a>.</p></li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3347">CVE-2005-3347</a> - - <p>Christopher Kunz discovered that local variables get overwritten - - unconditionally and are trusted later, which could lead to the - - inclusion of arbitrary files.</p></li> + <p>ÐÑиÑÑоÑÐµÑ ÐÑÐ½Ñ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо локалÑнÑе пеÑеменнÑе могÑÑ Ð±ÑÑÑ Ð¿ÐµÑезапиÑÐ°Ð½Ñ Ð±ÐµÐ· + огÑаниÑений, в далÑнейÑем к ним ÑÐ¾Ñ ÑанÑеÑÑÑ Ð´Ð¾Ð²ÐµÑие, ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº + вклÑÑÐµÐ½Ð¸Ñ Ð¿ÑоизволÑнÑÑ Ñайлов.</p></li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3348">CVE-2005-3348</a> - - <p>Christopher Kunz discovered that user-supplied input is used - - unsanitised, causing a HTTP Response splitting problem.</p></li> + <p>ÐÑиÑÑоÑÐµÑ ÐÑÐ½Ñ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо пеÑедаваемÑе полÑзоваÑелем Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½Ñе иÑполÑзÑÑÑÑÑ + в неоÑиÑенном виде, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº ÑÐ°Ð·Ð´ÐµÐ»ÐµÐ½Ð¸Ñ HTTP-оÑвеÑов.</p></li> </ul> - -<p>For the old stable distribution (woody) these problems have been fixed in - -version 2.0-3woody3.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (woody) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.0-3woody3.</p> - -<p>For the stable distribution (sarge) these problems have been fixed in - -version 2.3-4sarge1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (sarge) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.3-4sarge1.</p> - -<p>For the unstable distribution (sid) these problems will be fixed soon.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð·Ð¶Ðµ.</p> - -<p>We recommend that you upgrade your phpsysinfo package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ phpsysinfo.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXw+1eAAoJEF7nbuICFtKlVXoP/1brGzwhRhQY2GOaSsm+slV5 KJ4G5yamnYcyrsQ3SnPcBmI0zOf1+hjMPnO07h0id0C1n3K9sTbwmnkHUCtDRxa2 PMQJ7F0XH5gkyTBNXxWbz4X4sjt12yQIodyFqjj6yybG1zB8c0tPj3cx1v0Cw0h7 XSV/HeunjoYtAMFmyEGu0KUeLcHQYgHLxFZL2AjjCGNXPN+GWwFDxrHa10wwG6nw ismxZP7A7WYGCAJTdSdZlFa9YKwM6hay5EEPuubHijkBErRc1lMtpuJC49AsomEm Agajl8UzBLjaosr8pEex8Br8m64VRMUKjCno07FNCyenPdvnOuGpHacDvkVIe83a gu9m2kJkvRYJ/q5DJGdilQD6j0jCHUFBl0twvC9X0EYl19GDMgl6uErJHJ/1fQGT 8uSnldFi2IWNaN8gknYM0qY3VodnEEtjIH/eeAvo81Hi6TidiT50gavg9Vl4sNH3 T89IldMLFM8eOlmHpiUeWOqa1aU1/v/HU0d6gpV14GUHHtaSsERbnFVRq2dwuzPp I57ZOjT2sCAzgHgCl4C59DGLkfZrugQ3PyVKfoUo/Ebv3KiKyJr+oaBp23rXCX3P TIV4fMBxonTE+QfYNA/EPDj6iUw5fzMjW+rBV5hDxVPL8pGPuutZV1ex1FHB4Ydr CcPc6eZ9yWTV8Ua6xiQq =vpEy -----END PGP SIGNATURE-----