--- ../../english/security/2018/dsa-4218.wml 2018-06-07 12:59:29.532625032 +0500 +++ 2018/dsa-4218.wml 2018-06-07 13:07:54.893475015 +0500 @@ -1,50 +1,51 @@ -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="4ebfdd503e9e85f67ec7fcf9034b307c4969a337" mindelta="1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> -<p>Several vulnerabilities were discovered in memcached, a high-performance -memory object caching system. The Common Vulnerabilities and Exposures -project identifies the following problems:</p> +<p>Ð memcached, вÑÑокопÑоизводиÑелÑной ÑиÑÑеме кÑÑиÑованиÑ, бÑло обнаÑÑжено +неÑколÑко ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures +опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-9951">CVE-2017-9951</a> - <p>Daniel Shapira reported a heap-based buffer over-read in memcached - (resulting from an incomplete fix for <a href="https://security-tracker.debian.org/tracker/CVE-2016-8705">CVE-2016-8705</a>) triggered by - specially crafted requests to add/set a key and allowing a remote - attacker to cause a denial of service.</p></li> + <p>ÐÑÐ½Ð¸ÐµÐ»Ñ Ð¨Ð°Ð¿Ð¸Ñа ÑообÑил о ÑÑении за пÑеделами вÑделенного бÑÑеÑа динамиÑеÑкой памÑÑи в memcached + (из-за неполного иÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ <a href="https://security-tracker.debian.org/tracker/CVE-2016-8705">\ + CVE-2016-8705</a>), вÑзÑваемом ÑпеÑиалÑно ÑÑоÑмиÑованнÑми запÑоÑами на добавление/ÑÑÑÐ°Ð½Ð¾Ð²ÐºÑ + клÑÑа и позволÑÑÑем ÑдалÑÐ½Ð½Ð¾Ð¼Ñ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²ÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1000115">CVE-2018-1000115</a> - <p>It was reported that memcached listens to UDP by default. A remote - attacker can take advantage of it to use the memcached service as a - DDoS amplifier.</p> - - <p>Default installations of memcached in Debian are not affected by - this issue as the installation defaults to listen only on localhost. - This update disables the UDP port by default. Listening on the UDP - can be re-enabled in the /etc/memcached.conf (cf. + <p>ÐÑло ÑообÑено, ÑÑо memcached по ÑмолÑÐ°Ð½Ð¸Ñ Ð¿ÑоÑлÑÑÐ¸Ð²Ð°ÐµÑ UDP. УдалÑннÑй + злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑо обÑÑоÑÑелÑÑÑво Ð´Ð»Ñ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ ÑлÑÐ¶Ð±Ñ memcached + Ñ ÑелÑÑ ÑÑÐ¸Ð»ÐµÐ½Ð¸Ñ ÑаÑпÑеделÑнной аÑаки по вÑÐ·Ð¾Ð²Ñ Ð¾Ñказа в обÑлÑживании.</p> + + <p>УÑÑановки по ÑмолÑÐ°Ð½Ð¸Ñ memcached в Debian не подвеÑÐ¶ÐµÐ½Ñ Ñказанной + пÑоблеме, поÑколÑÐºÑ Ð¿Ð¾ ÑмолÑÐ°Ð½Ð¸Ñ Ð¿ÑоÑлÑÑивание ведÑÑÑÑ ÑолÑко Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»Ñного Ñзла. + Ðанное обновление по ÑмолÑÐ°Ð½Ð¸Ñ Ð¾ÑклÑÑÐ°ÐµÑ Ð¿Ð¾ÑÑ UDP. ÐÑоÑлÑÑивание UDP + можно повÑоÑно вклÑÑиÑÑ Ð² Ñайле /etc/memcached.conf (Ñм. /usr/share/doc/memcached/NEWS.Debian.gz).</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1000127">CVE-2018-1000127</a> - <p>An integer overflow was reported in memcached, resulting in resource - leaks, data corruption, deadlocks or crashes.</p></li> + <p>ÐÑло ÑообÑено о пеÑеполнении ÑелÑÑ ÑиÑел в memcached, пÑиводÑÑем к ÑÑеÑкам + ÑеÑÑÑÑов, повÑеждении даннÑÑ , блокиÑовкам или аваÑийнÑм оÑÑановкам.</p></li> </ul> -<p>For the oldstable distribution (jessie), these problems have been fixed -in version 1.4.21-1.1+deb8u2.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 1.4.21-1.1+deb8u2.</p> -<p>For the stable distribution (stretch), these problems have been fixed in -version 1.4.33-1+deb9u1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (stretch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.4.33-1+deb9u1.</p> -<p>We recommend that you upgrade your memcached packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ memcached.</p> -<p>For the detailed security status of memcached please refer to its -security tracker page at: -<a href="https://security-tracker.debian.org/tracker/memcached">https://security-tracker.debian.org/tracker/memcached</a></p> +<p>С подÑобнÑм ÑÑаÑÑÑом поддеÑжки безопаÑноÑÑи memcached можно ознакомиÑÑÑÑ Ð½Ð° +ÑооÑвеÑÑÑвÑÑÑей ÑÑÑаниÑе оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи по адÑеÑÑ +<a href="https://security-tracker.debian.org/tracker/memcached">\ +https://security-tracker.debian.org/tracker/memcached</a></p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2018/dsa-4218.data" -# $Id: $