-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2016/dsa-3446.wml 2016-01-14 22:00:07.000000000 +0500 +++ russian/security/2016/dsa-3446.wml 2016-01-14 22:57:05.585979326 +0500 @@ -1,61 +1,62 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>The Qualys Security team discovered two vulnerabilities in the roaming - -code of the OpenSSH client (an implementation of the SSH protocol - -suite).</p> - - - -<p>SSH roaming enables a client, in case an SSH connection breaks - -unexpectedly, to resume it at a later time, provided the server also - -supports it.</p> - - - -<p>The OpenSSH server doesn't support roaming, but the OpenSSH client - -supports it (even though it's not documented) and it's enabled by - -default.</p> +<p>Ðоманда Qualys Security обнаÑÑжила две ÑÑзвимоÑÑи в коде Ð´Ð»Ñ Ð°Ð²ÑомаÑиÑеÑкой +наÑÑÑойки ÑеÑи в клиенÑе OpenSSH (ÑеализаÑии набоÑа пÑоÑоколов +SSH).</p> + +<p>ÐвÑомаÑиÑеÑÐºÐ°Ñ Ð½Ð°ÑÑÑойка ÑеÑи в SSH позволÑÐµÑ ÐºÐ»Ð¸ÐµÐ½ÑÑ Ð² Ñом ÑлÑÑае, еÑли Ñоединение SSH +неожиданно пÑеÑÑваеÑÑÑ, воÑÑÑановиÑÑ ÐµÐ³Ð¾, ÑÑиÑÑваÑ, ÑÑо ÑÑо Ñакже +поддеÑживаеÑÑÑ ÑеÑвеÑом.</p> + +<p>СеÑÐ²ÐµÑ OpenSSH не поддеÑÐ¶Ð¸Ð²Ð°ÐµÑ Ð°Ð²ÑомаÑиÑеÑкÑÑ Ð½Ð°ÑÑÑÐ¾Ð¹ÐºÑ ÑеÑи, но ÐºÐ»Ð¸ÐµÐ½Ñ OpenSSH +поддеÑÐ¶Ð¸Ð²Ð°ÐµÑ ÐµÑ (неÑмоÑÑÑ Ð½Ð° Ñо, ÑÑо об ÑÑом ниÑего Ð½ÐµÑ Ð² докÑменÑаÑии), и она вклÑÑена +по ÑмолÑаниÑ.</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0777">CVE-2016-0777</a> - - <p>An information leak (memory disclosure) can be exploited by a rogue - - SSH server to trick a client into leaking sensitive data from the - - client memory, including for example private keys.</p></li> + <p>УÑеÑка инÑоÑмаÑии (ÑаÑкÑÑÑие ÑодеÑжимого памÑÑи) Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð·Ð»Ð¾ÑмÑÑленником, + владеÑÑим ÑеÑвеÑом SSH, Ð´Ð»Ñ Ñого, ÑÑÐ¾Ð±Ñ Ð¿Ð¾Ð»ÑÑиÑÑ Ð¸Ð· памÑÑи клиенÑа + ÑÑвÑÑвиÑелÑнÑÑ Ð´Ð°Ð½Ð½ÑÑ , вклÑÑаÑ, напÑимеÑ, закÑÑÑÑе клÑÑи.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0778">CVE-2016-0778</a> - - <p>A buffer overflow (leading to file descriptor leak), can also be - - exploited by a rogue SSH server, but due to another bug in the code - - is possibly not exploitable, and only under certain conditions (not - - the default configuration), when using ProxyCommand, ForwardAgent or - - ForwardX11.</p></li> + <p>ÐеÑеполнение бÑÑеÑа (пÑиводÑÑее к ÑÑеÑке Ñайлового деÑкÑипÑоÑа) Ð¼Ð¾Ð¶ÐµÑ + иÑполÑзоваÑÑÑÑ Ð·Ð»Ð¾ÑмÑÑленником, владеÑÑим ÑеÑвеÑом SSH, но из-за дÑÑгой оÑибки в коде, + ÑÑÑ ÑÑзвимоÑÑÑ Ð½ÐµÐ»ÑÐ·Ñ Ð¸ÑполÑзоваÑÑ. ÐÑа ÑÑзвимоÑÑÑ Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð»Ð¸ÑÑ Ð¿Ñи + опÑеделÑннÑÑ ÑÑловиÑÑ (не пÑи иÑполÑзовании наÑÑÑоек по ÑмолÑаниÑ). Ð ÑаÑÑноÑÑи, + пÑи иÑполÑзовании ProxyCommand, ForwardAgent или ForwardX11.</p></li> </ul> - -<p>This security update completely disables the roaming code in the OpenSSH - -client.</p> +<p>Ðанное обновление безопаÑноÑÑи полноÑÑÑÑ Ð¾ÑклÑÑÐ°ÐµÑ ÐºÐ¾Ð´ Ð´Ð»Ñ Ð°Ð²ÑомаÑиÑеÑкой наÑÑÑойки ÑеÑи +в клиенÑе OpenSSH.</p> - -<p>It is also possible to disable roaming by adding the (undocumented) - -option <q>UseRoaming no</q> to the global /etc/ssh/ssh_config file, or to the - -user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on - -the command line.</p> +<p>ÐÑоме Ñого, обновление оÑклÑÑÐ°ÐµÑ Ð°Ð²ÑомаÑиÑеÑкÑÑ Ð½Ð°ÑÑÑÐ¾Ð¹ÐºÑ ÑеÑи пÑÑÑм Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ (недокÑменÑиÑованной) +опÑии <q>UseRoaming no</q> в глобалÑнÑй Ñайл наÑÑÑойки /etc/ssh/ssh_config, либо в +полÑзоваÑелÑÑкие наÑÑÑойки в ~/.ssh/config, либо же пеÑÐµÐ´Ð°Ð²Ð°Ñ -oUseRoaming=no +в командной ÑÑÑоке.</p> - -<p>Users with passphrase-less privates keys, especially in non interactive - -setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to - -update their keys if they have connected to an SSH server they don't - -trust.</p> +<p>ÐолÑзоваÑелÑм Ñ Ð·Ð°ÐºÑÑÑÑми клÑÑами, не заÑиÑÑннÑми паÑолÑми, в оÑобенноÑÑи в ÑлÑÑае, +еÑли иÑполÑзÑÑÑÑÑ Ð½Ð°ÑÑÑойки без инÑеÑакÑивного Ñежима (авÑомаÑизиÑованнÑе задаÑи, иÑполÑзÑÑÑие +ssh, scp, rsync+ssh и Ñ. д.) ÑекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ñвои клÑÑи в Ñом ÑлÑÑае, +еÑли они подклÑÑаÑÑÑÑ Ðº ÑеÑвеÑÑ SSH, коÑоÑÐ¾Ð¼Ñ Ð¾Ð½Ð¸ не довеÑÑÑÑ.</p> - -<p>More details about identifying an attack and mitigations will be - -available in the Qualys Security Advisory.</p> +<p>ÐополниÑелÑнÑе ÑÐ²ÐµÐ´ÐµÐ½Ð¸Ñ Ð¾Ð± опÑеделении ÑÑой аÑаки и ÑпоÑобов ÐµÑ Ð½ÐµÐ´Ð¾Ð¿ÑÑÐµÐ½Ð¸Ñ +бÑдÑÑ Ð´Ð¾ÑÑÑÐ¿Ð½Ñ Ð² ÑекомендаÑии по безопаÑÑи Qualys.</p> - -<p>For the oldstable distribution (wheezy), these problems have been fixed - -in version 1:6.0p1-4+deb7u3.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (wheezy) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 1:6.0p1-4+deb7u3.</p> - -<p>For the stable distribution (jessie), these problems have been fixed in - -version 1:6.7p1-5+deb8u1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1:6.7p1-5+deb8u1.</p> - -<p>For the testing distribution (stretch) and unstable distribution (sid), these - -problems will be fixed in a later version.</p> +<p>Ð ÑеÑÑиÑÑемом (stretch) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ ÑÑи +пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² более поздней веÑÑии.</p> - -<p>We recommend that you upgrade your openssh packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ openssh.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWl+GfAAoJEF7nbuICFtKl7HwP/3/RkxLVawW+WWsneBVRgQNK Jf37MdjQoq8jBvZz+NomgmozlV3CBBfrFs/+5wqMAUT1RfSa12m4z2r/6hktOp2v NjuA9MKL1sgyvk73OJf2GgjyfJdnUfYWsqX5WZqfV5ObfRTQvoMfBW8CQlKzhdGi Cp3AM+9pzMxm+1WQjLGmWa8L2U3RxSAQ47/tzPwF3lX1HIasHXxEzh0ksjXwHkpm oIvnY4dEUuvbS4FAP9cYWooQo2oLdBKiaj3pKWNyTpdHrAUqppb73/Z5GCDGwMlo AB8YVTjd15vluIsDk3sdduvoreCiBDDEDt5d+rMkaVUMrpcGamhO6tdgGBfNHWdq tyZLUGwjWWxamWb8Rh10hlxBDMsxyh0sXicHZ+vNnBA/Lyk3GXkWnSW7UUcJsLf0 rhtEvyNjq3QJqRdQBpjwRE3ruZ77Y8DRSJy+R7AZMvL1XKt7uJvn2rMCX/kURWVL 5E04Teau4uNx9bm4gKQ918GJYxJjbXfDEh+ypi4cIAlNJqmzPBxDpyLT4e6NhPuK pnSHpDa1WaqGEjrWfjEFSC738IUmmVLiZUIVEhStnr6TcTGgQZ30SKhEfhdVbCUH cLlG3uoCECqqFCa0zmPhmf1FTHFQjjIW50xJGlj/DinZlkFhNPYeh1Z7s8+7YwAK 4QlS0WlaYAXMgA02eCwD =vI// -----END PGP SIGNATURE-----

