-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2000/20001111.wml 2001-04-19 21:52:09.000000000 +0600 +++ russian/security/2000/20001111.wml 2016-01-19 17:13:45.203216640 +0500 @@ -1,20 +1,21 @@ +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" <define-tag moreinfo> - -The version of gnupg that was distributed in Debian GNU/Linux 2.2 had - -a logic error in the code that checks for valid signatures which could - -cause false positive results: Jim Small discovered that if the input - -contained multiple signed sections the exit-code gnupg returned was - -only valid for the last section, so improperly signed other sections - -were not noticed. +ÐеÑÑÐ¸Ñ gnupg, поÑÑавлÑÐµÐ¼Ð°Ñ Ð² ÑоÑÑаве Debian GNU/Linux 2.2, ÑодеÑÐ¶Ð¸Ñ +логиÑеÑкÑÑ Ð¾ÑÐ¸Ð±ÐºÑ Ð² коде Ð´Ð»Ñ Ð¿ÑовеÑки пÑавилÑноÑÑи подпиÑей, коÑоÑÐ°Ñ Ð¼Ð¾Ð¶ÐµÑ +пÑиводиÑÑ Ðº ложнÑм ÑÑабаÑÑваниÑм: Ðжим Смолл обнаÑÑжил, ÑÑо еÑли Ð²Ñ Ð¾Ð´Ð½Ñе даннÑе +ÑодеÑÐ¶Ð°Ñ Ð½ÐµÑколÑко подпиÑаннÑÑ Ñазделов, Ñо код вÑÑ Ð¾Ð´Ð°, возвÑаÑаемÑй gnupg, +пÑавилен ÑолÑко Ð´Ð»Ñ Ð¿Ð¾Ñледнего Ñаздела, из-за ÑÑого непÑавилÑно подпиÑаннÑе +ÑÐ°Ð·Ð´ÐµÐ»Ñ Ð¿ÐµÑед поÑледним не замеÑаÑÑÑÑ. - -<p>This has been fixed in version 1.0.4-1 and we recommend that you upgrade - -your gnupg package to that version. Please note that this version of gnupg - -includes the RSA code directly instead of relying on the gpg-rsa package. - -This means that the <code>"load-extension rsa"</code> command in - -<code>~/.gnupg/options</code> is no longer needed and must be removed: gnupg - -will not work correctly if it tries to load an extension that is not - -present. +<p>ÐÑа ÑÑзвимоÑÑÑ Ð±Ñла иÑпÑавлена в веÑÑии 1.0.4-1, ÑекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ +Ð¿Ð°ÐºÐµÑ gnupg до ÑÑой веÑÑии. ÐамеÑÑÑе, ÑÑо ÑÑа веÑÑÐ¸Ñ gnupg +ÑодеÑÐ¶Ð¸Ñ ÐºÐ¾Ð´ RSA, а не обÑаÑаеÑÑÑ Ðº пакеÑÑ gpg-rsa. +ÐÑо ознаÑаеÑ, ÑÑо команда <code>"load-extension rsa"</code> в +<code>~/.gnupg/options</code> более не нÑжна и должна бÑÑÑ Ñдалена: gnupg +бÑÐ´ÐµÑ ÑабоÑаÑÑ Ð½ÐµÐºÐ¾ÑÑекÑно в Ñом ÑлÑÑае, еÑли бÑÐ´ÐµÑ Ð¿Ñоизведена попÑÑка загÑÑзиÑÑ +оÑÑÑÑÑÑвÑÑÑее ÑаÑÑиÑение. </define-tag> - -<define-tag description>incorrect signature verification</define-tag> +<define-tag description>некоÑÑекÑÐ½Ð°Ñ Ð¿ÑовеÑка подпиÑи</define-tag> # do not modify the following line #include '$(ENGLISHDIR)/security/2000/20001111.data' - --- english/security/2000/20001120.wml 2001-04-19 21:52:09.000000000 +0600 +++ russian/security/2000/20001120.wml 2016-01-19 17:36:33.036212890 +0500 @@ -1,19 +1,20 @@ - -<define-tag moreinfo>Sebastian Krahmer found a problem in the modprobe utility - -that could be exploited by local users to run arbitrary commands as root if the - -machine is running a kernel with kmod enabled. +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag moreinfo>СебаÑÑиан ÐÑÐ°Ð¼ÐµÑ Ð¾Ð±Ð½Ð°ÑÑжил пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð² ÑÑилиÑе modprobe, +коÑоÑÐ°Ñ Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð»Ð¾ÐºÐ°Ð»ÑнÑми полÑзоваÑелÑми Ð´Ð»Ñ Ð·Ð°Ð¿ÑÑка пÑоизволÑнÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´ Ð¾Ñ Ð»Ð¸Ñа ÑÑпеÑполÑзоваÑÐµÐ»Ñ Ð² Ñом ÑлÑÑае, +еÑли на маÑине запÑÑено ÑдÑо Ñ Ð²ÐºÐ»ÑÑÑнной опÑией kmod. - -<p>The kmod kernel feature allows the kernel to dynamically load kernel modules if - -functionality is required that is not present in the running kernel. It does - -this by invoking the modprobe command with the requested module as parameter. - -This parameter can be influenced by users, for example by opening a currently - -non-existing files on a devfs filesystem, or trying to access a non-existing - -network interface. Since modprobe did not properly escape shell meta-characters - -when calling external commands or check if the last parameters was an option - -instead of a modulename, users can cause it to run arbitrary commands. +<p>ÐпÑÐ¸Ñ kmod позволÑÐµÑ ÑдÑÑ Ð´Ð¸Ð½Ð°Ð¼Ð¸ÑеÑки загÑÑжаÑÑ Ð¼Ð¾Ð´Ñли ÑдÑа, еÑли +ÑÑебÑÐµÐ¼Ð°Ñ ÑÑнкÑионалÑноÑÑÑ Ð¾ÑÑÑÑÑÑвÑÐµÑ Ð² запÑÑенном ÑдÑе. ÐÑо вÑполнÑеÑÑÑ +благодаÑÑ Ð·Ð°Ð¿ÑÑÐºÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ modprobe Ñ ÑÑебÑемÑм модÑлем в каÑеÑÑве паÑамеÑÑа. +ÐÑÐ¾Ñ Ð¿Ð°ÑамеÑÑ Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ Ð¸Ð·Ð¼ÐµÐ½Ñн полÑзоваÑелÑми, напÑимеÑ, пÑÑÑм оÑкÑÑÑÐ¸Ñ +неÑÑÑеÑÑвÑÑÑÐ¸Ñ Ð² даннÑй Ð¼Ð¾Ð¼ÐµÐ½Ñ Ñайлов в Ñайловой ÑиÑÑеме devfs, либо пÑи попÑÑке обÑаÑÐµÐ½Ð¸Ñ Ðº неÑÑÑеÑÑвÑÑÑÐµÐ¼Ñ +ÑеÑÐµÐ²Ð¾Ð¼Ñ Ð¸Ð½ÑеÑÑейÑÑ. ÐоÑколÑÐºÑ modprobe непÑавилÑно ÑкÑаниÑÑÐµÑ Ð¼ÐµÑаÑÐ¸Ð¼Ð²Ð¾Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð¹ оболоÑки +пÑи вÑзове внеÑÐ½Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´, либо непÑавилÑно вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ð¿Ð¾Ñледнего паÑамеÑÑа на пÑÐµÐ´Ð¼ÐµÑ Ñого, ÑвлÑеÑÑÑ +ли он именем модÑлÑ, поÑÑолÑÐºÑ Ð¿Ð¾Ð»ÑзоваÑели могÑÑ Ð·Ð°Ð¿ÑÑкаÑÑ Ð¿ÑоизволÑнÑе командÑ. - -<p>This has been fixed in version 2.3.11-12 and we recommend that you upgrade your - -modutils package immediately.</define-tag> - -<define-tag description>local exploit</define-tag> +<p>ÐÑа пÑоблема бÑла иÑпÑавлена в веÑÑии 2.3.11-12, ÑекомендÑеÑÑÑ ÐºÐ°Ðº можно ÑкоÑее +обновиÑÑ Ð¿Ð°ÐºÐµÑ modutils.</define-tag> +<define-tag description>локалÑÐ½Ð°Ñ ÑÑзвимоÑÑÑ</define-tag> # do not modify the following line #include '$(ENGLISHDIR)/security/2000/20001120.data' -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWni42AAoJEF7nbuICFtKltu0QAIEioOOlOCxaewDqR3QeUNz0 odRQJBH0Hc8ekiBuAe2cehLINbZJg0BmUjlZAcfBP/odgosWhVZkwAzCkA8rkU++ re52ltCb6PTmlrLqZLN5COQLC3bD7WBRg0lIG9LNGGed8MUUWST4YxIEHVj8upjL 8qeclt2bM/dhrav6klEOSIlEM1Tc1Afish9CyxuNQzNS+CzxIrD+Th1prs5Upytt v4moZ4t9vI5D4dp/eTFSjck6aaVEx5z9eR5wNdzSyakRK6AQ2cdNpdGTnrEvejmh h80wXOqYUguFWrxSY5TDMp617BamUxh9+ilgcy91dbvGb95DfoWF8zjWPbnVrfqY 0s/wzb83f65RMPxxe0LwRH+Eoq0t7qmnVBvjzWxYjiXn4F+/T+Nfg6CX4YKbeczz h5wirHOCmRhY5vd56UyWXnM0l3MD7Ad2jnFsYE3/UodLqJgTiJBB/UgSWppgfPLk JyNbOcShvSC8/4N+8iMoK1WR7ANMIS2ThMEcg2PcTF9bYXOGfWoMZWvYYGOW2x5k FIgVRudqBYfTty8sBO/AAihX3laNTZHzPTFwbaAFtFSZsh7RxQBwX4J0sqTOkoc7 jjNeEbo5U7C56usUAiunXLUh7FPxU/hseymTNO1D+L5dklbWumk/8CBOsYkZOHQa HPaodTMQawtzHbc3DS2C =WUf8 -----END PGP SIGNATURE-----

