-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2010/dsa-1968.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-1968.wml 2016-02-16 12:24:35.322949041 +0500 @@ -1,30 +1,31 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>It was discovered that pdns-recursor, the PowerDNS recursive name - -server, contains several vulnerabilities:</p> +<p>ÐÑло обнаÑÑжено ÑÑо pdns-recursor, ÑеÑÐ²ÐµÑ ÑекÑÑÑивнÑÑ Ð¸Ð¼Ñн +PowerDNS, ÑодеÑÐ¶Ð¸Ñ Ð½ÐµÑколÑко ÑÑзвимоÑÑей:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-4009";>CVE-2009-4009</a> - -<p>A buffer overflow can be exploited to crash the daemon, or potentially - -execute arbitrary code.</p></li> +<p>ÐеÑеполнение бÑÑеÑа Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð´Ð»Ñ Ð°Ð²Ð°Ñийной оÑÑановки ÑлÑÐ¶Ð±Ñ Ð¸Ð»Ð¸ поÑенÑиалÑного +вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-4010";>CVE-2009-4010</a> - -<p>A cache poisoning vulnerability may allow attackers to trick the - -server into serving incorrect DNS data.</p></li> +<p>ÐÑÑавление кеÑа Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð·Ð»Ð¾ÑмÑÑленникам заÑÑавиÑÑ +ÑеÑÐ²ÐµÑ Ð¿ÐµÑедаÑÑ Ð½ÐµÐºÐ¾ÑÑекÑнÑе даннÑе DNS.</p></li> </ul> - -<p>For the oldstable distribution (etch), fixed packages will be - -provided soon.</p> +<p>ÐÐ»Ñ Ð¿ÑедÑдÑÑего ÑÑабилÑного вÑпÑÑка (etch) иÑпÑавленнÑе пакеÑÑ Ð±ÑдÑÑ +пÑедоÑÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð·Ð¶Ðµ.</p> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 3.1.7-1+lenny1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 3.1.7-1+lenny1.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 3.1.7.2-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 3.1.7.2-1.</p> - -<p>We recommend that you upgrade your pdns-recursor package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ pdns-recursor.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-1983.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-1983.wml 2016-02-16 12:21:29.429114923 +0500 @@ -1,29 +1,30 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.6" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several remote vulnerabilities have been discovered in the Wireshark - -network traffic analyzer, which may lead to the execution of arbitrary - -code or denial of service. The Common Vulnerabilities and Exposures - -project identifies the following problems: </p> +<p>Ð Wireshark, анализаÑоÑе ÑеÑевого ÑÑаÑика, бÑло обнаÑÑжено неÑколÑко ÑдалÑннÑÑ +ÑÑзвимоÑÑей, коÑоÑÑе могÑÑ Ð¿ÑиводиÑÑ Ðº вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного +кода или оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures +опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ: </p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-4377";>CVE-2009-4377</a> - - <p>A NULL pointer dereference was found in the SMB/SMB2 dissectors.</p></li> + <p>ÐÑло обнаÑÑжено ÑазÑменование NULL-ÑказаÑÐµÐ»Ñ Ð² диÑÑекÑоÑÐ°Ñ SMB/SMB2.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0304";>CVE-2010-0304</a> - - <p>Several buffer overflows were found in the LWRES dissector.</p></li> + <p>ÐеÑколÑко пеÑеполнений бÑÑеÑа бÑло обнаÑÑжено в диÑÑекÑоÑе LWRES.</p></li> </ul> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 1.0.2-3+lenny8.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.0.2-3+lenny8.</p> - -<p>For the unstable distribution (sid) these problems have been fixed in - -version 1.2.6-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.2.6-1.</p> - -<p>We recommend that you upgrade your Wireshark packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ Wireshark.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-1985.wml 2010-12-21 07:01:52.000000000 +0500 +++ russian/security/2010/dsa-1985.wml 2016-02-16 12:16:11.434139803 +0500 @@ -1,24 +1,25 @@ - -<define-tag description>insufficient input validation</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>недоÑÑаÑоÑÐ½Ð°Ñ Ð¿ÑовеÑка Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ </define-tag> <define-tag moreinfo> - -<p>It was discovered that sendmail, a Mail Transport Agent, does not properly handle - -a '\0' character in a Common Name (CN) field of an X.509 certificate.</p> +<p>ÐÑло обнаÑÑжено, ÑÑо sendmail, Ð°Ð³ÐµÐ½Ñ Ð¿ÐµÑеÑÑлки поÑÑÑ, непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ +Ñимвол '\0' в поле Common Name (CN) ÑеÑÑиÑикаÑа X.509.</p> - -<p>This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server - -certificate issued by a legitimate Certification Authority, and to bypass intended - -access restrictions via a crafted client certificate issued by a legitimate - -Certification Authority.</p> +<p>ÐÑо позволÑÐµÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð¿Ð¾Ð´Ð´ÐµÐ»ÑваÑÑ Ð¿ÑоизволÑнÑе SMTP-ÑеÑвеÑÑ Ñ SSL пÑи помоÑи ÑпеÑиалÑно +ÑÑоÑмиÑованного ÑеÑвеÑного ÑеÑÑиÑикаÑа, вÑданного дейÑÑвÑÑÑим авÑоÑиÑеÑом и Ð¾Ð±Ñ Ð¾Ð´Ð¸ÑÑ +огÑаниÑÐµÐ½Ð¸Ñ Ð´Ð¾ÑÑÑпа пÑи помоÑи ÑпеÑиалÑно ÑÑоÑмиÑованного клиенÑÑкого ÑеÑÑиÑикаÑа, вÑданного +дейÑÑвÑÑÑим авÑоÑиÑеÑом.</p> - -<p>For the oldstable distribution (etch), this problem has been fixed in - -version 8.13.8-3+etch1</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (etch) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 8.13.8-3+etch1</p> - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 8.14.3-5+lenny1</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 8.14.3-5+lenny1</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 8.14.3-9.1, and will migrate to the testing distribution (squeeze) - -shortly.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 8.14.3-9.1, ÑÑа веÑÑÐ¸Ñ Ð² ближайÑее вÑÐµÐ¼Ñ Ð¿ÐµÑейдÑÑ Ð² +ÑеÑÑиÑÑемÑй вÑпÑÑк (squeeze).</p> - -<p>We recommend that you upgrade your sendmail package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ sendmail.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2022.wml 2010-03-25 02:27:19.000000000 +0500 +++ russian/security/2010/dsa-2022.wml 2016-02-16 13:03:04.765087104 +0500 @@ -1,29 +1,30 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in mediawiki, a web-based wiki - -engine. The following issues have been identified:</p> +<p>Ð mediawiki, веб-движке Ð´Ð»Ñ Ð²Ð¸ÐºÐ¸, бÑло обнаÑÑжено неÑколÑко +ÑÑзвимоÑÑей. ÐÑли опÑÐµÐ´ÐµÐ»ÐµÐ½Ñ ÑледÑÑÑие пÑоблемÑ:</p> <ul> - -<li><p>Insufficient input sanitization in the CSS validation code allows editors - -to display external images in wiki pages. This can be a privacy concern - -on public wikis as it allows attackers to gather IP addresses and other - -information by linking these images to a web server under their control.</p></li> - - - -<li><p>Insufficient permission checks have been found in thump.php which can lead - -to disclosure of image files that are restricted to certain users - -(e.g. with img_auth.php).</p></li> +<li><p>ÐедоÑÑаÑоÑÐ½Ð°Ñ Ð¾ÑиÑÑка Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ Ð² коде пÑовеÑки CSS позволÑÐµÑ ÑедакÑоÑам +оÑобÑажаÑÑ Ð²Ð½ÐµÑние изобÑÐ°Ð¶ÐµÐ½Ð¸Ñ Ð½Ð° вики-ÑÑÑаниÑÐ°Ñ . ÐÑо Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзÑваÑÑ Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ ÐºÐ¾Ð½ÑиденÑиалÑноÑÑи +на пÑблиÑнÑÑ Ð²Ð¸ÐºÐ¸, Ñак как ÑÑо позволÑÐµÑ Ð·Ð»Ð¾ÑмÑÑленникам ÑобиÑаÑÑ IP адÑеÑа и дÑÑгÑÑ +инÑоÑмаÑиÑ, оÑÑавлÑÑ ÑÑÑлки на изобÑÐ°Ð¶ÐµÐ½Ð¸Ñ Ð½Ð° ÑвоÑм веб-ÑеÑвеÑе.</p></li> + +<li><p>ÐедоÑÑаÑоÑнÑе пÑовеÑки пÑав доÑÑÑпа бÑли обнаÑÑÐ¶ÐµÐ½Ñ Ð² thump.php, коÑоÑÑе могÑÑ +пÑиводиÑÑ Ðº ÑаÑкÑÑÑÐ¸Ñ Ñайлов изобÑажений, Ð´Ð»Ñ ÐºÐ¾ÑоÑÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½Ñ Ð¾Ð³ÑаниÑÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð¾Ð¿ÑеделÑннÑÑ +полÑзоваÑелей (напÑимеÑ, пÑи помоÑи img_auth.php).</p></li> </ul> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 1.12.0-2lenny4.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.12.0-2lenny4.</p> - -<p>For the testing distribution (squeeze), these problems have been fixed in - -version 1:1.15.2-1.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (squeeze) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1:1.15.2-1.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 1:1.15.2-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1:1.15.2-1.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2026.wml 2010-04-03 03:29:55.000000000 +0600 +++ russian/security/2010/dsa-2026.wml 2016-02-16 12:34:17.743268221 +0500 @@ -1,27 +1,28 @@ - -<define-tag description>stack-based buffer overflow</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>пеÑеполнение бÑÑеÑа</define-tag> <define-tag moreinfo> - -<p>Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader - -implementation in netpbm-free, a suite of image manipulation utilities. - -An attacker could cause a denial of service (application crash) or possibly - -execute arbitrary code via an XPM image file that contains a crafted header - -field associated with a large color index value.</p> +<p>ÐаÑк ШÑнÑÑелÑд обнаÑÑжил пеÑеполнение бÑÑеÑа в ÑеализаÑии коде Ð´Ð»Ñ ÑÑиÑÑÐ²Ð°Ð½Ð¸Ñ +XPM в netpbm-free, набоÑе ÑÑÐ¸Ð»Ð¸Ñ Ð´Ð»Ñ Ð¾Ð±ÑабоÑки изобÑажений. +ÐлоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзваÑÑ Ð¾Ñказ в обÑлÑживании (аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка) или вÑполниÑÑ +пÑоизволÑнÑй код Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ñайла Ñ Ð¸Ð·Ð¾Ð±Ñажением XPM, ÑодеÑжаÑим ÑпеÑиалÑно ÑÑоÑмиÑованное +поле заголовка, аÑÑоÑииÑованное Ñ Ð±Ð¾Ð»ÑÑим знаÑением ÑказаÑÐµÐ»Ñ ÑвеÑа.</p> - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 2:10.0-12+lenny1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2:10.0-12+lenny1.</p> - -<p>For the testing distribution (squeeze), this problem has been fixed in - -version 2:10.0-12.1+squeeze1.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (squeeze) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2:10.0-12.1+squeeze1.</p> - -<p>For the unstable distribution (sid), this problem will be fixed soon.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑÐ´ÐµÑ Ð¸ÑпÑавлена позже.</p> - -<p>Due to a problem with the archive system it is not possible to release - -all architectures. The missing architectures will be installed into the - -archive once they become available.</p> +<p>Ðз-за пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð² ÑиÑÑеме аÑÑ Ð¸Ð²Ð°, Ð¿Ð°ÐºÐµÑ Ð½ÐµÐ»ÑÐ·Ñ Ð²ÑпÑÑÑиÑÑ Ð´Ð»Ñ +вÑÐµÑ Ð°ÑÑ Ð¸ÑекÑÑÑ. ÐÐ±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð¾ÑÑÑÑÑÑвÑÑÑÐ¸Ñ Ð°ÑÑ Ð¸ÑекÑÑÑ Ð±ÑдÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½Ñ Ð² +аÑÑ Ð¸Ð² по меÑе Ð¸Ñ Ð´Ð¾ÑÑÑпноÑÑи.</p> - -<p>We recommend that you upgrade your netpbm-free package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ netpbm-free.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2046.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2046.wml 2016-02-16 13:06:14.335819071 +0500 @@ -1,31 +1,32 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several remote vulnerabilities have been discovered in phpgroupware, a - -Web based groupware system written in PHP. The Common Vulnerabilities - -and Exposures project identifies the following problems:</p> +<p>Ð phpgroupware, веб-ÑиÑÑеме Ð´Ð»Ñ ÐºÐ¾Ð»Ð»ÐµÐºÑивной ÑабоÑÑ, напиÑанной на PHP, +бÑло обнаÑÑжено неÑколÑко ÑдалÑннÑÑ ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities +and Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0403";>CVE-2010-0403</a> - -<p>A local file inclusion vulnerability allows remote attackers to execute - -arbitrary PHP code and include arbitrary local files.</p></li> +<p>ÐклÑÑение локалÑного Ñайла позволÑÐµÑ ÑдалÑннÑÑ Ð·Ð»Ð¾ÑмÑÑленникам вÑполнÑÑÑ +пÑоизволÑнÑе код PHP и добавлÑÑÑ Ð¿ÑоизволÑнÑе локалÑнÑе ÑайлÑ.</p></li> - -<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0404";>CVE-2010-0404</a> +<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0404";>CVE-2010-0404</a> - -<p>Multiple SQL injection vulnerabilities allows remote attackers to execute - -arbitrary SQL commands.</p></li> +<p>ÐногоÑиÑленнÑе инÑекÑии SQL позволÑÑÑ ÑдалÑннÑм злоÑмÑÑленникам вÑполнÑÑÑ +пÑоизволÑнÑе ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ SQL.</p></li> </ul> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 1:0.9.16.012+dfsg-8+lenny2</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1:0.9.16.012+dfsg-8+lenny2</p> - -<p>For the testing distribution (squeeze) and the unstable distribution - -(sid), these problems will be fixed soon.</p> +<p>Ð ÑеÑÑиÑÑемом (squeeze) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ +ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð·Ð¶Ðµ.</p> - -<p>We recommend that you upgrade your phpgroupware package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ phpgroupware.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2086.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2086.wml 2016-02-16 12:18:56.537934748 +0500 @@ -1,30 +1,31 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD - -daemon. The Common Vulnerabilities and Exposures project identifies - -the following problems:</p> +<p>Ð ÑлÑжбе Avahi mDNS/DNS-SD бÑло обнаÑÑжено неÑколÑко +ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-0758";>CVE-2009-0758</a> - - <p>Rob Leslie discovered a denial of service vulnerability in the - - code used to reflect unicast mDNS traffic.</p></li> + <p>Роб ÐÑÑли обнаÑÑжил оÑказ в обÑлÑживании в + коде, иÑполÑзÑемом Ð´Ð»Ñ Ð¾ÑÑÐ°Ð¶ÐµÐ½Ð¸Ñ ÑÑаÑика одноадÑеÑной пеÑедаÑи mDNS.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-2244";>CVE-2010-2244</a> - - <p>Ludwig Nussel discovered a denial of service vulnerability in - - the processing of malformed DNS packets.</p></li> + <p>ÐÑдвиг ÐÑÑÑÐµÐ»Ñ Ð¾Ð±Ð½Ð°ÑÑжил оÑказ в обÑлÑживании в + коде обÑабоÑки некоÑÑекÑнÑÑ Ð¿Ð°ÐºÐµÑов DNS.</p></li> </ul> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 0.6.23-3lenny2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 0.6.23-3lenny2.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 0.6.26-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 0.6.26-1.</p> - -<p>We recommend that you upgrade your Avahi packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ Avahi.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2091.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2091.wml 2016-02-16 12:58:27.303529055 +0500 @@ -1,22 +1,23 @@ - -<define-tag description>No user-specific token implemented</define-tag> +#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov" +<define-tag description>не Ñеализован ни один полÑзоваÑелÑÑкий Ñокен</define-tag> <define-tag moreinfo> - -<p>SquirrelMail, a webmail application, does not employ a user-specific token - -for webforms. This allows a remote attacker to perform a Cross Site Request - -Forgery (CSRF) attack. The attacker may hijack the authentication of - -unspecified victims and send messages or change user preferences among other - -actions, by tricking the victim into following a link controlled by the - -offender.</p> +<p>SquirrelMail, пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð²ÐµÐ±-доÑÑÑпа к поÑÑе, не иÑполÑзÑÐµÑ Ð² веб-ÑоÑÐ¼Ð°Ñ +полÑзоваÑелÑÑкие ÑокенÑ. ÐÑо позволÑÐµÑ ÑдалÑÐ½Ð½Ð¾Ð¼Ñ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²ÑполнÑÑÑ Ð¿Ð¾Ð´Ð´ÐµÐ»ÐºÑ +межÑайÑовÑÑ Ð·Ð°Ð¿ÑоÑов (CSRF). ÐлоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¿ÐµÑÐµÑ Ð²Ð°ÑиÑÑ Ð°ÑÑенÑиÑикаÑÐ¸Ñ +жеÑÑÐ²Ñ Ð¸ оÑпÑавиÑÑ ÑообÑениÑ, либо измениÑÑ Ð¿Ð¾Ð»ÑзоваÑелÑÑкие наÑÑÑойки, а Ñакже вÑполниÑÑ +ÑÑд дÑÑÐ³Ð¸Ñ Ð´ÐµÐ¹ÑÑвий в ÑлÑÑае, еÑли жеÑÑва оÑкÑÐ¾ÐµÑ ÑÑÑлкÑ, конÑÑолиÑÑемÑÑ +злоÑмÑÑленником.</p> - -<p>In addition, a denial-of-service was fixed, which could be triggered when a - -password containing 8-bit characters was used to log in (<a href="https://security-tracker.debian.org/tracker/CVE-2010-2813";>CVE-2010-2813</a>).</p> +<p>ÐÑоме Ñого, бÑл иÑпÑавлен оÑказ в обÑлÑживании, коÑоÑÑй Ð²Ð¾Ð·Ð½Ð¸ÐºÐ°ÐµÑ Ð² ÑлÑÑаÑÑ +иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¿Ð°ÑолÑ, ÑодеÑжаÑего 8-биÑнÑе ÑÐ¸Ð¼Ð²Ð¾Ð»Ñ (<a href="https://security-tracker.debian.org/tracker/CVE-2010-2813";>CVE-2010-2813</a>).</p> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 1.4.15-4+lenny3.1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.4.15-4+lenny3.1.</p> - -<p>For the testing distribution (squeeze) and the unstable distribution (sid), - -these problems have been fixed in version 1.4.21-1.</p> +<p>Ð ÑеÑÑиÑÑемом (squeeze) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ +ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 1.4.21-1.</p> - -<p>We recommend that you upgrade your squirrelmail packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ squirrelmail.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2109.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2109.wml 2016-02-16 12:29:07.759546396 +0500 @@ -1,24 +1,25 @@ - -<define-tag description>buffer overflow</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>пеÑеполнение бÑÑеÑа</define-tag> <define-tag moreinfo> - -<p>A vulnerability has been discovered in samba, a SMB/CIFS file, print, - -and login server for Unix.</p> +<p>Ð samba, SMB/CIFS Ñайловом ÑеÑвеÑе, ÑеÑвеÑе пеÑаÑи и ÑеÑвеÑе аÑÑенÑиÑикаÑии Ð´Ð»Ñ +Unix, бÑла обнаÑÑжен ÑÑзвимоÑÑÑ.</p> - -<p>The sid_parse() function does not correctly check its input lengths - -when reading a binary representation of a Windows SID (Security ID). - -This allows a malicious client to send a sid that can overflow the - -stack variable that is being used to store the SID in the Samba smbd - -server. (<a href="https://security-tracker.debian.org/tracker/CVE-2010-3069";>CVE-2010-3069</a>)</p> - - - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 3.2.5-4lenny13.</p> - - - -<p>For the testing distribution (squeeze) and the unstable distribution (sid), - -this problem will be fixed in version 3.5.5~dfsg-1.</p> - - - -<p>We recommend that you upgrade your samba packages. The packages for the - -mips architecture are not included in this upgrade. They will be released - -as soon as they become available.</p> +<p>ФÑнкÑÐ¸Ñ sid_parse() непÑавилÑно вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ð´Ð»Ð¸Ð½Ñ Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ +пÑи ÑÑении двоиÑного пÑедÑÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Windows SID (Security ID). +ÐÑо позволÑÐµÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð¾ÑпÑавлÑÑÑ Ð¸Ð´ÐµÐ½ÑиÑикаÑÐ¾Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи, коÑоÑÑй Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзваÑÑ Ð¿ÐµÑеполнение +ÑÑÑковой пеÑеменной, иÑполÑзÑÑÑейÑÑ Ð´Ð»Ñ Ñ ÑÐ°Ð½ÐµÐ½Ð¸Ñ SID в Samba-ÑеÑвеÑе +smbd. (<a href="https://security-tracker.debian.org/tracker/CVE-2010-3069";>CVE-2010-3069</a>)</p> + +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 3.2.5-4lenny13.</p> + +<p>Ð ÑеÑÑиÑÑемом (squeeze) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ +ÑÑа пÑоблема бÑÐ´ÐµÑ Ð¸ÑпÑавлена в веÑÑии 3.5.5~dfsg-1.</p> + +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ samba. ÐакеÑÑ Ð´Ð»Ñ Ð°ÑÑ Ð¸ÑекÑÑÑÑ +mips оÑÑÑÑÑÑвÑÑÑ Ð² данном обновлении. Ðни бÑдÑÑ Ð²ÑпÑÑÐµÐ½Ñ +по меÑе Ð¸Ñ Ð´Ð¾ÑÑÑпноÑÑи.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2118.wml 2011-02-22 00:30:21.000000000 +0500 +++ russian/security/2010/dsa-2118.wml 2016-02-16 12:54:07.819374938 +0500 @@ -1,28 +1,29 @@ - -<define-tag description>logic flaw</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>логиÑеÑÐºÐ°Ñ Ð¾Ñибка</define-tag> <define-tag moreinfo> - -<p>Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn - -module of Subversion, a version control system, is not properly enforcing - -access rules which are scope-limited to named repositories. If the - -SVNPathAuthz option is set to <q>short_circuit</q> set this may enable an - -unprivileged attacker to bypass intended access restrictions and disclose - -or modify repository content.</p> +<p>ÐÐ°Ð¼ÐµÑ ÐжаÑÑандÑан и Ðайкл ÐÐ¸Ð»Ð°Ñ Ð¾Ð±Ð½Ð°ÑÑжили, ÑÑо модÑÐ»Ñ mod_dav_svn +Ð´Ð»Ñ Subversion, ÑиÑÑÐµÐ¼Ñ ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð²ÐµÑÑиÑми, непÑавилÑно иÑполÑзÑÐµÑ +пÑавила доÑÑÑпа, коÑоÑÑе огÑаниÑÐµÐ½Ñ Ð¿Ð¾Ð¸Ð¼ÐµÐ½Ð¾Ð²Ð°Ð½Ð½Ñми ÑепозиÑоÑиÑми. ÐÑли +опÑÐ¸Ñ SVNPathAuthz ÑÑÑановлена в знаÑение <q>short_circuit</q>, Ñо ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ +непÑивилегиÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð¼Ñ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð¾Ð±Ð¾Ð¹Ñи огÑаниÑÐµÐ½Ð¸Ñ Ð´Ð¾ÑÑÑпа и ÑаÑкÑÑÑÑ +или измениÑÑ ÑодеÑжимое ÑепозиÑоÑиÑ.</p> - -<p>As a workaround it is also possible to set SVNPathAuthz to <q>on</q> but be - -advised that this can result in a performance decrease for large - -repositories.</p> +<p>РкаÑеÑÑве вÑеменного ÑеÑÐµÐ½Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ вÑÑÑавиÑÑ Ð¾Ð¿ÑÐ¸Ñ SVNPathAuthz в знаÑение <q>on</q>, но +ÑÑÑиÑе, ÑÑо ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑивеÑÑи к ÑÐ½Ð¸Ð¶ÐµÐ½Ð¸Ñ Ð¿ÑоизводиÑелÑноÑÑи Ð´Ð»Ñ +болÑÑÐ¸Ñ ÑепозиÑоÑиев.</p> - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 1.5.1dfsg1-5.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.5.1dfsg1-5.</p> - -<p>For the testing distribution (squeeze), this problem has been fixed in - -version 1.6.12dfsg-2.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (squeeze) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.6.12dfsg-2.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 1.6.12dfsg-2.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 1.6.12dfsg-2.</p> - -<p>We recommend that you upgrade your subversion packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ subversion.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2120.wml 2010-10-13 03:53:31.000000000 +0600 +++ russian/security/2010/dsa-2120.wml 2016-02-16 12:49:33.998119936 +0500 @@ -1,25 +1,26 @@ - -<define-tag description>privilege escalation</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>повÑÑение пÑивилегий</define-tag> <define-tag moreinfo> - -<p>Tim Bunce discovered that PostgreSQL, a database server software, does - -not properly separate interpreters for server-side stored procedures - -which run in different security contexts. As a result, non-privileged - -authenticated database users might gain additional privileges.</p> - - - -<p>Note that this security update may impact intended communication through - -global variables between stored procedures. It might be necessary to - -convert these functions to run under the plperlu or pltclu languages, - -with database superuser privileges.</p> - - - -<p>This security update also includes unrelated bug fixes from PostgreSQL - -8.3.12.</p> +<p>Тим ÐÐ°Ð½Ñ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо PostgreSQL, ÑеÑÐ²ÐµÑ Ð±Ð°Ð· даннÑÑ , непÑавилÑно +ÑазделÑÐµÑ Ð¸Ð½ÑеÑпÑеÑаÑоÑÑ Ð´Ð»Ñ Ñ ÑанимÑÑ Ð½Ð° ÑеÑвеÑе пÑоÑедÑÑ, +коÑоÑÑе запÑÑкаÑÑÑÑ Ð² ÑазнÑÑ ÐºÐ¾Ð½ÑекÑÑÐ°Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи. Ð ÑезÑлÑÑаÑе непÑивилегиÑованнÑе +аÑÑенÑиÑиÑиÑованнÑе полÑзоваÑели Ð±Ð°Ð·Ñ Ð´Ð°Ð½Ð½ÑÑ Ð¼Ð¾Ð³ÑÑ Ð¿Ð¾Ð»ÑÑиÑÑ Ð´Ð¾Ð¿Ð¾Ð»Ð½Ð¸ÑелÑнÑе пÑава доÑÑÑпа.</p> + +<p>ÐамеÑÑÑе, ÑÑо данное обновление безопаÑноÑÑи Ð¼Ð¾Ð¶ÐµÑ Ð¸Ð·Ð¼ÐµÐ½Ð¸ÑÑ Ð¾ÐºÐ°Ð·Ð°ÑÑ Ð²Ð»Ð¸Ñние на +взаимодейÑÑвие Ð¼ÐµÐ¶Ð´Ñ ÑÐ¾Ñ ÑанÑннÑми пÑоÑедÑÑами ÑеÑез глобалÑнÑе пеÑеменнÑе. ÐÐ¾Ð¶ÐµÑ Ð¿Ð¾ÑÑебоваÑÑÑÑ +пÑеобÑазоваÑÑ ÑÑи ÑÑнкÑии Ñак, ÑÑÐ¾Ð±Ñ Ð¾Ð½Ð¸ запÑÑкалиÑÑ ÑзÑками plperlu или pltclu +Ñ Ð¿Ñавами ÑÑпеÑполÑзоваÑÐµÐ»Ñ Ð±Ð°Ð·Ñ Ð´Ð°Ð½Ð½ÑÑ .</p> + +<p>ÐÑоме Ñого, данное обновление безопаÑноÑÑи вклÑÑÐ°ÐµÑ Ð² ÑÐµÐ±Ñ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð½ÐµÑвÑзаннÑÑ Ñ +Ñказанной ÑÑзвимоÑÑÑÑ Ð¾Ñибок из PostgreSQL 8.3.12.</p> - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 8.3_8.3.12-0lenny1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 8.3_8.3.12-0lenny1.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 8.4.5-1 of the postgresql-8.4 package.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 8.4.5-1 пакеÑа postgresql-8.4.</p> - -<p>We recommend that you upgrade your PostgreSQL packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ PostgreSQL.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWwth6AAoJEF7nbuICFtKlE0AQAJcx5Iswn6qVHfy8mU7oBJUd GuR0S5Nv/M323UP+rWj1aLGVIq0atptTCJ+5DVleryyZunMFoOyyia67El0KZ+8K AS0NviCM0K1jhgCgkoRKZ7QohNyFHR6YYc2ng666Vh1FL/HOUBJHlOnPlLqYUspJ leEOYQWaUXfyD+qAApw/8Wox5VJ1Ot9if+Dp7qQ9StGw/gRfsshBpMvN9iCQtuB2 lOzV0re/G74PFNZzTMBO025qaPlAfQRQDlZPbtJ2nGH/rH4of1Vry6LBVYsfeUri RJbnXtQYXHsTOXXaynuaZplrKCrcYEpJKfZ6X9O45xKWK2out1dH1GrbfzTtLrqb MnZ6sv5oifklqrDmtnLGWWuXSlNYukNbUCeknSuEAvqxU+zgaTr2I+azyOUZPfbB 5trvsy4vhh8xTdAe4xuDmvhUZeSc1qjAKBLSKsszbIeBoCfa376az6joPzcAmpvU qS5clxT915KZeHwRpAy2ETBKNH1K1fpTAdWPPhxG7i+IeYsTNKdvpTR7hLm4EV7A LEwLXwOei9J9d9MFGfD+WjhiK2zRZcAu7DVaJcIQqva9cuqMa+SwM+x3JXT+MuOr tgfNa8UaQuzz7onlV+o8T2OePIIbzjeiQGSuOz+8YGfjoXTIfhIDlkPeaff+nASo //zhVXYjYTvKXQT7ajrw =UTVx -----END PGP SIGNATURE-----
