-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2016/dsa-3495.wml 2016-02-29 16:08:27.000000000 +0500 +++ russian/security/2016/dsa-3495.wml 2016-02-29 21:49:59.739278786 +0500 @@ -1,47 +1,49 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Markus Krell discovered that xymon, a network- and - -applications-monitoring system, was vulnerable to the following - -security issues:</p> +<p>ÐаÑкÑÑ ÐÑелл обнаÑÑжил, ÑÑо xymon, ÑиÑÑема мониÑоÑинга ÑеÑи и +пÑиложений, ÑÑзвима к ÑледÑÑÑим +пÑоблемам безопаÑноÑÑи:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2054">CVE-2016-2054</a> - - <p>The incorrect handling of user-supplied input in the <q>config</q> - - command can trigger a stack-based buffer overflow, resulting in - - denial of service (via application crash) or remote code execution.</p></li> + <p>ÐекоÑÑекÑÐ½Ð°Ñ Ð¾Ð±ÑабоÑка пеÑедаваемÑÑ Ð¿Ð¾Ð»ÑзоваÑелем Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ Ð² команде <q>config</q> + Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº + оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании (из-за аваÑийной оÑÑановки пÑиложениÑ) или ÑдалÑÐ½Ð½Ð¾Ð¼Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð´Ð°.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2055">CVE-2016-2055</a> - - <p>The incorrect handling of user-supplied input in the <q>config</q> - - command can lead to an information leak by serving sensitive - - configuration files to a remote user.</p></li> + <p>ÐекоÑÑекÑÐ½Ð°Ñ Ð¾Ð±ÑабоÑка пеÑедаваемÑÑ Ð¿Ð¾Ð»ÑзоваÑелем даннÑÑ Ð² команде <q>config</q> + Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº ÑÑеÑке инÑоÑмаÑии из-за пеÑедаÑи Ñайлов + наÑÑÑоек ÑдалÑÐ½Ð½Ð¾Ð¼Ñ Ð¿Ð¾Ð»ÑзоваÑелÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2056">CVE-2016-2056</a> - - <p>The commands handling password management do not properly validate - - user-supplied input, and are thus vulnerable to shell command - - injection by a remote user.</p></li> + <p>ÐомандÑ, обÑабаÑÑваÑÑие ÑпÑавлением паÑолÑми, непÑавилÑно вÑполнÑÑÑ + пÑовеÑÐºÑ Ð¿ÐµÑедаваемÑÑ Ð¿Ð¾Ð»ÑзоваÑелем Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ , и поÑÐ¾Ð¼Ñ ÑÑÐ·Ð²Ð¸Ð¼Ñ Ðº инÑекÑии команд + командной оболоÑки, коÑоÑÐ°Ñ Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ Ð²Ñполнена ÑдалÑннÑм полÑзоваÑелем.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2057">CVE-2016-2057</a> - - <p>Incorrect permissions on an internal queuing system allow a user - - with a local account on the xymon master server to bypass all - - network-based access control lists, and thus inject messages - - directly into xymon.</p></li> + <p>ÐекоÑÑекÑнÑе пÑава доÑÑÑпа к внÑÑÑенней ÑиÑÑеме оÑеÑеди позволÑÑÑ Ð¿Ð¾Ð»ÑзоваÑелÑ, + имеÑÑÐµÐ¼Ñ Ð»Ð¾ÐºÐ°Ð»ÑнÑÑ ÑÑÑÑнÑÑ Ð·Ð°Ð¿Ð¸ÑÑ Ð½Ð° главном ÑеÑвеÑе xymon, обойÑи вÑе + ÑпÑавлÑÑÑие ÑпиÑки пÑав ÑеÑевого доÑÑÑпа и ввеÑÑи ÑообÑÐµÐ½Ð¸Ñ + напÑÑмÑÑ Ð² xymon.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2058">CVE-2016-2058</a> - - <p>Incorrect escaping of user-supplied input in status webpages can - - be used to trigger reflected cross-site scripting attacks.</p></li> + <p>ÐекоÑÑекÑное ÑкÑаниÑование пеÑедаваемÑÑ Ð¿Ð¾Ð»ÑзоваÑелем даннÑÑ Ð½Ð° ÑÑÑаниÑÐ°Ñ + ÑÑаÑÑÑа Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð´Ð»Ñ Ð¾ÑÑÑеÑÑÐ²Ð»ÐµÐ½Ð¸Ñ Ð°Ñак по пÑинÑÐ¸Ð¿Ñ Ð¼ÐµÐ¶ÑайÑового + ÑкÑипÑинга.</p></li> </ul> - -<p>For the stable distribution (jessie), these problems have been fixed in - -version 4.3.17-6+deb8u1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.3.17-6+deb8u1.</p> - -<p>We recommend that you upgrade your xymon packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ xymon.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJW1HbVAAoJEF7nbuICFtKl69wP/jLT0UMJ15WXMDp1arrg3z9M AbTc6ksLJFSvyZ8DO7WvNGoJlmCuhA/HPHofTnB8qUTJ0/85EKBqvu8oEg1IiS81 eoKRHZscZyfIRGQqnDNmqQe7dL1Mg/E/eKNYzvuKTie4FTbehsuG+flXLSVxH/BV GLOhgIE/+mxC/BiK+AMeJ8VFDXzsYKmTtSUdKNr4lKlvvHdE25k6Sn/azfW16wAR iy8F0LFCESusCLSdHkAeFvBoKYKAi6fU9wF8JAP+SVUO9sHWGHmuLWMhzUxk3OYS cTVQ2L8NUZL4g9Wv01WOeUDVeSuSe0IqYZ9Aqm4MgtinzUN/KFkh8/2a4MDTQzu+ BYbm+vmEQT68Sv9KOTz9Xj14VN6kWhbJUjt0KVlhIr2Tu1XRcIlKFtHhPLtGjM0S 1wS6JEE6pn0sQJpy/7ySmYlvOUnkhi7M5JKRU4O4T9RnADJiy5scpPlKh4kJIM+e U9MWSOQsP0mw1BsY6FpTEfy6xDrgchT//2Lpq9lJeyP/ldE0MmsMXf0+/Joi0oR6 /RtpvdQSvTWzAGyBkw2EkZCDrBoe0SjNOgFAA2kc7xSetbc2K/ulH2rmiKYDLTkv MEAe6+w4hRDcH30yAJKZJ+qudlnLFf1RnWy0jIhVJFTWYgMKrxpgMPqA2x0LLih+ GdCXdIst/a9nwYauTndp =VfEN -----END PGP SIGNATURE-----