-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2002/dsa-120.wml 2002-03-11 03:48:15.000000000 +0500 +++ russian/security/2002/dsa-120.wml 2016-08-27 18:21:59.688284594 +0500 @@ -1,25 +1,26 @@ - -<define-tag description>buffer overflow</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>пеÑеполнение бÑÑеÑа</define-tag> <define-tag moreinfo> - -<p>Ed Moyle recently +<p>Ðд Ðоил недавно <a href="http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html">\ - -found</a> a buffer overflow in Apache-SSL and mod_ssl. - -With session caching enabled, mod_ssl will serialize SSL session - -variables to store them for later use. These variables were stored in - -a buffer of a fixed size without proper boundary checks.</p> +обнаÑÑжил</a> пеÑеполнение бÑÑеÑа в Apache-SSL и mod_ssl. +ÐÑли вклÑÑено кеÑиÑование ÑеÑÑии, Ñо mod_ssl вÑполнÑÐµÑ ÑеÑиализаÑÐ¸Ñ Ð¿ÐµÑеменнÑÑ +ÑеÑÑии SSL Ñ ÑелÑÑ Ð¸Ñ ÑÐ¾Ñ ÑÐ°Ð½ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð´Ð°Ð»ÑнейÑего иÑполÑзованиÑ. ÐÑи пеÑеменнÑÑ ÑÐ¾Ñ ÑанÑÑÑÑÑ +в бÑÑеÑе ÑикÑиÑованного ÑазмеÑа, а пÑовеÑка гÑÐ°Ð½Ð¸Ñ Ð½Ðµ пÑоизводиÑÑÑ.</p> - -<p>To exploit the overflow, the server must be configured to require client - -certificates, and an attacker must obtain a carefully crafted client - -certificate that has been signed by a Certificate Authority which is - -trusted by the server. If these conditions are met, it would be possible - -for an attacker to execute arbitrary code on the server.</p> +<p>ÐÐ»Ñ Ñого, ÑÑÐ¾Ð±Ñ Ð¸ÑполÑзоваÑÑ ÑÑо пеÑеполнение, ÑеÑÐ²ÐµÑ Ð´Ð¾Ð»Ð¶ÐµÐ½ ÑÑебоваÑÑ ÐºÐ»Ð¸ÐµÐ½ÑÑкие +ÑеÑÑиÑикаÑÑ, а злоÑмÑÑленник должен полÑÑиÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованнÑй клиенÑÑкий +ÑеÑÑиÑикаÑ, подпиÑаннÑй авÑоÑиÑеÑом, коÑоÑÐ¾Ð¼Ñ Ð´Ð¾Ð²ÐµÑÑÐµÑ ÑÑÐ¾Ñ +ÑеÑвеÑ. ÐÑли ÑÑи ÑÑÐ»Ð¾Ð²Ð¸Ñ Ð²ÑполненÑ, Ñо злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ +вÑполниÑÑ Ð¿ÑоизволÑнÑй код на ÑеÑвеÑе.</p> - -<p>This problem has been fixed in version 1.3.9.13-4 of Apache-SSL and - -version 2.4.10-1.3.9-1potato1 of libapache-mod-ssl for the stable - -Debian distribution as well as in version 1.3.23.1+1.47-1 of - -Apache-SSL and version 2.8.7-1 of libapache-mod-ssl for the testing - -and unstable distribution of Debian.</p> +<p>ÐÑа пÑоблема бÑла иÑпÑавлена в веÑÑии 1.3.9.13-4 пакеÑа Apache-SSL и +в веÑÑии 2.4.10-1.3.9-1potato1 пакеÑа libapache-mod-ssl Ð´Ð»Ñ ÑÑабилÑного +вÑпÑÑка Debian, а Ñакже в веÑÑии 1.3.23.1+1.47-1 пакеÑа +Apache-SSL и в веÑÑии 2.8.7-1 пакеÑа libapache-mod-ssl Ð´Ð»Ñ ÑеÑÑиÑÑемого +и неÑÑабилÑного вÑпÑÑков Debian.</p> - -<p>We recommend that you upgrade your Apache-SSL and mod_ssl packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ Apache-SSL и mod_ssl.</p> </define-tag> # do not modify the following line - --- english/security/2002/dsa-177.wml 2002-10-31 20:25:34.000000000 +0500 +++ russian/security/2002/dsa-177.wml 2016-08-27 18:29:19.058310940 +0500 @@ -1,27 +1,28 @@ - -<define-tag description>serious security violation</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>ÑеÑÑÑзное наÑÑÑение безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>A serious security violation in PAM was discovered. - -Disabled passwords (i.e. those with '*' in the - -password file) were classified as empty password and access to such - -accounts is granted through the regular login procedure (getty, - -telnet, ssh). This works for all such accounts whose shell field in - -the password file does not refer to <code>/bin/false</code>. - -Only version 0.76 of PAM seems to be affected by this problem.</p> +<p>Ð PAM бÑло обнаÑÑжено ÑеÑÑÑзное наÑÑÑение безопаÑноÑÑи. +ÐÑклÑÑеннÑе паÑоли (Ñо еÑÑÑ, паÑоли Ñ '*' в +Ñайле паÑолей) клаÑÑиÑиÑиÑÑÑÑÑÑ ÐºÐ°Ðº пÑÑÑÑе паÑоли, доÑÑÑп к Ñаким +ÑÑÑÑнÑм запиÑÑм даÑÑÑÑ ÑеÑез обÑÑнÑÑ Ð¿ÑоÑедÑÑÑ Ð²Ñ Ð¾Ð´Ð° (getty, +telnet, ssh). ÐÑо ÑабоÑÐ°ÐµÑ Ð´Ð»Ñ Ð²ÑÐµÑ ÑÑÑÑнÑÑ Ð·Ð°Ð¿Ð¸Ñей, Ñ ÐºÐ¾ÑоÑÑÑ Ð¿Ð¾Ð»Ðµ командной ÑÑÑоки в +Ñайле паÑолей не ÑодеÑÐ¶Ð¸Ñ <code>/bin/false</code>. +Ðак кажеÑÑÑ, ÑÑой пÑоблеме подвеÑжена ÑолÑко веÑÑÐ¸Ñ 0.76 PAM.</p> - -<p>This problem has been fixed in version 0.76-6 for the current unstable - -distribution (sid). The stable distribution (woody), the old stable - -distribution (potato) and the testing distribution (sarge) are not - -affected by this problem.</p> +<p>ÐÑа пÑоблема бÑла иÑпÑавлена в веÑÑии 0.76-6 ÑекÑÑего неÑÑабилÑного +вÑпÑÑка (sid). СÑабилÑнÑй (woody), пÑедÑдÑÑий ÑÑабилÑнÑй +(potato) и ÑеÑÑиÑÑемÑй (sarge) вÑпÑÑки не +подвеÑÐ¶ÐµÐ½Ñ ÑÑой пÑоблеме.</p> - -<p>As stated in the Debian security team <a href="$(HOME)/security/faq">\ - -FAQ</a>, testing - -and unstable are rapidly moving targets and the security team does not - -have the resources needed to properly support those. This security - -advisory is an exception to that rule, due to the seriousness of the - -problem.</p> +<p>Ðак Ñказано в <a href="$(HOME)/security/faq">\ +ЧÐÐÐ</a> ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи Debian, ÑеÑÑиÑÑемÑй +и неÑÑабилÑнÑй вÑпÑÑки ÑазвиваÑÑÑÑ ÑÑÑемиÑелÑно, а Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи +Ð½ÐµÑ ÑеÑÑÑÑов, коÑоÑÑе нÑÐ¶Ð½Ñ Ð´Ð»Ñ Ð¿Ð¾Ð»Ð½Ð¾Ñенной поддеÑжки ÑÑÐ¸Ñ Ð²ÑпÑÑков. ÐÐ°Ð½Ð½Ð°Ñ ÑекомендаÑÐ¸Ñ +по безопаÑноÑÑи ÑвлÑеÑÑÑ Ð¸ÑклÑÑением из ÑÑого пÑавила в ÑвÑзи Ñ ÑеÑÑÑзноÑÑÑÑ +пÑоблемÑ.</p> - -<p>We recommend that you upgrade your PAM packages immediately if you are - -running Debian/unstable.</p> +<p>РекомендÑеÑÑÑ ÐºÐ°Ðº можно ÑкоÑее обновиÑÑ Ð¿Ð°ÐºÐµÑÑ PAM в ÑлÑÑае, еÑли Ð²Ñ +иÑполÑзÑеÑе неÑÑабилÑнÑй вÑпÑÑк Debian.</p> </define-tag> # do not modify the following line - --- english/security/2002/dsa-191.wml 2002-11-08 14:43:55.000000000 +0500 +++ russian/security/2002/dsa-191.wml 2016-08-27 18:35:42.257233026 +0500 @@ -1,30 +1,31 @@ - -<define-tag description>cross site scripting</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>межÑайÑовÑй ÑкÑипÑинг</define-tag> <define-tag moreinfo> - -<p>Several cross site scripting vulnerabilities have been found in - -squirrelmail, a feature-rich webmail package written in PHP4. The - -Common Vulnerabilities and Exposures (CVE) project identified the - -following vulnerabilities:</p> +<p>Ð squirrelmail, полноÑÑнкÑионалÑном пакеÑе веб-поÑÑÑ Ð½Ð° ÑзÑке PHP4, бÑло +обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей, пÑиводÑÑÐ¸Ñ Ðº межÑайÑÐ¾Ð²Ð¾Ð¼Ñ ÑкÑипÑингÑ. +ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures (CVE) опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ol> - -<li>CAN-2002-1131: User input is not always sanitized so execution of - - arbitrary code on a client computer is possible. This can happen - - after following a malicious URL or by viewing a malicious - - addressbook entry.</li> +<li>CAN-2002-1131: ÐолÑзоваÑелÑÑкие Ð²Ñ Ð¾Ð´Ð½Ñе даннÑе не вÑегда оÑиÑаÑÑÑÑ, поÑÑÐ¾Ð¼Ñ + на клиенÑÑком компÑÑÑеÑе возможно вÑполнение пÑоизволÑного кода. ÐÑо Ð¼Ð¾Ð¶ÐµÑ + пÑоизойÑи поÑле оÑкÑÑÑÐ¸Ñ ÑпеÑиалÑно ÑÑоÑмиÑованного URL или пÑи пÑоÑмоÑÑе + ÑпеÑиалÑно ÑÑоÑмиÑованной запиÑи адÑеÑной книги.</li> - -<li>CAN-2002-1132: Another problem could make it possible for an - - attacker to gain sensitive information under some conditions. - - When a malformed argument is appended to a link, an error page - - will be generated which contains the absolute pathname of the - - script. However, this information is available through the - - Contents file of the distribution anyway.</li> +<li>CAN-2002-1132: ÐÑÑÐ³Ð°Ñ Ð¿Ñоблема Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð¿Ñи опÑеделÑннÑÑ + ÑÑловиÑÑ Ð¿Ð¾Ð»ÑÑиÑÑ ÑÑвÑÑвиÑелÑнÑÑ Ð¸Ð½ÑоÑмаÑиÑ. + ÐÑи добавлении к ÑÑÑлке ÑпеÑиалÑно ÑÑоÑмиÑованного аÑгÑменÑа ÑоздаÑÑÑÑ ÑÑÑаниÑа + Ñ ÑообÑением об оÑибке, ÑодеÑжаÑÐ°Ñ Ð°Ð±ÑолÑÑнÑй пÑÑÑ + ÑÑенаÑиÑ. Тем не менее, ÑÑа инÑоÑмаÑÐ¸Ñ Ð²ÑÑ Ñавно доÑÑÑпна ÑеÑез + Ñайл Contents диÑÑÑибÑÑива.</li> </ol> - -<p>These problems have been fixed in version 1.2.6-1.1 for the current stable - -distribution (woody) and in version 1.2.8-1.1 for the unstable - -distribution (sid). The old stable distribution (potato) is not - -affected since it doesn't contain a squirrelmail package.</p> +<p>ÐÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 1.2.6-1.1 Ð´Ð»Ñ ÑекÑÑего ÑÑабилÑного +вÑпÑÑка (woody) и в веÑÑии 1.2.8-1.1 Ð´Ð»Ñ Ð½ÐµÑÑабилÑного +вÑпÑÑка (sid). ÐÑедÑдÑÑий ÑÑабилÑнÑй вÑпÑÑк (potato) не +подвеÑжен ÑÑим пÑоблемам, поÑколÑÐºÑ Ð² нÑм оÑÑÑÑÑÑвÑÐµÑ Ð¿Ð°ÐºÐµÑ squirrelmail.</p> - -<p>We recommend that you upgrade your squirrelmail package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ squirrelmail.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXwZcxAAoJEF7nbuICFtKlKrsQAKc+7GM+hpemba6RbwHTIWXH U5CRrkA500765VJtGjjqlX5fESFgOcqVcrgCGcAamgctbY9rK20jpEtzJJFYxGIf rknBVzeskCq3zXb4CtthPVjrM0m0WhzLExdhOu3BRVDuc4Y10roRRzmem1ugBk+9 /EJarBTRrA+D0N50y2tCwaLikXvrQeHkAKPF/8GOOBxbiIdtGYjR9JdJUatm4AYr UZQxo1SAjtD+2uqDkiRd38lsVsQHzjhNK+smQTSgwKgIMAPrWF/zWt5tqFYzf9VN hZzPHvPOJ8rxXXCEspEUhdYmdYjWQoEJDcikOkZBaAxzBboAF7d3kj9tKdncyy1a RGO31sMyIdED6irDxjQAmQM8DiexuVXLsmdLHcn/rSkqi7ry/HblYVfNFky1fLKh 8DG1jjeOXZDcxwF4E4hn9eoqqldObrg1GaQCL0U756OHbamcXSU/HQLtxNq2sfl6 vTW0NWD21KC+HlhUCbJb7P2v8U5qPKGGJOtr+s639Zpbno4EJ9Z04A4npekPAn4G HYDkRcjL7LOiMyXssGKeMKHNC19w4BFYa7wFYDw4v/9qa1f2k7ZkPgdy3P/Y0Nt8 HuZQ4GNVLDkO0VYwZciodGRseAkDotFF+AC7gvT1AyJSwGqDb/4t0FxSzFWhl51W UUk1CEApY9Ec8n9qWPDn =GB55 -----END PGP SIGNATURE-----