-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2016/dsa-3673.wml 2016-09-22 22:06:04.000000000 +0500 +++ russian/security/2016/dsa-3673.wml 2016-09-22 22:14:35.226234267 +0500 @@ -1,60 +1,61 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities were discovered in OpenSSL:</p> +<p>Ð OpenSSL бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2177">CVE-2016-2177</a> - - <p>Guido Vranken discovered that OpenSSL uses undefined pointer - - arithmetic. Additional information can be found at + <p>Ðвидо ÐÑанкен обнаÑÑжил, ÑÑо OpenSSL иÑполÑзÑÐµÑ Ð½ÐµÐ¾Ð¿ÑеделÑннÑÑ Ð°ÑиÑмеÑиÑеÑкÑÑ Ð¾Ð¿ÐµÑаÑÐ¸Ñ + над ÑказаÑелÑми. ÐополниÑелÑнÑÑ Ð¸Ð½ÑоÑмаÑÐ¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ найÑи по ÑледÑÑÑÐµÐ¼Ñ Ð°Ð´ÑеÑÑ: <a href="https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"> https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/</a></p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2178">CVE-2016-2178</a> - - <p>Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing - - leak in the DSA code.</p></li> + <p>ЦезаÑÑ ÐеÑеида, Ðилли ÐÑамли и Ювал ЯÑом обнаÑÑжили ÑÑеÑÐºÑ Ñаймингов + в коде DSA.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2179">CVE-2016-2179</a> / <a href="https://security-tracker.debian.org/tracker/CVE-2016-2181">CVE-2016-2181</a> - - <p>Quan Luo and the OCAP audit team discovered denial of service - - vulnerabilities in DTLS.</p></li> + <p>ЦÑÐ°Ð½Ñ Ðо и команда аÑдиÑа OCAP обнаÑÑжили оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании + в DTLS.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2180">CVE-2016-2180</a> / <a href="https://security-tracker.debian.org/tracker/CVE-2016-2182">CVE-2016-2182</a> / <a href="https://security-tracker.debian.org/tracker/CVE-2016-6303">CVE-2016-6303</a></p> - - <p>Shi Lei discovered an out-of-bounds memory read in - - TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec() + <p>Ши ÐÑй обнаÑÑжил ÑÑение за пÑеделами вÑделенного бÑÑеÑа памÑÑи в + TS_OBJ_print_bio() и запиÑÑ Ð·Ð° пÑеделами вÑделенного бÑÑеÑа памÑÑи в BN_bn2dec() and MDC2_Update().</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2183">CVE-2016-2183</a> - - <p>DES-based cipher suites are demoted from the HIGH group to MEDIUM - - as a mitigation for the SWEET32 attack.</p></li> + <p>ÐабоÑÑ ÑиÑÑов на оÑнове DES пеÑенеÑÐµÐ½Ñ Ð¸Ð· гÑÑÐ¿Ð¿Ñ HIGH в гÑÑÐ¿Ð¿Ñ MEDIUM + Ñ ÑелÑÑ ÑнизиÑÑ ÑиÑк SWEET32-аÑаки.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6302">CVE-2016-6302</a> - - <p>Shi Lei discovered that the use of SHA512 in TLS session tickets - - is susceptible to denial of service.</p></li> + <p>Ши ÐÑй обнаÑÑжил, ÑÑо код иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ SHA512 в билеÑÐ°Ñ ÑеÑÑий TLS + возможно ÑодеÑÐ¶Ð¸Ñ Ð¾Ñказ в обÑлÑживании.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6304">CVE-2016-6304</a> - - <p>Shi Lei discovered that excessively large OCSP status request may - - result in denial of service via memory exhaustion.</p></li> + <p>Ши ÐÑй обнаÑÑжил, ÑÑо ÑлиÑком болÑÑой запÑÐ¾Ñ OCSP-ÑÑаÑÑÑа Ð¼Ð¾Ð¶ÐµÑ + пÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании из-за иÑÑеÑÐ¿Ð°Ð½Ð¸Ñ Ð¿Ð°Ð¼ÑÑи.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-6306">CVE-2016-6306</a> - - <p>Shi Lei discovered that missing message length validation when parsing - - certificates may potentially result in denial of service.</p></li> + <p>Ши ÐÑй обнаÑÑжил, ÑÑо оÑÑÑÑÑÑвие пÑовеÑки Ð´Ð»Ð¸Ð½Ñ ÑообÑÐµÐ½Ð¸Ñ Ð¿Ñи вÑполнении гÑаммаÑиÑеÑкого + ÑазбоÑа ÑеÑÑиÑикаÑов Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾ÑенÑиалÑно пÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании.</p></li> </ul> - -<p>For the stable distribution (jessie), these problems have been fixed in - -version 1.0.1t-1+deb8u4.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.0.1t-1+deb8u4.</p> - -<p>For the unstable distribution (sid), these problems will be fixed soon.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð·Ð¶Ðµ.</p> - -<p>We recommend that you upgrade your openssl packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ openssl.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5BF9AAoJEF7nbuICFtKl1wAP/RbGrs1fanhTJ7M6z41ZKFO9 HmArS+Gg381FBiOWf7VVBKG/k9Y5RmwhaSOMuMHw+xCfSsVE7lmAtelJx0EG6qf6 RqHAI5TsE64Es/sUDXN7zvgJgzb1thPjxG8vslWE43Q9C/ztulGgDBt8ZFlXh70V X8OdKohLPA9wOiOWmMJoU/75pJw4WUIvgHOvL1gY2+4EU0IEhEmo2hz6sPziK820 Rm7nPURPqzMqpU8Hmy0xBU3NgRvG/C4C7NvA8guXilI42+JMxEspBB8Z0e4C2zdm mYOtPyAzJN5qxB1Yk4MODFlbVMFAFNNuBokDa2vPZhJOQYagj3gfpZRq4OSNwaHh ACL0CQLrhhv9cZlkisGTjExVrWsU/V0cR18ZIw/NruSBbhSqngdkRLZnV/Uc4g4x 5zksfYzXEBfrMS8ASdeRtNi+CJ1lBHPpnieCuZInem4fAUgV8GKn9HlZwUmlfum8 WS8jK5elGLkm1UfP7ViLfJ+UGcsD6O0CrNHtPeeGcxMYR2r8AEWqat/4uF0lwkrc QDaqT7/JGlfsfE7xtjqDL5S/6s6LS8e4gtYpJpNR//IX1JRE+Kq8heMjd8kgFVB9 hxhp+1a0M4V902kERxbMNGOtTyC7vvUMgihD6VhKkE7Azyaku1M/U/il4ktx9pKn DXcpXYcLZYNUBXNTe4au =J4Oe -----END PGP SIGNATURE-----

