-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2002/dsa-136.wml 2004-09-03 20:15:32.000000000 +0600
+++ russian/security/2002/dsa-136.wml 2016-09-22 22:51:06.795311269 +0500
@@ -1,32 +1,33 @@
- -<define-tag description>multiple remote exploits</define-tag>
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
+<define-tag description>многоÑиÑленнÑе ÑдалÑннÑе
ÑÑзвимоÑÑи</define-tag>
<define-tag moreinfo>
- -<p>The OpenSSL development team has announced that a security audit by A.L.
- -Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed
- -remotely exploitable buffer overflow conditions in the OpenSSL code.
- -Additionally, the ASN1 parser in OpenSSL has a potential DoS attack
- -independently discovered by Adi Stav and James Yonan.</p>
- -
- -<p>CAN-2002-0655 references overflows in buffers used to hold ASCII
- -representations of integers on 64 bit platforms. CAN-2002-0656
- -references buffer overflows in the SSL2 server implementation (by
- -sending an invalid key to the server) and the SSL3 client implementation
- -(by sending a large session id to the client). The SSL2 issue was also
- -noticed by Neohapsis, who have privately demonstrated exploit code for
- -this issue. CAN-2002-0659 references the ASN1 parser DoS issue.</p>
+<p>Ðоманда ÑазÑабоÑки OpenSSL ÑообÑила, ÑÑо
аÑÐ´Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи, пÑоводимÑй
ÑоÑÑÑдниками A.L.
+Digital Ltd и The Bunker, по пÑогÑамме DARPA CHATS,
позволил обнаÑÑжиÑÑ
+пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа в коде OpenSSL, коÑоÑÑе
могÑÑ Ð¸ÑполÑзоваÑÑÑÑ ÑдалÑнно.
+ÐÑоме Ñого, коде Ð´Ð»Ñ Ð³ÑаммаÑиÑеÑкого
ÑазбоÑа ASN1 в OpenSSL поÑенÑиалÑно ÑÑзвим к
оÑÐºÐ°Ð·Ñ Ð²
+обÑлÑживании, ÑÑо незавиÑимо бÑло
обнаÑÑжено Ðди СÑавом и ÐжеймÑом Ðонаном.</p>
+
+<p>Ð CAN-2002-0655 ÑÐºÐ°Ð·Ð°Ð½Ñ Ð¿ÐµÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð² бÑÑеÑаÑ
,
иÑполÑзÑемÑÑ
Ð´Ð»Ñ Ñ
ÑанениÑ
+ASCII-пÑедÑÑавлений ÑелÑÑ
ÑиÑел на 64-биÑнÑÑ
плаÑÑоÑмаÑ
. Ð CAN-2002-0656
+ÑÐºÐ°Ð·Ð°Ð½Ñ Ð¿ÐµÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа в ÑеализаÑии
ÑеÑÐ²ÐµÑ SSL2 (из-за оÑпÑавки
+ÑеÑвеÑÑ Ð½ÐµÐºÐ¾ÑÑекÑного клÑÑа) а ÑеализаÑии
клиенÑа SSL3
+(из-за оÑпÑавки клиенÑÑ Ð±Ð¾Ð»ÑÑого
иденÑиÑикаÑоÑа ÑеÑÑии). ÐÑоблема Ñ SSL2 бÑла
Ñак же
+обнаÑÑжена Neohapsis, коÑоÑÑй в ÑаÑÑном
поÑÑдке пÑодемонÑÑÑиÑовал код длÑ
+иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ ÑÑой пÑоблемÑ. Ð CAN-2002-0659
Ñказана пÑоблема Ñ ÐºÐ¾Ð´Ð¾Ð¼ длÑ
гÑаммаÑиÑеÑкого ÑазбоÑа ASN1.</p>
- -<p>These vulnerabilities have been addressed for Debian 3.0 (woody) in
- -openssl094_0.9.4-6.woody.2, openssl095_0.9.5a-6.woody.1 and
+<p>ÐÑи ÑÑзвимоÑÑи бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² Debian 3.0
(woody) в
+openssl094_0.9.4-6.woody.2, openssl095_0.9.5a-6.woody.1 и
openssl_0.9.6c-2.woody.1.</p>
- -<p>These vulnerabilities are also present in Debian 2.2 (potato). Fixed
- -packages are available in openssl094_0.9.4-6.potato.2 and
+<p>ÐÑоме Ñого, ÑÑи ÑÑзвимоÑÑи пÑиÑÑÑÑÑвÑÑÑ
в Debian 2.2 (potato). ÐоÑÑÑпнÑ
+иÑпÑавленнÑе пакеÑÑ openssl094_0.9.4-6.potato.2 и
openssl_0.9.6c-0.potato.4.</p>
- -<p>A worm is actively exploiting this issue on internet-attached hosts;
- -we recommend you upgrade your OpenSSL as soon as possible. Note that you
- -must restart any daemons using SSL. (E.g., ssh or ssl-enabled apache.)
- -If you are uncertain which programs are using SSL you may choose to
- -reboot to ensure that all running daemons are using the new libraries.</p>
+<p>ЧеÑÐ²Ñ Ð°ÐºÑивно иÑполÑзÑÐµÑ ÑÑÑ Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð½Ð°
подклÑÑÑннÑÑ
к ÑеÑи ÐнÑеÑÐ½ÐµÑ ÑзлаÑ
;
+ÑекомендÑеÑÑÑ ÐºÐ°Ðº можно ÑкоÑее обновиÑÑ
OpenSSL. ÐамеÑÑÑе, ÑÑо вам
+ÑледÑÐµÑ Ð¿ÐµÑезапÑÑÑиÑÑ Ð²Ñе ÑлÑжбÑ,
иÑполÑзÑÑÑие SSL. (ÐапÑимеÑ, ssh или apache Ñ
поддеÑжкой ssl.)
+ÐÑли Ð²Ñ Ð½Ðµ ÑвеÑÐµÐ½Ñ Ð² Ñом, какие пÑогÑаммÑ
иÑполÑзÑÑÑ SSL, Ð²Ñ Ð¼Ð¾Ð¶ÐµÑе
+пеÑезагÑÑзиÑÑ ÑиÑÑемÑ, в ÑÑом ÑлÑÑае вÑе
запÑÑеннÑе ÑлÑÐ¶Ð±Ñ Ð±ÑдÑÑ Ð¸ÑполÑзоваÑÑ
новÑе библиоÑеки.</p>
</define-tag>
- --- english/security/2002/dsa-140.wml 2002-08-16 15:56:07.000000000 +0600
+++ russian/security/2002/dsa-140.wml 2016-09-22 22:40:03.065168526 +0500
@@ -1,34 +1,35 @@
- -<define-tag description>buffer overflow</define-tag>
+#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov"
+<define-tag description>пеÑеполнение бÑÑеÑа</define-tag>
<define-tag moreinfo>
- -<p>Developers of the PNG library have fixed a buffer overflow in the
- -progressive reader when the PNG datastream contains more IDAT data
- -than indicated by the IHDR chunk. Such deliberately malformed
- -datastreams would crash applications which could potentially allow an
- -attacker to execute malicious code. Programs such as Galeon,
- -Konqueror and various others make use of these libraries.</p>
- -
- -<p>In addition to that, the packages below fix another
- -potential buffer overflow. The PNG libraries implement a safety
- -margin which is also included in a newer upstream release. Thanks to
- -Glenn Randers-Pehrson for informing us.</p>
+<p>РазÑабоÑÑики библиоÑеки PNG иÑпÑавили
пеÑеполнение бÑÑеÑа в
+коде непÑеÑÑвного ÑÑениÑ, коÑоÑое
Ð²Ð¾Ð·Ð½Ð¸ÐºÐ°ÐµÑ Ð² ÑлÑÑае, когда поÑок даннÑÑ
PNG
ÑодеÑÐ¶Ð¸Ñ Ð±Ð¾Ð»ÑÑе IDAT-даннÑÑ
,
+Ñем ÑÑо Ñказано в блоке IHDR. Такие
ÑпеÑиалÑно ÑÑоÑмиÑованнÑе
+поÑоки даннÑÑ
, пÑиводÑÑие к аваÑийной
оÑÑановке пÑиложений, поÑенÑиалÑно могÑÑ
позволиÑÑ
+злоÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²ÑполниÑÑ Ð²ÑедоноÑнÑй код.
Такие пÑогÑÐ°Ð¼Ð¼Ñ ÐºÐ°Ðº Galeon,
+Konqueror и дÑÑгие иÑполÑзÑÑÑ ÑказаннÑе
библиоÑеки.</p>
+
+<p>Рдополнение к ÑÑÐ¾Ð¼Ñ Ð¿Ð°ÐºÐµÑÑ, пÑиводимÑе
ниже, ÑодеÑÐ¶Ð°Ñ Ð¸ÑпÑавление еÑÑ Ð¾Ð´Ð½Ð¾Ð³Ð¾
+поÑенÑиалÑного пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа.
ÐиблиоÑеки PNG ÑеализÑÑÑ Ð¿Ð¾Ð»Ðµ
+безопаÑноÑÑи, ÑеализаÑÐ¸Ñ ÐºÐ¾ÑоÑого
вклÑÑена в более Ñвежий вÑпÑÑк оÑновной
веÑки ÑазÑабоÑки. ÐÑÑажаем
+благодаÑноÑÑÑ ÐÐ»ÐµÐ½Ñ Ð ÑндеÑÑ-ÐеÑÑÐ¾Ð½Ñ Ð·Ð° Ñо,
ÑÑо он нам об ÑÑом ÑообÑил.</p>
- -<p>To find out which packages depend on this library, you may want to
- -execute the following commands:</p>
+<p>ЧÑÐ¾Ð±Ñ Ð²ÑÑÑниÑÑ, какие пакеÑÑ Ð·Ð°Ð²Ð¸ÑÑÑ Ð¾Ñ
ÑÑой библиоÑеки Ð²Ñ Ð¼Ð¾Ð¶ÐµÑе вÑполниÑÑ
+ÑледÑÑÑие командÑ:</p>
<pre>
apt-cache showpkg libpng2
apt-cache showpkg libpng3
</pre>
- -<p>This problem has been fixed in version 1.0.12-3.woody.2 of libpng and
- -version 1.2.1-1.1.woody.2 of libpng3 for the current stable
- -distribution (woody) and in version 1.0.12-4 of libpng and version
- -1.2.1-2 of libpng3 for the unstable distribution (sid).
- -The potato release of Debian does not seem to be vulnerable.</p>
- -
- -<p>We recommend that you upgrade your libpng packages immediately and
- -restart programs and daemons that link to these libraries and read
- -external data, such as web browsers.</p>
+<p>ÐÑа пÑоблема бÑла иÑпÑавлена в веÑÑии
1.0.12-3.woody.2 пакеÑа libpng и
+в веÑÑии 1.2.1-1.1.woody.2 пакеÑа libpng3 Ð´Ð»Ñ ÑекÑÑего
ÑÑабилÑного
+вÑпÑÑка (woody), а Ñакже в веÑÑии 1.0.12-4 пакеÑа
libpng и в веÑии
+1.2.1-2 пакеÑа libpng3 Ð´Ð»Ñ Ð½ÐµÑÑабилÑного вÑпÑÑка
(sid).
+Ðак кажеÑÑÑ, вÑпÑÑк potato не подвеÑжен
ÑказаннÑм ÑÑзвимоÑÑÑм.</p>
+
+<p>РекомендÑеÑÑÑ ÐºÐ°Ðº можно ÑкоÑее обновиÑÑ
пакеÑÑ libpng и
+пеÑезапÑÑÑиÑÑ Ð¿ÑогÑÐ°Ð¼Ð¼Ñ Ð¸ ÑлÑжбÑ,
ÑкомпонованнÑе Ñ ÑÑими библиоÑеками и
ÑÑиÑÑваÑÑие
+внеÑние даннÑе (как ÑÑо делаÑÑ, напÑимеÑ,
веб-бÑаÑзеÑÑ).</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5BoPAAoJEF7nbuICFtKliqAP/3daoNDyGJKKTn8XMESCr2PO
YthA5s+cQPqFbADnJw9BmBogdrxzQqAEEiB7W1uUo3P6Zwe6KEN7c8uev0lLSMLs
M3pHSoGe4ULe2Auv5rKK0sRc4FBlFWTKUbUz4M6wqjh/TFi25gQlkc99/M0Wcdyx
V61GOLOMnZkzEpMvpqBBJiHJOyeYM1CO9g/aR0mKFhOzQrvp3jIKvHmklkID6jF5
MGpoSXl107JyPSi0inQg9Lj2MponLIN6JOpepyaKZkp+TveWOCdvhpQXcQWlzWTv
rnW+Iv2+o6w/nlazp4Z1GPNCc/hi//5vLqLqJsP5/UF+cmnoiUpWGSHcwHh9s5KF
iWYbdEQdKDlymj15LhMcj+VNxlpTkN4s+I+tPGZ9rQcbaoYKLi6dyj7Nfm9EHO1d
3OMWeuUbGL7pX7jV3mj1tWo2xhDGQ0kGkA895kHDHXe3OJ99KlJj4VIhKsulLPpo
JTPJgHt2MKykK+WA8D+WYP98ATQdBtt+Cld0XJzV//yQwLGHYuAlO+5PQKQP9vio
LHTReNPp68LMjvaRRlAAVCxbrMurANAEL9vp1IzpEFEjL5jPzUpeB5/lQBnL2NnW
zSiUN/5p7TLftWKzhnW0rc2Vx39Iea2z/bGWlfWMNqA4bp78FxwRyEXFcf3xNVd/
TT2AZ4YqvO6zg9ONKOEe
=MmTr
-----END PGP SIGNATURE-----