-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2002/dsa-122.wml 2002-03-12 12:41:28.000000000 +0500 +++ russian/security/2002/dsa-122.wml 2016-09-22 23:07:11.374049467 +0500 @@ -1,18 +1,19 @@ - -<define-tag description>malloc error (double free)</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>оÑибка вÑÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ð¿Ð°Ð¼ÑÑи (двойное оÑвобождение памÑÑи)</define-tag> <define-tag moreinfo> - -<p>The compression library zlib has a flaw in which it attempts to free - -memory more than once under certain conditions. This can possibly be - -exploited to run arbitrary code in a program that includes zlib. If a - -network application running as root is linked to zlib, this could - -potentially lead to a remote root compromise. No exploits are known at - -this time. This vulnerability is assigned the CVE candidate name of +<p>ÐиблиоÑека ÑжаÑÐ¸Ñ zlib ÑодеÑÐ¶Ð¸Ñ Ð¾ÑибкÑ, из-за коÑоÑой пÑи опÑеделÑннÑÑ ÑÑловиÑÑ +она пÑÑаеÑÑÑ Ð¾ÑвободиÑÑ Ð¿Ð°Ð¼ÑÑÑ Ð±Ð¾Ð»ÐµÐµ одного Ñаза. ÐÑа оÑибка поÑенÑиалÑно Ð¼Ð¾Ð¶ÐµÑ +иÑполÑзоваÑÑÑÑ Ð´Ð»Ñ Ð·Ð°Ð¿ÑÑка пÑоизволÑного кода в пÑогÑамме, вклÑÑаÑÑей zlib. ÐÑли +ÑеÑевое пÑиложение, запÑÑенное Ð¾Ñ Ð»Ð¸Ñа ÑÑпеÑполÑзоваÑелÑ, Ñкомпоновано Ñ zlib, Ñо ÑÑо поÑенÑиалÑно +Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº ÑдалÑнной компÑомеÑаÑии ÑÑпеÑполÑзоваÑелÑ. РнаÑÑоÑÑее вÑÐµÐ¼Ñ ÑкÑплоиÑÑ +не извеÑÑнÑ. ÐÐ°Ð½Ð½Ð°Ñ ÑÑзвимоÑÑÑ Ð¿Ð¾Ð»ÑÑила кандидаÑ-иденÑиÑикаÑÐ¾Ñ CVE, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059">CAN-2002-0059</a>.</p> - -<p>The zlib vulnerability is fixed in the Debian zlib package version - -1.1.3-5.1. A number of programs either link statically to zlib or include - -a private copy of zlib code. These programs must also be upgraded - -to eliminate the zlib vulnerability. The affected packages and fixed - -versions follow:</p> +<p>УÑзвимоÑÑÑ Ð² zlib бÑла иÑпÑавлена в пакеÑе zlib веÑÑии +1.1.3-5.1. Ð Ñд пÑогÑамм ÑÑаÑиÑеÑки ÑÐºÐ¾Ð¼Ð¿Ð¾Ð½Ð¾Ð²Ð°Ð½Ñ Ñ zlib, либо вклÑÑаÑÑ Ð² ÑÐµÐ±Ñ +ÑобÑÑвеннÑÑ ÐºÐ¾Ð¿Ð¸Ñ ÐºÐ¾Ð´Ð° zlib. ÐÑи пÑогÑÐ°Ð¼Ð¼Ñ Ñоже ÑледÑÐµÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ñ ÑелÑÑ +ÑÑÑÑÐ°Ð½ÐµÐ½Ð¸Ñ ÑÑзвимоÑÑи в zlib. ÐодвеÑженнÑе ÑÑзвимоÑÑи пакеÑÑ Ð¸ Ð¸Ñ Ð¸ÑпÑавленнÑе +веÑÑии пÑиводÑÑÑÑ Ð½Ð¸Ð¶Ðµ:</p> <ul> <li> amaya 2.4-1potato1 @@ -25,15 +26,15 @@ <li> vrweb 1.5-5.1 </ul> - -<p>Those using the pre-release (testing) version of Debian should upgrade - -to zlib 1.1.3-19.1 or a later version. Note that since this version of - -Debian has not yet been released it may not be available immediately for - -all architectures. Debian 2.2 (potato) is the latest supported release.</p> +<p>Те, кÑо иÑполÑзÑÑÑ Ð¿ÑедваÑиÑелÑнÑй (ÑеÑÑиÑÑемÑй) вÑпÑÑк Debian, Ð´Ð¾Ð»Ð¶Ð½Ñ +вÑполниÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ до zlib веÑÑии 1.1.3-19.1 или более поздней. ÐамеÑÑÑе, ÑÑо поÑколÑÐºÑ ÑÑа веÑÑÐ¸Ñ +Debian пока не бÑла вÑпÑÑенÑ, Ñо ÑÑÐ¾Ñ Ð¿Ð°ÐºÐµÑ Ð¼Ð¾Ð¶ÐµÑ Ð½Ðµ бÑÑÑ Ð´Ð¾ÑÑÑпен Ð´Ð»Ñ Ð²ÑÐµÑ Ð°ÑÑ Ð¸ÑекÑÑÑ +одновÑеменно. Debian 2.2 (potato) ÑвлÑеÑÑÑ Ð½Ð°Ð¸Ð±Ð¾Ð»ÐµÐµ Ñвежим поддеÑживаемÑм вÑпÑÑком.</p> - -<p>We recommend that you upgrade your packages immediately. Note that you - -should restart all programs that use the shared zlib library in order - -for the fix to take effect. This is most easily done by rebooting the - -system.</p> +<p>РекомендÑеÑÑÑ ÐºÐ°Ðº можно ÑкоÑее обновиÑÑ Ð¿Ð°ÐºÐµÑÑ. ÐамеÑÑÑе, ÑÑо вам +ÑледÑÐµÑ Ð¿ÐµÑезапÑÑÑиÑÑ Ð²Ñе пÑогÑаммÑ, иÑполÑзÑÑÑие ÑазделÑемÑÑ Ð±Ð¸Ð±Ð»Ð¸Ð¾ÑÐµÐºÑ zlib Ð´Ð»Ñ Ñого, ÑÑÐ¾Ð±Ñ +ÑÑо иÑпÑавление наÑало дейÑÑвоваÑÑ. ÐÑоÑе вÑего можно ÑделаÑÑ Ð¿ÑÑÑм пеÑезапÑÑка +вÑей ÑиÑÑемÑ.</p> </define-tag> # do not modify the following line - --- english/security/2002/dsa-163.wml 2002-09-16 23:38:45.000000000 +0600 +++ russian/security/2002/dsa-163.wml 2016-09-22 22:57:55.471687847 +0500 @@ -1,19 +1,20 @@ - -<define-tag description>cross site scripting</define-tag> +#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov" +<define-tag description>межÑайÑовÑй ÑкÑипÑинг</define-tag> <define-tag moreinfo> - -<p>Jason Molenda and Hiromitsu Takagi - -<a href="http://online.securityfocus.com/archive/1/268455">found</a> - -ways to exploit cross site - -scripting bugs in mhonarc, a mail to HTML converter. When processing - -maliciously crafted mails of type text/html mhonarc does not - -deactivate all scripting parts properly. This is fixed in upstream - -version 2.5.3.</p> - - - -<p>If you are worried about security, it is recommended that you disable - -support of text/html messages in your mail archives. There is no - -guarantee that the mhtxthtml.pl library is robust enough to eliminate - -all possible exploits that can occur with HTML data.</p> +<p>ÐжейÑон Ðоленда и ХиÑомиÑÑÑ Ð¢Ð°ÐºÐ°Ð³Ð¸ +<a href="http://online.securityfocus.com/archive/1/268455">обнаÑÑжили</a> +ÑпоÑÐ¾Ð±Ñ Ð¸ÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¼ÐµÐ¶ÑайÑового ÑкÑипÑинга +в mhonarc, пÑогÑамме Ð´Ð»Ñ Ð¿ÑеобÑÐ°Ð·Ð¾Ð²Ð°Ð½Ð¸Ñ ÑообÑений ÑлекÑÑонной поÑÑÑ Ð² HTML. ÐÑи обÑабоÑке +ÑпеÑиалÑно ÑÑоÑмиÑованнÑÑ ÑообÑений Ñ Ñипом text/html mhonarc непÑавилÑно +оÑклÑÑÐ°ÐµÑ ÑаÑÑи ÑÑенаÑиÑ. ÐÑа пÑоблема иÑпÑавлена в веÑÑии 2.5.3 +в оÑновной веÑке ÑазÑабоÑки.</p> + +<p>ÐÑли Ð²Ð°Ñ Ð²Ð¾Ð»Ð½ÑÐµÑ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑÑ, Ñо ÑекомендÑеÑÑÑ Ð¾ÑклÑÑиÑÑ +поддеÑÐ¶ÐºÑ ÑообÑений text/html в ваÑем поÑÑовом аÑÑ Ð¸Ð²Ðµ. ÐÐµÑ Ð½Ð¸ÐºÐ°ÐºÐ¾Ð¹ +гаÑанÑии, ÑÑо библиоÑека mhtxthtml.pl доÑÑаÑоÑна надÑжна, ÑÑÐ¾Ð±Ñ +ÑпÑавиÑÑÑ Ñо вÑеми возможнÑми ÑÑзвимоÑÑÑми, коÑоÑÑе могÑÑ Ð²Ð¾Ð·Ð½Ð¸ÐºÐ½ÑÑÑ Ð² HTML-даннÑÑ .</p> - -<p>To exclude HTML data, you can use the MIMEEXCS resource. For example:</p> +<p>ÐÐ»Ñ Ñого, ÑÑÐ¾Ð±Ñ Ð¸ÑклÑÑиÑÑ HTML-даннÑе, Ð²Ñ Ð¼Ð¾Ð¶ÐµÑе иÑполÑзоваÑÑ ÑеÑÑÑÑ MIMEEXCS. ÐапÑимеÑ:</p> <pre> <MIMEExcs> @@ -22,11 +23,11 @@ </MIMEExcs> </pre> - -<p>The type "text/x-html" is probably not used any more, but is good to - -include it, just-in-case.</p> +<p>ÐеÑоÑÑно, Ñип "text/x-html" более не иÑполÑзÑеÑÑÑ, но лÑÑÑе +на вÑÑкий ÑлÑÑай добавиÑÑ Ð¸ его.</p> - -<p>If you are concerned that this could block out the entire contents of - -some messages, then you could do the following instead:</p> +<p>ÐÑли Ð²Ñ ÑÑиÑаеÑе, ÑÑо ÑÑо пÑиведÑÑ Ðº блокиÑовке вÑего ÑодеÑжимого +некоÑоÑÑÑ ÑообÑений, Ñо Ð²Ñ Ð¼Ð¾Ð¶ÐµÑе иÑполÑзоваÑÑ ÑледÑÑÑие наÑÑÑойки:</p> <pre> <MIMEFilters> @@ -35,14 +36,14 @@ </MIMEFilters> </pre> - -<p>This treats the HTML as text/plain.</p> +<p>ÐÑи ÑÑÐ¸Ñ Ð½Ð°ÑÑÑÐ¾Ð¹ÐºÐ°Ñ HTML ÑаÑÑмаÑÑиваеÑÑÑ Ð² каÑеÑÑве text/plain.</p> - -<p>The above problems have been fixed in version 2.5.2-1.1 for the - -current stable distribution (woody), in version 2.4.4-1.1 for - -the old stable distribution (potato) and in version 2.5.11-1 for the - -unstable distribution (sid).</p> +<p>УказаннÑе вÑÑе пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 2.5.2-1.1 в +ÑекÑÑем ÑÑабилÑном вÑпÑÑке (woody), в веÑÑии 2.4.4-1.1 в +пÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (potato) и в веÑÑии 2.5.11-1 в +неÑÑабилÑном вÑпÑÑке (sid).</p> - -<p>We recommend that you upgrade your mhonarc packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ mhonarc.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5B3TAAoJEF7nbuICFtKl3oAQAKB0HJO+yfHsa8VSECm1HdE8 aAxL/68QRjhgp6hoiwEH6GiDdzmXHncUaKOMKg7TOOmzHICgY/xYptPBzoBQlCXd 3pb8SF18Msh3M7nqYmadyNMtNF5pYYamGyg81VliH556pP7TmNRW6HOCckSxWqNK tu7K7kpSAcrg5dUpBN92eg6XGQpxRhopfxeXasNTuzm9qtY05FHfCI5gEDJ/ILh/ 0WvovhE4eTyFbEW0dJmqrw0ehgPmoaW+FJt0wjq8IGncKjE1buUdP+yXs8IM3rpH D1TsomGip9jEPyECmMtN/wiP+5FB1ZL87VUIy+XjFfvz1BP7b3yFy4qs4+788yys jMG8hbG9h1Aw6ZxHicPh+FLbpq8BRVMXYFGP9OgrK9wVShGcjeVSGwGa7nZHa+XI T9lfuzZzSFGvNSlabNB1gRQe1vi0RVrJgmy2dfuWZ2xiohbAMRKnDTPYYpTw/TxS yogRvzBPhO0rYWsyEp2z2yoWfeqPRcEOsq6ClkWxEns3y81hKCSplnH0y91DEeRS XTZxos+vn7uy4bidzaTEwPVv+E4zdDMGzDvdCgnw3XS2G5X8+odV0C5Y6OUrjZ1e s38Z0616btisu+G/LdQUiHACiGIYhsvj42ePsJlCriwR8AjN3LCRVoZxBbTUVgtd MGwlTDvk5n0EgyCkAB9m =qbLx -----END PGP SIGNATURE-----

