-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2010/dsa-2027.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2027.wml 2016-09-30 23:13:56.247853489 +0500 @@ -1,50 +1,51 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several remote vulnerabilities have been discovered in Xulrunner, a - -runtime environment for XUL applications, such as the Iceweasel web - -browser. The Common Vulnerabilities and Exposures project identifies - -the following problems:</p> +<p>Ð Xulrunner, окÑÑжении вÑемени иÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð´Ð»Ñ XUL-пÑиложений +(ÑÐ°ÐºÐ¸Ñ ÐºÐ°Ðº веб-бÑаÑÐ·ÐµÑ Iceweasel), бÑло обнаÑÑжено неÑколÑко +ÑдалÑннÑÑ ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0174">CVE-2010-0174</a> - - <p>Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout - - engine, which might allow the execution of arbitrary code.</p></li> + <p>ÐжеÑÑ Ð Ð°Ð´ÐµÑман и ÐÑ Ñан ÐÑ Ð³Ð°Ñи обнаÑÑжили аваÑийнÑе оÑÑановки в движке + ÑазмеÑÑ, коÑоÑÑе могÑÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð²ÑполниÑÑ Ð¿ÑоизволÑнÑй код.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0175">CVE-2010-0175</a> - - <p>It was discovered that incorrect memory handling in the XUL event - - handler might allow the execution of arbitrary code.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо некоÑÑекÑÐ½Ð°Ñ ÑабоÑа Ñ Ð¿Ð°Ð¼ÑÑÑ Ð² обÑабоÑÑике + XUL-ÑобÑÑий Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð²ÑполниÑÑ Ð¿ÑоизволÑнÑй код.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0176">CVE-2010-0176</a> - - <p>It was discovered that incorrect memory handling in the XUL event - - handler might allow the execution of arbitrary code.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо некоÑÑекÑÐ½Ð°Ñ ÑабоÑа Ñ Ð¿Ð°Ð¼ÑÑÑÑ Ð² обÑабоÑÑике + XUL-ÑобÑÑий Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð²ÑполниÑÑ Ð¿ÑоизволÑнÑй код.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0177">CVE-2010-0177</a> - - <p>It was discovered that incorrect memory handling in the plugin code - - might allow the execution of arbitrary code.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо некоÑÑекÑÐ½Ð°Ñ ÑабоÑа Ñ Ð¿Ð°Ð¼ÑÑÑÑ Ð² коде дополнений + Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð²ÑполниÑÑ Ð¿ÑоизволÑнÑй код.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0178">CVE-2010-0178</a> - - <p>Paul Stone discovered that forced drag-and-drop events could lead to - - Chrome privilege escalation.</p></li> + <p>Ðол СÑоÑн обнаÑÑжил, ÑÑо пÑинÑдиÑелÑнÑе ÑобÑÑÐ¸Ñ drag-and-drop могÑÑ Ð¿ÑиводиÑÑ + к повÑÑÐµÐ½Ð¸Ñ Ð¿Ñивилегий Chrome.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0179">CVE-2010-0179</a> - - <p>It was discovered that a programming error in the XMLHttpRequestSpy - - module could lead to the execution of arbitrary code.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо оÑибка пÑогÑаммиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð² модÑле XMLHttpRequestSpy + Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода.</p></li> </ul> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 1.9.0.19-1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.9.0.19-1.</p> - -<p>For the unstable distribution (sid), these problems will be fixed soon.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð·Ð¶Ðµ.</p> - -<p>We recommend that you upgrade your xulrunner packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ xulrunner.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2057.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2057.wml 2016-09-30 23:23:56.839078012 +0500 @@ -1,54 +1,55 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in the MySQL - -database server. - -The Common Vulnerabilities and Exposures project identifies the - -following problems:</p> +<p>Ð ÑеÑвеÑе баз даннÑÑ MySQL бÑло обнаÑÑжено неÑколÑко +ÑÑзвимоÑÑей. +ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-1626">CVE-2010-1626</a> - -<p>MySQL allows local users to delete the data and index files of another - -user's MyISAM table via a symlink attack in conjunction with the DROP - -TABLE command.</p></li> +<p>MySQL позволÑÐµÑ Ð»Ð¾ÐºÐ°Ð»ÑнÑм полÑзоваÑелÑм ÑдалÑÑÑ Ð´Ð°Ð½Ð½Ñе и ÑÐ°Ð¹Ð»Ñ Ñ Ð¸Ð½Ð´ÐµÐºÑами в ÑаблиÑе +MyISAM дÑÑгого полÑзоваÑÐµÐ»Ñ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð°Ñаки ÑеÑез ÑимволÑнÑе ÑÑÑлки вмеÑÑе Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾Ð¹ +DROP TABLE.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-1848">CVE-2010-1848</a> - -<p>MySQL failed to check the table name argument of a COM_FIELD_LIST - -command packet for validity and compliance to acceptable table name - -standards. This allows an authenticated user with SELECT privileges on - -one table to obtain the field definitions of any table in all other - -databases and potentially of other MySQL instances accessible from the - -server's file system.</p></li> +<p>MySQL не вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ð¸Ð¼ÐµÐ½Ð¸ ÑаблиÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð³Ð¾ пакеÑа COM_FIELD_LIST +на пÑÐµÐ´Ð¼ÐµÑ ÐºÐ¾ÑÑекÑноÑÑи и ÑооÑвеÑÑÑÐ²Ð¸Ñ Ð¿ÑинÑÑÑм ÑÑандаÑÑам имÑн +ÑаблиÑ. ÐÑо позволÑÐµÑ Ð°ÑÑенÑиÑиÑиÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð¼Ñ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ Ñ Ð¿Ñавами на вÑполнение ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ SELECT +Ð´Ð»Ñ Ð¾Ð´Ð½Ð¾Ð¹ ÑаблиÑÑ Ð¿Ð¾Ð»ÑÑаÑÑ Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð»ÐµÐ¹ лÑбой ÑаблиÑÑ Ð²Ð¾ вÑÐµÑ Ð´ÑÑÐ³Ð¸Ñ +Ð±Ð°Ð·Ð°Ñ Ð´Ð°Ð½Ð½ÑÑ Ð¸ поÑенÑиалÑно в дÑÑÐ³Ð¸Ñ ÑкземплÑÑÐ°Ñ MySQL, доÑÑÑпнÑÑ Ð¸Ð· +Ñайловой ÑиÑÑÐµÐ¼Ñ ÑеÑвеÑа.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-1849">CVE-2010-1849</a> - -<p>MySQL could be tricked to read packets indefinitely if it received a - -packet larger than the maximum size of one packet. - -This results in high CPU usage and thus denial of service conditions.</p></li> +<p>С помоÑÑÑ MySQL можно неогÑаниÑенно ÑÑиÑÑваÑÑ Ð¿Ð°ÐºÐµÑÑ Ð² ÑлÑÑае, еÑли ÑеÑÐ²ÐµÑ Ð¿Ð¾Ð»ÑÑÐ°ÐµÑ +Ð¿Ð°ÐºÐµÑ Ð±Ð¾Ð»ÑÑего ÑазмеÑа, Ñем макÑималÑнÑй ÑÐ°Ð·Ð¼ÐµÑ Ð¾Ð´Ð½Ð¾Ð³Ð¾ пакеÑа. +ÐÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº вÑÑÐ¾ÐºÐ¾Ð¼Ñ Ð¿Ð¾ÑÑÐµÐ±Ð»ÐµÐ½Ð¸Ñ ÑеÑÑÑÑов ЦРи оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-1850">CVE-2010-1850</a> - -<p>MySQL was susceptible to a buffer-overflow attack due to a - -failure to perform bounds checking on the table name argument of a - -COM_FIELD_LIST command packet. By sending long data for the table - -name, a buffer is overflown, which could be exploited by an - -authenticated user to inject malicious code.</p></li> +<p>ÐÑедÑÑавлÑеÑÑÑ, ÑÑо ÑеÑÐ²ÐµÑ MySQL ÑÑзвим к пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа из-за Ñого, ÑÑо +он не вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ð³ÑÐ°Ð½Ð¸Ñ Ð² имени ÑаблиÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð³Ð¾ пакеÑа +COM_FIELD_LIST. ÐÑпÑавка вмеÑÑо имени ÑаблиÑÑ Ð±Ð¾Ð»ÑÑого колиÑеÑÑва +даннÑÑ Ð¿ÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа, ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ +аÑÑенÑиÑиÑиÑованнÑм полÑзоваÑелем Ð´Ð»Ñ Ð²Ð²ÐµÐ´ÐµÐ½Ð¸Ñ Ð²ÑедоноÑного кода.</p></li> </ul> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 5.0.51a-24+lenny4</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 5.0.51a-24+lenny4</p> - -<p>The testing (squeeze) and unstable (sid) distribution do not contain - -mysql-dfsg-5.0 anymore.</p> +<p>Ð ÑеÑÑиÑÑемом (squeeze) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ Ð¿Ð°ÐºÐµÑ +mysql-dfsg-5.0 оÑÑÑÑÑÑвÑеÑ.</p> - -<p>We recommend that you upgrade your mysql-dfsg-5.0 package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ mysql-dfsg-5.0.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX7q3AAAoJEF7nbuICFtKlXl8QAKkRQJ3OnO54bzSF53qHh9JS cL6RY0skDcWdg8j9K4qPIGN/73CrlUBIhgcdYh15afZlZQ2g+e0Rz/nTvPxlbwIY N7dflUBUP1e6fW5EihwwpKaIN1Fq+7oHS4aurf7I1rPXcHbXuuYZL9eFEMKrHsbl Cmetgyjr8UhJtLKoRS8/oI12X2TgpZF16ltSueCl/IR7GWSOQiYCZueXI09T/One DN9Qgb/WEYg4/hz1Wjf91ne+M9vgdrsWeGKQ7M9YH3SV3Oz/do0t3ZO5O1xQ9rkB ZWjRqOSTQHMo+ZyJm/1FMRhvR7E+Kn26K9TYFhQAJ8+NMSnN9OCC4MD6z+NEDTdl y9ej04HTNHHbFo1lkrwvvCBL2I7/jnxstTjEeZIkkSu5eL48l1kF5q01urYKq3fn Eg3ChN+D/IoZlgciaNbZyr6NucDJtHLrA7z3xC3VWyBBw6VdBwN0IKNgamIC1CgB TCP5QiZBy1NUXEJoWV5LguwDWwA8eJ0UCco7H+irAu6S4EiUR54xLIo/Bq6uOuJI ZmriPjdnIGutqlWkdmqvzDb0hR241w3x/ebNGeKFpjD8WBX8tsVmqIYh3jtxLnei FbPnSfKDgd0KaaRWpghCj0L2NaE6bvJR33Y27rUjK7m3CghVV41msH8p3gFLcouW B/C2Qoe+hNERYmNjJOy6 =5XkZ -----END PGP SIGNATURE-----

