-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2010/dsa-1977.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-1977.wml 2016-09-30 23:40:12.561219523 +0500 @@ -1,31 +1,32 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy - -in the interpreter for the Python language, does not properly process malformed or - -crafted XML files. (<a href="https://security-tracker.debian.org/tracker/CVE-2009-3560">CVE-2009-3560</a> <a href="https://security-tracker.debian.org/tracker/CVE-2009-3720">CVE-2009-3720</a>) - -This vulnerability could allow an attacker to cause a denial of service while parsing - -a malformed XML file.</p> +<p>Юкка ТаимиÑÑо, ТеÑо РонÑÑи и РаÑли ÐакÑонен обнаÑÑжили, ÑÑо вÑÑÑÐ¾ÐµÐ½Ð½Ð°Ñ Ð² инÑеÑпÑеÑаÑÐ¾Ñ +ÑзÑка Python ÐºÐ¾Ð¿Ð¸Ñ Expat непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ Ð½ÐµÐºÐ¾ÑÑекÑнÑе или ÑпеÑиалÑно +ÑÑоÑмиÑованнÑе XML-ÑайлÑ. (<a href="https://security-tracker.debian.org/tracker/CVE-2009-3560">CVE-2009-3560</a> <a href="https://security-tracker.debian.org/tracker/CVE-2009-3720">CVE-2009-3720</a>) +ÐÑа ÑÑзвимоÑÑÑ Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²ÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании во вÑÐµÐ¼Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð³ÑаммаÑиÑеÑкого +ÑазбоÑа некоÑÑекÑного XML-Ñайла.</p> - -<p>In addition, this update fixes an integer overflow in the hashlib module in python2.5. - -This vulnerability could allow an attacker to defeat cryptographic digests. (<a href="https://security-tracker.debian.org/tracker/CVE-2008-2316">CVE-2008-2316</a>) - -It only affects the oldstable distribution (etch).</p> +<p>ÐÑоме Ñого, данное обновление иÑпÑавлÑÐµÑ Ð¿ÐµÑеполнение ÑелÑÑ ÑиÑел в модÑле hashlib в пакеÑе python2.5. +ÐÑа ÑÑзвимоÑÑÑ Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð¿ÑеодолеÑÑ ÐºÑипÑогÑаÑиÑеÑкие вÑÑавки. (<a href="https://security-tracker.debian.org/tracker/CVE-2008-2316">CVE-2008-2316</a>) +УÑзвимоÑÑÑ ÐºÐ°ÑаеÑÑÑ ÑолÑко пÑедÑдÑÑего ÑÑабилÑного вÑпÑÑка (etch).</p> - -<p>For the oldstable distribution (etch), these problems have been fixed in - -version 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (etch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.4.4-3+etch3 пакеÑа python2.4 и в веÑÑии 2.5-5+etch2 пакеÑа python2.5.</p> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 2.4.6-1+lenny1 for python2.4 and version 2.5.2-15+lenny1 for python2.5.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.4.6-1+lenny1 пакеÑа python2.4 и в веÑÑии 2.5.2-15+lenny1 пакеÑа python2.5.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 2.5.4-3.1 for python2.5, and will migrate to the testing distribution (squeeze) - -shortly. - -python2.4 has been removed from the testing distribution (squeeze), and it will - -be removed from the unstable distribution soon.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.5.4-3.1 пакеÑа python2.5 и в ÑкоÑом вÑемени пеÑейдÑÑ Ð² ÑеÑÑиÑÑемÑй +вÑпÑÑк (squeeze). +ÐÐ°ÐºÐµÑ python2.4 бÑл ÑдалÑн в ÑеÑÑиÑÑемом вÑпÑÑке (squeeze), в ÑкоÑом вÑемени он бÑÐ´ÐµÑ +ÑдалÑн и из неÑÑабилÑного вÑпÑÑка.</p> - -<p>We recommend that you upgrade your python packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ python.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2104.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2104.wml 2016-09-30 23:33:05.891134193 +0500 @@ -1,40 +1,41 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several remote vulnerabilities have been discovered in the BGP - -implementation of Quagga, a routing daemon.</p> +<p>Ð BGP-ÑеализаÑии Quagga, ÑлÑÐ¶Ð±Ñ Ð¼Ð°ÑÑÑÑÑизаÑии, бÑло обнаÑÑжено неÑколÑко +ÑдалÑннÑÑ ÑÑзвимоÑÑей.</p> - -<p>The Common Vulnerabilities and Exposures project identifies the - -following problems:</p> +<p>ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-2948">CVE-2010-2948</a> - - <p>When processing a crafted Route Refresh message received - - from a configured, authenticated BGP neighbor, Quagga - - may crash, leading to a denial of service.</p></li> + <p>ÐÑи обÑабоÑке ÑпеÑиалÑно ÑÑоÑмиÑованного ÑообÑÐµÐ½Ð¸Ñ Route Refresh, полÑÑенного + Ð¾Ñ Ð½Ð°ÑÑÑоенного аÑÑенÑиÑиÑиÑованного ÑоÑеднего BGP-Ñзла ÑабоÑа Quagga + Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ Ð·Ð°Ð²ÐµÑÑена аваÑийно, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-2949">CVE-2010-2949</a> - - <p>When processing certain crafted AS paths, Quagga would crash - - with a NULL pointer dereference, leading to a denial of - - service. In some configurations, such crafted AS paths could - - be relayed by intermediate BGP routers.</p></li> + <p>ÐÑи обÑабоÑке опÑеделÑннÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованнÑÑ AS-пÑÑей ÑабоÑа Quagga Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ + аваÑийно завеÑÑена Ñ ÑазÑменованием NULL-ÑказаÑелÑ, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº оÑÐºÐ°Ð·Ñ + в обÑлÑживании. ÐÑи некоÑоÑÑÑ Ð½Ð°ÑÑÑÐ¾Ð¹ÐºÐ°Ñ Ñакие ÑпеÑиалÑно ÑÑоÑмиÑованнÑе AS-пÑÑи могÑÑ + бÑÑÑ ÑеÑÑанÑлиÑÐ¾Ð²Ð°Ð½Ñ Ð¿ÑомежÑÑоÑнÑми BGP-маÑÑÑÑÑизаÑоÑами.</p></li> </ul> - -<p>In addition, this update contains a reliability fix: Quagga will no - -longer advertise confederation-related AS paths to non-confederation - -peers, and reject unexpected confederation-related AS paths by - -resetting the session with the BGP peer which is advertising them. - -(Previously, such AS paths would trigger resets of unrelated BGP - -sessions.)</p> +<p>ÐÑоме Ñого, данное обновление ÑодеÑÐ¶Ð¸Ñ Ð¸ÑпÑавление надÑжноÑÑи: Quagga более +не ÑаÑÑÑÐ»Ð°ÐµÑ ÑвÑзаннÑе Ñ ÐºÐ¾Ð½ÑедеÑаÑией AS-пÑÑи Ñзлам, не Ð²Ñ Ð¾Ð´ÑÑим в +конÑедеÑаÑиÑ, и оÑклонÑÐµÑ Ð½ÐµÐ¾Ð¶Ð¸Ð´Ð°Ð½Ð½Ñе ÑвÑзаннÑе Ñ ÐºÐ¾Ð½ÑедеÑаÑией AS-пÑÑи +пÑÑÑм пеÑенаÑÑÑойки ÑеÑÑии Ñ BGP-Ñзлом, ÑаÑÑÑлаÑÑим Ñакие пÑÑи. +(Ранее Ñакие AS-пÑÑи пÑиводили к ÑбÑоÑÑ Ð½ÐµÑвÑзаннÑÑ +BGP-ÑеÑÑий.)</p> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 0.99.10-1lenny3.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 0.99.10-1lenny3.</p> - -<p>For the unstable distribution (sid) and the testing distribution - -(squeeze), these problems have been fixed in version 0.99.17-1.</p> +<p>РнеÑÑабилÑном (sid) и ÑеÑÑиÑÑемом (squeeze) вÑпÑÑÐºÐ°Ñ +ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 0.99.17-1.</p> - -<p>We recommend that you upgrade your quagga package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ quagga.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX7rGQAAoJEF7nbuICFtKlYHkQAI7tTJRZbvwrQHWY90Jem6DH 8hEYSHwMtKO3VhqpJBKDjwcG5wd9hZAjNkJ6Lp/bQZDn41no98nVzFYAxvGHiVQL R3rm3Mq3SVtb0i/8MIsjBZTwlwprP5l9PXuwA9HNq18h37nV8enXs43ZYoZPUgQK sHO3TFz5UEa+oCWHpltigLT/2feVlG8k6cXLnMvZKogO3/9yY27AB2Qq7b3W6cuF eVx9KIAZPfL0Q2VTeVzXfBxmNFVcox354Mgsv7uKTuq4VWIDiei84mbHIABttbdJ X8/+MaAi1yV/04nXMVZlN0MNHU05+hkESVnI+4DyFTHLbt3KJ5ed4sfGJpdQvPUx ztTKnR8qIeJuprW+0F4JMsMkkl8b764NQEnk7GBD8g1KY4q3OYJ3jy88Pwc0t/u4 qgbCCFFixx5J/I4U1zuOmgkZI8aE6tbc5pM76x4mOSsK8DH1gA2HC45zjZRF3Jo8 sPuGJIbK8q0zfzFvS/zvYyzlVaXRjyRvdDQ72tmOyyWKocIaXXp3IAQuJaq8lbZD Sw690Mayh+xvj3m2AGnPWNzL54Zirw+Lgf9xuYytP42CIVPCD3UzKOrWmFQ+BYJx N8w8VW+yRRvhb5QgTwcsGvERLmIb+AZGQeaZj5kYpK1VMPZ+xgmtp8KDUagGEdsR N9rui1xyd2IlOKhMbx1H =jR7q -----END PGP SIGNATURE-----

