-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2011/dsa-2233.wml 2014-04-30 13:16:24.000000000 +0600 +++ russian/security/2011/dsa-2233.wml 2016-10-02 01:42:06.649989971 +0500 @@ -1,39 +1,40 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities were discovered in Postfix, a mail transfer - -agent. The Common Vulnerabilities and Exposures project identifies - -the following problems:</p> +<p>Ð Postfix, агенÑе пеÑедаÑи ÑлекÑÑонной поÑÑÑ, бÑло обнаÑÑжено неÑколÑко +ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-2939">CVE-2009-2939</a> - - <p>The postinst script grants the postfix user write access to - - /var/spool/postfix/pid, which might allow local users to - - conduct symlink attacks that overwrite arbitrary files.</p></li> + <p>СÑенаÑий, запÑÑкаемÑй поÑле ÑÑÑановки пакеÑа, даÑÑ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ postfix доÑÑÑп к + /var/spool/postfix/pid Ñ Ð¿Ñавом на запиÑÑ, ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð»Ð¾ÐºÐ°Ð»ÑнÑм полÑзоваÑелÑм + вÑполнÑÑÑ Ð°Ñаки ÑеÑез ÑимволÑнÑе ÑÑÑлки Ñ ÑелÑÑ Ð¿ÐµÑезапиÑи пÑоизволÑнÑÑ Ñайлов.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-0411">CVE-2011-0411</a> - - <p>The STARTTLS implementation does not properly restrict I/O - - buffering, which allows man-in-the-middle attackers to insert - - commands into encrypted SMTP sessions by sending a cleartext - - command that is processed after TLS is in place.</p></li> + <p>РеализаÑÐ¸Ñ STARTTLS непÑавилÑно огÑаниÑÐ¸Ð²Ð°ÐµÑ Ð±ÑÑеÑизаÑÐ¸Ñ Ð²Ð²Ð¾Ð´Ð°/вÑвода, + ÑÑо позволÑÐµÑ Ð·Ð»Ð¾ÑмÑÑленникам, вÑполнÑÑÑим аÑаки по пÑинÑÐ¸Ð¿Ñ Ñеловек-в-ÑеÑедине, вÑÑавлÑÑÑ + ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð² заÑиÑÑованнÑе SMTP-ÑеÑÑии пÑÑÑм оÑпÑавки ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð² виде обÑÑного + ÑекÑÑа, коÑоÑÐ°Ñ Ð¾Ð±ÑабаÑÑваеÑÑÑ Ð¿Ð¾Ñле наÑÑÑойки TLS.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-1720">CVE-2011-1720</a> - - <p>A heap-based read-only buffer overflow allows malicious - - clients to crash the smtpd server process using a crafted SASL - - authentication request.</p></li> + <p>ÐеÑеполнение динамиÑеÑкой памÑÑи, оÑкÑÑÑой ÑолÑко Ð´Ð»Ñ ÑÑениÑ, позволÑÐµÑ Ð·Ð»Ð¾ÑмÑÑленникам + аваÑийно оÑÑанавливаÑÑ ÑеÑвеÑнÑй пÑоÑеÑÑ, иÑполÑзÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованнÑй запÑÐ¾Ñ + SASL-аÑÑенÑиÑикаÑии.</p></li> </ul> - -<p>For the oldstable distribution (lenny), this problem has been fixed in - -version 2.5.5-1.1+lenny1.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.5.5-1.1+lenny1.</p> - -<p>For the stable distribution (squeeze), this problem has been fixed in - -version 2.7.1-1+squeeze1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.7.1-1+squeeze1.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 2.8.0-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.8.0-1.</p> - -<p>We recommend that you upgrade your postfix packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ postfix.</p> </define-tag> # do not modify the following line - --- english/security/2011/dsa-2345.wml 2014-04-30 13:16:25.000000000 +0600 +++ russian/security/2011/dsa-2345.wml 2016-10-02 01:52:42.918248567 +0500 @@ -1,39 +1,40 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in Icedove, a mail client - -based on Thunderbird.</p> +<p>Ð Icedove, поÑÑовом клиенÑе на оÑнове Thunderbird, бÑло обнаÑÑжено +неÑколÑко ÑÑзвимоÑÑей.</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3647">CVE-2011-3647</a> - - <p>The JSSubScriptLoader does not properly handle - - XPCNativeWrappers during calls to the loadSubScript method in - - an add-on, which makes it easier for remote attackers to gain - - privileges via a crafted web site that leverages certain - - unwrapping behavior.</p></li> + <p>JSSubScriptLoader непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ + XPCNativeWrappers во вÑÐµÐ¼Ñ Ð²Ñзовов меÑода loadSubScript в + дополнении, ÑÑо облегÑÐ°ÐµÑ ÑдалÑннÑм злоÑмÑÑленникам задаÑÑ Ð¿Ð¾ полÑÑÐµÐ½Ð¸Ñ + пÑивилегий Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованного веб-ÑайÑа, оÑÑÑеÑÑвлÑÑÑего опÑеделÑннÑе + дейÑÑвиÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3648">CVE-2011-3648</a> - - <p>A cross-site scripting (XSS) vulnerability allows remote - - attackers to inject arbitrary web script or HTML via crafted - - text with Shift JIS encoding.</p></li> - - - -<li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3650">CVE-2011-3650</a> - - <p>Iceweasel does not properly handle JavaScript files that - - contain many functions, which allows user-assisted remote - - attackers to cause a denial of service (memory corruption and - - application crash) or possibly have unspecified other impact - - via a crafted file that is accessed by debugging APIs, as - - demonstrated by Firebug.</p></li> + <p>ÐежÑайÑовÑй ÑкÑипÑинг (XSS) позволÑÐµÑ ÑдалÑннÑм + злоÑмÑÑленникам вводиÑÑ Ð¿ÑоизволÑнÑй веб-ÑÑенаÑий или код HTML Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑпеÑиалÑно + ÑÑоÑмиÑованного ÑекÑÑа в кодиÑовке Shift JIS.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3650">CVE-2011-3650</a> + <p>Iceweasel непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ ÑÐ°Ð¹Ð»Ñ JavaScript, ÑодеÑжаÑие + много ÑÑнкÑий, ÑÑо позволÑÐµÑ ÑдалÑннÑм злоÑмÑÑленникам + вÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании (повÑеждение ÑодеÑжимого памÑÑи и + аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка пÑиложениÑ) или оказÑваÑÑ Ð´ÑÑгое неопÑеделÑнное влиÑние + на ÑиÑÑÐµÐ¼Ñ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованного Ñайла, к коÑоÑÐ¾Ð¼Ñ Ð¾Ð±ÑаÑаÑÑÑÑ ÑÑнкÑии API + оÑладки, напÑимеÑ, ÑÑнкÑии Firebug.</p></li> </ul> - -<p>For the stable distribution (squeeze), these problems have been fixed - -in version 3.0.11-1+squeeze6.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 3.0.11-1+squeeze6.</p> - -<p>For the testing distribution (wheezy) and the unstable distribution - -(sid), these problems have been fixed in version 3.1.15-1.</p> +<p>Ð ÑеÑÑиÑÑемом (wheezy) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ +ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 3.1.15-1.</p> - -<p>We recommend that you upgrade your icedove packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ icedove.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX8CIeAAoJEF7nbuICFtKlfeYQAJjrNIz/ZTXyHnkThQ/M/KNv LqSN2uY0qta0lm9Or2y8dIlE0FZd94CPPRGqVVgVjDq6dTC9k4mOfIJLcMPZWdcr 8LKGtwuBxnGQmZXOyvbkCkyWSOCcTBT01uWk/xofjb7wCxD2ubCyKHBVViIPmLO4 qO50xvUm12jT5CjWg3UJvDV0qR0uoBuRVXxqq0tfDeEm6l4QElowVAp+oRhfVfq5 15yZtbtiCKBcK1aye7PZ0KnmAvx1PGVXCp7uP1RfgydhbJbZHsfqYGCtKqAoC9Yw S5zal/r1ZKhwizno7Ui87bo21PXA7m/6jzkJ0WK9NjPyn26GsO01mkKraZXz1hk8 /JLVsB4QA99YPRRCKc7WYbIfmTsEz4zwEVw30gUmoUVZfcMklvw4b8H+P4BRmTsb ShCmlDbZFukDjGZu6F0TlRKkg6ClAm28kz9ivqibKpANFfdksqIFimmujf9Yy47a coDXWx48DnySMoZyUpQmmEOhWyvOUtHO9tuHPa68YIbmYJoNctK3kc06R7d9F0MQ 89c9lMMEIqWCPcx/qV20gFp8g7EaFGagu+ZZkWZzdWcbuPQ3ANZ93Htjq/6l9t31 zEmxcsBNe6GJjykNjNyWWKX9YE5rNQn31Cv0lKXx4jxl6RvlT7k85PWxiYvb1oof 0/YoexoYQIo3cxXYgMvf =EFx2 -----END PGP SIGNATURE-----

