-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2011/dsa-2309.wml 2014-04-30 13:16:25.000000000 +0600 +++ russian/security/2011/dsa-2309.wml 2016-10-02 02:14:48.333458471 +0500 @@ -1,36 +1,37 @@ - -<define-tag description>compromised certificate authority</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>ÑкомпÑомеÑиÑованнÑй авÑоÑиÑеÑ</define-tag> <define-tag moreinfo> - -<p>Several fraudulent SSL certificates have been found in the wild issued - -by the DigiNotar Certificate Authority, obtained through a security - -compromise of said company. After further updates on this incident, it - -has been determined that all of DigiNotar's signing certificates can no - -longer be trusted. - -Debian, like other software distributors and vendors, has decided to - -distrust all of DigiNotar's CAs. In this update, this is done in the - -crypto library (a component of the OpenSSL toolkit) by marking such - -certificates as revoked. - -Any application that uses said component should now reject certificates - -signed by DigiNotar. Individual applications may allow users to override - -the validation failure. However, making exceptions is highly - -discouraged and should be carefully verified.</p> - - - -<p>Additionally, a vulnerability has been found in the ECDHE_ECDS cipher - -where timing attacks make it easier to determine private keys. The - -Common Vulnerabilities and Exposures project identifies it as +<p>Ð Ñ Ð¾Ð¶Ð´ÐµÐ½Ð¸Ð¸ обнаÑÑжено неÑколÑко подделÑнÑÑ SSL-ÑеÑÑиÑикаÑов, вÑпÑÑеннÑÑ +авÑоÑиÑеÑом DigiNotar, коÑоÑÑе бÑли полÑÑÐµÐ½Ñ Ð¿ÑÑÑм компÑомеÑаÑии +Ñказанной компании. ÐоÑле полÑÑÐµÐ½Ð¸Ñ Ð´Ð°Ð»ÑнейÑÐ¸Ñ Ñведений об ÑÑом инÑиденÑе бÑло +ÑеÑено, ÑÑо ÑеÑÑиÑикаÑам DigiNotar более довеÑÑÑÑ +нелÑзÑ. +ÐÑÐ¾ÐµÐºÑ Debian как и дÑÑгие поÑÑавÑики ÐРпÑинÑл ÑеÑение об аннÑлиÑовании +довеÑÐ¸Ñ ÐºÐ¾ вÑем ÑеÑÑиÑикаÑам DigiNotar. Рданном обновлении ÑÑо Ñделано в +библиоÑеке crypto (компоненÑе набоÑа инÑÑÑÑменÑов OpenSSL) пÑÑÑм помеÑки +ÑказаннÑÑ ÑеÑÑиÑикаÑов как оÑозваннÑÑ . +ÐÑбое пÑиложение, иÑполÑзÑÑÑее ÑказаннÑй компоненÑ, ÑепеÑÑ Ð´Ð¾Ð»Ð¶Ð½Ð¾ оÑклонÑÑÑ ÑеÑÑиÑикаÑÑ, +подпиÑаннÑе DigiNotar. ÐÑделÑнÑе пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð³ÑÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð¿Ð¾Ð»ÑзоваÑелÑм обойÑи +оÑÐ¸Ð±ÐºÑ Ð¿ÑовеÑки ÑеÑÑиÑикаÑа. Тем не менее, наÑÑоÑÑелÑно ÑекомендÑеÑÑÑ +не делаÑÑ Ð¸ÑклÑÑений и ÑÑаÑелÑно пÑоизводиÑÑ Ð¿ÑовеÑÐºÑ ÑеÑÑиÑикаÑов.</p> + +<p>ÐÑоме Ñого, бÑла обнаÑÑжена ÑÑзвимоÑÑÑ Ð² ÑиÑÑе ECDHE_ECDS, из-за коÑоÑой +аÑаки по Ñайминагам облегÑаÑÑ Ð¾Ð¿Ñеделение закÑÑÑÑÑ ÐºÐ»ÑÑей. ÐÑÐ¾ÐµÐºÑ +Common Vulnerabilities and Exposures опÑеделÑÐµÑ ÑÑÑ ÑÑзвимоÑÑÑ ÐºÐ°Ðº <a href="https://security-tracker.debian.org/tracker/CVE-2011-1945">CVE-2011-1945</a>.</p> - -<p>For the oldstable distribution (lenny), these problems have been fixed in - -version 0.9.8g-15+lenny12.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 0.9.8g-15+lenny12.</p> - -<p>For the stable distribution (squeeze), these problems have been fixed in - -version 0.9.8o-4squeeze2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 0.9.8o-4squeeze2.</p> - -<p>For the testing distribution (wheezy), these problems will be fixed soon.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (wheezy) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð·Ð¶Ðµ.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 1.0.0e-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.0.0e-1.</p> - -<p>We recommend that you upgrade your openssl packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ openssl.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX8CdNAAoJEF7nbuICFtKl6XgP/0IKeuM/7BXflnHYpT86FaFF Czs1ys5lTA8uQaWlft5l/Jxd3SThpQlH+4g1E2cVMjPPpuQph3W8Df7iVMHqwjfx MgOQeFtd566xo2igvt33X5eS7qw4J+CHoTRSt9m2Xivok43fuMylkLooZBZSMjBe 1bzhoVq3mXPkl8GtdbzSAyn/zU7tdeC69c3xvcwcy0HzAy+yHaP/pRxbRCGHJhoJ M8CJlTClS/sN/29Dfb7IN/WWGbU5u8hH9daKI7AjPjyzBzXgSqJ3cO6yn9q6uzrR Lsu2A89hUkir6cOLb01FbRHCz9k/1C9Qc7NJRI9xiaYzNAY8EjI1TqSFbxx5VD3b KpVp+bI/sXrQ0jtrn8g2H/KhTKDxMqyaKFZ92xKBVWgfCgKNvhSGkKQKukmIVn5p e0Y4HrvZ6wGi58ZSDHPPL/yBHKmBWYTt7vuNUuaK5hmVsxHSdbLpOO5qVF59/GAI 5Hwu7xbc8ymTkGYSCZckD7NgURJybwTsBSQ02ZbyZ/7F0H/7LgmxQc+WvbHKVvcg LF5baxLcVp2+osey2J8vGHIEu8qyXYxTWTuzR3rB34qlRfbKKGKpM21hXbtauJO1 YGE6dUf2IStaMQhd+wHluaVkihhRxCY9Id6+t3eXiTXY+Lpq9m22mATmWjZceDXZ bDDCNzWIeXJ6dQ5vbZzh =ZNAy -----END PGP SIGNATURE-----