-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2005/dsa-707.wml 2005-04-13 20:45:49.000000000 +0600 +++ russian/security/2005/dsa-707.wml 2016-10-18 00:39:18.743887870 +0500 @@ -1,48 +1,49 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in MySQL, a popular - -database. The Common Vulnerabilities and Exposures project identifies - -the following problems:</p> +<p>Ð MySQL, попÑлÑÑной базе даннÑÑ , бÑло обнаÑÑжено неÑколÑко +ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957">CAN-2004-0957</a> - - <p>Sergei Golubchik discovered a problem in the access handling for - - similar named databases. If a user is granted privileges to a - - database with a name containing an underscore ("_"), the user also - - gains privileges to other databases with similar names.</p> + <p>СеÑгей ÐолÑбÑик обнаÑÑжил пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð² обÑабоÑке доÑÑÑпа к базам даннÑÑ + Ñо ÑÑ Ð¾Ð´Ð½Ñми именами. ÐÑли полÑзоваÑÐµÐ»Ñ Ð¿Ð¾Ð»ÑÑÐ°ÐµÑ Ð¿Ñава Ð´Ð»Ñ Ð´Ð¾ÑÑÑпа к + базе даннÑÑ , Ð¸Ð¼Ñ ÐºÐ¾ÑоÑой ÑодеÑÐ¶Ð¸Ñ Ð¿Ð¾Ð´ÑÑÑкивание ("_"), Ñо ÑÑÐ¾Ñ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ Ð¿Ð¾Ð»ÑÑÐ°ÐµÑ + пÑава к дÑÑгим базам даннÑÑ Ñо ÑÑ Ð¾Ð´Ð½Ñми именами.</p> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709">CAN-2005-0709</a> - - <p>Stefano Di Paola discovered that MySQL allows remote - - authenticated users with INSERT and DELETE privileges to execute - - arbitrary code by using CREATE FUNCTION to access libc calls.</p> + <p>СÑеÑано Ðи Ðаола обнаÑÑжил, ÑÑо MySQL позволÑÐµÑ ÑдалÑннÑм + аÑÑенÑиÑиÑиÑованнÑм полÑзоваÑелÑм Ñ Ð¿Ñавами на вÑполнение опеÑаÑий INSERT и DELETE вÑполнÑÑÑ + пÑоизволÑнÑй код, иÑполÑзÑÑ CREATE FUNCTION Ð´Ð»Ñ Ð¿Ð¾Ð»ÑÑÐµÐ½Ð¸Ñ Ð´Ð¾ÑÑÑпа к вÑзовам libc.</p> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710">CAN-2005-0710</a> - - <p>Stefano Di Paola discovered that MySQL allows remote authenticated - - users with INSERT and DELETE privileges to bypass library path - - restrictions and execute arbitrary libraries by using INSERT INTO - - to modify the mysql.func table.</p> + <p>СÑеÑано Ðи Ðаола обнаÑÑжил, ÑÑо MySQL позволÑÐµÑ ÑдалÑннÑм аÑÑенÑиÑиÑиÑованнÑм + полÑзоваÑÐµÐ»Ñ Ñ Ð¿Ñавами на вÑполнение опеÑаÑий INSERT и DELETE Ð¾Ð±Ñ Ð¾Ð´Ð¸ÑÑ Ð¾Ð³ÑаниÑÐµÐ½Ð¸Ñ Ð¿ÑÑи + библиоÑеки и вÑполнÑÑÑ Ð¿ÑоизволÑнÑе библиоÑеки, иÑполÑзÑÑ INSERT INTO + Ð´Ð»Ñ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ÑаблиÑÑ mysql.func.</p> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711">CAN-2005-0711</a> - - <p>Stefano Di Paola discovered that MySQL uses predictable file names - - when creating temporary tables, which allows local users with - - CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via - - a symlink attack.</p> + <p>СÑеÑано Ðи Ðаола обнаÑÑжил, ÑÑо MySQL иÑполÑзÑеÑÑÑ Ð¿ÑедÑказÑемÑе имена Ñайлов + пÑи Ñоздании вÑеменнÑÑ ÑаблиÑ, ÑÑо позволÑÐµÑ Ð»Ð¾ÐºÐ°Ð»ÑнÑм полÑзоваÑелÑм Ñ Ð¿Ñавами на вÑполнение + опеÑаÑии CREATE TEMPORARY TABLE пеÑезапиÑÑваÑÑ Ð¿ÑоизволÑнÑе ÑÐ°Ð¹Ð»Ñ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ + аÑаки ÑеÑез ÑимволÑнÑе ÑÑÑлки.</p> </ul> - -<p>For the stable distribution (woody) these problems have been fixed in - -version 3.23.49-8.11.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (woody) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 3.23.49-8.11.</p> - -<p>For the unstable distribution (sid) these problems have been fixed in - -version 4.0.24-5 of mysql-dfsg and in version 4.1.10a-6 of +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.0.24-5 пакеÑа mysql-dfsg и в веÑÑии 4.1.10a-6 пакеÑа mysql-dfsg-4.1.</p> - -<p>We recommend that you upgrade your mysql packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ mysql.</p> </define-tag> # do not modify the following line - --- english/security/2005/dsa-880.wml 2005-11-04 23:48:45.000000000 +0500 +++ russian/security/2005/dsa-880.wml 2016-10-18 00:32:58.719017817 +0500 @@ -1,43 +1,44 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several cross-site scripting vulnerabilities have been discovered in - -phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. - -The Common Vulnerabilities and Exposures project identifies the - -following problems:</p> +<p>Ð phpmyadmin, набоÑе ÑÑенаÑиев на ÑзÑке PHP Ð´Ð»Ñ Ð°Ð´Ð¼Ð¸Ð½Ð¸ÑÑÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ MySQL ÑеÑез +WWW, бÑло обнаÑÑжено неÑколÑко ÑлÑÑаев межÑайÑового ÑкÑипÑинга. +ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2869">CAN-2005-2869</a> - - <p>Andreas Kerber and Michal Cihar discovered several cross-site - - scripting vulnerabilities in the error page and in the cookie + <p>ÐндÑÐµÐ°Ñ ÐеÑÐ±ÐµÑ Ð¸ ÐÐ¸Ñ Ð°Ð» Ð¦Ð¸Ð³Ð°Ñ Ð¾Ð±Ð½Ð°ÑÑжили неÑколÑко ÑлÑÑаев межÑайÑового + ÑкÑипÑинга на ÑÑÑаниÑе error и в кÑки ÑÑÑаниÑÑ login.</p></li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3300">CVE-2005-3300</a> - - <p>Stefan Esser discovered missing safety checks in grab_globals.php - - that could allow an attacker to induce phpmyadmin to include an - - arbitrary local file.</p></li> + <p>ШÑеÑан ÐÑÑÐµÑ Ð¾Ð±Ð½Ð°ÑÑжил оÑÑÑÑÑÑвие пÑовеÑок надÑжноÑÑи в grab_globals.php, + коÑоÑÑе могÑÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð·Ð°Ð³ÑÑзиÑÑ Ð² phpmyadmin код из + пÑоизволÑного локалÑного Ñайла.</p></li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3301">CVE-2005-3301</a> - - <p>Tobias Klein discovered several cross-site scripting - - vulnerabilities that could allow attackers to inject arbitrary - - HTML or client-side scripting.</p></li> + <p>Ð¢Ð¾Ð±Ð¸Ð°Ñ ÐлÑйн обнаÑÑжил неÑколÑко ÑлÑÑаев межÑайÑового + ÑкÑипÑинга, коÑоÑÑе могÑÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð·Ð»Ð¾ÑмÑÑленникам вводиÑÑ Ð¿ÑоизволÑнÑй + код HTML или вÑполнÑÑÑ ÑкÑипÑинг на ÑÑоÑоне клиенÑа.</p></li> </ul> - -<p>The version in the old stable distribution (woody) has probably its - -own flaws and is not easily fixable without a full audit and patch - -session. The easier way is to upgrade it from woody to sarge.</p> +<p>ÐеÑÑÐ¸Ñ Ð¿Ð°ÐºÐµÑа в пÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (woody), веÑоÑÑно, ÑодеÑÐ¶Ð¸Ñ +ÑобÑÑвеннÑе ÑÑзвимоÑÑи, иÑпÑавиÑÑ ÐµÑ Ð±ÐµÐ· полного аÑдиÑа и подгоÑовки Ð·Ð°Ð¿Ð»Ð°Ñ +пÑедÑÑавлÑеÑÑÑ Ð½ÐµÐ¿ÑоÑÑÑм делом. ÐоÑаздо пÑоÑе вÑполниÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ñ woody до sarge.</p> - -<p>For the stable distribution (sarge) these problems have been fixed in - -version 2.6.2-3sarge1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (sarge) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.6.2-3sarge1.</p> - -<p>For the unstable distribution (sid) these problems have been fixed in - -version 2.6.4-pl3-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2.6.4-pl3-1.</p> - -<p>We recommend that you upgrade your phpmyadmin package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ phpmyadmin.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYBSjpAAoJEF7nbuICFtKlATAQAJY+cDMZpevvsr9rWa9Bn01w 36XJjcLSQ490rgnMw1wWryjWfI53+aQ6d15lBtjfw+5nV51twRz2XyGyinGVTJPl qVBc2trWGszGhKdSj1lvaCtDtNg59Hb1i3VlZp1lgwpNlrFWYkQpDcwmyQSV99fv q2MgO9zCF3TLzS+JTw5zo0CKUKAAcSnip8DD1kaNFTzMVQTa+6Zzl5RdOGv2qNVz e1zDlji76/H1jcqeesbEH6rdqmV/5pBNjdq1itUAF/KVGXC6eKX5Rg4P7Zqh+SVG LfO7fiRwIRAufGpAfCe9y/9sq7KF6kGJBXvoqMNUsQovR0Xa/MJT93wqxnwUArRC MsZJ905uo/lpAwG006TrXYKiEekrQPeS10JjpUe8LXCTOJ90z5OU46XSOZmE0wkE rXRv/O0ZIObOq75tWsAoFIHKe/pLT0YC1K5lRg/wpmFtpgfsCsrVK1NNkSo8INQn wUnYfr9kqH840ktGojP/G4w7m6UK2WBTy6jNLll2mb2c3qmRf0OFlXXwPbtLspta 3YYbT5FOxm2Ajd79t016R4xLLc62WdXl0WwOlE2Zo6dn7ZDSwnWIGH4e7tffSBEq xee40y/3ZAMRFH1SeEajGSlDz2KJqN+tHMdv6pmqduaCnoeKpEo2lLx/Ao3oMmZf NFsLSET89ckOH10sGKHN =Ks8v -----END PGP SIGNATURE-----