-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2016/dsa-3740.wml 2016-12-19 15:21:31.000000000 +0500 +++ russian/security/2016/dsa-3740.wml 2016-12-19 17:59:12.767617031 +0500 @@ -1,53 +1,54 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, - -print, and login server for Unix. The Common Vulnerabilities and - -Exposures project identifies the following issues:</p> +<p>Ð Samba, Ñайловом ÑеÑвеÑе, ÑеÑвеÑе пеÑаÑи и аÑÑенÑиÑикаÑии по пÑоÑÐ¾ÐºÐ¾Ð»Ñ +SMB/CIFS Ð´Ð»Ñ Unix, бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and +Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2119";>CVE-2016-2119</a> - - <p>Stefan Metzmacher discovered that client-side SMB2/3 required - - signing can be downgraded, allowing a man-in-the-middle attacker to - - impersonate a server being connected to by Samba, and return - - malicious results.</p></li> + <p>ШÑеÑан ÐеÑÐ¼Ð°Ñ ÐµÑ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо ÑÑÐ¾Ð²ÐµÐ½Ñ ÑÑебÑемого подпиÑÑÐ²Ð°Ð½Ð¸Ñ SMB2/3 на ÑÑоÑоне + клиенÑа Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ Ñнижен, ÑÑо позволÑÐµÑ Ð·Ð»Ð¾ÑмÑÑленникÑ, пÑоводÑÑÐµÐ¼Ñ Ð°ÑÐ°ÐºÑ Ð¿Ð¾ пÑинÑÐ¸Ð¿Ñ + Ñеловек-в-ÑеÑедине, вÑдаÑÑ ÑÐµÐ±Ñ Ð·Ð° ÑеÑвеÑ, к коÑоÑÐ¾Ð¼Ñ Ð¿Ð¾Ð´ÐºÐ»ÑÑаеÑÑÑ Samba, и веÑнÑÑÑ + в каÑеÑÑве оÑвеÑа некоÑÑекÑнÑй ÑезÑлÑÑаÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2123";>CVE-2016-2123</a> - - <p>Trend Micro's Zero Day Initiative and Frederic Besler discovered - - that the routine ndr_pull_dnsp_name, used to parse data from the - - Samba Active Directory ldb database, contains an integer overflow - - flaw, leading to an attacker-controlled memory overwrite. An - - authenticated user can take advantage of this flaw for remote - - privilege escalation.</p></li> + <p>УÑаÑÑники <q>Zero Day Initiative</q> Ð¾Ñ Trend Micro и ФÑедеÑик ÐеÑÐ»ÐµÑ Ð¾Ð±Ð½Ð°ÑÑжили, + ÑÑо ÑÑнкÑÐ¸Ñ ndr_pull_dnsp_name, иÑполÑзÑÐµÐ¼Ð°Ñ Ð´Ð»Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð³ÑаммаÑиÑеÑкого ÑазбоÑа даннÑÑ + Ð¾Ñ ldb Ð±Ð°Ð·Ñ Ð´Ð°Ð½ÑÑ Samba Active Directory, ÑодеÑÐ¶Ð¸Ñ Ð¿ÐµÑеполнение ÑелÑÑ ÑиÑел, + пÑиводÑÑее к пеÑезапиÑи памÑÑи, коÑоÑое Ð¼Ð¾Ð¶ÐµÑ Ð±ÑÑÑ Ð²Ñзвано злоÑмÑÑленником. ÐÑÑенÑиÑиÑиÑованнÑй + полÑзоваÑÐµÐ»Ñ Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ ÑдалÑнного + повÑÑÐµÐ½Ð¸Ñ Ð¿Ñивилегий.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2125";>CVE-2016-2125</a> - - <p>Simo Sorce of Red Hat discovered that the Samba client code always - - requests a forwardable ticket when using Kerberos authentication. A - - target server, which must be in the current or trusted domain/realm, - - is given a valid general purpose Kerberos <q>Ticket Granting Ticket</q> - - (TGT), which can be used to fully impersonate the authenticated user - - or service.</p></li> + <p>Симо СоÑÑ Ð¸Ð· Red Hat обнаÑÑжил, ÑÑо клиенÑÑкий код Samba пÑи аÑÑенÑиÑикаÑии + ÑеÑез Kerberos вÑегда запÑаÑÐ¸Ð²Ð°ÐµÑ Ð¿ÐµÑедаваемÑй билеÑ. Целевой + ÑеÑвеÑ, коÑоÑÑй должен Ð½Ð°Ñ Ð¾Ð´Ð¸ÑÑÑÑ Ð² ÑекÑÑем или довеÑенном домене/облаÑÑи, + полÑÑÐ°ÐµÑ ÐºÐ¾ÑÑекÑнÑй TGT Kerberos обÑего назнаÑениÑ, ÑÑо + Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð´Ð»Ñ Ñого, ÑÑÐ¾Ð±Ñ Ð²ÑдаÑÑ ÑÐµÐ±Ñ Ð·Ð° аÑÑенÑиÑиÑиÑованного полÑзоваÑÐµÐ»Ñ + или ÑлÑжбÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2126";>CVE-2016-2126</a> - - <p>Volker Lendecke discovered several flaws in the Kerberos PAC - - validation. A remote, authenticated, attacker can cause the winbindd - - process to crash using a legitimate Kerberos ticket due to incorrect - - handling of the PAC checksum. A local service with access to the - - winbindd privileged pipe can cause winbindd to cache elevated access - - permissions.</p></li> + <p>Ð¤Ð¾Ð»ÐºÐµÑ Ðендеке обнаÑÑжил неÑколÑко ÑÑзвимоÑÑей в коде пÑовеÑки Kerberos + PAC. УдалÑннÑй аÑÑенÑиÑиÑиÑованнÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзваÑÑ Ð°Ð²Ð°ÑийнÑÑ Ð¾ÑÑÐ°Ð½Ð¾Ð²ÐºÑ + пÑоÑеÑÑа winbindd, иÑполÑзÑÑ ÐºÐ¾ÑÑекÑнÑй Ð±Ð¸Ð»ÐµÑ Kerberos, из-за некоÑÑекÑной + обÑабоÑки конÑÑолÑной ÑÑÐ¼Ð¼Ñ PAC. ÐокалÑÐ½Ð°Ñ ÑлÑжба, имеÑÑÐ°Ñ Ð´Ð¾ÑÑÑп к пÑивилегиÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð¼Ñ + ÐºÐ°Ð½Ð°Ð»Ñ winbindd, Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзваÑÑ ÐºÐµÑиÑование повÑÑеннÑÑ Ð¿Ñав доÑÑÑпа в + winbindd.</p></li> </ul> - -<p>For the stable distribution (jessie), these problems have been fixed in - -version 2:4.2.14+dfsg-0+deb8u2. In addition, this update contains - -several changes originally targeted for the upcoming jessie point - -release.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 2:4.2.14+dfsg-0+deb8u2. ÐÑоме Ñого, данное обновление ÑодеÑÐ¶Ð¸Ñ +неÑколÑко изменений, коÑоÑÑе изнаÑалÑно пÑедназнаÑалиÑÑ Ð´Ð»Ñ Ð³Ð¾ÑовÑÑейÑÑ +ÑедакÑии jessie.</p> - -<p>We recommend that you upgrade your samba packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ samba.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlhX2aQACgkQXudu4gIW 0qWVeRAAhu1skJwZe31CvIejdjmTL8+ETLJOCbTatsPZ5vjuFL6hxNcDTohFl9DC JK95115wDS4FVjeVw8qC3yqrSECJqACVU/w+9Y+SuhLzWX+CNFUuZSvZLZeaZ9TF IWCePNpHStSlqXLJ/+7m0LC0l+9AtysJUBzvNV5wKCGQhaHPPCpLnwFkpzLDLipA vKieqa7Xv/7he1ndNMXtYKqJEpBFy0iMWQjjADrD4a2b9+95bOMFlC43lZibeWPn yZonig606/z0w/XYUl8t/Ek4UBbYz9aKR06VsOvV6WdLZD/FP9rYeU5Iulv8xDXX 4ZFNab0OM6MGsfTkmE+DMuoy3bnsqZHfHiVYYdxYotZ8QtLLxoRHngkiPcBk8nQ+ bYsdD4uMx3gtndF7YJ3GdksenyS/vCMF97x8eGGuDhLFpbwTgKsBzOBfrqL5N8dW vJ3gjrIy+jh3CkMNw8hGjrjihjlN0nW59puLTVX+sroSbezwDiZ3+XVq/P46RRAW kzTt7eskR3RsdrJ2CFtcVJ9Clc2n4F/NP0dpG1qxLj8BZhswF8Z/AtlrGcedLnLZ LqEI2HSaUGv06g+hVswYuegFr7J/rUCzA8ghQec/MaVzSgTsIOQqOoNNJkq4Pahy xPbche9fwwdUZ435h7lORYZz2PdQpy4gfldVGWE8/P+y1PvR9Uo= =vof7 -----END PGP SIGNATURE-----
