-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2018/dsa-4112.wml 2018-02-15 10:43:03.000000000 +0500 +++ russian/security/2018/dsa-4112.wml 2018-02-15 10:56:56.216289784 +0500 @@ -1,55 +1,56 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Multiple vulnerabilities have been discovered in the Xen hypervisor:</p> +<p>РгипеÑвизоÑе Xen бÑли обнаÑÑÐ¶ÐµÐ½Ñ Ð¼Ð½Ð¾Ð³Ð¾ÑиÑленнÑе ÑÑзвимоÑÑи:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17563">CVE-2017-17563</a> - - <p>Jan Beulich discovered that an incorrect reference count overflow - - check in x86 shadow mode may result in denial of service or - - privilege escalation.</p></li> + <p>Ян ÐÑÐ»Ð¸Ñ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо непÑавилÑнÑй подÑÑÑÑ ÑÑÑлок пеÑеполнÑÐµÑ + пÑовеÑÐºÑ Ð² Ñежиме Ñени Ð´Ð»Ñ x86, ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð¸Ð»Ð¸ + повÑÑÐµÐ½Ð¸Ñ Ð¿Ñивилегий.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17564">CVE-2017-17564</a> - - <p>Jan Beulich discovered that improper x86 shadow mode reference count - - error handling may result in denial of service or privilege - - escalation.</p></li> + <p>Ян ÐÑÐ»Ð¸Ñ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо некоÑÑекÑÐ½Ð°Ñ Ð¾Ð±ÑабоÑка оÑибок пÑи подÑÑÑÑе ÑÑÑлок + в Ñежиме Ñени Ð´Ð»Ñ x86 Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании или повÑÑÐµÐ½Ð¸Ñ + пÑивилегий.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17565">CVE-2017-17565</a> - - <p>Jan Beulich discovered that an incomplete bug check in x86 log-dirty - - handling may result in denial of service.</p></li> + <p>Ян ÐÑÐ»Ð¸Ñ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо Ð½ÐµÐ¿Ð¾Ð»Ð½Ð°Ñ Ð¿ÑовеÑка оÑибок в обÑабоÑке log-dirty Ð´Ð»Ñ + x86 Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17566">CVE-2017-17566</a> - - <p>Jan Beulich discovered that x86 PV guests may gain access to - - internally used pages which could result in denial of service or - - potential privilege escalation.</p> + <p>Ян ÐÑÐ»Ð¸Ñ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо гоÑÑевÑе ÑиÑÑÐµÐ¼Ñ Ð¿Ñи паÑавиÑÑÑализаÑии x86 могÑÑ Ð¿Ð¾Ð»ÑÑиÑÑ + доÑÑÑп к внÑÑÑенне иÑполÑзÑемÑм ÑÑÑаниÑам памÑÑи, ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании + или поÑенÑиалÑÐ½Ð¾Ð¼Ñ Ð¿Ð¾Ð²ÑÑÐµÐ½Ð¸Ñ Ð¿Ñивилегий.</p> </ul> - -<p>In addition this update ships the <q>Comet</q> shim to address the Meltdown - -class of vulnerabilities for guests with legacy PV kernels. In addition, - -the package provides the <q>Xen PTI stage 1</q> mitigation which is built-in - -and enabled by default on Intel systems, but can be disabled with - -`xpti=false' on the hypervisor command line (It does not make sense to - -use both xpti and the Comet shim.)</p> +<p>ÐÑоме Ñого, данное обновление ÑодеÑÐ¶Ð¸Ñ Ð¿ÑоÑÐ»Ð¾Ð¹ÐºÑ <q>Comet</q>, пÑедназнаÑеннÑÑ Ð´Ð»Ñ +иÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ ÑÑзвимоÑÑей Ñипа Meltdown в гоÑÑевÑÑ ÑиÑÑÐµÐ¼Ð°Ñ Ñ ÑÑÑаÑевÑими паÑавиÑÑÑализованнÑми +ÑдÑами. Также Ð¿Ð°ÐºÐµÑ Ð¿ÑедоÑÑавлÑÐµÑ ÑÑедÑÑва Ð´Ð»Ñ Ð¼Ð¸Ð½Ð¸Ð¼Ð¸Ð·Ð°Ñии опаÑноÑÑи <q>Xen PTI stage 1</q>, коÑоÑÑе +вÑÑÑÐ¾ÐµÐ½Ñ Ð¸ вклÑÑÐµÐ½Ñ Ð¿Ð¾ ÑмолÑÐ°Ð½Ð¸Ñ Ð² ÑиÑÑÐµÐ¼Ð°Ñ Intel, но могÑÑ Ð±ÑÑÑ Ð¾ÑклÑÑÐµÐ½Ñ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ +ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð³Ð¸Ð¿ÐµÑвизоÑа `xpti=false' (не Ð¸Ð¼ÐµÐµÑ ÑмÑÑла иÑполÑзоваÑÑ Ð¾Ð´Ð½Ð¾Ð²Ñеменно +и xpti, и пÑоÑÐ»Ð¾Ð¹ÐºÑ Comet).</p> - -<p>Please refer to the following URL for more details on how to configure - -individual mitigation strategies: +<p>Ðа подÑобноÑÑÑми о Ñом, как наÑÑÑоиÑÑ Ð¾ÑделÑнÑе ÑÑÑаÑегии ÑÐ½Ð¸Ð¶ÐµÐ½Ð¸Ñ ÑиÑков +обÑаÑайÑеÑÑ Ðº докÑменÑаÑии по ÑледÑÑÑÐµÐ¼Ñ URL: <a href="https://xenbits.xen.org/xsa/advisory-254.html">\ https://xenbits.xen.org/xsa/advisory-254.html</a></p> - -<p>Additional information can also be found in README.pti and README.comet.</p></li> +<p>ÐополниÑелÑнÑÑ Ð¸Ð½ÑоÑмаÑÐ¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ найÑи в ÑÐ°Ð¹Ð»Ð°Ñ README.pti и README.comet.</p></li> - -<p>For the stable distribution (stretch), these problems have been fixed in - -version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (stretch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1.</p> - -<p>We recommend that you upgrade your xen packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ xen.</p> - -<p>For the detailed security status of xen please refer to - -its security tracker page at: +<p>С подÑобнÑм ÑÑаÑÑÑом поддеÑжки безопаÑноÑÑи xen можно ознакомиÑÑÑÑ Ð½Ð° +ÑооÑвеÑÑÑвÑÑÑей ÑÑÑаниÑе оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи по адÑеÑÑ <a href="https://security-tracker.debian.org/tracker/xen">\ https://security-tracker.debian.org/tracker/xen</a></p> </define-tag> -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqFIS8ACgkQXudu4gIW 0qVY6w/9FVudCwY17eO1JfLRk6MHX0uZrnaIEl1rO0gfJu793Ds9Jvri+A6R9Fss n66X7J0oLfiANjd3V9bpaQJiLoPRvtqUPXup1cnoyMdi95qTwP8Vv6DU4Tnfb2+a RNATwJYLFXuxedHbEuFVQaOY/6XswnhdHHteOgx+KHW6euHeOI2L1SOSR3t+bO07 VwUyKSkMHGsVQ1mPSImRLcURXQ6WVfS1gsYfJijxA1m8BQrOtRZ8aL426MVNtz+t 1a7pr1Rn0bex+3iQBHY0yO3xDuyQNGvx2VrimrH/6ah3e/Jy3fHkME3lsJ1e2Iqy 3ZrJV/9k+sTy3F/qNhISZJaWgrTnpwzlac+6vRMBgprzyP6nANpRCWv0NaYN+B25 UcQsmdUxI9FmuITreLr7Ojpg7Qh7aXB7Ap3oyZ6g/vQX+iACIf0QmUMITAvqhlYY erWU5w9Q/v/vx5P6vgkYRwfzdMTakyI31XPMnJiFubCCug2jYZ3uWRpd94aSCkhg hJy1OYQ3ZDfVvuk64rrRhjP/lX/W7atE953tsxay9Fov2WCUwZJy7cn3vBA7Xj7u 0mmC+d3rd6zHCvXhUH8y5o3GTod9aDDgIY+uoMJAvHvAK4mWH6QJFsRUWtzYL8Ah Gh0siS6LaLTLaKWbFGj8Y7ppUAMR69xzSZj5jDmAxzrwlkrHn5Q= =Bo/h -----END PGP SIGNATURE-----