-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2014/dla-58.wml 2016-05-22 10:07:41.910935513 +0500 +++ russian/security/2014/dla-58.wml 2016-06-27 19:39:17.905283261 +0500 @@ -1,31 +1,32 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>This update fixes a regression introduced in 0.8.10.3+squeeze5 where - -apt would send invalid HTTP requests when sending If-Range queries.</p> +<p>Ðанное обновление иÑпÑавлÑÐµÑ ÑегÑеÑÑиÑ, поÑвивÑÑÑÑÑ Ð² веÑÑии 0.8.10.3+squeeze5, +коÑоÑÐ°Ñ ÑоÑÑÐ¾Ð¸Ñ Ð² Ñом, ÑÑо apt пÑи оÑпÑавке запÑоÑов If-Range оÑпÑавлÑÐµÑ Ð½ÐµÐ¿ÑавилÑнÑе HTTP-запÑоÑÑ.</p> - -<p>For reference, the original advisory text follows.</p> +<p>Ðиже пÑиводиÑÑÑ Ð¸Ð·Ð½Ð°ÑалÑÐ½Ð°Ñ ÑекомендаÑиÑ.</p> - -<p>The Google Security Team discovered a buffer overflow vulnerability in - -the HTTP transport code in apt-get. An attacker able to - -man-in-the-middle a HTTP request to an apt repository can trigger the - -buffer overflow, leading to a crash of the <q>http</q> apt method binary, or - -potentially to arbitrary code execution.</p> +<p>Ðоманда безопаÑноÑÑи Google обнаÑÑжила пеÑеполнение бÑÑеÑа в +коде HTTP-ÑÑанÑпоÑÑа в apt-get. ÐлоÑмÑÑленник, ÑпоÑобнÑй пÑÑÑм аÑаки по +пÑинÑÐ¸Ð¿Ñ Ñеловек-в-ÑеÑедине оÑÑÑеÑÑвиÑÑ HTTP-запÑÐ¾Ñ Ðº ÑепозиÑоÑÐ¸Ñ apt, Ð¼Ð¾Ð¶ÐµÑ +вÑзваÑÑ Ð¿ÐµÑеполнение бÑÑеÑа, пÑиводÑÑее к аваÑийной оÑÑановке меÑода <q>http</q> в apt или +к поÑенÑиалÑÐ½Ð¾Ð¼Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода.</p> - -<p>The following regression fixes were included in this update:</p> +<p>РнаÑÑоÑÑее обновление вклÑÑÐµÐ½Ñ ÑледÑÑÑие иÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ ÑегÑеÑÑий:</p> - - <p>* Fix regression from the previous update in <a href="dla-53">DLA-53-1</a> - - when the custom apt configuration option for Dir::state::lists is set to a - - relative path (#762160).</p> + <p>* ÐÑпÑавление ÑегÑеÑÑии из пÑедÑдÑÑего Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð² <a href="dla-53">DLA-53-1</a>, + когда опÑÐ¸Ñ Ð½Ð°ÑÑÑойки apt Dir::state::lists ÑÑÑанавливалаÑÑ Ð² знаÑение + оÑноÑиÑелÑного пÑÑи (#762160).</p> - - <p>* Fix regression in the reverificaiton handling of cdrom: sources that - - may lead to incorrect hashsum warnings. Affected users need to run - - "apt-cdrom add" again after the update was applied.</p> + <p>* ÐÑпÑавление ÑегÑеÑÑии в обÑабоÑке повÑоÑной пÑовеÑки иÑÑоÑников cdrom:, ÑÑо + Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº пÑедÑпÑеждениÑм о непÑавилÑнÑÑ ÐºÐ¾Ð½ÑÑолÑнÑÑ ÑÑÐ¼Ð¼Ð°Ñ . ÐолÑзоваÑелÑм, Ñ ÐºÐ¾ÑоÑÑÑ Ð¿ÑоÑвлÑеÑÑÑ + ÑÑа пÑоблема, ÑледÑÐµÑ Ñнова вÑполниÑÑ "apt-cdrom add" поÑле ÑÑÑановки данного обновлениÑ.</p> - - <p>* Fix regression from the previous update in <a href="dla-53">DLA-53-1</a> - - when file:/// sources are used and those are on a different partition than - - the apt state directory.</p> + <p>* ÐÑпÑавление ÑегÑеÑÑии из пÑедÑдÑÑего Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð² <a href="dla-53">DLA-53-1</a>, + когда иÑполÑзÑÑÑÑÑ Ð¸ÑÑоÑники file:///, Ð½Ð°Ñ Ð¾Ð´ÑÑиеÑÑ Ð½Ð° Ñазделе, оÑлиÑаÑÑемÑÑ Ð¾Ñ + каÑалога ÑоÑÑоÑÐ½Ð¸Ñ apt.</p> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in apt version 0.8.10.3+squeeze6</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² пакеÑе apt веÑÑии 0.8.10.3+squeeze6</p> </define-tag> # do not modify the following line - --- english/security/2014/dla-68.wml 2016-04-09 01:32:21.000000000 +0500 +++ russian/security/2014/dla-68.wml 2016-06-27 19:47:37.049410367 +0500 @@ -1,30 +1,31 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> <ul> <li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3875">CVE-2014-3875</a>] - - <p>When inserting encoded newline characters into a request to rup, - - additional HTTP headers can be injected into the reply, as well - - as new HTML code on the top of the website.</p></li> + <p>ÐÑи вÑÑавке закодиÑованнÑÑ Ñимволов новой ÑÑÑоки в запÑÐ¾Ñ Ðº rup, + в оÑÐ²ÐµÑ Ð¼Ð¾Ð³ÑÑ Ð±ÑÑÑ Ð²ÑÑÐ°Ð²Ð»ÐµÐ½Ñ Ð´Ð¾Ð¿Ð¾Ð»Ð½Ð¸ÑелÑнÑе заголовки HTTP, а Ñакже + новÑй код HTML в веÑÑ Ð½ÐµÐ¹ ÑаÑÑи веб-ÑайÑа.</p></li> <li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3876">CVE-2014-3876</a>] - - <p>The parameter akey is reflected unfiltered as part of the HTML - - page. Some characters are forbidden in the GET parameter due - - to filtering of the URL, but this can be circumvented by using - - a POST parameter. - - Nevertheless, this issue is exploitable via the GET parameter - - alone, with some user interaction.</p></li> + <p>ÐаÑамеÑÑ akey оÑÑажаеÑÑÑ Ð½ÐµÑилÑÑÑованнÑм обÑазом как ÑаÑÑÑ ÑÑÑаниÑÑ + HTML. ÐекоÑоÑÑе ÑÐ¸Ð¼Ð²Ð¾Ð»Ñ Ð·Ð°Ð¿ÑеÑено иÑполÑзоваÑÑ Ð² паÑамеÑÑе GET из-за + ÑилÑÑÑаÑии URL, но ÑÑо огÑаниÑение можно обойÑи пÑÑÑм иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ + паÑамеÑÑа POST. + Тем не менее, Ð´Ð°Ð½Ð½Ð°Ñ Ð¿Ñоблема Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ ÑолÑко ÑеÑез паÑамеÑÑ + GET и ÑÑебÑÐµÑ Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð´ÐµÐ¹ÑÑÐ²Ð¸Ñ Ñ Ð¿Ð¾Ð»ÑзоваÑелем.</p></li> <li>[<a href="https://security-tracker.debian.org/tracker/CVE-2014-3877">CVE-2014-3877</a>] - - <p>The parameter addto is reflected only slightly filtered back to - - the user as part of the HTML page. Some characters are forbidden - - in the GET parameter due to filtering of the URL, but this can - - be circumvented by using a POST parameter. Nevertheless, this - - issue is exploitable via the GET parameter alone, with some user - - interaction.</p></li> + <p>ÐаÑамеÑÑ addto оÑÑажаеÑÑÑ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ ÑолÑко в Ñлегка ÑилÑÑÑованном + виде как ÑаÑÑÑ ÑÑÑаниÑÑ HTML. ÐекоÑоÑÑе ÑÐ¸Ð¼Ð²Ð¾Ð»Ñ Ð·Ð°Ð¿ÑеÑено иÑполÑзоваÑÑ + в паÑамеÑÑе GET из-за ÑилÑÑÑаÑии URL, но ÑÑо огÑаниÑение можно + обойÑи пÑÑÑм иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¿Ð°ÑамеÑÑа POST. Тем не менее, Ð´Ð°Ð½Ð½Ð°Ñ + ÑÑзвимоÑÑÑ Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ ÑолÑко ÑеÑез паÑамеÑÑ GET и ÑÑебÑÐµÑ + взаимодейÑÑÐ²Ð¸Ñ Ñ Ð¿Ð¾Ð»ÑзоваÑелем.</p></li> </ul> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in fex version 20100208+debian1-1+squeeze4</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² пакеÑе fex веÑÑии 20100208+debian1-1+squeeze4</p> </define-tag> # do not modify the following line - --- english/security/2014/dla-75.wml 2016-05-22 10:07:41.958929461 +0500 +++ russian/security/2014/dla-75.wml 2016-06-27 18:56:29.905877266 +0500 @@ -1,30 +1,31 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>This update fixes one important vulnerability (<a href="https://security-tracker.debian.org/tracker/CVE-2014-4274">CVE-2014-4274</a>) and batches - -together two other minor fixes (<a href="https://security-tracker.debian.org/tracker/CVE-2013-2162">CVE-2013-2162</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0001">CVE-2014-0001</a>).</p> +<p>Ðанное обновление иÑпÑавлÑÐµÑ Ð¾Ð´Ð½Ñ Ð²Ð°Ð¶Ð½ÑÑ ÑÑзвимоÑÑÑ (<a href="https://security-tracker.debian.org/tracker/CVE-2014-4274">CVE-2014-4274</a>), а Ñакже +ÑодеÑÐ¶Ð¸Ñ Ð´Ð²Ð° неболÑÑÐ¸Ñ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ (<a href="https://security-tracker.debian.org/tracker/CVE-2013-2162">CVE-2013-2162</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2014-0001">CVE-2014-0001</a>).</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-4274">CVE-2014-4274</a> - - <p>Insecure handling of a temporary file that could lead to execution - - of arbitrary code through the creation of a mysql configuration file - - pointing to an attacker-controlled plugin_dir.</p></li> + <p>ÐебезопаÑÐ½Ð°Ñ Ð¾Ð±ÑабоÑка вÑеменнÑÑ Ñайлов, коÑоÑÐ°Ñ Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ + пÑоизволÑного кода из-за ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñайла наÑÑÑойки mysql, + ÑказÑваÑÑего на каÑалог plugin_dir, коÑоÑÑм Ð¼Ð¾Ð¶ÐµÑ ÑпÑавлÑÑÑ Ð·Ð»Ð¾ÑмÑÑленник.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-2162">CVE-2013-2162</a> - - <p>Insecure creation of the debian.cnf credential file. Credentials could - - be stolen by a local user monitoring that file while the package gets - - installed.</p></li> + <p>ÐебезопаÑное Ñоздание Ñайла даннÑÑ ÑÑÑÑнÑÑ Ð·Ð°Ð¿Ð¸Ñей debian.cnf. ÐаннÑе ÑÑÑÑнÑÑ Ð·Ð°Ð¿Ð¸Ñей + могÑÑ Ð±ÑÑÑ Ð¿Ð¾Ñ Ð¸ÑÐµÐ½Ñ Ð»Ð¾ÐºÐ°Ð»ÑнÑм полÑзоваÑелем, оÑÑлеживаÑÑим ÑÑÐ¾Ñ Ñайл во вÑÐµÐ¼Ñ + ÑÑÑановки пакеÑа.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0001">CVE-2014-0001</a> - - <p>Buffer overrun in the MySQL client when the server sends a version - - string that is too big for the allocated buffer.</p></li> + <p>ÐеÑеполнение бÑÑеÑа в клиенÑе MySQL, коÑоÑое Ð²Ð¾Ð·Ð½Ð¸ÐºÐ°ÐµÑ ÐºÐ¾Ð³Ð´Ð° ÑеÑÐ²ÐµÑ Ð¾ÑпÑавлÑÐµÑ ÑÑÑÐ¾ÐºÑ + Ñ Ñказанием веÑÑии, коÑоÑÐ°Ñ Ð¾ÐºÐ°Ð·ÑваеÑÑÑ ÑлиÑком болÑÑой Ð´Ð»Ñ Ð²Ñделенного бÑÑеÑа.</p></li> </ul> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in mysql-5.1 version 5.1.73-1+deb6u1</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² пакеÑе mysql-5.1 веÑÑии 5.1.73-1+deb6u1</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXcTyMAAoJEF7nbuICFtKlyQYQAIDP4kWRsUGjVu6wTbSmokyu p5rSj9wPSfQGAQLPISZlq6GOgzCCRwVahhRk6Eh0TYnzv8wH1ssl9/jdDnF8PKW3 +3a4prXZaII/6bW3YqPvNskGxNsHLlqRLF3EV09GeVHtfgbB9LCEaemHlTWjtMij ZhNPXA9l0S7mMp6ozIWdPdJWNwLI9VaEe9eepBx38bG0Mmi2vs6J/oU+OMUTYv6z rW5hnNjPntHt6JdovZCjdpRyoniziGEEo2nVXNtFLGWR3O2Xc6M/R4S4gBF0T0gA 1LCRBNIz6ssB393iTl/Z4QLxUvY1yHpJ1U1PXGrSFLMzx2MZ2x5s7EJKSlH3g+fY JMX9rWHoTbQ54EkRM0soyQr6z0SdwcNBLRvmzs8NMxOeVPSqYxresdfYcl84yqr9 lLoWpdk8nomJoXolfFLVZ91WqwdEt27wXLf+w0xcWu5i/qbpVIPJfnz/zRd5pgij 2mEmF7xwM5u59Guke4vvib9l4dxboNLm5ix0u5WWCidDO0jhF+uRdqQ8EJtKrcld 7FkW3yijN9GQBqRuUSHKrm2vfCNEENnjLf8yZ36HR6qSnDm5EgOqLGqT7bWjX9zA 0fQrpCydxU28nfzzxealGHy1uD8uccDSLTt7n8bdFF+036WqaMBIwS9RUIrmHb6A e9hoqjlIez/543Upge/E =MtH/ -----END PGP SIGNATURE-----