-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2002/dsa-148.wml 2017-11-01 10:11:09.079763113 +0500 +++ russian/security/2002/dsa-148.wml 2018-03-22 14:14:57.465602410 +0500 @@ -1,43 +1,44 @@ - -<define-tag description>buffer overflows and format string vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа и ÑÑзвимоÑÑи ÑоÑмаÑной ÑÑÑоки</define-tag> <define-tag moreinfo> - -<p>A set of problems have been discovered in Hylafax, a flexible - -client/server fax software distributed with many GNU/Linux - -distributions. Quoting SecurityFocus the problems are in detail:</p> +<p>Ð Hylafax, гибком ÑакÑовом ÐÐ Ñ ÐºÐ»Ð¸ÐµÐ½Ñ-ÑеÑвеÑной аÑÑ Ð¸ÑекÑÑÑой, поÑÑавлÑемой +многими диÑÑÑибÑÑивами GNU/Linux, бÑло обнаÑÑжено неÑколÑко пÑоблем. ÐодÑобное +опиÑание пÑоблем пÑиводиÑÑÑ Ð¿Ð¾ инÑоÑмаÑии SecurityFocus.</p> <ul> - -<li>A format string vulnerability makes it possible for users to - - potentially execute arbitrary code on some implementations. Due to - - insufficient checking of input, it's possible to execute a format - - string attack. Since this only affects systems with the faxrm and - - faxalter programs installed setuid, Debian is not vulnerable.</li> - - - -<li>A buffer overflow has been reported in Hylafax. A malicious fax - - transmission may include a long scan line that will overflow a - - memory buffer, corrupting adjacent memory. An exploit may result - - in a denial of service condition, or possibly the execution of - - arbitrary code with root privileges.</li> - - - -<li>A format string vulnerability has been discovered in faxgetty. - - Incoming fax messages include a Transmitting Subscriber - - Identification (TSI) string, used to identify the sending fax - - machine. Hylafax uses this data as part of a format string without - - properly sanitizing the input. Malicious fax data may cause the - - server to crash, resulting in a denial of service condition.</li> - - - -<li>Marcin Dawcewicz discovered a format string vulnerability in hfaxd, - - which will crash hfaxd under certain circumstances. Since Debian - - doesn't have hfaxd installed setuid root, this problem cannot - - directly lead into a vulnerability. This has been fixed by Darren - - Nickerson, which was already present in newer versions, but not in - - the potato version.</li> +<li>УÑзвимоÑÑÑ ÑоÑмаÑной ÑÑÑоки позволÑÐµÑ Ð¿Ð¾Ð»ÑзоваÑелÑм на некоÑоÑÑÑ + ÑеализаÑиÑÑ Ð¿Ð¾ÑенÑиалÑно вÑполнÑÑÑ Ð¿ÑоизволÑнÑй код. Ðз-за + недоÑÑаÑоÑной пÑовеÑки Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ Ð¼Ð¾Ð¶Ð½Ð¾ вÑполниÑÑ Ð°ÑÐ°ÐºÑ ÑеÑез + ÑоÑмаÑнÑÑ ÑÑÑокÑ. ÐоÑколÑÐºÑ ÑÑа ÑÑзвимоÑÑÑ ÐºÐ°ÑаеÑÑÑ ÑолÑко ÑиÑÑем, в коÑоÑÑÑ + пÑогÑÐ°Ð¼Ð¼Ñ faxrm и faxalter имеÑÑ Ñлаг setuid, она не каÑаеÑÑÑ Debian.</li> + +<li>ÐÑло ÑообÑено о пеÑеполнении бÑÑеÑа в Hylafax. ÐÑедоноÑÐ½Ð°Ñ ÑакÑимилÑÐ½Ð°Ñ + пеÑедаÑа Ð¼Ð¾Ð¶ÐµÑ Ð²ÐºÐ»ÑÑаÑÑ Ð´Ð»Ð¸Ð½Ð½ÑÑ Ð»Ð¸Ð½Ð¸Ñ ÑканиÑованиÑ, коÑоÑÐ°Ñ Ð¿ÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº + пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа, повÑÐµÐ¶Ð´ÐµÐ½Ð¸Ñ ÑодеÑжимого ÑмежнÑÑ Ð±ÑÑеÑов памÑÑи. УÑзвимоÑÑÑ Ð¼Ð¾Ð¶ÐµÑ + пÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании или поÑенÑиалÑÐ½Ð¾Ð¼Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного + кода пÑавами ÑÑпеÑполÑзоваÑелÑ.</li> + +<li>Ð faxgetty бÑла обнаÑÑжена ÑÑзвимоÑÑÑ ÑоÑмаÑной ÑÑÑоки. + ÐÑ Ð¾Ð´ÑÑие ÑакÑимилÑнÑе ÑообÑÐµÐ½Ð¸Ñ Ð²ÐºÐ»ÑÑаÑÑ ÑÑÑÐ¾ÐºÑ Ñ ÐºÐ°Ð´Ñом иденÑиÑикаÑии + пеÑедаÑÑего абоненÑа (TSI), иÑполÑзÑемÑÑ Ð´Ð»Ñ Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ð¾ÑпÑавлÑÑÑего + ÑакÑимилÑного аппаÑаÑа. Hylafax иÑполÑзÑÐµÑ ÑÑи даннÑе как ÑаÑÑÑ ÑоÑмаÑной ÑÑÑоки без + ÑооÑвеÑÑÑвÑÑÑей оÑиÑÑки. ÐÑедоноÑнÑе ÑакÑимилÑнÑе даннÑе могÑÑ Ð²ÑзÑваÑÑ + аваÑийнÑÑ Ð¾ÑÑÐ°Ð½Ð¾Ð²ÐºÑ ÑеÑвеÑа, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании.</li> + +<li>ÐаÑÑин ÐавÑÐµÐ²Ð¸Ñ Ð¾Ð±Ð½Ð°ÑÑжил ÑÑзвимоÑÑÑ ÑоÑмаÑной ÑÑÑоки в hfaxd, + коÑоÑÐ°Ñ Ð¿Ñи опÑеделÑннÑÑ ÑÑловиÑÑ Ð¿ÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº аваÑийной оÑÑановке hfaxd. ÐоÑколÑÐºÑ Ð² + Debian пÑогÑамма hfaxd не Ð¸Ð¼ÐµÐµÑ Ñлага setuid Ð´Ð»Ñ Ð·Ð°Ð¿ÑÑка Ð¾Ñ Ð»Ð¸Ñа ÑÑпеÑполÑзоваÑелÑ, Ð´Ð°Ð½Ð½Ð°Ñ + пÑоблема не Ð¼Ð¾Ð¶ÐµÑ Ð½Ð°Ð¿ÑÑмÑÑ Ð¿ÑиводиÑÑ Ðº ÑÑзвимоÑÑи. ÐÑоблема бÑла иÑпÑавлена ÐаÑеном + ÐикеÑÑоном, иÑпÑавление Ñже имееÑÑÑ Ð² более новÑÑ Ð²ÐµÑÑиÑÑ , но не в веÑÑии, + Ð²Ñ Ð¾Ð´ÑÑей в ÑоÑÑав potato.</li> </ul> - -<p>These problems have been fixed in version 4.0.2-14.3 for the old - -stable distribution (potato), in version 4.1.1-1.1 for the current - -stable distribution (woody) and in version 4.1.2-2.1 for the unstable - -distribution (sid).</p> +<p>ÐÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 4.0.2-14.3 Ð´Ð»Ñ Ð¿ÑедÑдÑÑего +ÑÑабилÑного вÑпÑÑка (potato), в веÑÑии 4.1.1-1.1 Ð´Ð»Ñ ÑекÑÑего +ÑÑабилÑного вÑпÑÑка (woody) и в веÑÑии 4.1.2-2.1 Ð´Ð»Ñ Ð½ÐµÑÑабилÑного +вÑпÑÑка (sid).</p> - -<p>We recommend that you upgrade your hylafax packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ hylafax.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqzdBcACgkQXudu4gIW 0qUetg//eBzUetEz4skc7js5kLmo4MeBnnknq1PaayRqR8hwnY8d6dhqHk4ICLpf dbjVbjMteCG1P5c6LKo3xJXA+fIR5En/7+43FMXAHitwZUnpKYbgAyayGpZkXmP3 wAyx+hr/kUaYoZptRwB/Yw6NS1BiG1wGXj/OFYDFHPzWV3q/Xb845uRJefnZyQOf LnCZyAVWT6PObkn/ZmKWcQqIM0RWP5QXa8837H8A83MEALD5ud6qba3NLP+QiBIL NnUm7iM/fjWCbC7aBuAmtezC9hyGwu3DBE8qAe3Z/RAQYT4BXvTmtn4200dUnxrG 3Y91T2PnkPbU2ViBU7fwTb3y4k6blwMsqCVq2UebUReqpbL84iCXJSabtA+ntZJB G8gaSsJM1MNecKWEyru24lOd5DO5BczstBWpOKHAlLS05TJqDSKN1jm64BFsyUma Ui5R7cZieDejFYEgBbs7MTrbL20+eIgfjMLqutM25RoIkfA6naFml3VBIooRLpYD XOz3Sc7Wpy0YlXFZIpqJb5qmxjnNXulQcF6DTy083dALYqWBxzWA+RKybuHFz652 fqluX9K0/xdnHGD+GRmnveT+pBc3erwEDqGeSgp1+op81aQgC8J+8Wrp4r14LcOP bmXMfPlKYK7orUjdfjrz9s9s1bB9m/2Te7gCQYVW3HScyfW7QVE= =6e6o -----END PGP SIGNATURE-----