-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2012/dsa-2451.wml 2017-11-01 10:11:10.335844997 +0500 +++ russian/security/2012/dsa-2451.wml 2018-03-07 16:38:02.635402693 +0500 @@ -1,50 +1,51 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in Puppet, a centralized - -configuration management system. The Common Vulnerabilities and - -Exposures project identifies the following problems:</p> +<p>Ð Puppet, ÑиÑÑеме ÑенÑÑализованного ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð½Ð°ÑÑÑойками, бÑло +обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and +Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-1906";>CVE-2012-1906</a> - - <p>Puppet is using predictable temporary file names when downloading - - Mac OS X package files. This allows a local attacker to either - - overwrite arbitrary files on the system or to install an arbitrary - - package.</p></li> + <p>Puppet иÑполÑзÑÐµÑ Ð¿ÑедÑказÑемÑе имена вÑеменнÑÑ Ñайлов пÑи загÑÑзке + пакеÑнÑÑ Ñайлов Mac OS X. ÐÑо позволÑÐµÑ Ð»Ð¾ÐºÐ°Ð»ÑÐ½Ð¾Ð¼Ñ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð¿ÐµÑезапиÑÑваÑÑ + пÑоизволÑнÑе ÑÐ°Ð¹Ð»Ñ Ð² ÑиÑÑеме или ÑÑÑанавливаÑÑ Ð¿ÑоизволÑнÑе + пакеÑÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-1986";>CVE-2012-1986</a> - - <p>When handling requests for a file from a remote filebucket, Puppet - - can be tricked into overwriting its defined location for filebucket - - storage. This allows an authorized attacker with access to the Puppet - - master to read arbitrary files.</p></li> + <p>ÐÑи обÑабоÑке ÑайловÑÑ Ð·Ð°Ð¿ÑоÑов Ð¾Ñ ÑдалÑнного Ñ ÑанилиÑа Puppet + Ð¼Ð¾Ð¶ÐµÑ Ð¿ÐµÑезапиÑаÑÑ Ð¾Ð¿ÑеделÑнное в наÑÑÑÐ¾Ð¹ÐºÐ°Ñ Ð¼ÐµÑÑоположение + Ñ ÑанилиÑа. ÐÑо позволÑÐµÑ Ð°Ð²ÑоÑÐ¸Ð·Ð¾Ð²Ð°Ð½Ð½Ð¾Ð¼Ñ Ð·Ð»Ð¾ÑмÑÑленникÑ, имеÑÑÐµÐ¼Ñ Ð´Ð¾ÑÑÑп к + Ð³Ð»Ð°Ð²Ð½Ð¾Ð¼Ñ ÑÐ·Ð»Ñ Puppet, ÑиÑаÑÑ Ð¿ÑоизволÑнÑе ÑайлÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-1987";>CVE-2012-1987</a> - - <p>Puppet is incorrectly handling filebucket store requests. This allows - - an attacker to perform denial of service attacks against Puppet by - - resource exhaustion.</p></li> + <p>Puppet непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ Ð·Ð°Ð¿ÑоÑÑ Ñ ÑанилиÑа по ÑÐ¾Ñ ÑÐ°Ð½ÐµÐ½Ð¸Ñ Ñайлов. ÐÑо позволÑÐµÑ + злоÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²ÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании в Puppet пÑÑÑм + иÑÑеÑÐ¿Ð°Ð½Ð¸Ñ Ð¿Ð°Ð¼ÑÑи.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-1988";>CVE-2012-1988</a> - - <p>Puppet is incorrectly handling filebucket requests. This allows an - - attacker with access to the certificate on the agent and an unprivileged - - account on Puppet master to execute arbitrary code via crafted file - - path names and making a filebucket request.</p></li> + <p>Puppet непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ Ð·Ð°Ð¿ÑоÑÑ Ñ ÑанилиÑа. ÐÑо позволÑÐµÑ + злоÑмÑÑленникÑ, имеÑÑÐµÐ¼Ñ Ð´Ð¾ÑÑÑп к ÑеÑÑиÑикаÑÑ Ð½Ð° Ñзле-агенÑе и непÑивилегиÑованнÑÑ + ÑÑÑÑнÑÑ Ð·Ð°Ð¿Ð¸ÑÑ Ð½Ð° главном Ñзле Puppet, вÑполнÑÑÑ Ð¿ÑоизволÑнÑй код Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑпеÑиалÑно + ÑÑоÑмиÑованнÑÑ Ð¿ÑÑей к Ñайлам и запÑоÑов к Ñ ÑанилиÑÑ.</p></li> </ul> - -<p>For the stable distribution (squeeze), this problem has been fixed in - -version 2.6.2-5+squeeze5.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.6.2-5+squeeze5.</p> - -<p>For the testing distribution (wheezy), this problem has been fixed in - -version 2.7.13-1.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (wheezy) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.7.13-1.</p> - -<p>For the unstable distribution (sid), this problem has been fixed in - -version 2.7.13-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.7.13-1.</p> - -<p>We recommend that you upgrade your puppet packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ puppet.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqfzyAACgkQXudu4gIW 0qVNsBAAnZrjJmPJ3u3tUx8lMT5PjsDuicK1qwn+CenmNnWQBARKAG2H9NEYeASr TXCaJUWJOQ3zfueOz5cgV1vUZkV5QI+vQQT1UqBDUNh0Qy0t8caSMSlpQ3CUGZCN o5O//ik9TTSABBC/BqfbvDTAinu/PpzKamffmgqpNiB9iftOSB2GSa2cU/z0hoKM GhyDdoWQPkMxeLR5NroYGfoptK+2LfxlD+/Nnp6rHbfZQPhNyMH1FaluDlFNwA/k LV0Lkc0GAPrao9I4mfxfxG9ptfU8pIGYtBdt01Y//zI1Dy8QI2SUhpFoSM64ZIni 0FjCQABlMQBHCnLE45U7FqKq3VmyMP76X3iV1bUUrNx7D4GsXjH9zkPDnZncMwLn zFuxw4MAEAIWdVkIzo1+K0UR/CKLLE057Of7tkQWAZAuPMdKWVp72JgR83XjSK/O EgozKyhVB96IlQvDF9hLu9+lib7PLfF2vOAWk/SDQhJJfI/EnbbR/BFAfi2ajUMT xVrtSRgijgubsQCL/yx/NdMXun7kYOj8H3R8m7njb72OeYlHdJfwlkkw1iPZOkDX CU9XxGWRShOdCe7Lka8WbkRqfl2EZxNeE0Oiu2aFRjams3oUUrmq/+0k+2g/yo4y 3TOB3rWS+/3CFomAZxDOVVCu3X7n/bjIEVSLP96iqV8Wc80ECVU= =Avlg -----END PGP SIGNATURE-----
