-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2017/dsa-3762.wml 2017-01-13 20:59:08.000000000 +0500 +++ russian/security/2017/dsa-3762.wml 2017-01-13 21:10:55.733278334 +0500 @@ -1,29 +1,30 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Multiple vulnerabilities have been discovered in the libtiff library - -and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf - -and tiffsplit, which may result in denial of service, memory disclosure - -or the execution of arbitrary code.</p> - - - -<p>There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, - -thumbnail and ras2tiff, but since these were addressed by the libtiff - -developers by removing the tools altogether, no patches are available - -and those tools were also removed from the tiff package in Debian - -stable. The change had already been made in Debian stretch before and - -no applications included in Debian are known to rely on these scripts. - -If you use those tools in custom setups, consider using a different - -conversion/thumbnailing tool.</p> - - - -<p>For the stable distribution (jessie), these problems have been fixed in - -version 4.0.3-12.3+deb8u2.</p> +<p>РбиблиоÑеке libtiff и ÑопÑÑÑÑвÑÑÑÐ¸Ñ Ð¸Ð½ÑÑÑÑменÑÐ°Ñ tiff2rgba, rgb2ycbcr, +tiffcp, tiffcrop, tiff2pdf и tiffsplit бÑли обнаÑÑÐ¶ÐµÐ½Ñ Ð¼Ð½Ð¾Ð³Ð¾ÑиÑленнÑе ÑÑзвимоÑÑи, +коÑоÑÑе могÑÑ Ð¿ÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании, ÑаÑкÑÑÑÐ¸Ñ ÑодеÑжимого +памÑÑи или вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода.</p> + +<p>РинÑÑÑÑменÑÐ°Ñ bmp2tiff, gif2tiff, thumbnail и ras2tiff Ñакже бÑли обнаÑÑÐ¶ÐµÐ½Ñ ÑÑзвимоÑÑи, +но Ñак как они бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ ÑазÑабоÑÑиками libtiff пÑÑÑм ÑÐ´Ð°Ð»ÐµÐ½Ð¸Ñ ÑказаннÑÑ Ð¸Ð½ÑÑÑÑменÑов, +а заплаÑÑ Ð´Ð»Ñ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ ÑÑзвимоÑÑей недоÑÑÑпнÑ, Ñо ÑÑи инÑÑÑÑменÑÑ Ð±Ñли ÑÐ´Ð°Ð»ÐµÐ½Ñ Ð¸ из +пакеÑа tiff в ÑÑабилÑном вÑпÑÑке Debian. ÐÑо изменение Ñже бÑло пÑименено в Debian +stretch. ÐаÑколÑко ÑÑо извеÑÑно, в Debian оÑÑÑÑÑÑвÑÑÑ Ð¿ÑиложениÑ, иÑполÑзÑÑÑие ÑÑи +ÑÑенаÑии. ÐÑли Ð²Ñ Ð¸ÑполÑзÑеÑе ÑказаннÑе инÑÑÑÑменÑÑ Ð² ÑобÑÑвеннÑÑ ÑиÑÑÐµÐ¼Ð°Ñ , Ñо вам +ÑекомендÑеÑÑÑ Ð¿ÐµÑейÑи на иÑполÑзование дÑÑгого инÑÑÑÑменÑа Ð´Ð»Ñ Ð¿ÑеобÑÐ°Ð·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¸Ð·Ð¾Ð±Ñажений +и ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð¸Ð·Ð¾Ð±Ñажений Ð´Ð»Ñ Ð¿ÑедваÑиÑелÑного пÑоÑмоÑÑа.</p> + +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.0.3-12.3+deb8u2.</p> - -<p>For the testing distribution (stretch), these problems have been fixed - -in version 4.0.7-4.</p> +<p>Ð ÑеÑÑиÑÑемом вÑпÑÑке (stretch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 4.0.7-4.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 4.0.7-4.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.0.7-4.</p> - -<p>We recommend that you upgrade your tiff packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ tiff.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlh4/BMACgkQXudu4gIW 0qV2Iw/+IZbXEA3NFDgrlVOfJhRcG3v08dNm6sV6Kf+e+2cHFghkmqW3rVJAXchJ 6eGv3dqRJFMUCO4eg5tjDrKJPDBDaeqyawXKeqPv6FpmaH/q7npkYgQ5rMKC7IkK 4UQwRrdmy833w2iqWtprI+QdgYiIT6CWoQV6i+NxLtrIcmt/DFqItcGAoWDBX4sN VAlI4KRPpMkfCMrdmvxViDRMfdN9pRxY9q3fMNbNr357r1xlowc1tjrPblw7Cp43 ho3mMBsZvnj3j8G2HU+gQ1RGtaVqyhQQS333eL0CndQS0G22lUzUBNi2QN53BRQj wwn5ngpt4jITo/opAquBiBFAmxNwxqfVQF4fcwfHgFMvwXkIEnBSGHV70eNsv+I+ XB9DpXmztII5HWtTvUTU3Bk/69nYqe3em6tXhCYyy1NYyRaFoxfdntZaCJlH8SVT uG4zXjnTnGQN6bG6ZDv8te+c0OL7QALpkd5NZ14WKIDxZTBFTanDFvrrbY3oQpWQ kuGzql/0HfQlCgriQ0Uhr+bXlQt2SCWp5jKrCYvA4wV6VgfpxEvqn1GPVDl7ZWPx pGLgqCHRd3Ig/i/2cs2LofQC+F07Ho4bHSbbwSlEEj+fKd1mrBy3S+CLwdPNalU1 Ec6Jt3q3i+uqVDPxyFOjn8q/7BMjPBv9K6A/gLhCYco1uS/T/9E= =OS62 -----END PGP SIGNATURE-----