-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2016/dsa-3439.wml 2016-01-10 15:08:13.000000000 +0500 +++ russian/security/2016/dsa-3439.wml 2016-01-10 17:22:09.662792950 +0500 @@ -1,38 +1,39 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Two vulnerabilities were discovered in Prosody, a lightweight - -Jabber/XMPP server. The Common Vulnerabilities and Exposures project - -identifies the following issues:</p> +<p>Ð Prosody, легковеÑном ÑеÑвеÑе Jabber/XMPP, бÑло обнаÑÑжено +две ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures +опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-1231">CVE-2016-1231</a> - - <p>Kim Alvefur discovered a flaw in Prosody's HTTP file-serving module - - that allows it to serve requests outside of the configured public - - root directory. A remote attacker can exploit this flaw to access - - private files including sensitive data. The default configuration - - does not enable the mod_http_files module and thus is not - - vulnerable.</p></li> + <p>Ðим ÐлвÑÑÐµÑ Ð¾Ð±Ð½Ð°ÑÑжил ÑÑзвимоÑÑÑ Ð² модÑле ÑабоÑÑ Ñ Ñайлами ÑеÑез HTTP + Ð´Ð»Ñ Prosody, коÑоÑÐ°Ñ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ Ð¾Ð±ÑлÑживаÑÑ Ð·Ð°Ð¿ÑоÑÑ Ð·Ð° пÑеделами наÑÑÑоенного + коÑневого каÑалога. УдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð¿Ð¾Ð»ÑÑÐµÐ½Ð¸Ñ + доÑÑÑпа к закÑÑÑÑм Ñайлам, вклÑÑÐ°Ñ ÑÐ°Ð¹Ð»Ñ Ñ ÑÑвÑÑвиÑелÑнÑми даннÑми. ÐÑи наÑÑÑÐ¾Ð¹ÐºÐ°Ñ Ð¿Ð¾ + ÑмолÑÐ°Ð½Ð¸Ñ Ð¼Ð¾Ð´ÑÐ»Ñ mod_http_files вÑклÑÑен, а ÑеÑÐ²ÐµÑ Ð½Ðµ подвеÑжен + ÑÑой ÑÑзвимоÑÑи.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-1232">CVE-2016-1232</a> - - <p>Thijs Alkemade discovered that Prosody's generation of the secret - - token for server-to-server dialback authentication relied upon a - - weak random number generator that was not cryptographically secure. - - A remote attacker can take advantage of this flaw to guess at - - probable values of the secret key and impersonate the affected - - domain to other servers on the network.</p></li> + <p>Ð¢Ð¸Ð¹Ñ Ðлкемад обнаÑÑжил, ÑÑо Prosody ÑоздаÑÑ Ð·Ð°ÐºÑÑÑÑй + Ñокен Ð´Ð»Ñ Ð¾Ð±ÑаÑной аÑÑенÑиÑикаÑии по пÑинÑÐ¸Ð¿Ñ ÑеÑвеÑ-ÑеÑÐ²ÐµÑ Ð½Ð° оÑнове + Ñлабого генеÑаÑоÑа ÑлÑÑайнÑÑ ÑиÑел, коÑоÑÑй кÑипÑогÑаÑиÑеÑки не безопаÑен. + УдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ, ÑÑÐ¾Ð±Ñ Ð¾ÑгадаÑÑ + веÑоÑÑнÑе знаÑÐµÐ½Ð¸Ñ Ð·Ð°ÐºÑÑÑого клÑÑа и вÑдаÑÑ ÑÐµÐ±Ñ Ð·Ð° ÑооÑвеÑÑÑвÑÑÑий + домен Ð´Ð»Ñ Ð´ÑÑÐ³Ð¸Ñ ÑеÑвеÑов в ÑеÑи.</p></li> </ul> - -<p>For the oldstable distribution (wheezy), these problems have been fixed - -in version 0.8.2-4+deb7u3.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (wheezy) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 0.8.2-4+deb7u3.</p> - -<p>For the stable distribution (jessie), these problems have been fixed in - -version 0.9.7-2+deb8u2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 0.9.7-2+deb8u2.</p> - -<p>We recommend that you upgrade your prosody packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ prosody.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWkk1fAAoJEF7nbuICFtKlL5UP/ikPk+KwFoHpgny/rloDJ4Wb 0cVz3gPXaJIxzGP2JLxVXf8an2uSKizHInjlzxmK707qKJQ1ZNE5RSNacdsdyJpp 1sbyw1nSu9y2hismuTnJBAqZpkl83Suy3PzCVPSHIEXgT8rVJvY/bWeZ5AwqJNYH nn2WgP1zD4Vs/tNi+HuKR5eQNZn+TL7I6IOekPHJiCRB5fSpp+mjT1bpSfpBg683 1h9/E0Wlrnh8hjHuymDrOKXEclUd3mR1Ta8t8cqpexgvzDRokys0hxainvShzyar Tu0Fl/Y08LjqtbKQ543LwNk0F9KnqtDl3MwVhrYg08jRcucBAKAEDljN1Rw6wb71 fdVQPYE/zv5p7OZjH0oWBhH86wXTYf+oYGW0UXePYheaepkA1nNaY9sk1ypMK+Cp Qb7V8QRILM7EzqyVATZ6i4C6ys0WwAcKNotkYAvbkCn+JrAoZuPkGroZ8+C4jf5v C56ywjnBwBQVzR3+L0MsEASh+dnkWwlGfqL6E6qjisqt3emhSOJGFepDo2fHMDIz R1ZGmNsNXx0TNjfYFVpgm/+3tS5FoTGbhirSblnKaTJNvaGblJt8ZQvL6cag5U8v tgkUgVydPY0z9DdtNGe1MiUxybOIRdIpyuxNYc5TO/zbVhULrGQk3RQ1WeUTFDSA sL5YDFYupp/RH1/kuwYW =VCfl -----END PGP SIGNATURE-----