-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2016/dla-379.wml 2016-04-08 01:54:44.000000000 +0500 +++ russian/security/2016/dla-379.wml 2016-04-13 23:24:05.881378974 +0500 @@ -1,34 +1,35 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities were found in Samba, a SMB/CIFS implementation - -that provides a file, print, and login server.</p> +<p>Ð Samba, ÑеализаÑии SMB/CIFS, пÑедоÑÑавлÑÑÑей ÑлÑÐ¶Ð±Ñ Ñайлового ÑеÑвеÑа, ÑеÑвеÑа пеÑаÑи +и аÑÑенÑиÑикаÑии, бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей.</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5252">CVE-2015-5252</a> - - <p>Jan <q>Yenya</q> Kasprzak and the Computer Systems Unit team at Faculty - - of Informatics, Masaryk University, reported that samba wrongly - - verified symlinks, making it possible to access resources outside - - the shared path, under certain circumstances.</p></li> + <p>Ян <q>Yenya</q> ÐаÑпÑжак и команда Computer Systems Unit из ÑакÑлÑÑеÑа + инÑоÑмаÑики ÐаÑаÑикова ÑнивеÑÑиÑеÑа ÑообÑили, ÑÑо samba непÑавилÑно + вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ ÑимволÑнÑÑ ÑÑÑлок, ÑÑо позволÑÐµÑ Ð¿Ñи опÑеделÑннÑÑ ÑÑловиÑÑ + полÑÑаÑÑ Ð´Ð¾ÑÑÑп к ÑеÑÑÑÑам за пÑеделами пÑÑи обÑего доÑÑÑпа.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5296">CVE-2015-5296</a> - - <p>Stefan Metzmacher of SerNet and the Samba Team discovered that samba - - did not ensure that signing was negotiated when a client established - - an encrypted connection against a samba server.</p></li> + <p>ШÑеÑан ÐеÑÐ¼Ð°Ñ ÐµÑ Ð¸Ð· SerNet и команда Samba обнаÑÑжили, ÑÑо samba + не вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ ÑоглаÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñей, когда ÐºÐ»Ð¸ÐµÐ½Ñ ÑÑÑÐ°Ð½Ð°Ð²Ð»Ð¸Ð²Ð°ÐµÑ + заÑиÑÑованное Ñоединение Ñ ÑеÑвеÑом samba.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5299">CVE-2015-5299</a> - - <p>Samba was vulnerable to a missing access control check in the - - VFS shadow_copy2 module, that could allow unauthorized users to - - access snapshots.</p></li> + <p>Ð Samba оÑÑÑÑÑÑвÑÐµÑ Ð¿ÑовеÑка ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð´Ð¾ÑÑÑпом в модÑле + VFS shadow_copy2, ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð½ÐµÐ°Ð²ÑоÑизованнÑм полÑзоваÑелÑм + полÑÑаÑÑ Ð´Ð¾ÑÑÑп к ÑÑезам.</p></li> </ul> - -<p>For Debian 6 <q>Squeeze</q>, this issue has been fixed in samba version - -2:3.5.6~dfsg-3squeeze13. We recommend you to upgrade your samba - -packages.</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑа пÑоблема бÑла иÑпÑавлена в samba веÑÑии +2:3.5.6~dfsg-3squeeze13. РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ +samba.</p> </define-tag> # do not modify the following line - --- english/security/2016/dla-411.wml 2016-04-08 01:54:44.000000000 +0500 +++ russian/security/2016/dla-411.wml 2016-04-13 23:47:17.359613544 +0500 @@ -1,37 +1,38 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been fixed in the Debian GNU C Library, - -eglibc:</p> +<p>Ð eglibc, библиоÑеке GNU C Ð´Ð»Ñ Debian бÑло обнаÑÑжено неÑколÑко +ÑÑзвимоÑÑей:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9761">CVE-2014-9761</a> - - <p>The math's nan* function wrongly handled payload strings, yielding - - to an unbounded stack allocation based on the length of the - - arguments. To solve this issue, payload parsing has been refactored - - out of strtod into a separate functions that nan* can call directly.</p></li> + <p>ФÑнкÑÐ¸Ñ nan* из math непÑавилÑно обÑабаÑÑÐ²Ð°ÐµÑ Ð¸Ð½ÑоÑмаÑионнÑе ÑÑÑоки, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ + к вÑÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ð½ÐµÐ¾Ð³ÑаниÑенного ÑÑека на оÑнове Ð´Ð»Ð¸Ð½Ñ + аÑгÑменÑов. ÐÐ»Ñ ÑеÑÐµÐ½Ð¸Ñ ÑÑой пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð³ÑаммаÑиÑеÑкий ÑÐ°Ð·Ð±Ð¾Ñ Ð¿Ð¾Ð»ÐµÐ·Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ Ð±Ñл вÑделен + из strtod в оÑделÑнÑе ÑÑнкÑии, коÑоÑÑе nan* Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзÑваÑÑ Ð½Ð°Ð¿ÑÑмÑÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8776">CVE-2015-8776</a> - - <p>The strftime() function made it possible to access invalid memory, - - allowing to segfault the calling application.</p></li> + <p>ФÑнкÑÐ¸Ñ strftime() позволÑÐµÑ Ð¿Ð¾Ð»ÑÑаÑÑ Ð´Ð¾ÑÑÑп к непÑавилÑной облаÑÑи памÑÑи, + ÑÑо позволÑÐµÑ Ð²ÑзÑваÑÑ Ð¾ÑÐ¸Ð±ÐºÑ ÑегменÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð² вÑзÑваÑÑем ÑÑÑ ÑÑнкÑÐ¸Ñ Ð¿Ñиложении.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8778">CVE-2015-8778</a> - - <p>hcreate() was susceptible to an integer overflow, that may results - - in out-of-bounds heap accesses.</p></li> + <p>ФÑнкÑÐ¸Ñ hcreate() возможно ÑодеÑÐ¶Ð¸Ñ Ð¿ÐµÑеполнение ÑелÑÑ ÑиÑел, коÑоÑое Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ + к обÑаÑÐµÐ½Ð¸Ñ Ðº облаÑÑÑм динамиÑеÑкой памÑÑи за пÑеделами вÑделенного бÑÑеÑа.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8779">CVE-2015-8779</a> - - <p>The catopen() function suffered from multiple unbounded stack - - allocations.</p></li> + <p>ФÑнкÑÐ¸Ñ catopen() ÑодеÑÐ¶Ð¸Ñ Ð¼Ð½Ð¾Ð³Ð¾ÑиÑленнÑе вÑÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ð½ÐµÐ¾Ð³ÑаниÑенного + ÑÑека.</p></li> </ul> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in eglibc version - -eglibc_2.11.3-4+deb6u9. We recommend you to upgrade your eglibc - -packages.</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² eglibc веÑÑии +eglibc_2.11.3-4+deb6u9. РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ +eglibc.</p> </define-tag> # do not modify the following line - --- english/security/2016/dla-442.wml 2016-04-08 01:54:45.000000000 +0500 +++ russian/security/2016/dla-442.wml 2016-04-13 23:56:59.297013559 +0500 @@ -1,32 +1,33 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-6441">CVE-2013-6441</a> - - <p>The template script lxc-sshd used to mount itself as /sbin/init in the - - container using a writable bind-mount.</p> + <p>Шаблон ÑÑенаÑÐ¸Ñ lxc-sshd иÑполÑзÑеÑÑÑ Ð´Ð»Ñ Ð¼Ð¾Ð½ÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ ÐµÐ³Ð¾ в каÑеÑÑве /sbin/init в + конÑейнеÑе, иÑполÑзÑÑ Ð¼Ð¾Ð½ÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ñ Ð¾Ð¿Ñией bind и возможноÑÑÑÑ Ð¿ÐµÑезапиÑи.</p> - - <p>This update resolved the above issue by using a read-only bind-mount - - instead preventing any form of potentially accidental damage.</p></li> + <p>Ðанное обновление ÑеÑÐ°ÐµÑ ÑказаннÑÑ Ð²ÑÑе пÑоблемÑ, иÑполÑзÑÑ Ð¼Ð¾Ð½ÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ñ Ð¾Ð¿Ñией bind + и без возможноÑÑи запиÑи, ÑÑо пÑедоÑвÑаÑÐ°ÐµÑ Ð»Ñбое поÑенÑиалÑное ненамеÑенное повÑеждение даннÑÑ .</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1335">CVE-2015-1335</a> - - <p>On container startup, lxc sets up the container's initial file system - - tree by doing a bunch of mounting, guided by the container's configuration - - file.</p> - - - - <p>The container config is owned by the admin or user on the host, so we - - do not try to guard against bad entries. However, since the mount - - target is in the container, it's possible that the container admin - - could divert the mount with symbolic links. This could bypass proper - - container startup (i.e. confinement of a root-owned container by the - - restrictive apparmor policy, by diverting the required write to - - /proc/self/attr/current), or bypass the (path-based) apparmor policy - - by diverting, say, /proc to /mnt in the container.</p> + <p>ÐÑи запÑÑке конÑейнеÑа lxc ÑÑÑÐ°Ð½Ð°Ð²Ð»Ð¸Ð²Ð°ÐµÑ Ð¸Ð·Ð½Ð°ÑалÑное деÑево Ñайловой ÑиÑÑÐµÐ¼Ñ + конÑейнеÑа, вÑполнÑÑ Ð½ÐµÑколÑко Ñаз монÑиÑование, коÑоÑое оÑÑÑеÑÑвлÑеÑÑÑ Ð² ÑооÑвеÑÑвии Ñ Ñайлом + наÑÑÑойки конÑейнеÑа.</p> + + <p>ÐладелÑÑем Ñайла наÑÑÑойки конÑейнеÑа ÑвлÑеÑÑÑ Ð°Ð´Ð¼Ð¸Ð½Ð¸ÑÑÑаÑÐ¾Ñ Ð¸Ð»Ð¸ полÑзоваÑÐµÐ»Ñ Ñзла, поÑÑÐ¾Ð¼Ñ + заÑиÑа Ð¾Ñ Ð¿Ð»Ð¾Ñ Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñей в нÑм оÑÑÑÑÑÑвÑеÑ. Тем не менее, поÑколÑÐºÑ ÑÐµÐ»Ñ Ð¼Ð¾Ð½ÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ + Ð½Ð°Ñ Ð¾Ð´Ð¸ÑÑÑ Ð² конÑейнеÑе, поÑÑолÑÐºÑ Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð½Ð¾, ÑÑо админиÑÑÑаÑÐ¾Ñ ÐºÐ¾Ð½ÑейнеÑа + изменил монÑиÑование Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑимволÑнÑÑ ÑÑÑлок. ÐÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð¾Ð±Ð¾Ð¹Ñи наÑÑÑойки конÑейнеÑа + пÑи его запÑÑке (Ñо еÑÑÑ, изолÑÑÐ¸Ñ ÐºÐ¾Ð½ÑейнеÑа, владелÑÑем коÑоÑого ÑвлÑеÑÑÑ ÑÑпеÑполÑзоваÑелÑ, + Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¾Ð³ÑаниÑиваÑÑего пÑавила apparmor, пÑÑÑм Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ÑÑебÑемой запиÑи в + /proc/self/attr/current), либо обойÑи пÑавило apparmor (на оÑнове пÑÑи) + пÑÑÑм Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð² конÑейнеÑе, напÑимеÑ, /proc на /mnt.</p> - - <p>This update implements a safe_mount() function that prevents lxc from - - doing mounts onto symbolic links.</p></li> + <p>Ðанное обновление ÑеализÑÐµÑ ÑÑнкÑÐ¸Ñ safe_mount(), коÑоÑÐ°Ñ Ð½Ðµ позволÑÐµÑ lxc + вÑполнÑÑÑ Ð¼Ð¾Ð½ÑиÑование в ÑимволÑнÑе ÑÑÑлки.</p></li> </ul> </define-tag> -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXDpZ+AAoJEF7nbuICFtKlcooP/Rzvtx9HrUcsHRK1pL0iCX8B E9abI7gEbkc+X06EO4xoC4dZmy9yeSOQia7Wa0tsuLl8KkvIizCX0IeHLrZZ8xU7 d6DQksYrpqK9HN17zzVhcIclvV1+b16A2WhF86v4CrHS/ocNNQFzgBOwZfQP6O+l Kp+LqkzAh4LR5nfoLve33EentQ71BtJXaRU5X5Fa5iE3vHgQ2ySLVFmwYJS7D17i nHvRLg9i9xu2llH9/Oe7xblRIM/QPbU2xOErXpv9hgNyUaFhvMVShKUvX2WDu27W PE9O7b204I6TCDpmlXPUU6E0SoYnFS0FRllsN+EsAnHOyP1sd1TkPMkShbxV1NBW o16nqDA9A6QIok64MT6rIe4AemEkxGnz1XttIXpu73ZtizJDwddOKk5lxNOY+mD0 a+i2A5tPmw7ATf37CrJeXFfzS7JalYCeUdmXqtzavzeDLJrR9riDrI0AlxxbQvby 6OqkSvHJr70jdS6gH7yTbwy+SDbEb+ONgukLOTmRX2cD1AohZrLlGpydFVesqTkR nkmrUhiJ5ZyxEYSpdh6tAuAoiEGWt2XYVMmuoYLCkHuvILnVjp6iZ+QocukTwPv8 CWlUQkTb35p+2h3mEDbjGHc64az1HhMiBAnI9EAouVPa7OWsIZub/T+QtN3qtlVt WTt2GajaQTyaxo1bpadh =CRVb -----END PGP SIGNATURE-----