-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2015/dla-180.wml 2016-04-09 01:32:24.000000000 +0500 +++ russian/security/2015/dla-180.wml 2016-05-03 13:31:15.015586341 +0500 @@ -1,29 +1,30 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Multiple vulnerabilities have been discovered in GnuTLS, a library - -implementing the TLS and SSL protocols. The Common Vulnerabilities and - -Exposures project identifies the following problems:</p> +<p>Ð GnuTLS, библиоÑеке, ÑеализÑÑÑей пÑоÑÐ¾ÐºÐ¾Ð»Ñ TLS и SSL, бÑли обнаÑÑÐ¶ÐµÐ½Ñ +многоÑиÑленнÑе ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and +Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8155";>CVE-2014-8155</a> - - <p>Missing date/time checks on CA certificates</p></li> + <p>ÐÑÑÑÑÑÑвие пÑовеÑок даÑÑ/вÑемени Ð´Ð»Ñ ÑеÑÑиÑикаÑов CA</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0282";>CVE-2015-0282</a> - - <p>GnuTLS does not verify the RSA PKCS #1 signature algorithm to match - - the signature algorithm in the certificate, leading to a potential - - downgrade to a disallowed algorithm without detecting it.</p></li> + <p>GnuTLS не вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ ÑÐ¾Ð²Ð¿Ð°Ð´ÐµÐ½Ð¸Ñ Ð°Ð»Ð³Ð¾ÑиÑма подпиÑи RSA PKCS #1 Ñ + алгоÑиÑмом подпиÑи в ÑеÑÑиÑикаÑе, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº поÑенÑиалÑÐ½Ð¾Ð¼Ñ + иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð·Ð°Ð¿ÑеÑÑнного алгоÑиÑма без опÑÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ñ ÑÑой ÑиÑÑаÑии.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0294";>CVE-2015-0294</a> - - <p>GnuTLS does not check whether the two signature algorithms match on - - certificate import.</p></li> + <p>GnuTLS не вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ñого, ÑÑо два алгоÑиÑма подпиÑи ÑовпадаÑÑ + по импоÑÑÑ ÑеÑÑиÑикаÑов.</p></li> </ul> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in gnutls26 version 2.8.6-1+squeeze5</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² gnutls26 веÑÑии 2.8.6-1+squeeze5</p> </define-tag> # do not modify the following line - --- english/security/2015/dla-232.wml 2016-04-08 01:24:53.000000000 +0500 +++ russian/security/2015/dla-232.wml 2016-05-03 13:28:08.666093730 +0500 @@ -1,28 +1,29 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>The following vulnerabilities were found in Apache Tomcat 6:</p> +<p>Ð Apache Tomcat 6 бÑли обнаÑÑÐ¶ÐµÐ½Ñ ÑледÑÑÑие ÑÑзвимоÑÑи:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0227";>CVE-2014-0227</a> - - <p>The Tomcat security team identified that it was possible to conduct HTTP - - request smuggling attacks or cause a DoS by streaming malformed data.</p></li> + <p>Ðоманда безопаÑноÑÑи Tomcat опÑеделила, ÑÑо можно вÑполниÑÑ Ð°ÑÐ°ÐºÑ Ð¿Ð¾ подделке + запÑоÑа HTTP или вÑзваÑÑ Ð¾Ñказ в обÑлÑживании пÑÑÑм пеÑедаÑи поÑока ÑпеÑиалÑно ÑÑоÑмиÑованнÑÑ Ð´Ð°Ð½Ð½ÑÑ .</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0230";>CVE-2014-0230</a> - - <p>AntBean@secdig, from the Baidu Security Team, disclosed that it was - - possible to cause a limited DoS attack by feeding data by aborting an - - upload.</p></li> + <p>AntBean@secdig из ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи Baidu обнаÑÑжил, ÑÑо имееÑÑÑ Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð½Ð¾ÑÑÑ + вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¾Ð³ÑаниÑенной аÑаки Ð´Ð»Ñ Ð²Ñзова оÑказа в обÑлÑживании пÑÑÑм пеÑедаÑи даннÑÑ + ÑеÑез оÑÐ¼ÐµÐ½Ñ Ð·Ð°Ð³ÑÑзки.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-7810";>CVE-2014-7810</a> - - <p>The Tomcat security team identified that malicious web applications could - - bypass the Security Manager by the use of expression language.</p></li> + <p>Ðоманда безопаÑноÑÑи Tomcat опÑеделила, ÑÑо веб-пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð·Ð»Ð¾ÑмÑÑленников могÑÑ + Ð¾Ð±Ñ Ð¾Ð´Ð¸ÑÑ Ð¾Ð³ÑаниÑÐµÐ½Ð¸Ñ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑа безопаÑноÑÑи пÑÑÑм иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ ÑзÑка вÑÑажений.</p></li> </ul> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in tomcat6 version +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² tomcat6 веÑÑии 6.0.41-2+squeeze7.</p> </define-tag> -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXKGHVAAoJEF7nbuICFtKlvEUQAIyykf/X36sRpc5rEb1FvNBL Qw4J6bl40nLFxeUE2QnUCpRkgHKCsC8y5tRRRSgnbmNG/I2s0F2vo/q9k1UgXCER 7vH3Vp8DA3/YOvmbva8ww35X5SbV3Ur0CPcnk9G1ZYOEHDQNu6SSNpGz4/atx/2w DkuyD3mwOTVVGc2EQ2ta+E2UsVnXNqKk7NyCNal+Ti+jbe8JevZGiz4rwuUqJFTl jzRfsLSQauCVMD0Z8PXrwKLvrKfrxy2eEgmQQABD7uOLXO3WLCYqYXd0xrHSY1x7 kn32oP5Pr6BTKWcGyQnqpY6h4nlbzKD1R8dGyErIeSw4VLj3S1eB+JrDjyBK49WD gMSxM+OrrxzXvwBOLi59Ce5ykLKZaLSdR6kAGqCrnvKMUQ+15zycl1tZesgJKwyn QmSaT1kXQ4LB9vsWCowgvdiv+RmjALyHsl3w+kDjlkiprPhhqFFKCGF28UyirXgN /WR+gpDkTzMhix8sR40hWmt7KeJiZcijk2ckZN8U55KkJLFQI02OI99dBCwlv+MS Y1NQnpjMSgcLM1N1cMEZ7wc30LxMxaWebI/rupdTkcdw6h+tzwUrWfJ3Lc23ndSo bXWhigNXPwkY4v1po/9vELEGjEBKBXKlzlatHVF4oL5mrcdXHNSoNKfPOfxUyq3Y HQ42UNfY6PclEqzwWK46 =nVNq -----END PGP SIGNATURE-----
