-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2015/dla-158.wml 2016-04-07 03:10:33.000000000 +0500 +++ russian/security/2015/dla-158.wml 2016-05-04 12:19:28.743074913 +0500 @@ -1,36 +1,37 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Multiple vulnerabilities have been discovered in Request Tracker, an - -extensible trouble-ticket tracking system. The Common Vulnerabilities - -and Exposures project identifies the following problems:</p> +<p>Ð Request Tracker, ÑаÑÑиÑÑемой ÑиÑÑеме оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð±Ð¸Ð»ÐµÑов, бÑли +обнаÑÑÐ¶ÐµÐ½Ñ Ð¼Ð½Ð¾Ð³Ð¾ÑиÑленнÑе ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities +and Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9472">CVE-2014-9472</a> - - <p>Christian Loos discovered a remote denial of service vulnerability, - - exploitable via the email gateway and affecting any installation - - which accepts mail from untrusted sources. Depending on RT's - - logging configuration, a remote attacker can take advantage of - - this flaw to cause CPU and excessive disk usage.</p></li> + <p>ÐÑиÑÑиан ÐÐ¾Ð¾Ñ Ð¾Ð±Ð½Ð°ÑÑжил вÑзÑваемÑй ÑдалÑнно оÑказ в обÑлÑживании, + коÑоÑÑй Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ ÑеÑез Ñзел ÑлекÑÑонной поÑÑÑ Ð¸ коÑоÑÑй каÑаеÑÑÑ Ð»Ñбой ÑÑÑановки, + пÑинимаÑÑей поÑÑÑ Ð¸Ð· недовеÑеннÑÑ Ð¸ÑÑоÑников. РзавиÑимоÑÑи Ð¾Ñ Ð½Ð°ÑÑÑоек жÑÑналиÑÐ¾Ð²Ð°Ð½Ð¸Ñ + в RT ÑдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ + даннÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ ÑÑезмеÑного поÑÑÐµÐ±Ð»ÐµÐ½Ð¸Ñ ÑеÑÑÑÑов ЦРи пÑоÑÑÑанÑÑва на диÑке.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1165">CVE-2015-1165</a> - - <p>Christian Loos discovered an information disclosure flaw which may - - reveal RSS feeds URLs, and thus ticket data.</p></li> + <p>ÐÑиÑÑиан ÐÐ¾Ð¾Ñ Ð¾Ð±Ð½Ð°ÑÑжил ÑаÑкÑÑÑие инÑоÑмаÑии, коÑоÑÑе Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº + ÑаÑкÑÑÑÐ¸Ñ URL RSS-Ð»ÐµÐ½Ñ Ð¸, Ñаким обÑазом, даннÑÑ Ð±Ð¸Ð»ÐµÑов.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1464">CVE-2015-1464</a> - - <p>It was discovered that RSS feed URLs can be leveraged to perform - - session hijacking, allowing a user with the URL to log in as the - - user that created the feed.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо URL RSS-Ð»ÐµÐ½Ñ Ð¼Ð¾Ð³ÑÑ Ð¸ÑполÑзоваÑÑÑÑ Ð´Ð»Ñ Ñ Ð¸ÑÐµÐ½Ð¸Ñ + ÑеÑÑии, позволÑÑ Ð¿Ð¾Ð»ÑзоваÑелÑ, имеÑÑÐµÐ¼Ñ ÑооÑвеÑÑÑвÑÑÑий URL, Ð²Ñ Ð¾Ð´Ð¸ÑÑ Ð¾Ñ Ð»Ð¸Ñа + полÑзоваÑелÑ, ÑоздавÑего ленÑÑ.</p></li> </ul> - -<p>For the oldstable distribution (squeeze), these problems have been fixed - -in version 3.8.8-7+squeeze9.</p> +<p>РпÑедÑдÑÑем ÑÑаÑом ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 3.8.8-7+squeeze9.</p> - -<p>We recommend that you upgrade your request-tracker3.8 packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ request-tracker3.8.</p> </define-tag> # do not modify the following line - --- english/security/2015/dla-239.wml 2016-04-07 03:10:34.000000000 +0500 +++ russian/security/2015/dla-239.wml 2016-05-04 12:27:30.873391987 +0500 @@ -1,33 +1,34 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Two critical vulnerabilities have been found in the CUPS printing - -system:</p> +<p>Ð ÑиÑÑеме пеÑаÑи CUPS бÑло обнаÑÑжено две кÑиÑиÑеÑÐºÐ¸Ñ +ÑÑзвимоÑÑи:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1158">CVE-2015-1158</a> - -<p>- Improper Update of Reference Count - - Cupsd uses reference-counted strings with global scope. When parsing - - a print job request, cupsd over-decrements the reference count for a - - string from the request. As a result, an attacker can prematurely - - free an arbitrary string of global scope. They can use this to - - dismantle ACLâs protecting privileged operations, and upload a - - replacement configuration file, and subsequently run arbitrary code - - on a target machine.</p> - - - - <p>This bug is exploitable in default configurations, and does not - - require any special permissions other than the basic ability to - - print.</p></li> +<p>- ÐепÑавилÑное обновление ÑÑÑÑÑика загÑÑзок + Cupsd иÑполÑзÑÐµÑ ÑÑÑоки Ð´Ð»Ñ Ð¿Ð¾Ð´ÑÑÑÑа загÑÑзок в глобалÑном конÑекÑÑе. ÐÑи вÑполнении гÑаммаÑиÑеÑкого + ÑазбоÑа запÑоÑа о задаÑе пеÑаÑи cupsd ÑлиÑком ÑменÑÑÐ°ÐµÑ ÑÑÑÑÑик загÑÑзок Ð´Ð»Ñ + ÑÑÑоки из запÑоÑа. Ð ÑезÑлÑÑаÑе злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑеждевÑеменно + оÑвободиÑÑ Ð¿ÑоизволÑнÑÑ ÑÑÑÐ¾ÐºÑ Ð² глобалÑном конÑекÑÑе. ÐÑо Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ + Ð´Ð»Ñ ÑнÑÑÐ¸Ñ Ð·Ð°ÑиÑÑ ACL Ð´Ð»Ñ Ð¿ÑивилегиÑованнÑÑ Ð¾Ð¿ÐµÑаÑий, Ð´Ð»Ñ Ð·Ð°Ð³ÑÑзки + Ð·Ð°Ð¼ÐµÐ½Ñ Ñайла наÑÑÑоек, а Ñакже поÑледÑÑÑего запÑÑка пÑоизволÑного кода + на Ñелевой маÑине.</p> + + <p>ÐÐ°Ð½Ð½Ð°Ñ Ð¾Ñибка Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð¿Ñи наÑÑÑÐ¾Ð¹ÐºÐ°Ñ Ð¿Ð¾ ÑмолÑаниÑ, Ð´Ð»Ñ ÑÑого не + ÑÑебÑÑÑÑÑ ÐºÐ°ÐºÐ¸Ðµ-либо ÑпеÑиалÑнÑе пÑава доÑÑÑпа, оÑлиÑнÑе Ð¾Ñ Ð¾Ð±ÑÑной возможноÑÑи + пеÑаÑаÑÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1159">CVE-2015-1159</a> - -<p>- Cross-Site Scripting - - A cross-site scripting bug in the CUPS templating engine allows the - - above bug to be exploited when a user browses the web. This XSS is - - reachable in the default configuration for Linux instances of CUPS, - - and allows an attacker to bypass default configuration settings that - - bind the CUPS scheduler to the âlocalhostâ or loopback interface.</p></li> +<p>- ÐежÑайÑовÑй ÑкÑипÑинг + ÐежÑайÑовÑй ÑкÑипÑинг в движке Ñаблонов CUPS позволÑÐµÑ Ð¸ÑполÑзоваÑÑ + ÑказаннÑÑ Ð²ÑÑе оÑÐ¸Ð±ÐºÑ Ð² Ñом ÑлÑÑае, когда полÑзоваÑÐµÐ»Ñ Ð¿ÑоÑмаÑÑÐ¸Ð²Ð°ÐµÑ Ð²ÐµÐ±. ÐÑÐ¾Ñ XSS + Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð¿Ñи наÑÑÑÐ¾Ð¹ÐºÐ°Ñ Ð¿Ð¾ ÑмолÑÐ°Ð½Ð¸Ñ Ð´Ð»Ñ CUPS в Linux, + он позволÑÐµÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð¾Ð±Ñ Ð¾Ð´Ð¸ÑÑ Ð½Ð°ÑÑÑойки по ÑмолÑаниÑ, пÑивÑзÑваÑÑие + планиÑовÑик CUPS к âlocalhostâ или пеÑÐ»ÐµÐ²Ð¾Ð¼Ñ Ð¸Ð½ÑеÑÑейÑÑ.</p></li> </ul> </define-tag> -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXKaRlAAoJEF7nbuICFtKlVdcQAJHoUCSE+0sOsJGimruIGOCj AEpzjdG5/vRa2ki2yvAJhVe10jNdRV77+SWdmIctlVzQjCU3HgmpNU7b8VE2VW/n nuo9gyh+nY9ppRFO7Nqb1FM6V4DnLbHhAwYw/S7OK9G0rbxHpM+u6ZvFQQiuXfrc 4Vlk01gOIojBYR7nEH7bc6H2FlbdyALOvZhblK9Xj/AtIpRxh2qpuwFFLJ3cnz80 IUCZUA8P7QJ7D0QQD3/1uRSILWe2nKzJEtdsLufl5KJyJhQYaD21e93IpWIV13ja f/3XNai88mmecSK9h0MQGxhZuskoNkifnx1Sq5bLAPC/Y7a0ExSJ/NuhqCZPPnzs u0VGL/QwqQz+SxFQrGNDoeUjsAf8x9bdnT2NhwbtVUPhmHzzKxLnclQpIlZF2xGw oxqKePKskucv1NwOC9UAebsdAcT6PwgJk/tzjdphWVETzuiYI0IRG0BchLmEJ1Yr LvOO2Gd3iz8S/Fm6GJd2s1tGwNshvqTl66FaGOUk7qjLEuhZpYoMBj2AA2MDsCt9 tOiK1A5Ip0qOxRtMv6SLZPyCyFk/70oLsYWzCVkE8r67iTQ4zlP924p77vMt7nmf qOujsUdbp584NTlq4HZvPoKdm6LHoUGx40ZBCNnW1AuYwG/K4euDgrjFsk+8bIm8 INZDTev2L3p8eYTpSWTt =51U1 -----END PGP SIGNATURE-----