-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2015/dla-131.wml 2016-04-09 01:32:23.000000000 +0500 +++ russian/security/2015/dla-131.wml 2016-05-04 13:37:46.071086989 +0500 @@ -1,38 +1,39 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Multiple security issues have been found in file, a tool/library to - -determine a file type. Processing a malformed file could result in - -denial of service. Most of the changes are related to parsing ELF - -files.</p> - - - -<p>As part of the fixes, several limits on aspects of the detection were - -added or tightened, sometimes resulting in messages like <q>recursion - -limit exceeded</q> or <q>too many program header sections</q>.</p> - - - -<p>To mitigate such shortcomings, these limits are controllable by a new - -"-R"/"--recursion" parameter in the file program. Note: A future - -upgrade for file in squeeze-lts might replace this with the "-P" - -parameter to keep usage consistent across all distributions.</p> +<p>Ð file, инÑÑÑÑменÑе/библиоÑеке Ð´Ð»Ñ Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ñипа Ñайлов, бÑли +обнаÑÑÐ¶ÐµÐ½Ñ Ð¼Ð½Ð¾Ð³Ð¾ÑиÑленнÑе пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи. ÐбÑабоÑка ÑпеÑиалÑно ÑÑоÑмиÑованнÑÑ Ñайлов Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº +оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании. ÐолÑÑинÑÑво изменений ÑвÑÐ·Ð°Ð½Ñ Ñ Ð³ÑаммаÑиÑеÑким ÑазбоÑом Ñайлов +ELF.</p> + +<p>РкаÑеÑÑве иÑпÑавлений в ÑÑде ÑлÑÑаев бÑли Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ñ Ð½Ð¾Ð²Ñе или ÑÑÐ¸Ð»ÐµÐ½Ñ ÑÑÑеÑÑвÑÑÑие огÑаниÑÐµÐ½Ð¸Ñ +аÑпекÑов опÑеделениÑ, ÑÑо иногда пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº ÑообÑениÑм вида <q>иÑÑеÑпан +Ð»Ð¸Ð¼Ð¸Ñ ÑекÑÑÑии</q> или <q>ÑлиÑком много Ñазделов заголовков пÑогÑаммÑ</q>.</p> + +<p>ÐÐ»Ñ Ñого, ÑÑÐ¾Ð±Ñ Ð¾Ð±Ð¾Ð¹Ñи подобнÑе заÑÑÑднениÑ, ÑÑи огÑаниÑÐµÐ½Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ измениÑÑ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð½Ð¾Ð²Ð¾Ð³Ð¾ +паÑамеÑÑа "-R"/"--recursion" в пÑогÑамме file. Ðнимание: бÑдÑÑее +обновление file в squeeze-lts Ð¼Ð¾Ð¶ÐµÑ Ð·Ð°Ð¼ÐµÐ½Ð¸ÑÑ ÑÑÐ¾Ñ Ð¿Ð°ÑамеÑÑ Ð½Ð° паÑамеÑÑ "-P" +Ð´Ð»Ñ Ñого, ÑÑÐ¾Ð±Ñ Ð¸ÑполÑзование данной ÑÑилиÑÑ Ð²Ð¾ вÑÐµÑ Ð²ÑпÑÑÐºÐ°Ñ Ð±Ñло одинаковÑм.</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8116">CVE-2014-8116</a> - - <p>The ELF parser (readelf.c) allows remote attackers to cause a - - denial of service (CPU consumption or crash).</p></li> + <p>Ðод Ð´Ð»Ñ Ð³ÑаммаÑиÑеÑкого ÑазбоÑа ELF (readelf.c) позволÑÐµÑ ÑдалÑннÑм злоÑмÑÑленникам вÑзÑваÑÑ + оÑказ в обÑлÑживании (ÑÑезмеÑное поÑÑебление ÑеÑÑÑÑов ЦРили аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка).</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8117">CVE-2014-8117</a> - - <p>softmagic.c does not properly limit recursion, which allows remote - - attackers to cause a denial of service (CPU consumption or crash).</p> + <p>softmagic.c непÑавилÑно огÑаниÑÐ¸Ð²Ð°ÐµÑ ÑекÑÑÑиÑ, ÑÑо позволÑÐµÑ ÑдалÑннÑм + злоÑмÑÑленникам вÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании (ÑÑезмеÑное поÑÑебление ÑеÑÑÑÑов ЦРили аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка).</p> - -<p>(no identifier has been assigned so far)</p> +<p>(иденÑиÑикаÑÐ¾Ñ Ð¿Ð¾ÐºÐ° не назнаÑен)</p> - - <p>out-of-bounds memory access</p></li> + <p>ÐоÑÑÑп за пÑеделами вÑделенного бÑÑеÑа памÑÑи</p></li> </ul> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in file version 5.04-5+squeeze9</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² file веÑÑии 5.04-5+squeeze9</p> </define-tag> # do not modify the following line - --- english/security/2015/dla-188.wml 2016-04-07 03:10:34.000000000 +0500 +++ russian/security/2015/dla-188.wml 2016-05-04 13:43:03.029843101 +0500 @@ -1,32 +1,33 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Multiple vulnerabilities have been discovered in arj, an open source - -version of the arj archiver. The Common Vulnerabilities and Exposures - -project identifies the following problems:</p> +<p>Ð arj, веÑÑии аÑÑ Ð¸Ð²Ð°ÑоÑа arj Ñ Ð¾ÑкÑÑÑÑм иÑÑ Ð¾Ð´Ð½Ñм кодом, бÑли обнаÑÑÐ¶ÐµÐ½Ñ +многоÑиÑленнÑе ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures +опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0556">CVE-2015-0556</a> - - <p>Jakub Wilk discovered that arj follows symlinks created during - - unpacking of an arj archive. A remote attacker could use this flaw - - to perform a directory traversal attack if a user or automated - - system were tricked into processing a specially crafted arj archive.</p></li> + <p>ЯкÑб Ðилк обнаÑÑжил, ÑÑо arj пеÑÐµÑ Ð¾Ð´Ð¸Ñ Ð¿Ð¾ ÑимволÑнÑм ÑÑÑлкам, ÑоздаваемÑм во вÑÐµÐ¼Ñ + ÑаÑпаковки аÑÑ Ð¸Ð²Ð° arj. УдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ + Ð´Ð»Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¾Ð±Ñ Ð¾Ð´Ð° каÑалога в Ñом ÑлÑÑае, еÑли полÑзоваÑÐµÐ»Ñ Ð¸Ð»Ð¸ авÑомаÑизиÑÐ¾Ð²Ð°Ð½Ð½Ð°Ñ + ÑиÑÑема запÑÑÐºÐ°ÐµÑ Ð¾Ð±ÑабоÑÐºÑ ÑпеÑиалÑно ÑÑоÑмиÑованного аÑÑ Ð¸Ð²Ð° arj.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0557">CVE-2015-0557</a> - - <p>Jakub Wilk discovered that arj does not sufficiently protect from - - directory traversal while unpacking an arj archive containing file - - paths with multiple leading slashes. A remote attacker could use - - this flaw to write to arbitrary files if a user or automated system - - were tricked into processing a specially crafted arj archive.</p></li> + <p>ЯкÑб Ðилк обнаÑÑжил, ÑÑо arj недоÑÑаÑоÑно заÑиÑÑн Ð¾Ñ + Ð¾Ð±Ñ Ð¾Ð´Ð° каÑалога пÑи ÑаÑпаковке аÑÑ Ð¸Ð²Ð° arj, ÑодеÑжаÑего пÑÑи к Ñайлам, ÑодеÑжаÑими + в наÑале многоÑиÑленнÑе коÑÑе ÑеÑÑÑ. УдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ + ÑÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñи пÑоизволÑнÑй Ñайлов в Ñом ÑлÑÑае, еÑли полÑзоваÑÐµÐ»Ñ Ð¸Ð»Ð¸ авÑомаÑизиÑÐ¾Ð²Ð°Ð½Ð½Ð°Ñ ÑиÑÑема + запÑÑÐºÐ°ÐµÑ Ð¾Ð±ÑабоÑÐºÑ ÑпеÑиалÑно ÑÑоÑмиÑованного аÑÑ Ð¸Ð²Ð° arj.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-2782">CVE-2015-2782</a> - - <p>Jakub Wilk and Guillem Jover discovered a buffer overflow - - vulnerability in arj. A remote attacker could use this flaw to cause - - an application crash or, possibly, execute arbitrary code with the - - privileges of the user running arj.</p></li> + <p>ЯкÑб Ðилк и ÐилÑом ÐовÑе обнаÑÑжили пеÑеполнение бÑÑеÑа + в arj. УдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ Ð´Ð°Ð½Ð½ÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð²Ñзова + аваÑийной оÑÑановки пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð¸Ð»Ð¸ поÑенÑиалÑного вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода Ñ + пÑавами полÑзоваÑелÑ, запÑÑÑивÑего arj.</p></li> </ul> </define-tag> -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXKbYZAAoJEF7nbuICFtKljpIP/j9boyVl1G5889FRGa4Tr8Ov +/TYhr4oAkqg6UXeDQ+tF9ggjSFPG0GXshw2MO4xpln/hyrXtBScx3usl8hCZv6S Se9L31WboledMwmbHhgw3NuYHXOnjIrBd9DZ0P/gvUbnnnoyh9/N5ZWY1iMm8BCj IlQL3nPXsPdLNi4Hb3Ink5qEF065mxGWRp2sNYx6NFxvVn0YSOA67M5p2YKEENHB jvi46QfTh6AvPg+GZArjAKYjRy+QdRUHGW/ZZZN9HM6ex/DtJvuVP18obbetvQ05 +mPLo/8EsEavvnLKE8u9WcOZuUwGytanybEwdAQB3Oifvp6KBWyBqytVWTePiBCn 45CJNrfo5U+NTf+0607Te0eorp4mU+6N5tlJBxc5g2K2UJMTCJbBw1gxkyqzOuWz K/jTIJuMacSdPpTSp9r6bosSdT6RX7UjJVXrMnKqph6rg35gPHv0N9akftcq2nrC oiMn8sZt6iquAA7xDqNM4UyezEYGTNwQ9TQRwGMQFlXjFZ0B1Wx3sfjQtjGvdFRa OKWXw2yqLeW7Q/EBiJ+LFpbl1gyjPuZC6LrYNiH4dPVTgMQ7IAbJyxhhj4vf5N50 EPIgVAdSWmKwJPLnSRS/xsBLeUsv7ASWRHQZW743UGeHYpoMvaJmuuc75AehdqIJ k0B0RFsigzeIcMiX0GZ0 =+bEq -----END PGP SIGNATURE-----