-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2014/dla-112.wml 2016-04-09 01:32:21.000000000 +0500 +++ russian/security/2014/dla-112.wml 2016-06-22 16:16:19.529579532 +0500 @@ -1,16 +1,17 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>This update fixes a denial of service vulnerability in BIND, a DNS server.</p> +<p>Ðанное обновление иÑпÑавлÑÐµÑ Ð¾Ñказ в обÑлÑживании в BIND, ÑеÑвеÑе DNS.</p> - -<p>By making use of maliciously-constructed zones or a rogue server, an attacker - -could exploit an oversight in the code BIND 9 used to follow delegations in - -the Domain Name Service, causing BIND to issue unlimited queries in an attempt - -to follow the delegation.</p> +<p>ÐÑполÑзÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованнÑе Ð·Ð¾Ð½Ñ Ð¸Ð»Ð¸ ÑобÑÑвеннÑй ÑеÑвеÑ, злоÑмÑÑленник +Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ Ð¾ÑÐ¸Ð±ÐºÑ Ð² коде BIND 9, иÑполÑзÑемом Ð´Ð»Ñ ÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´ÐµÐ»ÐµÐ³Ð°ÑиÑм +в ÑлÑжбе доменнÑÑ Ð¸Ð¼Ñн, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº ÑомÑ, ÑÑо BIND оÑпÑавлÑÐµÑ Ð½ÐµÐ¾Ð³ÑаниÑенное колиÑеÑÑво запÑоÑов в попÑÑке +ÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´ÐµÐ»ÐµÐ³Ð°ÑиÑми.</p> - -<p>This can lead to resource exhaustion and denial of service (up to and - -including termination of the named server process).</p> +<p>ÐÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº иÑÑоÑÐµÐ½Ð¸Ñ ÑеÑÑÑÑов и оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании (вплоÑÑ Ð´Ð¾ +завеÑÑÐµÐ½Ð¸Ñ Ð¿ÑоÑеÑÑа именованного ÑеÑвеÑа).</p> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in bind9 version 9.7.3.dfsg-1~squeeze13</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² пакеÑе bind9 веÑÑии 9.7.3.dfsg-1~squeeze13</p> </define-tag> # do not modify the following line - --- english/security/2014/dla-117.wml 2016-04-09 01:32:21.000000000 +0500 +++ russian/security/2014/dla-117.wml 2016-06-22 16:22:54.764305584 +0500 @@ -1,24 +1,25 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3193">CVE-2011-3193</a> - - <p>Check for buffer overflow in Lookup_MarkMarkPos that may cause crash - - in this function with certain fonts.</p></li> + <p>ÐÑовеÑка на возможное возникновение пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа в Lookup_MarkMarkPos, коÑоÑое Ð¼Ð¾Ð¶ÐµÑ + вÑзваÑÑ Ð°Ð²Ð°ÑийнÑÑ Ð¾ÑÑÐ°Ð½Ð¾Ð²ÐºÑ Ð² ÑÑой ÑÑнкÑии пÑи ÑабоÑе Ñ Ð¾Ð¿ÑеделÑннÑми ÑÑиÑÑами.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3194">CVE-2011-3194</a> - - <p>Fix tiff reader to handle TIFFTAG_SAMPLESPERPIXEL for grayscale - - images. The reader uses QImage::Format_Indexed8, but since the samples - - per pixel value this should be (non-existent) QImage::Format_Indexed16, - - causing memory corruption. The fix falls back to the <q>normal</q> way of - - reading tiff images.</p></li> + <p>ÐÑпÑавление кода Ð´Ð»Ñ ÑÑÐµÐ½Ð¸Ñ tiff Ñак, ÑÑÐ¾Ð±Ñ Ð¾Ð½ обÑабаÑÑвал TIFFTAG_SAMPLESPERPIXEL Ð´Ð»Ñ Ð¸Ð·Ð¾Ð±Ñажений, + иÑполÑзÑÑÑÐ¸Ñ Ð³ÑадаÑии ÑеÑого в каÑеÑÑве ÑвеÑовой палиÑÑÑ. Ðод Ð´Ð»Ñ ÑÑÐµÐ½Ð¸Ñ Ð¸ÑполÑзÑÐµÑ QImage::Format_Indexed8, но поÑколÑÐºÑ Ð·Ð½Ð°Ñение + обÑазÑов на пикÑÐµÐ»Ñ Ð´Ð¾Ð»Ð¶Ð½Ð¾ бÑÑÑ (неÑÑÑеÑÑвÑÑÑим) QImage::Format_Indexed16, + Ñо ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº повÑÐµÐ¶Ð´ÐµÐ½Ð¸Ñ ÑодеÑжимого памÑÑи. ÐÑпÑавление пÑедÑÑавлÑÐµÑ Ñобой оÑÐºÐ°Ñ Ðº <q>ноÑмалÑномÑ</q> ÑпоÑÐ¾Ð±Ñ + ÑÑÐµÐ½Ð¸Ñ Ð¸Ð·Ð¾Ð±Ñажений tiff.</p></li> </ul> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in qt4-x11 version 4:4.6.3-4+squeeze2</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² пакеÑе qt4-x11 веÑÑии 4:4.6.3-4+squeeze2</p> </define-tag> # do not modify the following line - --- english/security/2014/dla-121.wml 2016-04-09 01:32:21.000000000 +0500 +++ russian/security/2014/dla-121.wml 2016-06-22 16:12:13.112980481 +0500 @@ -1,12 +1,13 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Jose Duart of the Google Security Team discovered a double free flaw - -(<a href="https://security-tracker.debian.org/tracker/CVE-2014-8137">CVE-2014-8137</a>) and a heap-based buffer overflow flaw (<a href="https://security-tracker.debian.org/tracker/CVE-2014-8138">CVE-2014-8138</a>) - -in JasPer, a library for manipulating JPEG-2000 files. A specially - -crafted file could cause an application using JasPer to crash or, - -possibly, execute arbitrary code.</p> +<p>ХоÑе ÐÑаÑÑ Ð¸Ð· ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи Google обнаÑÑжил двойное оÑвобождение памÑÑи +(<a href="https://security-tracker.debian.org/tracker/CVE-2014-8137">CVE-2014-8137</a>) и пеÑеполнение динамиÑеÑкой памÑÑи (<a href="https://security-tracker.debian.org/tracker/CVE-2014-8138">CVE-2014-8138</a>) +в JasPer, библиоÑеке Ð´Ð»Ñ ÑабоÑÑ Ñ Ñайлами в ÑоÑмаÑе JPEG-2000. СпеÑиалÑно +ÑÑоÑмиÑованнÑй Ñайл Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзваÑÑ Ð°Ð²Ð°ÑийнÑÑ Ð¾ÑÑÐ°Ð½Ð¾Ð²ÐºÑ Ð¿ÑиложениÑ, иÑполÑзÑÑÑего JasPer, или +возможное вÑполнение пÑоизволÑного кода.</p> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in jasper version 1.900.1-7+squeeze3</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² пакеÑе jasper веÑÑии 1.900.1-7+squeeze3</p> </define-tag> # do not modify the following line - --- english/security/2014/dla-124.wml 2016-04-09 01:32:21.000000000 +0500 +++ russian/security/2014/dla-124.wml 2016-06-22 16:18:27.750239293 +0500 @@ -1,13 +1,14 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Michele Spagnuolo of the Google Security Team discovered that unzip, an - -extraction utility for archives compressed in .zip format, is affected - -by heap-based buffer overflows within the CRC32 verification function - -(<a href="https://security-tracker.debian.org/tracker/CVE-2014-8139">CVE-2014-8139</a>), the test_compr_eb() function (<a href="https://security-tracker.debian.org/tracker/CVE-2014-8140">CVE-2014-8140</a>) and the - -getZip64Data() function (<a href="https://security-tracker.debian.org/tracker/CVE-2014-8141">CVE-2014-8141</a>), which may lead to the execution - -of arbitrary code.</p> +<p>ÐиÑÐµÐ»Ñ Ð¡Ð¿Ð°Ð³Ð½Ñоло из ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи Google обнаÑÑжил, ÑÑо unzip, +ÑÑилиÑа Ð´Ð»Ñ ÑаÑпаковки аÑÑ Ð¸Ð²Ð¾Ð² в ÑоÑмаÑе .zip, ÑодеÑÐ¶Ð¸Ñ +пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð´Ð¸Ð½Ð°Ð¼Ð¸ÑеÑкой памÑÑи в ÑÑнкÑии пÑовеÑки CRC32 +(<a href="https://security-tracker.debian.org/tracker/CVE-2014-8139">CVE-2014-8139</a>), ÑÑнкÑии test_compr_eb() (<a href="https://security-tracker.debian.org/tracker/CVE-2014-8140">CVE-2014-8140</a>) и ÑÑнкÑии +getZip64Data() (<a href="https://security-tracker.debian.org/tracker/CVE-2014-8141">CVE-2014-8141</a>), ÑÑо Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ +пÑоизволÑного кода.</p> - -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in unzip version 6.0-4+deb6u1</p> +<p>Ð Debian 6 <q>Squeeze</q> ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² пакеÑе unzip веÑÑии 6.0-4+deb6u1</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXanUTAAoJEF7nbuICFtKlXTgP/RG7AZpVwvSVmZHGgNxR945j qJh6ZslA527acmtLJ7XzXyXVIh2NCiHTPEdSd3ZqeJk9cPD5CwTt9SGUAcpuXbLj ojqxrv3FR3EGSca6S3q7Gicl0L2fcvUCLL61drvdlAG8VSv6Ir//UT9A4SFKy/Fb C4U9gfOlJrcMJEYOXD6Mn6Dfbr6qGj6XzFUMJvzZXxfAgqw2TWrLwdiXE+1ovwnG 3ChJhDWC52b4bOEJ6yPpdcjjSJPV2Jnal3rMoZe67AgeJ/ORjBKBo6Fi8nP0Q9uW txWeq2or6ZjMrO83bTCqf6L9Y4mGGS9ISDLCGfUdVAEY0P8k+sX12YTKe6CwJxcQ lQBLC0EcslPeYJLN3DJqXp/ww/NUdbHwaiopfETUygASWdAIgJSfZM9nh66fm5CQ VlTsU6QK866bLiDe6LuQ82w+Np8pAquF1UvnVKwkRInl5UCNjEQEZeB9O9+LqzeJ aNiCH4sPt03o7zvurn+DNZN5wgDjxZ4i9oaGnR3QVL0Jx5mvdNuagfNHYMwPM9T7 INajZ8dvgFbkvTIGHOUXX1ElGR1sRa5WJxkeMtJUE7TzO5awUhRVjdTjbG0FCTpZ tO4tNhkz9c/5NrjQJUY9cq5OG9FI6+MVWQWDA95/3zgO2oc3TIhCADVtAnzf8zH1 T1HSjHuxQWcEzNRqtlZZ =j4LM -----END PGP SIGNATURE-----