-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2010/dsa-2010.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2010.wml 2016-09-23 23:50:38.445184077 +0500 @@ -1,41 +1,42 @@ - -<define-tag description>privilege escalation/denial of service</define-tag> +#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov" +<define-tag description>повÑÑение пÑивилегий/оÑказ в обÑлÑживании</define-tag> <define-tag moreinfo> - -<p>Several local vulnerabilities have been discovered in kvm, a full - -virtualization system. The Common Vulnerabilities and Exposures project - -identifies the following problems:</p> +<p>Ð kvm, ÑиÑÑеме полной виÑÑÑализаÑии, бÑло обнаÑÑжено неÑколÑко локалÑнÑÑ +ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures +опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0298">CVE-2010-0298</a> <a href="https://security-tracker.debian.org/tracker/CVE-2010-0306">CVE-2010-0306</a> - - <p>Gleb Natapov discovered issues in the KVM subsystem where missing - - permission checks (CPL/IOPL) permit a user in a guest system to - - denial of service a guest (system crash) or gain escalated - - privileges with the guest.</p></li> + <p>Ðлеб ÐаÑапов обнаÑÑжил пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð² подÑиÑÑеме KVM, пÑи коÑоÑой оÑÑÑÑÑÑвÑÑÑие + пÑовеÑки пÑав доÑÑÑпа (CPL/IOPL) позволÑÑÑ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ Ð³Ð¾ÑÑевой ÑиÑÑÐµÐ¼Ñ + вÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании гоÑÑевой ÑиÑÑÐµÐ¼Ñ (аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка ÑиÑÑемÑ) или полÑÑаÑÑ + повÑÑеннÑе пÑивилегии в пÑÐµÐ´ÐµÐ»Ð°Ñ Ð³Ð¾ÑÑевой ÑиÑÑемÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0309">CVE-2010-0309</a> - - <p>Marcelo Tosatti fixed an issue in the PIT emulation code in the - - KVM subsystem that allows privileged users in a guest domain to - - cause a denial of service (crash) of the host system.</p></li> + <p>ÐаÑÑело ТоÑаÑÑи иÑпÑавил пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð² коде ÑмÑлÑÑии PIT в + подÑиÑÑеме KVM, коÑоÑÐ°Ñ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ Ð¿ÑивилегиÑованнÑм полÑзоваÑелÑм в гоÑÑевом домене + вÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании (аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка) в оÑновной ÑиÑÑеме.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-0419">CVE-2010-0419</a> - - <p>Paolo Bonzini found a bug in KVM that can be used to bypass proper - - permission checking while loading segment selectors. This - - potentially allows privileged guest users to execute privileged - - instructions on the host system.</p></li> + <p>Ðаоло Ðозини обнаÑÑжил оÑÐ¸Ð±ÐºÑ Ð² KVM, коÑоÑÐ°Ñ Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑÑÑ Ð´Ð»Ñ Ð¾Ð±Ñ Ð¾Ð´Ð° + пÑовеÑок пÑав доÑÑÑпа в Ñ Ð¾Ð´Ðµ загÑÑзки ÑелекÑоÑов ÑегменÑа. ÐÑо + поÑенÑиалÑно позволÑÐµÑ Ð¿ÑивилегиÑованнÑм полÑзоваÑелÑм гоÑÑевой ÑиÑÑÐµÐ¼Ñ Ð²ÑполнÑÑÑ Ð¿ÑивилегиÑованнÑе + инÑÑÑÑкÑии в оÑновной ÑиÑÑеме.</p></li> </ul> - -<p>For the stable distribution (lenny), this problem has been fixed in - -version 72+dfsg-5~lenny5.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 72+dfsg-5~lenny5.</p> - -<p>For the testing distribution (squeeze), and the unstable distribution (sid), - -these problems will be addressed within the linux-2.6 package.</p> +<p>Ð ÑеÑÑиÑÑемом (squeeze) и неÑÑабилÑном (sid) вÑпÑÑÐºÐ°Ñ +ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² пакеÑе linux-2.6.</p> - -<p>We recommend that you upgrade your kvm package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ kvm.</p> </define-tag> # do not modify the following line - --- english/security/2010/dsa-2121.wml 2014-04-30 13:16:22.000000000 +0600 +++ russian/security/2010/dsa-2121.wml 2016-09-23 23:58:21.271394317 +0500 @@ -1,42 +1,43 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several remote vulnerabilities have been discovered in TYPO3. The - -Common Vulnerabilities and Exposures project identifies the following - -problems:</p> +<p>Ð TYPO3 бÑло обнаÑÑжено неÑколÑко ÑдалÑннÑÑ ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ +Common Vulnerabilities and Exposures опÑеделÑÐµÑ ÑледÑÑÑие +пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3714">CVE-2010-3714</a> - - <p>Multiple remote file disclosure vulnerabilities in the jumpUrl - - mechanism and the Extension Manager allowed attackers to read - - files with the privileges of the account under which the web - - server was running.</p></li> + <p>ÐногоÑиÑленнÑе ÑÑзвимоÑÑи в Ð¼ÐµÑ Ð°Ð½Ð¸Ð·Ð¼Ðµ jumpUrl и Extension Manager, + пÑиводÑÑие к ÑаÑкÑÑÑÐ¸Ñ ÑдалÑннÑÑ Ñайлов , позволÑÑÑ Ð·Ð»Ð¾ÑмÑÑленникам ÑÑиÑÑваÑÑ + ÑÐ°Ð¹Ð»Ñ Ð² ÑÐ°Ð¼ÐºÐ°Ñ Ð¿Ñав доÑÑÑпа ÑÑÑÑной запиÑи, Ð¾Ñ Ð»Ð¸Ñа коÑоÑой запÑÑен + веб-ÑеÑвеÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3715">CVE-2010-3715</a> - - <p>The TYPO3 backend contained several cross-site scripting - - vulnerabilities, and the RemoveXSS function did not filter - - all Javascript code.</p></li> + <p>Ðвижок TYPO3 ÑодеÑÐ¶Ð¸Ñ Ð½ÐµÑколÑко ÑлÑÑаев межÑайÑового ÑкÑипÑинга, + а ÑÑнкÑÐ¸Ñ RemoveXSS оÑÑилÑÑÑовÑÐ²Ð°ÐµÑ Ð½Ðµ веÑÑ + код на ÑзÑке Javascript.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3716">CVE-2010-3716</a> - - <p>Malicious editors with user creation permission could escalate - - their privileges by creating new users in arbitrary groups, due - - to lack of input validation in the taskcenter.</p></li> - - + <p>РедакÑоÑÑ, имеÑÑие пÑава на Ñоздание полÑзоваÑелей, могÑÑ Ð¿Ð¾Ð²ÑÑиÑÑ + Ñвои пÑивилегии в ÑвÑзи Ñ Ð¾ÑÑÑÑÑÑвием пÑовеÑки Ð²Ñ Ð¾Ð´Ð½ÑÑ Ð´Ð°Ð½Ð½ÑÑ Ð² taskcenter, + Ñоздав новÑÑ Ð¿Ð¾Ð»ÑзоваÑелей в пÑоизволÑнÑÑ Ð³ÑÑÐ¿Ð¿Ð°Ñ , .</p></li> + <li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3717">CVE-2010-3717</a> - - <p>TYPO3 exposed a crasher bug in the PHP filter_var function, - - enabling attackers to cause the web server process to crash - - and thus consume additional system resources.</p></li> - - + <p>TYPO3 ÑодеÑÐ¶Ð¸Ñ Ð¾ÑÐ¸Ð±ÐºÑ Ð² PHP-ÑÑнкÑии filter_var, + позволÑÑÑÑÑ Ð·Ð»Ð¾ÑмÑÑленникам вÑзÑваÑÑ Ð°Ð²Ð°ÑийнÑÑ Ð¾ÑÑÐ°Ð½Ð¾Ð²ÐºÑ Ð¿ÑоÑеÑÑа веб-ÑеÑвеÑа + и поÑÑебление дополниÑелÑнÑÑ ÑиÑÑемнÑÑ ÑеÑÑÑÑов.</p></li> + </ul> - -<p>For the stable distribution (lenny), these problems have been fixed in - -version 4.2.5-1+lenny6.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.2.5-1+lenny6.</p> - -<p>For the unstable distribution (sid) and the upcoming stable - -distribution (squeeze), these problems have been fixed in version +<p>РнеÑÑабилÑном (sid) и гоÑовÑÑемÑÑ ÑÑабилÑном (squeeze) вÑпÑÑÐºÐ°Ñ +ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 4.3.7-1.</p> - -<p>We recommend that you upgrade your TYPO3 packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ TYPO3.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5XtPAAoJEF7nbuICFtKlE9YQAIwbpa3AO9F9EjTH2OPNdX2/ J6p7n1AHyZNtGeTlDxDpYjx46l15jCptoIVseUnN48C3o2d95aCP0v89JJg5E62s 0Icpsws9a0ewQQ9la4j7WWD1doDUP7CnNDALDOejHDoVmFibK/mC74X15AZ9sTB1 J9AKkGqcHaXfObHBe/jwBP6rBC8ltb/aJ4tsDwShSHMPM2UdCLdY0R9ndJDuyT17 B43Mh4jL4EtH1k1DjffSDj2yWVgxQ8v6JWcJHNtP8Cs3iLe8kqxB0jr2iMQEvcxw zuCT7Mjwo8yNtlpd8iNCez/DNvwoSSpCelWkei0DBhZycbz/+O6bMLH2xG2yZf3E zlbecUAcwobmo1/pchckrw5iArX5XQ6ZB+HqwIbrgrDIYdqNCC0p4oEH8Xv5U5WY ulh19dwWNkpwFc5+BX3PvoVbM3cs7WGOmJE8FyH0+oouMOiHY9u6psdFons5z7SN SSvPPEtLcbqB3YHuf3pK8KbyVRsQKKveTzzkaapHyPU+4FHucnegXklq6LJUcbpz THFfNzWI0cYYyfkazQZ4Bj/X48aIdBR6thO+/L5jZgKe0vAqJ3Dp3j5ARzIFHrX6 jIFZ2GN4Dmsb6a3BV6djKhYWkfubSSzhH8qtgprUO4kAUhrW+2BzxeZpSeIYhg34 0wUE5+RCvG4BU7cq8vsn =iHV1 -----END PGP SIGNATURE-----