-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2018/dsa-4115.wml 2018-02-16 12:24:54.000000000 +0500 +++ russian/security/2018/dsa-4115.wml 2018-02-16 12:33:45.980287083 +0500 @@ -1,60 +1,62 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in Quagga, a routing - -daemon. The Common Vulnerabilities and Exposures project identifies the - -following issues:</p> +<p>Ð Quagga, ÑлÑжбе маÑÑÑÑÑизаÑии, бÑло обнаÑÑжено неÑколÑко +ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ +ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5378";>CVE-2018-5378</a> - - <p>It was discovered that the Quagga BGP daemon, bgpd, does not - - properly bounds check data sent with a NOTIFY to a peer, if an - - attribute length is invalid. A configured BGP peer can take - - advantage of this bug to read memory from the bgpd process or cause - - a denial of service (daemon crash).</p> + <p>ÐÑло обнаÑÑжено, ÑÑо BGP-ÑлÑжба Quagga, bgpd, непÑавилÑно вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ + гÑÐ°Ð½Ð¸Ñ Ð´Ð°Ð½Ð½ÑÑ , оÑпÑавленнÑÑ Ñ NOTIFY ÑзлÑ, в ÑлÑÑае когда + длина аÑÑибÑÑа непÑавилÑна. ÐаÑÑÑоеннÑй BGP-Ñзел Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ + ÑÑÑ Ð¾ÑÐ¸Ð±ÐºÑ Ð´Ð»Ñ ÑÑÐµÐ½Ð¸Ñ ÑодеÑжимого памÑÑи пÑоÑеÑÑа bgpd или вÑзова + оÑказа в обÑлÑживании (аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка ÑлÑжбÑ).</p> <p>https://www.quagga.net/security/Quagga-2018-0543.txt</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5379";>CVE-2018-5379</a> - - <p>It was discovered that the Quagga BGP daemon, bgpd, can double-free - - memory when processing certain forms of UPDATE message, containing - - cluster-list and/or unknown attributes, resulting in a denial of - - service (bgpd daemon crash).</p> + <p>ÐÑло обнаÑÑжено, ÑÑо BGP-ÑлÑжба Quagga, bgpd, Ð¼Ð¾Ð¶ÐµÑ Ð´Ð²Ð°Ð¶Ð´Ñ Ð¾ÑвободиÑÑ Ð¿Ð°Ð¼ÑÑÑ + в ÑлÑÑае обÑабоÑки опÑеделÑннÑÑ Ð²Ð¸Ð´Ð¾Ð² ÑообÑÐµÐ½Ð¸Ñ UPDATE, ÑодеÑжаÑÐ¸Ñ + аÑÑибÑÑ cluster-list и/или неизвеÑÑнÑе аÑÑибÑÑÑ, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº оÑÐºÐ°Ð·Ñ Ð² + обÑлÑживании (аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка ÑлÑÐ¶Ð±Ñ bgpd).</p> <p>https://www.quagga.net/security/Quagga-2018-1114.txt</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5380";>CVE-2018-5380</a> - - <p>It was discovered that the Quagga BGP daemon, bgpd, does not - - properly handle internal BGP code-to-string conversion tables.</p> + <p>ÐÑло обнаÑÑжено, ÑÑо BGP-ÑлÑжба Quagga, bgpd, непÑавилÑно + обÑабаÑÑÐ²Ð°ÐµÑ Ð²Ð½ÑÑÑенние ÑаблиÑÑ Ð¿ÑеобÑÐ°Ð·Ð¾Ð²Ð°Ð½Ð¸Ñ ÐºÐ¾Ð´Ð° BGP в ÑÑÑоки.</p> <p>https://www.quagga.net/security/Quagga-2018-1550.txt</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5381";>CVE-2018-5381</a> - - <p>It was discovered that the Quagga BGP daemon, bgpd, can enter an - - infinite loop if sent an invalid OPEN message by a configured peer. - - A configured peer can take advantage of this flaw to cause a denial - - of service (bgpd daemon not responding to any other events; BGP - - sessions will drop and not be reestablished; unresponsive CLI - - interface).</p> + <p>ÐÑло обнаÑÑжено, ÑÑо BGP-ÑлÑÐ¶Ð±Ñ Quagga, bgpd, Ð¼Ð¾Ð¶ÐµÑ Ð²Ñ Ð¾Ð´Ð¸ÑÑ Ð² + беÑконеÑнÑй Ñикл в ÑлÑÑае оÑпÑавки непÑавилÑного ÑообÑÐµÐ½Ð¸Ñ OPEN Ð¾Ñ Ð½Ð°ÑÑÑоенного Ñзла. + ÐаÑÑÑоеннÑй Ñзел Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð²Ñзова оÑказа + в обÑлÑживании (ÑлÑжба bgpd не оÑвеÑÐ°ÐµÑ Ð½Ð° какие-либо дÑÑгие ÑобÑÑиÑ; BGP-ÑеÑÑии + бÑдÑÑ ÑбÑоÑÐµÐ½Ñ Ð¸ не бÑдÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð²ÑоÑно; CLI-инÑеÑÑÐµÐ¹Ñ + не ÑеагиÑÑÐµÑ Ð½Ð° дейÑÑÐ²Ð¸Ñ Ð¿Ð¾Ð»ÑзоваÑелÑ).</p> <p>https://www.quagga.net/security/Quagga-2018-1975.txt</p></li> </ul> - -<p>For the oldstable distribution (jessie), these problems have been fixed - -in version 0.99.23.1-1+deb8u5.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 0.99.23.1-1+deb8u5.</p> - -<p>For the stable distribution (stretch), these problems have been fixed in - -version 1.1.1-3+deb9u2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (stretch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.1.1-3+deb9u2.</p> - -<p>We recommend that you upgrade your quagga packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ quagga.</p> - -<p>For the detailed security status of quagga please refer to its security - -tracker page at: <a href="https://security-tracker.debian.org/tracker/quagga";>\ +<p>С подÑобнÑм ÑÑаÑÑÑом поддеÑжки безопаÑноÑÑи quagga можно ознакомиÑÑÑÑ Ð½Ð° +ÑооÑвеÑÑÑвÑÑÑей ÑÑÑаниÑе оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи по адÑеÑÑ +<a href="https://security-tracker.debian.org/tracker/quagga";>\ https://security-tracker.debian.org/tracker/quagga</a></p> </define-tag> -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqGiV8ACgkQXudu4gIW 0qUt0RAAo+PD+Y0uTJ5d9EZd/spy2IRZ5CSGyO9wy4vyZGkKsOdqX9VWabXmxDkH AsUg5Mf6XnhZB58x+RCWZUKAimICqGkEE2uJVhaElTg5QxBRWicdD8zaIZsOjCa+ MvftXE3Nxww/h5qrdjblZQqveRTiRND1iOc0O4GpsRpFxHYEitc2vI7cnfXhyjY0 rvPXt4YekRvjpl4FWcVIit0SPDRKQuxskXYVihz/p+Tmcx7JJRwXoQkyADJiMg1X CDezsxi6V2dZnJ3nbTS68rJv0Oop49d2RtteQTmHr7N2z89jegVIH7VWip4wUgBf Iul1fJmGkkdl3d5cRQ/nG8LrNFM3Rz5Rg1g5sdROsJBDo2odqyKnmI0WLI71RMMj b9i23oKjSo7rcvM3m0JFhv9t/OKNWlu7M1an66GJym7IMnSB7PKL0Uy4z57vv5Yg yyZxZvwNAZQ4av8dq8O9EwuhUvi2iQLQ0Fv0iU8SZMv8RU8b4SAjdaGibbS+6B4R wcHvX/TD9XezOKGLOHM50Uk2HMxKgGuAChudef4GnOgeWUbddJXA6OJYQhnvWpT0 XI/HJsfgFVRYsjJ2G72e/qkibjjvqwZygwYpVNEQKnFfNvx4h8ZwN/7w602Fb0qE c7VVD9ZV0jHbLt9+c7ZOf4E7Kvl192Gt4hk4Tr5hJRbsIsf/Ypg= =vlp5 -----END PGP SIGNATURE-----
