-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2018/dsa-4142.wml 2018-03-17 23:43:23.000000000 +0500 +++ russian/security/2018/dsa-4142.wml 2018-03-17 23:50:10.400944883 +0500 @@ -1,25 +1,26 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, - -self-healing application container server, does not properly handle a - -DOCUMENT_ROOT check during use of the --php-docroot option, allowing a - -remote attacker to mount a directory traversal attack and gain - -unauthorized read access to sensitive files located outside of the web - -root directory.</p> +<p>ÐаÑÐ¸Ð¾Ñ ÐÐ¸ÐºÐ¾Ð»Ð°Ð¸Ð´ÐµÑ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо PHP-дополнение в uWSGI, бÑÑÑÑом +ÑамовоÑÑÑанавливаÑÑемÑÑ ÐºÐ¾Ð½ÑейнеÑном ÑеÑвеÑе пÑиложений, непÑавилÑно вÑполнÑÐµÑ +пÑовеÑÐºÑ DOCUMENT_ROOT во вÑÐµÐ¼Ñ Ð¸ÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¾Ð¿Ñии --php-docroot, позволÑÑ +ÑдалÑннÑм злоÑмÑÑленникам вÑполнÑÑÑ Ð¾Ð±Ñ Ð¾Ð´ каÑалога и полÑÑаÑÑ Ð½ÐµÐ°Ð²ÑоÑизованнÑй +доÑÑÑп Ð´Ð»Ñ ÑÑÐµÐ½Ð¸Ñ Ðº ÑÑвÑÑвиÑелÑнÑм Ñайлам, ÑаÑположеннÑм за пÑеделами коÑневого +каÑалога Ñ Ð²ÐµÐ±-ÑодеÑжимÑм.</p> - -<p>For the oldstable distribution (jessie), this problem has been fixed - -in version 2.0.7-1+deb8u2. This update additionally includes the fix for +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (jessie) ÑÑа пÑоблема бÑла иÑпÑавлена +в веÑÑии 2.0.7-1+deb8u2. ÐÑоме Ñого, данное обновление вклÑÑÐ°ÐµÑ Ð² ÑÐµÐ±Ñ Ð¸ÑпÑавление <a href="https://security-tracker.debian.org/tracker/CVE-2018-6758">\ - -CVE-2018-6758</a> which was aimed to be addressed in the upcoming jessie - -point release.</p> +CVE-2018-6758</a>, коÑоÑое пÑедназнаÑалоÑÑ Ðº вклÑÑÐµÐ½Ð¸Ñ Ð² гоÑовÑÑÑÑÑÑ +ÑедакÑÐ¸Ñ jessie.</p> - -<p>For the stable distribution (stretch), this problem has been fixed in - -version 2.0.14+20161117-3+deb9u2.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (stretch) ÑÑа пÑоблема бÑла иÑпÑавлена в +веÑÑии 2.0.14+20161117-3+deb9u2.</p> - -<p>We recommend that you upgrade your uwsgi packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ uwsgi.</p> - -<p>For the detailed security status of uwsgi please refer to its security - -tracker page at: +<p>С подÑобнÑм ÑÑаÑÑÑом поддеÑжки безопаÑноÑÑи uwsgi можно ознакомиÑÑÑÑ Ð½Ð° +ÑооÑвеÑÑÑвÑÑÑей ÑÑÑаниÑе оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи по адÑеÑÑ <a href="https://security-tracker.debian.org/tracker/uwsgi">\ https://security-tracker.debian.org/tracker/uwsgi</a></p> </define-tag> -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlqtY2kACgkQXudu4gIW 0qUGZw//QtbWywg6HW3bjH5VWJkM2lw/aWk2hnSri4RZFZ9PK2dzKiNnJ/4QKP9c LIY6uFsGNf+wLUjPjCASkWzG5XF9ChntlVtg86ACVC35D7O3CNXsMTMOOMnpRIEN iIUtyAxDInKSRfxW1Sxr5MO285yBJNnnmkWp0eY/aIEfQSlPl/EJQBZBsfDOfwOF bqI2nLsfeKilSx/LYh4CcYZKUQbelb/R2Io7ity+4vabCIhmO5NOe19WQUQxpkad x+prRqGid9mFlx768N7GoLtx7KZRiWLIELHCuTinH8/R9BwsUwfz9as8kD/YLPyY 4OOFEVcxeDFARbf+26LuI/FB15v9vkenmIrh8ySN73okW/ZkFbxEcjn2Bz5FxsUL tmJHPJ3RVNupLOsGp+WfJm+uzR6KoD6jD+Yqa8fyVJrmPoZoSepCpQ5TA/N9hEvZ zkAd08MNTRifipfYqN8oKS+KM2j5df5JL2DqCfq6rSHBux3OzMKtOMbhrhtSLC2d 2G31yV6S/WQk3bvGFiZ+R/+rOHHbP7Dr2n+mNtm0UKQjVIkm+dxc6LniZuSPNK+y ulMQB3CeVuCKNSbXYrD0AjTcgg3r+GVyYPjs/TvEC9i/5ZbshN7AZfWqoHSBN1+B Sj/sNXT+P+N4WcKk8q8rHPp+C7milvqgYS+NxmWZ0hslq9XYmk4= =fbYm -----END PGP SIGNATURE-----