-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2008/dsa-1536.wml 2017-11-01 10:11:09.855813700 +0500 +++ russian/security/2008/dsa-1536.wml 2018-03-18 17:39:33.355191746 +0500 @@ -1,49 +1,50 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.5" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several local vulnerabilities have been discovered in Xine, a - -media player library, allowed for a denial of service or arbitrary code - -execution, which could be exploited through viewing malicious content. - -The Common Vulnerabilities and Exposures project identifies the following - -problems:</p> +<p>Ð Xine, библиоÑеке Ð´Ð»Ñ Ð¿ÑоигÑÑваÑелей мÑлÑÑимедиа, бÑло обнаÑÑжено неÑколÑко +локалÑнÑÑ ÑÑзвимоÑÑей, позволÑÑÑÐ¸Ñ Ð²ÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании или вÑполнÑÑÑ Ð¿ÑоизволÑнÑй +код. УÑзвимоÑÑи могÑÑ Ð¸ÑполÑзоваÑÑÑÑ Ð¿ÑÑÑм пÑоÑмоÑÑа ÑпеÑиалÑно ÑÑоÑмиÑованного ÑодеÑжимого. +ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures опÑеделÑÐµÑ ÑледÑÑÑие +пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2007-1246">CVE-2007-1246</a> / <a href="https://security-tracker.debian.org/tracker/CVE-2007-1387">CVE-2007-1387</a> - - <p>The DMO_VideoDecoder_Open function does not set the biSize before use in a - - memcpy, which allows user-assisted remote attackers to cause a buffer overflow - - and possibly execute arbitrary code (applies to sarge only).</p></li> + <p>ФÑнкÑÐ¸Ñ DMO_VideoDecoder_Open не опÑеделÑÐµÑ biSize до иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ ÑÑой пеÑеменной в + вÑзове memcpy, ÑÑо позволÑÐµÑ ÑдалÑннÑм злоÑмÑÑленникам вÑзÑваÑÑ Ð¿ÐµÑеполнение бÑÑеÑа + и поÑенÑиалÑно вÑполнÑÑÑ Ð¿ÑоизволÑнÑй код (ÑÑзвимоÑÑÑ ÐºÐ°ÑаеÑÑÑ ÑолÑко sarge).</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-0073">CVE-2008-0073</a> - - <p>Array index error in the sdpplin_parse function allows remote RTSP servers - - to execute arbitrary code via a large streamid SDP parameter.</p></li> + <p>ÐÑибка индекÑаÑии маÑÑива в ÑÑнкÑии sdpplin_parse позволÑÐµÑ ÑдалÑннÑм RTSP-ÑеÑвеÑам + вÑполнÑÑÑ Ð¿ÑоизволÑнÑй код Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð±Ð¾Ð»ÑÑого паÑамеÑÑа streamid SDP.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-0486">CVE-2008-0486</a> - - <p>Array index vulnerability in libmpdemux/demux_audio.c might allow remote - - attackers to execute arbitrary code via a crafted FLAC tag, which triggers - - a buffer overflow (applies to etch only).</p></li> + <p>УÑзвимоÑÑÑ Ð¸Ð½Ð´ÐµÐºÑаÑии маÑÑива в libmpdemux/demux_audio.c Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ ÑдалÑннÑм + злоÑмÑÑленникам вÑполниÑÑ Ð¿ÑоизволÑнÑй код Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованного FLAC-Ñега, + обÑабоÑка коÑоÑого пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа (ÑÑзвимоÑÑÑ ÐºÐ°ÑаеÑÑÑ ÑолÑко etch).</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2008-1161">CVE-2008-1161</a> - - <p>Buffer overflow in the Matroska demuxer allows remote attackers to cause a - - denial of service (crash) and possibly execute arbitrary code via a Matroska - - file with invalid frame sizes.</p></li> + <p>ÐеÑеполнение бÑÑеÑа в демÑлÑÑиплекÑоÑе Matroska позволÑÐµÑ ÑдалÑннÑм злоÑмÑÑленникам + вÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании (аваÑÐ¸Ð¹Ð½Ð°Ñ Ð¾ÑÑановка) и поÑенÑиалÑно вÑполнÑÑÑ Ð¿ÑоизволÑнÑй код + Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ñайла в ÑоÑмаÑе Matroska Ñ Ð½ÐµÐºÐ¾ÑÑекÑнÑм ÑазмеÑом кадÑа.</p></li> </ul> - -<p>For the old stable distribution (sarge), these problems have been fixed in - -version 1.0.1-1sarge7.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (sarge) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.0.1-1sarge7.</p> - -<p>For the stable distribution (etch), these problems have been fixed in version +<p>Ð ÑÑабилÑном вÑпÑÑке (etch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 1.1.2+dfsg-6.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 1.1.11-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.1.11-1.</p> - -<p>We recommend that you upgrade your xine-lib package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ xine-lib.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlquXgoACgkQXudu4gIW 0qUfQg/9GI4SDC/luSZ4A1DI4SPAD0EzJ4Jwjkm1iuyYt2eJUgMkyN/lQn+U3mKx lvDh1TnccwnIVwtppRGE8yDpWMxmjcil7wyUTXd3wGiJ0s3psMCiCmxnUyDREEcI c3FwX0Lkd+ile5G/yDvwaoJSH3DwllbYDQMRZy/IM5ncoXplSGpgSGnKT8It1G2B Fdx4F5kRrGvbLhvIoiftAuQaveSkh0nyl8ZGssYIjxgMxjaB4rUrbt3ZU66bN8p6 vNC8QJv9QFXnOOYhenFUJJwdJ5lof6drDW3UPwO1JcQ96tLtGZEaPSPcA0MKKn2V C/jivQ7ih45/gIIFBqoAhtc5O+u7j6hc7Dnra4AyVHWBaU/Xj1NMjOVMtamkHImW b22tXmcPafHyctJQf4tRIyzb68yp3W5JPb1QkFR58wUyXb87mfl7xTP3ctKd14eX 1SF3d/c1BFYBFLmwbtACvbOP3u4yXZCN4OaBgKf77B/rQN32X+r7coCvWXIhuevN tzb7bJhablzf4LZKYG5dSbre6ME0+ZHL5oLE4Vli7uTNPgIfDEbQE/T1/hxctytc /M9kjf5mw2mGSPbGKL0iw3RQhTjfACQ9iTE5gJ5783h9Cd0wnaMHAmI3xmUj247/ 6GX4lZaZOTikHGdwdFf53wdGTa4HBpQwaYmxn3FEc3dr42SiIp0= =CQJ5 -----END PGP SIGNATURE-----