-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- ../../english/security/2018/dsa-4157.wml 2018-03-30 03:49:48.000000000 +0500 +++ 2018/dsa-4157.wml 2018-03-30 12:59:10.522386957 +0500 @@ -1,42 +1,43 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" mindelta="1" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Multiple vulnerabilities have been discovered in OpenSSL, a Secure - -Sockets Layer toolkit. The Common Vulnerabilities and Exposures project - -identifies the following issues:</p> +<p>Ð OpenSSL, набоÑе инÑÑÑÑменÑов Secure Sockets Layer, бÑли обнаÑÑÐ¶ÐµÐ½Ñ +многоÑиÑленнÑе ÑÑзвимоÑÑи. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures +опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-3738">CVE-2017-3738</a> - - <p>David Benjamin of Google reported an overflow bug in the AVX2 - - Montgomery multiplication procedure used in exponentiation with - - 1024-bit moduli.</p></li> + <p>ÐÑвид Ðенджамин из Google ÑообÑил о пеÑеполнении бÑÑеÑа в пÑоÑедÑÑе, ÑеализÑÑÑей алгоÑиÑм + ÐонÑгомеÑи AVX2, иÑполÑзÑемой пÑи возведении в ÑÑÐµÐ¿ÐµÐ½Ñ Ñо 1024-биÑнÑми модÑлÑми.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-0739">CVE-2018-0739</a> - - <p>It was discovered that constructed ASN.1 types with a recursive - - definition could exceed the stack, potentially leading to a denial - - of service.</p> - - - -<p>Details can be found in the upstream advisory: - -<a href="https://www.openssl.org/news/secadv/20180327.txt">https://www.openssl.org/news/secadv/20180327.txt</a></p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо ÑложнÑе ÑÐ¸Ð¿Ñ ASN.1 Ñ ÑекÑÑÑивнÑми опÑеделениÑми + могÑÑ Ð²ÑзваÑÑ Ð¿ÐµÑеполнение ÑÑека, поÑенÑиалÑно пÑиводÑÑее к оÑÐºÐ°Ð·Ñ + в обÑлÑживании.</p> + +<p>ÐодÑобноÑÑи можно найÑи в ÑекомендаÑии оÑновной веÑки ÑазÑабоÑки: +<a href="https://www.openssl.org/news/secadv/20180327.txt">\ +https://www.openssl.org/news/secadv/20180327.txt</a></p></li> </ul> - -<p>For the oldstable distribution (jessie), these problems have been fixed - -in version 1.0.1t-1+deb8u8. The oldstable distribution is not affected - -by <a href="https://security-tracker.debian.org/tracker/CVE-2017-3738">CVE-2017-3738</a>.</p> - - - -<p>For the stable distribution (stretch), these problems have been fixed in - -version 1.1.0f-3+deb9u2.</p> - - - -<p>We recommend that you upgrade your openssl packages.</p> - - - -<p>For the detailed security status of openssl please refer to its security - -tracker page at: - -<a href="https://security-tracker.debian.org/tracker/openssl">https://security-tracker.debian.org/tracker/openssl</a></p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 1.0.1t-1+deb8u8. ÐÑедÑдÑÑий ÑÑабилÑнÑй вÑпÑÑк не подвеÑжен +<a href="https://security-tracker.debian.org/tracker/CVE-2017-3738">CVE-2017-3738</a>.</p> + +<p>Ð ÑÑабилÑном вÑпÑÑке (stretch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.1.0f-3+deb9u2.</p> + +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ openssl.</p> + +<p>С подÑобнÑм ÑÑаÑÑÑом поддеÑжки безопаÑноÑÑи openssl можно ознакомиÑÑÑÑ Ð½Ð° +ÑооÑвеÑÑÑвÑÑÑей ÑÑÑаниÑе оÑÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи по адÑеÑÑ +<a href="https://security-tracker.debian.org/tracker/openssl">\ +https://security-tracker.debian.org/tracker/openssl</a></p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2018/dsa-4157.data" - -# $Id: dsa-4157.wml,v 1.1 2018/03/29 22:49:48 tvincent Exp $ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlq97lsACgkQXudu4gIW 0qVgyA/5AR9TTWFiGfk2GBZ9ef2XsiKjj7BBXokuU7LSpUy3L9zPNkJJDmLCKin6 GELAtTwOWo3H4f78f+B283KKxvD2uALo0stf3ksOSptG2JTUlWTsxfNOF1PbHkDE 15yaAH008KEWuYam2GihyqqGcKe45zV2DHEov5DZTErrrsYrAzZPEVU/yw1QwrbL azElAD3ppsImbb7mc8uiJMNPtB9Y3vfjQdHByBfObIQs1mHnBNhUdNZewoKB+nCs ZTtKBuFIeYti+/G41oiO8aUh9mHLW0+cu72ZYrY6P2yQWJI8kbiD9AWsVCvQKCqg 3w7GQgZBLiMtDwRT7upQqfsHQjeyDnEN3IQVCnD41CtdrzrmZTT1rnnJYyyvXksO B/uwdYVrrrdutO0/Hco/J38Z0H9yMEdN9F2CyDFO0cSbFAQxkLBBnhKBHJTn8TrI O5Sb6uxmWEH95eUqWk4u8vyes/TAm21Tw7QuKly2dT+tZrJNX7RkvzVSgcd9KIKm 1zY+qHOBJajpmcNapMNDfhK6k9KjYSPgkJn467xAag5hsZWcjlI06uNkRqlA8IUF jDLzKk8REXlfpfQrCn3T+sxKiQ5yS/BVApMMldqQFEe4s019o07uN5OL2Wfhr0xW ou5WUHOgkYvdyg+BAP5RtWusY8OTwJu8vN46bvcUs8p+JC8uKIA= =aSng -----END PGP SIGNATURE-----