Re: [DONE] wml://{security/2017/dsa-3773.wml}
29.01.2017 22:56, Vladimir Zhbanov пишет: > mOn Sat, Jan 28, 2017 at 01:26:31AM +0500, Lev Lamberov wrote: > +В ECDSA P-256 была обнаружен возможность проведения локальной > атаки через тайминги. > > > обнаружен_а_ Исправил. Спасибо! signature.asc Description: OpenPGP digital signature
Re: [DONE] wml://{security/2017/dsa-3773.wml}
mOn Sat, Jan 28, 2017 at 01:26:31AM +0500, Lev Lamberov wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - --- english/security/2017/dsa-3773.wml 2017-01-28 01:21:14.0 > +0500 > +++ russian/security/2017/dsa-3773.wml2017-01-28 01:26:21.748229929 > +0500 > @@ -1,34 +1,35 @@ > - -security update > +#use wml::debian::translation-check translation="1.1" maintainer="Lev > Lamberov" > +обновление безопасности > > - -Several vulnerabilities were discovered in OpenSSL: > +В OpenSSL было обнаружено несколько уязвимостей: > > > > href="https://security-tracker.debian.org/tracker/CVE-2016-7056";>CVE-2016-7056 > > - -A local timing attack was discovered against ECDSA P-256. > +В ECDSA P-256 была обнаружен возможность проведения локальной атаки > через тайминги. обнаружен_а_ > > href="https://security-tracker.debian.org/tracker/CVE-2016-8610";>CVE-2016-8610 > > - -It was discovered that no limit was imposed on alert packets during > - -an SSL handshake. > +Было обнаружено, что на пакеты-предупреждения в ходе рукопожатия SSL > +не накладываются ограничения. > > href="https://security-tracker.debian.org/tracker/CVE-2017-3731";>CVE-2017-3731 > > - -Robert Swiecki discovered that the RC4-MD5 cipher when running on > - -32 bit systems could be forced into an out-of-bounds read, resulting > - -in denial of service. > +Роберт Свики обнаружил, что шифр RC4-MD5 при работе на 32-битных > +системах может принудительно выполнить чтение за пределами выделенного > буфера > +памяти, что приводит к отказу в обслуживании. > > > > - -For the stable distribution (jessie), these problems have been fixed in > - -version 1.0.1t-1+deb8u6. > +В стабильном выпуске (jessie) эти проблемы были исправлены в > +версии 1.0.1t-1+deb8u6. > > - -For the unstable distribution (sid), these problems have been fixed in > - -version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1 > - -of the openssl1.0 source package. > +В нестабильном выпуске (sid) эти проблемы были исправлены в > +версии 1.1.0d-1 пакета с исходным кодом openssl и в версии 1.0.2k-1 > +пакета с исходным кодом openssl1.0. > > - -We recommend that you upgrade your openssl packages. > +Рекомендуется обновить пакеты openssl. > > > # do not modify the following line > -BEGIN PGP SIGNATURE- > > iQIyBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAliLrPIACgkQXudu4gIW > 0qUcbw/48nZI3xpbcr1yt/HPU0ik8GmKm+n0P5HMpjIOtfx5M9PfJKJ0bE7LA2yW > I/xOJdiXwQgJy+y6HLj9Re1pt7j9vq9h4haacIkjHm0wP5KIpaHQFL+b2my5nT2c > ogROdEY1X7KnJXXLOuiSKT9Cj2Ve4x7JBYR/C0wCF83b2gj5EotGwbJzYShPZdKs > ntqIVEBZqL4V0JePhDiyeO4M5AZRJcNKeOVqZSso+rUYYFB8AHPsgUDBfkpA26TC > JqQbirv138Bt2egjpPcsjGLkeOaZ60Q9S0FZr4T+SUUTF4e5a/u8AjR8bYkBmaSZ > BMsJZv1jofvzqS9rTTlBii9cwpJFB4z5RC/Fsb7MSGP9UdV+dy1nSQTdLVugG0uN > IcMu2nx48mCeN9yInv2qWLxDuL0RbfBh61r4FwUVDIk4QvKLn1QgFqPsMnMzxtPh > vcJeUFLrKTJiGl86ytK61IYlrIUKzwchJ4cTVFN4awLHuK+WUj1Rw03KvZuQHsEO > 1nLeWQuHvoIKabxRsZHbHYAfFwPlmvAvC1uK/ky/evav8eKqPE5pH7OCoQ2sPj2C > XQ5J3Vv+F/2dSqNEXo/GH0Nxmcka/l53/eoHzd3JNuXv5Bvt7WQd1yib3QepsmXI > MhGteNAVISaSVPN0puIWXqUUD34W0KvwZ3P0KA5lN+hY4YbpOA== > =qL+w > -END PGP SIGNATURE- > -- Vladimir
[DONE] wml://{security/2017/dsa-3773.wml}
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - --- english/security/2017/dsa-3773.wml2017-01-28 01:21:14.0 +0500 +++ russian/security/2017/dsa-3773.wml 2017-01-28 01:26:21.748229929 +0500 @@ -1,34 +1,35 @@ - -security update +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +обновление безопаÑноÑÑи - -Several vulnerabilities were discovered in OpenSSL: +Ð OpenSSL бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей: https://security-tracker.debian.org/tracker/CVE-2016-7056";>CVE-2016-7056 - -A local timing attack was discovered against ECDSA P-256. +Ð ECDSA P-256 бÑла обнаÑÑжен возможноÑÑÑ Ð¿ÑÐ¾Ð²ÐµÐ´ÐµÐ½Ð¸Ñ Ð»Ð¾ÐºÐ°Ð»Ñной аÑаки ÑеÑез Ñайминги. https://security-tracker.debian.org/tracker/CVE-2016-8610";>CVE-2016-8610 - -It was discovered that no limit was imposed on alert packets during - -an SSL handshake. +ÐÑло обнаÑÑжено, ÑÑо на пакеÑÑ-пÑедÑпÑÐµÐ¶Ð´ÐµÐ½Ð¸Ñ Ð² Ñ Ð¾Ð´Ðµ ÑÑкопожаÑÐ¸Ñ SSL +не накладÑваÑÑÑÑ Ð¾Ð³ÑаниÑениÑ. https://security-tracker.debian.org/tracker/CVE-2017-3731";>CVE-2017-3731 - -Robert Swiecki discovered that the RC4-MD5 cipher when running on - -32 bit systems could be forced into an out-of-bounds read, resulting - -in denial of service. +РобеÑÑ Ð¡Ð²Ð¸ÐºÐ¸ обнаÑÑжил, ÑÑо ÑиÑÑ RC4-MD5 пÑи ÑабоÑе на 32-биÑнÑÑ +ÑиÑÑÐµÐ¼Ð°Ñ Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑинÑдиÑелÑно вÑполниÑÑ ÑÑение за пÑеделами вÑделенного бÑÑеÑа +памÑÑи, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании. - -For the stable distribution (jessie), these problems have been fixed in - -version 1.0.1t-1+deb8u6. +Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.0.1t-1+deb8u6. - -For the unstable distribution (sid), these problems have been fixed in - -version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1 - -of the openssl1.0 source package. +РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.1.0d-1 пакеÑа Ñ Ð¸ÑÑ Ð¾Ð´Ð½Ñм кодом openssl и в веÑÑии 1.0.2k-1 +пакеÑа Ñ Ð¸ÑÑ Ð¾Ð´Ð½Ñм кодом openssl1.0. - -We recommend that you upgrade your openssl packages. +РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ openssl. # do not modify the following line -BEGIN PGP SIGNATURE- iQIyBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAliLrPIACgkQXudu4gIW 0qUcbw/48nZI3xpbcr1yt/HPU0ik8GmKm+n0P5HMpjIOtfx5M9PfJKJ0bE7LA2yW I/xOJdiXwQgJy+y6HLj9Re1pt7j9vq9h4haacIkjHm0wP5KIpaHQFL+b2my5nT2c ogROdEY1X7KnJXXLOuiSKT9Cj2Ve4x7JBYR/C0wCF83b2gj5EotGwbJzYShPZdKs ntqIVEBZqL4V0JePhDiyeO4M5AZRJcNKeOVqZSso+rUYYFB8AHPsgUDBfkpA26TC JqQbirv138Bt2egjpPcsjGLkeOaZ60Q9S0FZr4T+SUUTF4e5a/u8AjR8bYkBmaSZ BMsJZv1jofvzqS9rTTlBii9cwpJFB4z5RC/Fsb7MSGP9UdV+dy1nSQTdLVugG0uN IcMu2nx48mCeN9yInv2qWLxDuL0RbfBh61r4FwUVDIk4QvKLn1QgFqPsMnMzxtPh vcJeUFLrKTJiGl86ytK61IYlrIUKzwchJ4cTVFN4awLHuK+WUj1Rw03KvZuQHsEO 1nLeWQuHvoIKabxRsZHbHYAfFwPlmvAvC1uK/ky/evav8eKqPE5pH7OCoQ2sPj2C XQ5J3Vv+F/2dSqNEXo/GH0Nxmcka/l53/eoHzd3JNuXv5Bvt7WQd1yib3QepsmXI MhGteNAVISaSVPN0puIWXqUUD34W0KvwZ3P0KA5lN+hY4YbpOA== =qL+w -END PGP SIGNATURE-