-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2017/dsa-3927.wml 2017-08-07 10:31:48.000000000 +0500 +++ russian/security/2017/dsa-3927.wml 2017-08-07 17:55:56.444971068 +0500 @@ -1,86 +1,87 @@ - -<define-tag description>security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities have been discovered in the Linux kernel that - -may lead to a privilege escalation, denial of service or information - -leaks.</p> +<p>Ð ÑдÑе Linux бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей, коÑоÑÑе +могÑÑ Ð¿ÑиводиÑÑ Ðº повÑÑÐµÐ½Ð¸Ñ Ð¿Ñивилегий, оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании или ÑÑеÑкам +инÑоÑмаÑии.</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7346">CVE-2017-7346</a> - - <p>Li Qiang discovered that the DRM driver for VMware virtual GPUs does - - not properly check user-controlled values in the - - vmw_surface_define_ioctl() functions for upper limits. A local user - - can take advantage of this flaw to cause a denial of service.</p></li> + <p>Ðи ЦÑн обнаÑÑжил, ÑÑо дÑÐ°Ð¹Ð²ÐµÑ DRM Ð´Ð»Ñ Ð²Ð¸ÑÑÑалÑного видеоÑипа VMware + непÑавилÑно вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ð¿Ð¾Ð»ÑзоваÑелÑÑÐºÐ¸Ñ Ð·Ð½Ð°Ñений в ÑÑнÑиÑÑ + vmw_surface_define_ioctl() на пÑÐµÐ´Ð¼ÐµÑ Ð¿ÑевÑÑÐµÐ½Ð¸Ñ Ð¾Ð³ÑаниÑений. ÐокалÑнÑй полÑзоваÑÐµÐ»Ñ + Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð²Ñзова оÑказа в обÑлÑживании.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7482">CVE-2017-7482</a> - - <p>Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does - - not properly verify metadata, leading to information disclosure, - - denial of service or potentially execution of arbitrary code.</p></li> + <p>Ши ÐÑй обнаÑÑжил, ÑÑо код ÑабоÑÑ Ñ Ð±Ð¸Ð»ÐµÑами RxRPC Kerberos 5 непÑавилÑно + вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ð¼ÐµÑаданнÑÑ , ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº ÑаÑкÑÑÑÐ¸Ñ Ð¸Ð½ÑоÑмаÑии, + оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании или поÑенÑиалÑÐ½Ð¾Ð¼Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7533">CVE-2017-7533</a> - - <p>Fan Wu and Shixiong Zhao discovered a race condition between inotify - - events and VFS rename operations allowing an unprivileged local - - attacker to cause a denial of service or escalate privileges.</p></li> + <p>Фан ÐÑ Ð¸ ШиÑÑн Чжао обнаÑÑжили ÑоÑÑоÑние гонки Ð¼ÐµÐ¶Ð´Ñ ÑобÑÑиÑми inotify + и опеÑаÑиÑми пеÑÐµÐ¸Ð¼ÐµÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ VFS, коÑоÑое позволÑÐµÑ Ð½ÐµÐ¿ÑивилегиÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð¼Ñ + локалÑÐ½Ð¾Ð¼Ñ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð²ÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании или повÑÑение пÑивилегий.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7541">CVE-2017-7541</a> - - <p>A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN - - driver could allow a local user to cause kernel memory corruption, - - leading to a denial of service or potentially privilege escalation.</p></li> + <p>РдÑайвеÑе Broadcom IEEE802.11n PCIe SoftMAC WLAN бÑло обнаÑÑжено пеÑеполнение + бÑÑеÑа, позволÑÑÑее локалÑÐ½Ð¾Ð¼Ñ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ Ð²ÑзÑваÑÑ Ð¿Ð¾Ð²Ñеждение ÑодеÑжимого памÑÑи + ÑдÑа, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании или поÑенÑиалÑÐ½Ð¾Ð¼Ñ Ð¿Ð¾Ð²ÑÑÐµÐ½Ð¸Ñ Ð¿Ñивилегий.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7542">CVE-2017-7542</a> - - <p>An integer overflow vulnerability in the ip6_find_1stfragopt() - - function was found allowing a local attacker with privileges to open - - raw sockets to cause a denial of service.</p></li> + <p>Ð ÑÑнкÑии ip6_find_1stfragopt() бÑло обнаÑÑжено пеÑеполнение ÑелÑÑ ÑиÑел, + позволÑÑÑее локалÑÐ½Ð¾Ð¼Ñ Ð·Ð»Ð¾ÑмÑÑленникÑ, имеÑÑÐµÐ¼Ñ Ð¿Ñивилегии на оÑкÑÑÑие ÑÑÑÑÑ + ÑокеÑов, вÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-9605">CVE-2017-9605</a> - - <p>Murray McAllister discovered that the DRM driver for VMware virtual - - GPUs does not properly initialize memory, potentially allowing a - - local attacker to obtain sensitive information from uninitialized - - kernel memory via a crafted ioctl call.</p></li> + <p>ÐÑÑÑей ÐакалиÑÑÐ²ÐµÑ Ð¾Ð±Ð½Ð°ÑÑжил, ÑÑо дÑÐ°Ð¹Ð²ÐµÑ DRM Ð´Ð»Ñ Ð²Ð¸ÑÑÑалÑного видеоÑипа VMware + непÑавилÑно вÑполнÑÐµÑ Ð¸Ð½Ð¸ÑиализаÑÐ¸Ñ Ð¿Ð°Ð¼ÑÑи, ÑÑо поÑенÑиалÑно позволÑÐµÑ + локалÑÐ½Ð¾Ð¼Ñ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ Ð¿Ð¾Ð»ÑÑаÑÑ ÑÑвÑÑвиÑелÑнÑÑ Ð¸Ð½ÑоÑмаÑÐ¸Ñ Ð¸Ð· неиниÑиализиÑованной + памÑÑи ÑдÑа Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованного вÑзова ioctl.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-10810">CVE-2017-10810</a> - - <p>Li Qiang discovered a memory leak flaw within the VirtIO GPU driver - - resulting in denial of service (memory consumption).</p></li> + <p>Ðи ЦÑн обнаÑÑжил ÑÑеÑÐºÑ Ð¿Ð°Ð¼ÑÑи в дÑайвеÑе видеоÑипов VirtIO, + пÑиводÑÑÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании (ÑÑезмеÑное поÑÑебление памÑÑи).</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-10911">CVE-2017-10911</a> / <a href="https://xenbits.xen.org/xsa/advisory-216.txt">XSA-216</a> - - <p>Anthony Perard of Citrix discovered an information leak flaw in Xen - - blkif response handling, allowing a malicious unprivileged guest to - - obtain sensitive information from the host or other guests.</p></li> + <p>ÐнÑони ÐеÑÐ°Ñ Ð¸Ð· Citrix обнаÑÑжил ÑÑеÑÐºÑ Ð¸Ð½ÑоÑмаÑии в коде обÑабоÑки blkif-оÑвеÑа + в Xen, коÑоÑÐ°Ñ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÐµÑ Ð½ÐµÐ¿ÑивилегиÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð¼Ñ Ð³Ð¾ÑÑÑ Ð¿Ð¾Ð»ÑÑаÑÑ ÑÑвÑÑвиÑелÑнÑÑ + инÑоÑмаÑÐ¸Ñ Ñ Ð¾Ñновной ÑиÑÑÐµÐ¼Ñ Ð¸Ð»Ð¸ дÑÑÐ³Ð¸Ñ Ð³Ð¾ÑÑевÑÑ ÑиÑÑем.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11176">CVE-2017-11176</a> - - <p>It was discovered that the mq_notify() function does not set the - - sock pointer to NULL upon entry into the retry logic. An attacker - - can take advantage of this flaw during a user-space close of a - - Netlink socket to cause a denial of service or potentially cause - - other impact.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо ÑÑнкÑÐ¸Ñ mq_notify() не ÑÑÑÐ°Ð½Ð°Ð²Ð»Ð¸Ð²Ð°ÐµÑ + sock-ÑказаÑÐµÐ»Ñ Ð² знаÑение NULL пÑи Ð²Ñ Ð¾Ð¶Ð´ÐµÐ½Ð¸Ð¸ в Ð»Ð¾Ð³Ð¸ÐºÑ Ð¿Ð¾Ð²ÑоÑа попÑÑки. ÐлоÑмÑÑленник + Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ð²Ð¾ вÑÐµÐ¼Ñ Ð·Ð°ÐºÑÑÑÐ¸Ñ Ð² полÑзоваÑелÑÑком пÑоÑÑÑанÑÑве + ÑокеÑа Netlink, ÑÑо пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании или поÑенÑиалÑно Ð¼Ð¾Ð¶ÐµÑ Ð¾ÐºÐ°Ð·ÑваÑÑ + дÑÑгое влиÑние на безопаÑноÑÑÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000365">CVE-2017-1000365</a> - - <p>It was discovered that argument and environment pointers are not - - taken properly into account to the imposed size restrictions on - - arguments and environmental strings passed through - - RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of - - this flaw in conjunction with other flaws to execute arbitrary code.</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо ÑказаÑели аÑгÑменÑа и окÑÑÐ¶ÐµÐ½Ð¸Ñ Ð½Ðµ ÑÑиÑÑваÑÑÑÑ + ÑооÑвеÑÑÑвÑÑÑим обÑазом пÑи наложении огÑаниÑений ÑазмеÑа на ÑÑÑоковÑе + знаÑÐµÐ½Ð¸Ñ Ð°ÑгÑменÑов и окÑÑжениÑ, пеÑедаваемÑе ÑеÑез RLIMIT_STACK/RLIMIT_INFINITY. + ÐокалÑнÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ð²Ð¼ÐµÑÑе Ñ + дÑÑгими ÑÑзвимоÑÑÑми Ð´Ð»Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода.</p></li> </ul> - -<p>For the oldstable distribution (jessie), these problems will be fixed in - -a subsequent DSA.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +ÑледÑÑÑей ÑекомендаÑии по безопаÑноÑÑи.</p> - -<p>For the stable distribution (stretch), these problems have been fixed in - -version 4.9.30-2+deb9u3.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (stretch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 4.9.30-2+deb9u3.</p> - -<p>We recommend that you upgrade your linux packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ linux.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAlmIY2AACgkQXudu4gIW 0qVpDg/+P1vvRCryprKFpWVN4HqA3RsmWXqETMw7VpcmWHjoV/Pl9bbfdMmx3imZ kfMKxOYrnhlKfUtPJKErwbsDFNp+cDfg48lB/F4VBHZ1kJXNuclIuCFgTAgRsGWn KUNXrEKAbdceSUeUs7ImW8wBp0jqk7jFFCt8K2Fv1GyU23FtdAS3C2qfUy5GCGQZ D+YrcJ5CgqqstuTB7ZCk0lnXSx1oNlyNUl0Gi/MixFoV1gUaBGStjEbWsdSgbSXd U4Cn+hM/95D7+BGaGRDlZu0a9GF38nt444T67emscSlO6GdUWnjzMTSc5S81xpbW auLOD504Di8m2ac1rFfmaOdLjUBBH4U3fXz0QJbpkYxwHRBjsk1e4OPUfiJAMpGA WVM3Rde5Q6UHP74zs0iqpS8ydSWQDHjplRpE50mwQ8dqAopuVSd0rvD21CnaaWON 2VEX06ZrywZ5pphjb0gqJj2OtEebW89UFklEjR9abglPNIMNXFrmoGildJ0j9PnA KtPjACsqxdTjZK4x1fTUPNR0c+KdN0fhwea+f9KDnZPNDN093/88TlQpZ2PBtleG 6gj78BHCQS343Sy4HztrBjahSqszrbCEeyuqhIyaT6qdHsA0Lk9AbhZyBBISvlOQ sd1RJNED9oNzpeJlkTLbaG18MtpEaQEAg7KGhIktKL4DlHy640Y= =G2FO -----END PGP SIGNATURE-----