subject:"\[DONE\] wml\:\/\/security\/2002\/dsa\-1\{20,77,91\}.wml"

Re: [DONE] wml://security/2002/dsa-1{20,77,91}.wml

2016-08-29 Пенетрантность Lev Lamberov

29.08.2016 02:13, Andrey Skvortsov пишет:
> On 27 Aug, Lev Lamberov wrote:
>> +сессии SSL с целью их сохранения для дальнейшего использования.  Эти 
>> переменных сохраняются
> переменныЕ
>> +Отключенные пароли (то есть, пароли с '*' в
> ОтключЁнные

Исправил. Спасибо!


signature.asc
Description: OpenPGP digital signature

[DONE] wml://security/2002/dsa-1{20,77,91}.wml

2016-08-27 Пенетрантность Lev Lamberov

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- --- english/security/2002/dsa-120.wml 2002-03-11 03:48:15.0 +0500
+++ russian/security/2002/dsa-120.wml   2016-08-27 18:21:59.688284594 +0500
@@ -1,25 +1,26 @@
- -buffer overflow
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+Ð¿ÐµÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ðµ Ð±ÑÑÐµÑÐ°
 
- -Ed Moyle recently
+ÐÐ´ ÐÐ¾Ð¸Ð» Ð½ÐµÐ´Ð°Ð²Ð½Ð¾
 http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html;>\
- -found a buffer overflow in Apache-SSL and mod_ssl.
- -With session caching enabled, mod_ssl will serialize SSL session
- -variables to store them for later use.  These variables were stored in
- -a buffer of a fixed size without proper boundary checks.
+Ð¾Ð±Ð½Ð°ÑÑÐ¶Ð¸Ð» Ð¿ÐµÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ðµ Ð±ÑÑÐµÑÐ° Ð² Apache-SSL Ð¸ 
mod_ssl.
+ÐÑÐ»Ð¸ Ð²ÐºÐ»ÑÑÐµÐ½Ð¾ ÐºÐµÑÐ¸ÑÐ¾Ð²Ð°Ð½Ð¸Ðµ ÑÐµÑÑÐ¸Ð¸, ÑÐ¾ mod_ssl 
Ð²ÑÐ¿Ð¾Ð»Ð½ÑÐµÑ ÑÐµÑÐ¸Ð°Ð»Ð¸Ð·Ð°ÑÐ¸Ñ Ð¿ÐµÑÐµÐ¼ÐµÐ½Ð½ÑÑ
+ÑÐµÑÑÐ¸Ð¸ SSL Ñ ÑÐµÐ»ÑÑ Ð¸Ñ ÑÐ¾ÑÑÐ°Ð½ÐµÐ½Ð¸Ñ Ð´Ð»Ñ 
Ð´Ð°Ð»ÑÐ½ÐµÐ¹ÑÐµÐ³Ð¾ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ.  ÐÑÐ¸ Ð¿ÐµÑÐµÐ¼ÐµÐ½Ð½ÑÑ 
ÑÐ¾ÑÑÐ°Ð½ÑÑÑÑÑ
+Ð² Ð±ÑÑÐµÑÐµ ÑÐ¸ÐºÑÐ¸ÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð³Ð¾ ÑÐ°Ð·Ð¼ÐµÑÐ°, Ð° 
Ð¿ÑÐ¾Ð²ÐµÑÐºÐ° Ð³ÑÐ°Ð½Ð¸Ñ Ð½Ðµ Ð¿ÑÐ¾Ð¸Ð·Ð²Ð¾Ð´Ð¸ÑÑÑ.
 
- -To exploit the overflow, the server must be configured to require client
- -certificates, and an attacker must obtain a carefully crafted client
- -certificate that has been signed by a Certificate Authority which is
- -trusted by the server. If these conditions are met, it would be possible
- -for an attacker to execute arbitrary code on the server.
+ÐÐ»Ñ ÑÐ¾Ð³Ð¾, ÑÑÐ¾Ð±Ñ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÑ ÑÑÐ¾ 
Ð¿ÐµÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ðµ, ÑÐµÑÐ²ÐµÑ Ð´Ð¾Ð»Ð¶ÐµÐ½ ÑÑÐµÐ±Ð¾Ð²Ð°ÑÑ 
ÐºÐ»Ð¸ÐµÐ½ÑÑÐºÐ¸Ðµ
+ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÑ, Ð° Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸Ðº Ð´Ð¾Ð»Ð¶ÐµÐ½ 
Ð¿Ð¾Ð»ÑÑÐ¸ÑÑ ÑÐ¿ÐµÑÐ¸Ð°Ð»ÑÐ½Ð¾ ÑÑÐ¾ÑÐ¼Ð¸ÑÐ¾Ð²Ð°Ð½Ð½ÑÐ¹ 
ÐºÐ»Ð¸ÐµÐ½ÑÑÐºÐ¸Ð¹
+ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°Ñ, Ð¿Ð¾Ð´Ð¿Ð¸ÑÐ°Ð½Ð½ÑÐ¹ Ð°Ð²ÑÐ¾ÑÐ¸ÑÐµÑÐ¾Ð¼, 
ÐºÐ¾ÑÐ¾ÑÐ¾Ð¼Ñ Ð´Ð¾Ð²ÐµÑÑÐµÑ ÑÑÐ¾Ñ
+ÑÐµÑÐ²ÐµÑ. ÐÑÐ»Ð¸ ÑÑÐ¸ ÑÑÐ»Ð¾Ð²Ð¸Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ñ, ÑÐ¾ 
Ð·Ð»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸Ðº Ð¼Ð¾Ð¶ÐµÑ
+Ð²ÑÐ¿Ð¾Ð»Ð½Ð¸ÑÑ Ð¿ÑÐ¾Ð¸Ð·Ð²Ð¾Ð»ÑÐ½ÑÐ¹ ÐºÐ¾Ð´ Ð½Ð° ÑÐµÑÐ²ÐµÑÐµ.
 
- -This problem has been fixed in version 1.3.9.13-4 of Apache-SSL and
- -version 2.4.10-1.3.9-1potato1 of libapache-mod-ssl for the stable
- -Debian distribution as well as in version 1.3.23.1+1.47-1 of
- -Apache-SSL and version 2.8.7-1 of libapache-mod-ssl for the testing
- -and unstable distribution of Debian.
+ÐÑÐ° Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ð° Ð±ÑÐ»Ð° Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð° Ð² Ð²ÐµÑÑÐ¸Ð¸ 
1.3.9.13-4 Ð¿Ð°ÐºÐµÑÐ° Apache-SSL Ð¸
+Ð² Ð²ÐµÑÑÐ¸Ð¸ 2.4.10-1.3.9-1potato1 Ð¿Ð°ÐºÐµÑÐ° libapache-mod-ssl Ð´Ð»Ñ 
ÑÑÐ°Ð±Ð¸Ð»ÑÐ½Ð¾Ð³Ð¾
+Ð²ÑÐ¿ÑÑÐºÐ° Debian, Ð° ÑÐ°ÐºÐ¶Ðµ Ð² Ð²ÐµÑÑÐ¸Ð¸ 1.3.23.1+1.47-1 
Ð¿Ð°ÐºÐµÑÐ°
+Apache-SSL Ð¸ Ð² Ð²ÐµÑÑÐ¸Ð¸ 2.8.7-1 Ð¿Ð°ÐºÐµÑÐ° libapache-mod-ssl Ð´Ð»Ñ 
ÑÐµÑÑÐ¸ÑÑÐµÐ¼Ð¾Ð³Ð¾
+Ð¸ Ð½ÐµÑÑÐ°Ð±Ð¸Ð»ÑÐ½Ð¾Ð³Ð¾ Ð²ÑÐ¿ÑÑÐºÐ¾Ð² Debian.
 
- -We recommend that you upgrade your Apache-SSL and mod_ssl packages.
+Ð ÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑÐµÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ Apache-SSL Ð¸ 
mod_ssl.
 
 
 # do not modify the following line
- --- english/security/2002/dsa-177.wml 2002-10-31 20:25:34.0 +0500
+++ russian/security/2002/dsa-177.wml   2016-08-27 18:29:19.058310940 +0500
@@ -1,27 +1,28 @@
- -serious security violation
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+ÑÐµÑÑÑÐ·Ð½Ð¾Ðµ Ð½Ð°ÑÑÑÐµÐ½Ð¸Ðµ 
Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸
 
- -A serious security violation in PAM was discovered.
- -Disabled passwords (i.e. those with '*' in the
- -password file) were classified as empty password and access to such
- -accounts is granted through the regular login procedure (getty,
- -telnet, ssh).  This works for all such accounts whose shell field in
- -the password file does not refer to /bin/false.
- -Only version 0.76 of PAM seems to be affected by this problem.
+Ð PAM Ð±ÑÐ»Ð¾ Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¾ ÑÐµÑÑÑÐ·Ð½Ð¾Ðµ Ð½Ð°ÑÑÑÐµÐ½Ð¸Ðµ 
Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸.
+ÐÑÐºÐ»ÑÑÐµÐ½Ð½ÑÐµ Ð¿Ð°ÑÐ¾Ð»Ð¸ (ÑÐ¾ ÐµÑÑÑ, Ð¿Ð°ÑÐ¾Ð»Ð¸ Ñ '*' Ð²
+ÑÐ°Ð¹Ð»Ðµ Ð¿Ð°ÑÐ¾Ð»ÐµÐ¹) ÐºÐ»Ð°ÑÑÐ¸ÑÐ¸ÑÐ¸ÑÑÑÑÑÑ ÐºÐ°Ðº 
Ð¿ÑÑÑÑÐµ Ð¿Ð°ÑÐ¾Ð»Ð¸, Ð´Ð¾ÑÑÑÐ¿ Ðº ÑÐ°ÐºÐ¸Ð¼
+ÑÑÑÑÐ½ÑÐ¼ Ð·Ð°Ð¿Ð¸ÑÑÐ¼ Ð´Ð°ÑÑÑÑ ÑÐµÑÐµÐ· Ð¾Ð±ÑÑÐ½ÑÑ 
Ð¿ÑÐ¾ÑÐµÐ´ÑÑÑ Ð²ÑÐ¾Ð´Ð° (getty,
+telnet, ssh).  ÐÑÐ¾ ÑÐ°Ð±Ð¾ÑÐ°ÐµÑ Ð´Ð»Ñ Ð²ÑÐµÑ ÑÑÑÑÐ½ÑÑ 
Ð·Ð°Ð¿Ð¸ÑÐµÐ¹, Ñ ÐºÐ¾ÑÐ¾ÑÑÑ Ð¿Ð¾Ð»Ðµ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð¹ ÑÑÑÐ¾ÐºÐ¸ Ð²
+ÑÐ°Ð¹Ð»Ðµ Ð¿Ð°ÑÐ¾Ð»ÐµÐ¹ Ð½Ðµ ÑÐ¾Ð´ÐµÑÐ¶Ð¸Ñ /bin/false.
+ÐÐ°Ðº ÐºÐ°Ð¶ÐµÑÑÑ, ÑÑÐ¾Ð¹ Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ðµ Ð¿Ð¾Ð´Ð²ÐµÑÐ¶ÐµÐ½Ð° 
ÑÐ¾Ð»ÑÐºÐ¾ Ð²ÐµÑÑÐ¸Ñ 0.76 PAM.
 
- -This problem has been fixed in version 0.76-6 for the current unstable
- -distribution (sid).  The stable distribution (woody), the old stable
- -distribution (potato) and the testing distribution (sarge) are not
- -affected by this problem.
+ÐÑÐ° Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ð° Ð±ÑÐ»Ð°

Re: [DONE] wml://security/2002/dsa-1{20,77,91}.wml

[DONE] wml://security/2002/dsa-1{20,77,91}.wml

2 matches

Site Navigation

Mail list logo

Footer information