-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2015/dla-160.wml 2016-04-07 03:10:33.000000000 +0500 +++ russian/security/2015/dla-160.wml 2016-05-04 14:03:48.151467870 +0500 @@ -1,38 +1,40 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>This update fixes the CVEs described below.</p> +<p>Ðанное обновление иÑпÑавлÑÐµÑ Ð¾Ð¿Ð¸ÑаннÑе ниже CVE.</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0106">CVE-2014-0106</a> - - <p>Todd C. Miller reported that if the env_reset option is disabled - - in the sudoers file, the env_delete option is not correctly - - applied to environment variables specified on the command line. A - - malicious user with sudo permissions may be able to run arbitrary - - commands with elevated privileges by manipulating the environment - - of a command the user is legitimately allowed to run.</p></li> + <p>Тодд ÐÐ¸Ð»Ð»ÐµÑ ÑообÑил, ÑÑо еÑли опÑÐ¸Ñ env_reset оÑклÑÑена в + Ñайле sudoers, Ñо опÑÐ¸Ñ env_delete непÑавилÑно пÑименÑеÑÑÑ + к пеÑеменнÑм окÑÑжениÑ, ÑказаннÑм в командной ÑÑÑоке. ÐлоÑмÑÑленник + Ñ Ð¿Ñавами на иÑполÑзование sudo Ð¼Ð¾Ð¶ÐµÑ Ð·Ð°Ð¿ÑÑÑиÑÑ Ð¿ÑоизволÑнÑе + ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ñ Ð¿Ð¾Ð²ÑÑеннÑми пÑавами доÑÑÑпа пÑÑÑм Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¾ÐºÑÑÐ¶ÐµÐ½Ð¸Ñ + командÑ, коÑоÑÑÑ ÑÑÐ¾Ð¼Ñ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ ÑазÑеÑено запÑÑкаÑÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9680">CVE-2014-9680</a> - - <p>Jakub Wilk reported that sudo preserves the TZ variable from a - - user's environment without any sanitization. A user with sudo - - access may take advantage of this to exploit bugs in the C library - - functions which parse the TZ environment variable or to open files - - that the user would not otherwise be able to open. The latter - - could potentially cause changes in system behavior when reading - - certain device special files or cause the program run via sudo to - - block.</p></li> + <p>ЯкÑб Ðилк ÑообÑил, ÑÑо sudo ÑÐ¾Ñ ÑанÑÐµÑ Ð¿ÐµÑеменнÑÑ TZ из полÑзоваÑелÑÑкого + окÑÑÐ¶ÐµÐ½Ð¸Ñ Ð±ÐµÐ· какой-либо ÐµÑ Ð¾ÑиÑÑки. ÐолÑзоваÑÐµÐ»Ñ Ñ Ð´Ð¾ÑÑÑпом к sudo + Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑполÑзоваÑÑ ÑÑо Ð´Ð»Ñ Ñого, ÑÑÐ¾Ð±Ñ Ð¸ÑполÑзоваÑÑ Ð¾Ñибки в ÑÑнкÑиÑÑ Ð±Ð¸Ð±Ð»Ð¸Ð¾Ñеки + C, коÑоÑÑе вÑполнÑÑÑ Ð³ÑаммаÑиÑеÑкий ÑÐ°Ð·Ð±Ð¾Ñ Ð¿ÐµÑеменной окÑÑÐ¶ÐµÐ½Ð¸Ñ TZ, или Ð´Ð»Ñ Ð¾ÑкÑÑÑÐ¸Ñ + Ñайлов, коÑоÑÑе в пÑоÑивном ÑлÑÑае ÑÑÐ¾Ð¼Ñ Ð¿Ð¾Ð»ÑзоваÑÐµÐ»Ñ Ð¾ÑкÑÑваÑÑ + нелÑзÑ. ÐоÑледнее Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾ÑенÑиалÑно вÑзваÑÑ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ + в поведении ÑиÑÑÐµÐ¼Ñ Ð¿Ñи ÑÑении опÑеделÑннÑÑ + ÑпеÑиалÑнÑÑ Ñайлов ÑÑÑÑойÑÑв или вÑзваÑÑ Ð±Ð»Ð¾ÐºÐ¸ÑÐ¾Ð²ÐºÑ Ð·Ð°Ð¿ÑÑка пÑогÑÐ°Ð¼Ð¼Ñ + ÑеÑез sudo.</p></li> </ul> - -<p>For the oldstable distribution (squeeze), these problems have been fixed - -in version 1.7.4p4-2.squeeze.5.</p> +<p>РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (squeeze) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +в веÑÑии 1.7.4p4-2.squeeze.5.</p> - -<p>For the stable distribution (wheezy), they have been fixed in version +<p>Ð ÑÑабилÑном вÑпÑÑке (wheezy) они бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 1.8.5p2-1+nmu2.</p> - -<p>We recommend that you upgrade your sudo packages.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ sudo.</p> </define-tag> # do not modify the following line - --- english/security/2015/dla-233.wml 2016-04-07 03:10:34.000000000 +0500 +++ russian/security/2015/dla-233.wml 2016-05-04 14:08:11.917514741 +0500 @@ -1,20 +1,21 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>Upstream published version 0.98.7. This update updates sqeeze-lts to the - -latest upstream release in line with the approach used for other Debian - -releases.</p> +<p>ÐвÑоÑÑ Ð¾Ñновной веÑки ÑазÑабоÑки опÑбликовали веÑÑÐ¸Ñ 0.98.7. Ðанное обновление обновлÑÐµÑ sqeeze-lts до +поÑледнего вÑпÑÑка оÑновной веÑки ÑазÑабоÑки, ÑÑо ÑооÑвеÑÑÑвÑÐµÑ Ð¿Ð¾Ð´Ñ Ð¾Ð´Ñ, иÑполÑзÑÐµÐ¼Ð¾Ð¼Ñ Ð² дÑÑÐ³Ð¸Ñ +вÑпÑÑÐºÐ°Ñ Debian.</p> - -<p>The changes are not strictly required for operation, but users of the previous - -version in Squeeze may not be able to make use of all current virus signatures - -and might get warnings.</p> +<p>ÐÑи Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð½Ðµ ÑÑебÑÑÑÑÑ Ð´Ð»Ñ ÑабоÑÑ, но полÑзоваÑели пÑедÑдÑÑей +веÑÑии в Squeeze могÑÑ Ð¾ÐºÐ°Ð·Ð°ÑÑ Ð½ÐµÑпоÑÐ¾Ð±Ð½Ñ Ð¸ÑполÑзоваÑÑ Ð²Ñе ÑекÑÑие ÑигнаÑÑÑÑ Ð²Ð¸ÑÑÑов +и могÑÑ Ð¿Ð¾Ð»ÑÑиÑÑ Ð¿ÑедÑпÑÐµÐ¶Ð´ÐµÐ½Ð¸Ñ Ð¾Ð± ÑÑом.</p> - -<p>The bug fixes that are part of this release include security fixes related - -to packed or crypted files (<a href="https://security-tracker.debian.org/tracker/CVE-2014-9328">CVE-2014-9328</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-1461">CVE-2015-1461</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-1462">CVE-2015-1462</a>, - -<a href="https://security-tracker.debian.org/tracker/CVE-2015-1463">CVE-2015-1463</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2170">CVE-2015-2170</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2221">CVE-2015-2221</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2222">CVE-2015-2222</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2015-2668">CVE-2015-2668</a>) - -and several fixes to the embedded libmspack library, including a potential - -infinite loop in the Quantum decoder (<a href="https://security-tracker.debian.org/tracker/CVE-2014-9556">CVE-2014-9556</a>).</p> +<p>ЧаÑÑÑÑ ÑÑого вÑпÑÑка ÑвлÑÑÑÑÑ Ð¸ иÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¾Ñибок, вклÑÑÐ°Ñ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑÑи, ÑвÑзаннÑе +Ñ Ð·Ð°Ð¿Ð°ÐºÐ¾Ð²Ð°Ð½Ð½Ñми или заÑиÑÑованнÑми Ñайлами (<a href="https://security-tracker.debian.org/tracker/CVE-2014-9328">CVE-2014-9328</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-1461">CVE-2015-1461</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-1462">CVE-2015-1462</a>, +<a href="https://security-tracker.debian.org/tracker/CVE-2015-1463">CVE-2015-1463</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2170">CVE-2015-2170</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2221">CVE-2015-2221</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2222">CVE-2015-2222</a> и <a href="https://security-tracker.debian.org/tracker/CVE-2015-2668">CVE-2015-2668</a>), +а Ñакже неÑколÑко иÑпÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð²ÑÑÑоенной библиоÑеки libmspack, вклÑÑÐ°Ñ Ð¿Ð¾ÑенÑиалÑнÑй +беÑконеÑнÑй Ñикл в декодеÑе Quantum (<a href="https://security-tracker.debian.org/tracker/CVE-2014-9556">CVE-2014-9556</a>).</p> - -<p>If you use clamav, we strongly recommend that you upgrade to this version.</p> +<p>ÐÑли Ð²Ñ Ð¸ÑполÑзÑеÑе clamav, Ñо вам наÑÑоÑÑелÑно ÑекомендÑеÑÑÑ Ð²ÑполниÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ до ÑÑой веÑÑии.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXKbv+AAoJEF7nbuICFtKlJlwQAKL2DD1eTV2z/n5FEzeWXvYA 1JCAmiP6TTrTX5z+pzKm1t3Ol5WtPPCZa48TPqaTnqPGVjolgJkxt/mFTEYlaRW7 t6sUd3m8c/QIjfCtnb3InXo3p7K2BXqlE1krvbvOqd4UeeRUH+SLDRPxpamCpA2s FL/VBUXoX+bOXE0k3CTlN+GeKD0T+59OdJgrDHf6dtQYV37Wu8OHtA1f1gnWy5KT nqOlKuTXxZZFxJV6v1LUd7Q+rFa22vbq941FWVyFQPGp2cmxnJHChlbWZ5uxzYAN Qqtn0LcOmg6VvmYXnAHcx6UvbVsb0TJxMD+dqBBWBHXfVrqrdqZAJwCmTLbEJe7M hUbtccwHI3QvFUqFo/ZmUQuaZOPn7jtxjOJ4RQWZnkrjNphyJo66qRjxqlaptkrY 0K7pEvwxx6YwiyoDViHOX3IPNH3jAIvFnIDuHyN1Rad3Yl3U8Z6GLpSiRR9Nlibx ytdcGADlgiH+Cb1yDuvkMqT3dfZtnhWGmHPo4Dr7Z/25HtTY03jsBzvAgtArpBPU OcrWnvGAgHjK4Y8rQrzIjbUyT8Q6P4Mm88lLg6sppe7Xhk0/jP7FKENrJDwLR35/ znu+QOjs0fxd9pROuqZgmmbw8I8Hix7+5lPAQVKuW+i2iBWBIF/bqWsVnBZF9vIG whA38cl4BDlIALRo1PM+ =d23n -----END PGP SIGNATURE-----