dla-{160,233}.wml

Lev Lamberov Wed, 04 May 2016 02:08:54 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-160.wml 2016-04-07 03:10:33.000000000 +0500
+++ russian/security/2015/dla-160.wml   2016-05-04 14:03:48.151467870 +0500
@@ -1,38 +1,40 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ 
LTS</define-tag>
 <define-tag moreinfo>
- -<p>This update fixes the CVEs described below.</p>
+<p>ÐÐ°Ð½Ð½Ð¾Ðµ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÑÐµÑ Ð¾Ð¿Ð¸ÑÐ°Ð½Ð½ÑÐµ 
Ð½Ð¸Ð¶Ðµ CVE.</p>
 
 <ul>
 
 <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2014-0106";>CVE-2014-0106</a>
 
- -    <p>Todd C. Miller reported that if the env_reset option is disabled
- -    in the sudoers file, the env_delete option is not correctly
- -    applied to environment variables specified on the command line.  A
- -    malicious user with sudo permissions may be able to run arbitrary
- -    commands with elevated privileges by manipulating the environment
- -    of a command the user is legitimately allowed to run.</p></li>
+    <p>Ð¢Ð¾Ð´Ð´ ÐÐ¸Ð»Ð»ÐµÑ ÑÐ¾Ð¾Ð±ÑÐ¸Ð», ÑÑÐ¾ ÐµÑÐ»Ð¸ Ð¾Ð¿ÑÐ¸Ñ 
env_reset Ð¾ÑÐºÐ»ÑÑÐµÐ½Ð° Ð²
+    ÑÐ°Ð¹Ð»Ðµ sudoers, ÑÐ¾ Ð¾Ð¿ÑÐ¸Ñ env_delete Ð½ÐµÐ¿ÑÐ°Ð²Ð¸Ð»ÑÐ½Ð¾ 
Ð¿ÑÐ¸Ð¼ÐµÐ½ÑÐµÑÑÑ
+    Ðº Ð¿ÐµÑÐµÐ¼ÐµÐ½Ð½ÑÐ¼ Ð¾ÐºÑÑÐ¶ÐµÐ½Ð¸Ñ, ÑÐºÐ°Ð·Ð°Ð½Ð½ÑÐ¼ Ð² 
ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð¹ ÑÑÑÐ¾ÐºÐµ.  ÐÐ»Ð¾ÑÐ¼ÑÑÐ»ÐµÐ½Ð½Ð¸Ðº
+    Ñ Ð¿ÑÐ°Ð²Ð°Ð¼Ð¸ Ð½Ð° Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ðµ sudo Ð¼Ð¾Ð¶ÐµÑ 
Ð·Ð°Ð¿ÑÑÑÐ¸ÑÑ Ð¿ÑÐ¾Ð¸Ð·Ð²Ð¾Ð»ÑÐ½ÑÐµ
+    ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ Ñ Ð¿Ð¾Ð²ÑÑÐµÐ½Ð½ÑÐ¼Ð¸ Ð¿ÑÐ°Ð²Ð°Ð¼Ð¸ Ð´Ð¾ÑÑÑÐ¿Ð° 
Ð¿ÑÑÑÐ¼ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¾ÐºÑÑÐ¶ÐµÐ½Ð¸Ñ
+    ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ, ÐºÐ¾ÑÐ¾ÑÑÑ ÑÑÐ¾Ð¼Ñ Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ñ 
ÑÐ°Ð·ÑÐµÑÐµÐ½Ð¾ Ð·Ð°Ð¿ÑÑÐºÐ°ÑÑ.</p></li>
 
 <li><a 
href="https://security-tracker.debian.org/tracker/CVE-2014-9680";>CVE-2014-9680</a>
 
- -    <p>Jakub Wilk reported that sudo preserves the TZ variable from a
- -    user's environment without any sanitization. A user with sudo
- -    access may take advantage of this to exploit bugs in the C library
- -    functions which parse the TZ environment variable or to open files
- -    that the user would not otherwise be able to open. The latter
- -    could potentially cause changes in system behavior when reading
- -    certain device special files or cause the program run via sudo to
- -    block.</p></li>
+    <p>Ð¯ÐºÑÐ± ÐÐ¸Ð»Ðº ÑÐ¾Ð¾Ð±ÑÐ¸Ð», ÑÑÐ¾ sudo ÑÐ¾ÑÑÐ°Ð½ÑÐµÑ 
Ð¿ÐµÑÐµÐ¼ÐµÐ½Ð½ÑÑ TZ Ð¸Ð· Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»ÑÑÐºÐ¾Ð³Ð¾
+    Ð¾ÐºÑÑÐ¶ÐµÐ½Ð¸Ñ Ð±ÐµÐ· ÐºÐ°ÐºÐ¾Ð¹-Ð»Ð¸Ð±Ð¾ ÐµÑ Ð¾ÑÐ¸ÑÑÐºÐ¸. 
ÐÐ¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ñ Ñ Ð´Ð¾ÑÑÑÐ¿Ð¾Ð¼ Ðº sudo
+    Ð¼Ð¾Ð¶ÐµÑ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÑ ÑÑÐ¾ Ð´Ð»Ñ ÑÐ¾Ð³Ð¾, ÑÑÐ¾Ð±Ñ 
Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÑ Ð¾ÑÐ¸Ð±ÐºÐ¸ Ð² ÑÑÐ½ÐºÑÐ¸ÑÑ Ð±Ð¸Ð±Ð»Ð¸Ð¾ÑÐµÐºÐ¸
+    C, ÐºÐ¾ÑÐ¾ÑÑÐµ Ð²ÑÐ¿Ð¾Ð»Ð½ÑÑÑ Ð³ÑÐ°Ð¼Ð¼Ð°ÑÐ¸ÑÐµÑÐºÐ¸Ð¹ 
ÑÐ°Ð·Ð±Ð¾Ñ Ð¿ÐµÑÐµÐ¼ÐµÐ½Ð½Ð¾Ð¹ Ð¾ÐºÑÑÐ¶ÐµÐ½Ð¸Ñ TZ, Ð¸Ð»Ð¸ Ð´Ð»Ñ 
Ð¾ÑÐºÑÑÑÐ¸Ñ
+    ÑÐ°Ð¹Ð»Ð¾Ð², ÐºÐ¾ÑÐ¾ÑÑÐµ Ð² Ð¿ÑÐ¾ÑÐ¸Ð²Ð½Ð¾Ð¼ ÑÐ»ÑÑÐ°Ðµ ÑÑÐ¾Ð¼Ñ 
Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ñ Ð¾ÑÐºÑÑÐ²Ð°ÑÑ
+    Ð½ÐµÐ»ÑÐ·Ñ. ÐÐ¾ÑÐ»ÐµÐ´Ð½ÐµÐµ Ð¼Ð¾Ð¶ÐµÑ Ð¿Ð¾ÑÐµÐ½ÑÐ¸Ð°Ð»ÑÐ½Ð¾ 
Ð²ÑÐ·Ð²Ð°ÑÑ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ
+    Ð² Ð¿Ð¾Ð²ÐµÐ´ÐµÐ½Ð¸Ð¸ ÑÐ¸ÑÑÐµÐ¼Ñ Ð¿ÑÐ¸ ÑÑÐµÐ½Ð¸Ð¸ 
Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÑÐ½Ð½ÑÑ
+    ÑÐ¿ÐµÑÐ¸Ð°Ð»ÑÐ½ÑÑ ÑÐ°Ð¹Ð»Ð¾Ð² ÑÑÑÑÐ¾Ð¹ÑÑÐ² Ð¸Ð»Ð¸ 
Ð²ÑÐ·Ð²Ð°ÑÑ Ð±Ð»Ð¾ÐºÐ¸ÑÐ¾Ð²ÐºÑ Ð·Ð°Ð¿ÑÑÐºÐ° Ð¿ÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ñ
+    ÑÐµÑÐµÐ· sudo.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (squeeze), these problems have been fixed
- -in version 1.7.4p4-2.squeeze.5.</p>
+<p>Ð Ð¿ÑÐµÐ´ÑÐ´ÑÑÐµÐ¼ ÑÑÐ°Ð±Ð¸Ð»ÑÐ½Ð¾Ð¼ Ð²ÑÐ¿ÑÑÐºÐµ (squeeze) 
ÑÑÐ¸ Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑÐ»Ð¸ Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ñ
+Ð² Ð²ÐµÑÑÐ¸Ð¸ 1.7.4p4-2.squeeze.5.</p>
 
- -<p>For the stable distribution (wheezy), they have been fixed in version
+<p>Ð ÑÑÐ°Ð±Ð¸Ð»ÑÐ½Ð¾Ð¼ Ð²ÑÐ¿ÑÑÐºÐµ (wheezy) Ð¾Ð½Ð¸ Ð±ÑÐ»Ð¸ 
Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² Ð²ÐµÑÑÐ¸Ð¸
 1.8.5p2-1+nmu2.</p>
 
- -<p>We recommend that you upgrade your sudo packages.</p>
+<p>Ð ÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑÐµÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ sudo.</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2015/dla-233.wml 2016-04-07 03:10:34.000000000 +0500
+++ russian/security/2015/dla-233.wml   2016-05-04 14:08:11.917514741 +0500
@@ -1,20 +1,21 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ 
LTS</define-tag>
 <define-tag moreinfo>
- -<p>Upstream published version 0.98.7.  This update updates sqeeze-lts to the
- -latest upstream release in line with the approach used for other Debian
- -releases.</p>
+<p>ÐÐ²ÑÐ¾ÑÑ Ð¾ÑÐ½Ð¾Ð²Ð½Ð¾Ð¹ Ð²ÐµÑÐºÐ¸ ÑÐ°Ð·ÑÐ°Ð±Ð¾ÑÐºÐ¸ 
Ð¾Ð¿ÑÐ±Ð»Ð¸ÐºÐ¾Ð²Ð°Ð»Ð¸ Ð²ÐµÑÑÐ¸Ñ 0.98.7.  ÐÐ°Ð½Ð½Ð¾Ðµ 
Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ð¾Ð±Ð½Ð¾Ð²Ð»ÑÐµÑ sqeeze-lts Ð´Ð¾
+Ð¿Ð¾ÑÐ»ÐµÐ´Ð½ÐµÐ³Ð¾ Ð²ÑÐ¿ÑÑÐºÐ° Ð¾ÑÐ½Ð¾Ð²Ð½Ð¾Ð¹ Ð²ÐµÑÐºÐ¸ 
ÑÐ°Ð·ÑÐ°Ð±Ð¾ÑÐºÐ¸, ÑÑÐ¾ ÑÐ¾Ð¾ÑÐ²ÐµÑÑÑÐ²ÑÐµÑ Ð¿Ð¾Ð´ÑÐ¾Ð´Ñ, 
Ð¸ÑÐ¿Ð¾Ð»ÑÐ·ÑÐµÐ¼Ð¾Ð¼Ñ Ð² Ð´ÑÑÐ³Ð¸Ñ
+Ð²ÑÐ¿ÑÑÐºÐ°Ñ Debian.</p>
 
- -<p>The changes are not strictly required for operation, but users of the 
previous
- -version in Squeeze may not be able to make use of all current virus 
signatures
- -and might get warnings.</p>
+<p>ÐÑÐ¸ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð½Ðµ ÑÑÐµÐ±ÑÑÑÑÑ Ð´Ð»Ñ ÑÐ°Ð±Ð¾ÑÑ, Ð½Ð¾ 
Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ð¸ Ð¿ÑÐµÐ´ÑÐ´ÑÑÐµÐ¹
+Ð²ÐµÑÑÐ¸Ð¸ Ð² Squeeze Ð¼Ð¾Ð³ÑÑ Ð¾ÐºÐ°Ð·Ð°ÑÑ Ð½ÐµÑÐ¿Ð¾ÑÐ¾Ð±Ð½Ñ 
Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÑ Ð²ÑÐµ ÑÐµÐºÑÑÐ¸Ðµ ÑÐ¸Ð³Ð½Ð°ÑÑÑÑ Ð²Ð¸ÑÑÑÐ¾Ð²
+Ð¸ Ð¼Ð¾Ð³ÑÑ Ð¿Ð¾Ð»ÑÑÐ¸ÑÑ Ð¿ÑÐµÐ´ÑÐ¿ÑÐµÐ¶Ð´ÐµÐ½Ð¸Ñ Ð¾Ð± ÑÑÐ¾Ð¼.</p>
 
- -<p>The bug fixes that are part of this release include security fixes related
- -to packed or crypted files (<a 
href="https://security-tracker.debian.org/tracker/CVE-2014-9328";>CVE-2014-9328</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-1461";>CVE-2015-1461</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-1462";>CVE-2015-1462</a>,
- -<a 
href="https://security-tracker.debian.org/tracker/CVE-2015-1463";>CVE-2015-1463</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-2170";>CVE-2015-2170</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-2221";>CVE-2015-2221</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-2222";>CVE-2015-2222</a>,
 and <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-2668";>CVE-2015-2668</a>)
- -and several fixes to the embedded libmspack library, including a potential
- -infinite loop in the Quantum decoder (<a 
href="https://security-tracker.debian.org/tracker/CVE-2014-9556";>CVE-2014-9556</a>).</p>
+<p>Ð§Ð°ÑÑÑÑ ÑÑÐ¾Ð³Ð¾ Ð²ÑÐ¿ÑÑÐºÐ° ÑÐ²Ð»ÑÑÑÑÑ Ð¸ 
Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¾ÑÐ¸Ð±Ð¾Ðº, Ð²ÐºÐ»ÑÑÐ°Ñ Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ 
Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸, ÑÐ²ÑÐ·Ð°Ð½Ð½ÑÐµ
+Ñ Ð·Ð°Ð¿Ð°ÐºÐ¾Ð²Ð°Ð½Ð½ÑÐ¼Ð¸ Ð¸Ð»Ð¸ Ð·Ð°ÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð½ÑÐ¼Ð¸ 
ÑÐ°Ð¹Ð»Ð°Ð¼Ð¸ (<a 
href="https://security-tracker.debian.org/tracker/CVE-2014-9328";>CVE-2014-9328</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-1461";>CVE-2015-1461</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-1462";>CVE-2015-1462</a>,
+<a 
href="https://security-tracker.debian.org/tracker/CVE-2015-1463";>CVE-2015-1463</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-2170";>CVE-2015-2170</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-2221";>CVE-2015-2221</a>,
 <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-2222";>CVE-2015-2222</a>
 Ð¸ <a 
href="https://security-tracker.debian.org/tracker/CVE-2015-2668";>CVE-2015-2668</a>),
+Ð° ÑÐ°ÐºÐ¶Ðµ Ð½ÐµÑÐºÐ¾Ð»ÑÐºÐ¾ Ð¸ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð²ÑÑÑÐ¾ÐµÐ½Ð½Ð¾Ð¹ 
Ð±Ð¸Ð±Ð»Ð¸Ð¾ÑÐµÐºÐ¸ libmspack, Ð²ÐºÐ»ÑÑÐ°Ñ Ð¿Ð¾ÑÐµÐ½ÑÐ¸Ð°Ð»ÑÐ½ÑÐ¹
+Ð±ÐµÑÐºÐ¾Ð½ÐµÑÐ½ÑÐ¹ ÑÐ¸ÐºÐ» Ð² Ð´ÐµÐºÐ¾Ð´ÐµÑÐµ Quantum (<a 
href="https://security-tracker.debian.org/tracker/CVE-2014-9556";>CVE-2014-9556</a>).</p>
 
- -<p>If you use clamav, we strongly recommend that you upgrade to this 
version.</p>
+<p>ÐÑÐ»Ð¸ Ð²Ñ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·ÑÐµÑÐµ clamav, ÑÐ¾ Ð²Ð°Ð¼ 
Ð½Ð°ÑÑÐ¾ÑÑÐµÐ»ÑÐ½Ð¾ ÑÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑÐµÑÑÑ Ð²ÑÐ¿Ð¾Ð»Ð½Ð¸ÑÑ 
Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ð´Ð¾ ÑÑÐ¾Ð¹ Ð²ÐµÑÑÐ¸Ð¸.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----


iQIcBAEBCgAGBQJXKbv+AAoJEF7nbuICFtKlJlwQAKL2DD1eTV2z/n5FEzeWXvYA
1JCAmiP6TTrTX5z+pzKm1t3Ol5WtPPCZa48TPqaTnqPGVjolgJkxt/mFTEYlaRW7
t6sUd3m8c/QIjfCtnb3InXo3p7K2BXqlE1krvbvOqd4UeeRUH+SLDRPxpamCpA2s
FL/VBUXoX+bOXE0k3CTlN+GeKD0T+59OdJgrDHf6dtQYV37Wu8OHtA1f1gnWy5KT
nqOlKuTXxZZFxJV6v1LUd7Q+rFa22vbq941FWVyFQPGp2cmxnJHChlbWZ5uxzYAN
Qqtn0LcOmg6VvmYXnAHcx6UvbVsb0TJxMD+dqBBWBHXfVrqrdqZAJwCmTLbEJe7M
hUbtccwHI3QvFUqFo/ZmUQuaZOPn7jtxjOJ4RQWZnkrjNphyJo66qRjxqlaptkrY
0K7pEvwxx6YwiyoDViHOX3IPNH3jAIvFnIDuHyN1Rad3Yl3U8Z6GLpSiRR9Nlibx
ytdcGADlgiH+Cb1yDuvkMqT3dfZtnhWGmHPo4Dr7Z/25HtTY03jsBzvAgtArpBPU
OcrWnvGAgHjK4Y8rQrzIjbUyT8Q6P4Mm88lLg6sppe7Xhk0/jP7FKENrJDwLR35/
znu+QOjs0fxd9pROuqZgmmbw8I8Hix7+5lPAQVKuW+i2iBWBIF/bqWsVnBZF9vIG
whA38cl4BDlIALRo1PM+
=d23n
-----END PGP SIGNATURE-----

[DONE] wml://security/2015/dla-{160,233}.wml

Ответить