-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- --- english/security/2016/dsa-3687.wml2016-10-06 10:05:02.0
+0500
+++ russian/security/2016/dsa-3687.wml 2016-10-07 00:17:08.390886251 +0500
@@ -1,35 +1,36 @@
- -security update
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+обновление
безопаÑноÑÑи
- -Two vulnerabilities were reported in NSPR, a library to abstract over
- -operating system interfaces developed by the Mozilla project.
+Ð NSPR, библиоÑеке Ð´Ð»Ñ Ð°Ð±ÑÑÑагиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð¾Ñ
инÑеÑÑейÑов опеÑаÑионной ÑиÑÑемÑ,
ÑазÑабоÑаннаÑ
+пÑоекÑом Mozilla, бÑли обнаÑÑÐ¶ÐµÐ½Ñ Ð´Ð²Ðµ
ÑÑзвимоÑÑи.
https://security-tracker.debian.org/tracker/CVE-2016-1951;>CVE-2016-1951
- -q1 reported that the NSPR implementation of sprintf-style string
- -formatting function miscomputed memory allocation sizes,
- -potentially leading to heap-based buffer overflows
+q1 ÑообÑил, ÑÑо ÑеализаÑÐ¸Ñ NSPR ÑÑнкÑии
ÑоÑмаÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ ÑÑÑоки в
+ÑÑиле sprintf непÑавилÑно вÑÑиÑлÑÐµÑ ÑазмеÑ
вÑÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ð¿Ð°Ð¼ÑÑи,
+ÑÑо поÑенÑиалÑно пÑÐ¸Ð²Ð¾Ð´Ð¸Ñ Ðº
пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð´Ð¸Ð½Ð°Ð¼Ð¸ÑеÑкой памÑÑи
- -The second issue concerns environment variable processing in NSPR.
- -The library did not ignore environment variables used to configuring
- -logging and tracing in processes which underwent a SUID/SGID/AT_SECURE
- -transition at process start. In certain system configurations, this
- -allowed local users to escalate their privileges.
- -
- -In addition, this nspr update contains further stability and
- -correctness fixes and contains support code for an upcoming nss
- -update.
+ÐÑоÑÐ°Ñ Ð¿Ñоблема каÑаеÑÑÑ Ð¾Ð±ÑабоÑки в NSPR
пеÑеменнÑÑ
окÑÑжениÑ.
+ÐиблиоÑека не игноÑиÑÑÐµÑ Ð¿ÐµÑеменнÑе
окÑÑжениÑ, иÑполÑзÑемÑе Ð´Ð»Ñ Ð½Ð°ÑÑÑойки
+жÑÑналиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð¸ ÑÑаÑÑиÑовки в пÑоÑеÑÑаÑ
,
вÑполнÑÑÑ Ð¿ÐµÑеÑ
од SUID/SGID/AT_SECURE
+во вÑÐµÐ¼Ñ Ð·Ð°Ð¿ÑÑка пÑоÑеÑÑа. ÐÑи
опÑеделÑннÑÑ
наÑÑÑойкаÑ
ÑиÑÑÐµÐ¼Ñ ÑÑо
+позволÑÐµÑ Ð»Ð¾ÐºÐ°Ð»ÑнÑм полÑзоваÑелÑм
повÑÑаÑÑ Ð¿Ñивилегии.
+
+ÐÑоме Ñого, данное обновление nspr
ÑодеÑÐ¶Ð¸Ñ Ð´Ð¾Ð¿Ð¾Ð»Ð½Ð¸ÑелÑнÑе иÑпÑавлениÑ
+ÑÑабилÑноÑÑи и коÑÑекÑноÑÑи, а Ñакже
поддеÑÐ¶ÐºÑ Ð³Ð¾ÑовÑÑегоÑÑ
+Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ nss.
- -For the stable distribution (jessie), these problems have been fixed
- -in version 2:4.12-1+debu8u1.
+Ð ÑÑабилÑном вÑпÑÑке (jessie) ÑÑи пÑоблемÑ
бÑли иÑпÑавленÑ
+в веÑÑии 2:4.12-1+debu8u1.
- -For the unstable distribution (sid), these problems have been fixed in
- -version 2:4.12-1.
+РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑоблемÑ
бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð²
+веÑÑии 2:4.12-1.
- -We recommend that you upgrade your nspr packages.
+РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ nspr.
# do not modify the following line
- --- english/security/2016/dsa-3688.wml2016-10-06 10:05:46.0
+0500
+++ russian/security/2016/dsa-3688.wml 2016-10-07 00:29:22.884788209 +0500
@@ -1,73 +1,74 @@
- -security update
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+обновление
безопаÑноÑÑи
- -Several vulnerabilities were discovered in NSS, the cryptography
- -library developed by the Mozilla project.
+Ð NSS, кÑипÑогÑаÑиÑеÑкой библиоÑеке,
ÑазÑабоÑанной пÑоекÑом Mozilla,
+бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей.
https://security-tracker.debian.org/tracker/CVE-2015-4000;>CVE-2015-4000
- -David Adrian et al. reported that it may be feasible to attack
- -Diffie-Hellman-based cipher suites in certain circumstances,
- -compromising the confidentiality and integrity of data encrypted
- -with Transport Layer Security (TLS).
+Ðавид ÐдÑиан и дÑ. ÑообÑили, ÑÑо пÑи
опÑеделÑннÑÑ
обÑÑоÑÑелÑÑÑваÑ
веÑоÑÑно
+можно аÑаковаÑÑ Ð½Ð°Ð±Ð¾ÑÑ ÑиÑÑов на оÑнове
пÑоÑокола ÐиÑÑи-Хеллмана,
+компÑомеÑиÑÑÑ ÐºÐ¾Ð½ÑиденÑиалÑноÑÑÑ Ð¸
ÑелоÑÑноÑÑÑ Ð´Ð°Ð½Ð½ÑÑ
, заÑиÑÑованнÑÑ
+Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Transport Layer Security (TLS).
https://security-tracker.debian.org/tracker/CVE-2015-7181;>CVE-2015-7181