-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- --- english/security/2010/dsa-1974.wml2014-04-30 13:16:22.0
+0600
+++ russian/security/2010/dsa-1974.wml 2016-09-16 22:47:14.557600243 +0500
@@ -1,38 +1,39 @@
- -several vulnerabilities
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+неÑколÑко ÑÑзвимоÑÑей
- -Several vulnerabilities have been found in gzip, the GNU compression
- -utilities. The Common Vulnerabilities and Exposures project identifies
- -the following problems:
+Ð gzip, ÑÑилиÑаÑ
Ð´Ð»Ñ ÑжаÑÐ¸Ñ Ð¾Ñ GNU, бÑло
обнаÑÑжено неÑколÑко
+ÑÑзвимоÑÑей. ÐÑÐ¾ÐµÐºÑ Common Vulnerabilities and Exposures
опÑеделÑеÑ
+ÑледÑÑÑие пÑоблемÑ:
https://security-tracker.debian.org/tracker/CVE-2009-2624;>CVE-2009-2624
- -Thiemo Nagel discovered a missing input sanitation flaw in the way gzip
- -used to decompress data blocks for dynamic Huffman codes, which could
- -lead to the execution of arbitrary code when trying to decompress a
- -crafted archive. This issue is a reappearance of https://security-tracker.debian.org/tracker/CVE-2006-4334;>CVE-2006-4334
and only
- -affects the lenny version.
+Тимо ÐÐ°Ð³ÐµÐ»Ñ Ð¾Ð±Ð½Ð°ÑÑжил оÑÑÑÑÑÑвие
оÑиÑÑки вÑ
однÑÑ
даннÑÑ
в ÑпоÑобе,
иÑполÑзÑемом gzip
+Ð´Ð»Ñ ÑаÑпаковки блоков даннÑÑ
длÑ
динамиÑеÑкиÑ
кодов ХаÑÑмана, ÑÑо можеÑ
+пÑиводиÑÑ Ðº вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода
пÑи попÑÑке ÑаÑпаковки
+ÑпеÑиалÑно ÑÑоÑмиÑованного аÑÑ
ива. ÐÑа
пÑоблема пÑедÑÑавлÑÐµÑ Ñобой возвÑаÑение https://security-tracker.debian.org/tracker/CVE-2006-4334;>CVE-2006-4334
и
+каÑаеÑÑÑ ÑолÑко веÑÑии из ÑоÑÑава lenny.
https://security-tracker.debian.org/tracker/CVE-2010-0001;>CVE-2010-0001
- -Aki Helin discovered an integer underflow when decompressing files that
- -are compressed using the LZW algorithm. This could lead to the execution
- -of arbitrary code when trying to decompress a crafted LZW compressed
- -gzip archive.
+Ðки Хелин обнаÑÑжил оÑÑиÑаÑелÑное
пеÑеполнение ÑелÑÑ
ÑиÑел пÑи ÑаÑпаковке
Ñайлов,
+ÑжаÑÑÑ
Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð°Ð»Ð³Ð¾ÑиÑма LZW. Ðно можеÑ
пÑиводиÑÑ Ðº вÑполнениÑ
+пÑоизволÑного кода пÑи попÑÑке ÑаÑпаковки
ÑпеÑиалÑно ÑÑоÑмиÑованного gzip-аÑÑ
ива,
+ÑжаÑого Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ LZW.
- -For the stable distribution (lenny), these problems have been fixed in
- -version 1.3.12-6+lenny1.
+Ð ÑÑабилÑном вÑпÑÑке (lenny) ÑÑи пÑоблемÑ
бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð²
+веÑÑии 1.3.12-6+lenny1.
- -For the oldstable distribution (etch), these problems have been fixed in
- -version 1.3.5-15+etch1.
+РпÑедÑдÑÑем ÑÑабилÑном вÑпÑÑке (etch) ÑÑи
пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð²
+веÑÑии 1.3.5-15+etch1.
- -For the testing distribution (squeeze) and the unstable distribution
- -(sid), these problems will be fixed soon.
+Ð ÑеÑÑиÑÑемом (squeeze) и неÑÑабилÑном (sid)
вÑпÑÑкаÑ
+ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±ÑдÑÑ Ð¸ÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð¿Ð¾Ð·Ð¶Ðµ.
- -We recommend that you upgrade your gzip packages.
+РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑÑ gzip.
# do not modify the following line
- --- english/security/2010/dsa-2129.wml2014-04-30 13:16:22.0
+0600
+++ russian/security/2010/dsa-2129.wml 2016-09-16 23:27:52.977276855 +0500
@@ -1,34 +1,35 @@
- -checksum verification weakness
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+ÑÐ»Ð°Ð±Ð°Ñ Ð¿ÑовеÑка конÑÑолÑнÑÑ
ÑÑмм
- -A vulnerability has been found in krb5, the MIT implementation of
- -Kerberos.
+Ð krb5, ÑеализаÑии Kerberos Ð¾Ñ MIT, бÑла
обнаÑÑжена
+ÑÑзвимоÑÑÑ.
- -MIT krb5 clients incorrectly accept unkeyed checksums in the SAM-2
- -preauthentication challenge: an unauthenticated remote attacker could
- -alter a SAM-2 challenge, affecting the prompt text seen by the user or
- -the kind of response sent to the KDC. Under some circumstances, this
- -can negate the incremental security benefit of using a single-use
- -authentication mechanism token.
- -
- -MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums using
- -RC4 keys when verifying KRB-SAFE messages: an unauthenticated remote
- -attacker has a 1/256 chance of forging KRB-SAFE messages in an
- -application protocol if the targeted pre-existing session uses an RC4
- -session key. Few application protocols use KRB-SAFE messages.
- -