-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2007/dsa-1291.wml 2014-04-30 13:16:12.000000000 +0600 +++ russian/security/2007/dsa-1291.wml 2016-09-24 09:24:22.088191744 +0500 @@ -1,37 +1,39 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several issues have been identified in Samba, the SMB/CIFS - -file- and print-server implementation for GNU/Linux.</p> +<p>Ð Samba, ÑеализаÑии Ñайлового ÑеÑвеÑа и ÑеÑвеÑа пеÑаÑи SMB/CIFS Ð´Ð»Ñ +GNU/Linux, бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей.</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2007-2444">CVE-2007-2444</a> - - <p>When translating SIDs to/from names using Samba local list of user and - - group accounts, a logic error in the smbd daemon's internal security - - stack may result in a transition to the root user id rather than the - - non-root user. The user is then able to temporarily issue SMB/CIFS - - protocol operations as the root user. This window of opportunity may - - allow the attacker to establish addition means of gaining root access to - - the server.</p></li> + <p>ÐÑи пеÑеводе SID в/из имÑн, иÑполÑзÑÑ Ð»Ð¾ÐºÐ°Ð»ÑнÑй ÑпиÑок полÑзоваÑелей Samba и + ÑÑÑÑнÑÑ Ð·Ð°Ð¿Ð¸Ñей гÑÑпп, логиÑеÑÐºÐ°Ñ Ð¾Ñибка во внÑÑÑеннем ÑÑеке безопаÑноÑÑи ÑлÑÐ¶Ð±Ñ + smbd Ð¼Ð¾Ð¶ÐµÑ Ð¿ÑиводиÑÑ Ðº пеÑÐµÑ Ð¾Ð´Ñ Ðº ÑÑÐ¾Ð²Ð½Ñ Ð¸Ð´ÐµÐ½ÑиÑикаÑоÑа ÑÑпеÑполÑзоваÑелÑ, а не + ÑÑÐ¾Ð²Ð½Ñ Ð¿Ð¾Ð»ÑзоваÑелÑ, оÑлиÑного Ð¾Ñ ÑÑпеÑполÑзоваÑелÑ. Ðалее, полÑзоваÑÐµÐ»Ñ Ð¼Ð¾Ð¶ÐµÑ Ð²Ñеменно пÑоизводиÑÑ + опеÑаÑии по пÑоÑÐ¾ÐºÐ¾Ð»Ñ SMB/CIFS Ð¾Ñ Ð»Ð¸Ñа ÑÑпеÑполÑзоваÑелÑ. ÐÐ°Ð½Ð½Ð°Ñ Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð½Ð¾ÑÑÑ Ð¼Ð¾Ð¶ÐµÑ + позволиÑÑ Ð·Ð»Ð¾ÑмÑÑÐ»ÐµÐ½Ð½Ð¸ÐºÑ ÑÑÑановиÑÑ Ð´Ð¾Ð¿Ð¾Ð»Ð½Ð¸ÑелÑнÑе возможноÑÑи полÑÑÐµÐ½Ð¸Ñ Ð¿Ñав ÑÑпеÑполÑзоваÑÐµÐ»Ñ + на ÑеÑвеÑе.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2007-2446">CVE-2007-2446</a> - - <p>Various bugs in Samba's NDR parsing can allow a user to send specially - - crafted MS-RPC requests that will overwrite the heap space with user - - defined data.</p></li> + <p>РазлиÑнÑе оÑибки в коде Ð´Ð»Ñ Ð³ÑаммаÑиÑеÑкого ÑазбоÑа NDR в Samba могÑÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ + полÑзоваÑÐµÐ»Ñ Ð¾ÑпÑавлÑÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованнÑе запÑоÑÑ + MS-RPC, коÑоÑÑе пÑиведÑÑ Ðº пеÑезапиÑи пÑоÑÑÑанÑÑва динамиÑеÑкой памÑÑи полÑзоваÑелÑÑкими + даннÑми.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2007-2447">CVE-2007-2447</a> - - <p>Unescaped user input parameters are passed as arguments to /bin/sh - - allowing for remote command execution.</p></li> + <p>ÐведÑннÑе полÑзоваÑелем неÑкÑаниÑованнÑе паÑамеÑÑÑ Ð¿ÐµÑедаÑÑÑÑ Ð² каÑеÑÑве аÑгÑменÑов /bin/sh, + ÑÑо позволÑÐµÑ ÑдалÑнно вÑполнÑÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ.</p></li> </ul> - -<p>For the stable distribution (etch), these problems have been fixed in - -version 3.0.24-6etch1.</p> +<p>Ð ÑÑабилÑном вÑпÑÑке (etch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 3.0.24-6etch1.</p> - -<p>For the testing and unstable distributions (lenny and sid, - -respectively), these problems have been fixed in version 3.0.25-1.</p> +<p>Ð ÑеÑÑиÑÑемом и неÑÑабилÑном вÑпÑÑÐºÐ°Ñ (lenny и sid, ÑооÑвеÑÑÑвенно) +ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 3.0.25-1.</p> - -<p>We recommend that you upgrade your samba package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ samba.</p> </define-tag> # do not modify the following line - --- english/security/2007/dsa-1362.wml 2014-04-30 13:16:13.000000000 +0600 +++ russian/security/2007/dsa-1362.wml 2016-09-24 09:30:17.834279467 +0500 @@ -1,42 +1,43 @@ - -<define-tag description>several vulnerabilities</define-tag> +#use wml::debian::translation-check translation="1.9" maintainer="Lev Lamberov" +<define-tag description>неÑколÑко ÑÑзвимоÑÑей</define-tag> <define-tag moreinfo> - -<p>Several vulnerabilities were discovered in lighttpd, a fast webserver with - -minimal memory footprint, which could allow the execution of arbitrary code via - -the overflow of CGI variables when mod_fcgi was enabled. The Common - -Vulnerabilities and Exposures project identifies the following problems:</p> +<p>Ð lighttpd, бÑÑÑÑом веб-ÑеÑвеÑе Ñ Ð¼Ð¸Ð½Ð¸Ð¼Ð°Ð»ÑнÑм поÑÑеблением памÑÑи, +бÑло обнаÑÑжено неÑколÑко ÑÑзвимоÑÑей, коÑоÑÑе могÑÑ Ð¿Ð¾Ð·Ð²Ð¾Ð»Ð¸ÑÑ Ð²ÑполниÑÑ Ð¿ÑоизволÑнÑй код Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ +пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ CGI-пеÑеменнÑÑ Ð² ÑлÑÑае вклÑÑÐµÐ½Ð¸Ñ mod_fcgi. ÐÑÐ¾ÐµÐºÑ Common +Vulnerabilities and Exposures опÑеделÑÐµÑ ÑледÑÑÑие пÑоблемÑ:</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2007-3946">CVE-2007-3946</a> - - <p>The use of mod_auth could leave to a denial of service attack crashing - - the webserver.</p></li> + <p>ÐÑполÑзование mod_auth могÑÑ Ð¿ÑиводиÑÑ Ðº оÑÐºÐ°Ð·Ñ Ð² обÑлÑживании в ÑвÑзи Ñ Ð°Ð²Ð°Ñийной + оÑÑановкой веб-ÑеÑвеÑа.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2007-3947">CVE-2007-3947</a> - - <p>The improper handling of repeated HTTP headers could cause a denial - - of service attack crashing the webserver.</p></li> + <p>ÐепÑавилÑÐ½Ð°Ñ Ð¾Ð±ÑабоÑка повÑоÑÑÑÑÐ¸Ñ ÑÑ HTTP-заголовков Ð¼Ð¾Ð¶ÐµÑ Ð²ÑзÑваÑÑ Ð¾Ñказ + в обÑлÑживании в ÑвÑзи Ñ Ð°Ð²Ð°Ñийной оÑÑановкой веб-ÑеÑвеÑа.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2007-3949">CVE-2007-3949</a> - - <p>A bug in mod_access potentially allows remote users to bypass - - access restrictions via trailing slash characters.</p></li> + <p>ÐÑибка в mod_access поÑенÑиалÑно позволÑÐµÑ ÑдалÑннÑм полÑзоваÑелÑм Ð¾Ð±Ñ Ð¾Ð´Ð¸ÑÑ + огÑаниÑÐµÐ½Ð¸Ñ Ð´Ð¾ÑÑÑпа Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð·Ð°Ð²ÐµÑÑаÑÑÐ¸Ñ ÐºÐ¾ÑÑÑ ÑеÑÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2007-3950">CVE-2007-3950</a> - - <p>On 32-bit platforms users may be able to create denial of service - - attacks, crashing the webserver, via mod_webdav, mod_fastcgi, or + <p>Ðа 32-биÑнÑÑ Ð¿Ð»Ð°ÑÑоÑÐ¼Ð°Ñ Ð¿Ð¾Ð»ÑзоваÑели могÑÑ Ð²ÑзÑваÑÑ Ð¾Ñказ в обÑлÑживании, + аваÑийно оÑÑÐ°Ð½Ð°Ð²Ð»Ð¸Ð²Ð°Ñ Ð²ÐµÐ±-ÑеÑÐ²ÐµÑ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ mod_webdav, mod_fastcgi или mod_scgi.</p></li> </ul> - -<p>For the stable distribution (etch), these problems have been fixed in version +<p>Ð ÑÑабилÑном вÑпÑÑке (etch) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² веÑÑии 1.4.13-4etch4.</p> - -<p>For the unstable distribution (sid), these problems have been fixed in - -version 1.4.16-1.</p> +<p>РнеÑÑабилÑном вÑпÑÑке (sid) ÑÑи пÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð±Ñли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ Ð² +веÑÑии 1.4.16-1.</p> - -<p>We recommend that you upgrade your lighttpd package.</p> +<p>РекомендÑеÑÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð¸ÑÑ Ð¿Ð°ÐºÐµÑ lighttpd.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5gFcAAoJEF7nbuICFtKlUZ4QAIEQwXnSlZ2jZD22M06eKPG0 FTasSOKULJe/BOPUPTrRE2agy+0GFUiP+WVcX78a3NnvkweEixCSvgXIkiHKkLja t6LHSG2EgV/TNfAkbpaFotgWrhe1HiB0cCa1eeeeIdRDGdSwRPlzBEax2tJDlJ1u NO65FEwljoQnGkqPeR1G+67Vt6d8DbPUeJ+vp0ZEBCdi6s3paQW/SF4EAKbOoL+H bS9Dg/rvzwuVozdzlVrQDoIG6G9BdOC5my2rRpzj79em1rEndP9XvJ6kzpNxp8aI +W5iLPiXivzpS5btkSoNm5KB9iPJqFbK0XOlKdnJbe3YYj5EgxYTcpApWs0VRmEd 50Ivkhr/X1dSnHmP/IjxkFP4Jw73NW87yw5xCDlAuc6YR6chsFFRMIGWNFXXsnA3 vTBzk3gST6e8Ur7eom9fXNzwdahmvbxYEudfjHZkNEg27sdkGUJNRM6L7bFnkQKP /pR5WMYta0YpubfsDx8bzJb8F8+bulWRLifvtHxzQiJSTk7C6/ZGIhFwyBWYqJtx /bUvPPDq9x7/AghnuUdZwm3e+AAAnDYkhIoDd9MCH5JimgAjRnu0UEHnQg/tcqGH Ug7uvM+AHVcGkSID+4LmVg6kuH07z6MtshWKTxnlKM72aamNlzTC07XJ2js4cDea 2fBz4zAj2VrRHv7Zjyf0 =Nk5m -----END PGP SIGNATURE-----