-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --- english/security/2015/dla-222.wml 2016-04-07 03:47:55.000000000 +0500 +++ russian/security/2015/dla-222.wml 2016-05-04 14:17:48.183903836 +0500 @@ -1,30 +1,31 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-5783">CVE-2012-5783</a> - -<p>and <a href="https://security-tracker.debian.org/tracker/CVE-2012-6153">CVE-2012-6153</a> - - Apache Commons HttpClient 3.1 did not verify that the server hostname - - matches a domain name in the subject's Common Name (CN) or subjectAltName - - field of the X.509 certificate, which allows man-in-the-middle attackers to - - spoof SSL servers via an arbitrary valid certificate. - - Thanks to Alberto Fernandez Martinez for the patch.</p></li> +<p>и <a href="https://security-tracker.debian.org/tracker/CVE-2012-6153">CVE-2012-6153</a> + Apache Commons HttpClient 3.1 не вÑполнÑÐµÑ Ð¿ÑовеÑÐºÑ Ñого, ÑÑо Ð¸Ð¼Ñ ÑеÑвеÑа + ÑÐ¾Ð²Ð¿Ð°Ð´Ð°ÐµÑ Ñ Ð¸Ð¼ÐµÐ½ÐµÐ¼ домена в поле Common Name (CN) или subjectAltName + ÑеÑÑиÑикаÑа X.509, ÑÑо позволÑÐµÑ Ð·Ð»Ð¾ÑмÑÑленникам вÑполнÑÑÑ Ð°ÑÐ°ÐºÑ Ð¿Ð¾ пÑинÑÐ¸Ð¿Ñ Ñеловек-в-ÑеÑедине Ð´Ð»Ñ + подделки SSL ÑеÑвеÑов Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ Ð¿ÑоизволÑного коÑÑекÑного ÑеÑÑиÑикаÑа. + ÐÑÑажаем благодаÑноÑÑÑ ÐлбеÑÑо ФеÑÐ½Ð°Ð½Ð´ÐµÐ·Ñ ÐаÑÑÐ¸Ð½ÐµÐ·Ñ Ð·Ð° ÑÑÑ Ð·Ð°Ð¿Ð»Ð°ÑÑ.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3577">CVE-2014-3577</a> - - <p>It was found that the fix for <a href="https://security-tracker.debian.org/tracker/CVE-2012-6153">CVE-2012-6153</a> was incomplete: the code added - - to check that the server hostname matches the domain name in a subject's - - Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle - - attacker could use this flaw to spoof an SSL server using a specially - - crafted X.509 certificate. The fix for <a href="https://security-tracker.debian.org/tracker/CVE-2012-6153">CVE-2012-6153</a> was intended to address - - the incomplete patch for <a href="https://security-tracker.debian.org/tracker/CVE-2012-5783">CVE-2012-5783</a>. The issue is now completely resolved - - by applying this patch and the one for the previous CVEs</p></li> + <p>ÐÑло обнаÑÑжено, ÑÑо иÑпÑавление <a href="https://security-tracker.debian.org/tracker/CVE-2012-6153">CVE-2012-6153</a> неполно: код, добавленнÑй + Ð´Ð»Ñ Ð¿ÑовеÑки Ñого, ÑÑо Ð¸Ð¼Ñ ÑеÑвеÑа ÑÐ¾Ð²Ð¿Ð°Ð´Ð°ÐµÑ Ñ Ð¸Ð¼ÐµÐ½ÐµÐ¼ домена в поле + Common Name (CN) ÑеÑÑиÑикаÑов X.509, оказалÑÑ ÑÑзвим. ÐлоÑмÑÑленник, иÑполÑзÑÑ Ð¿ÑинÑип Ñеловек-в-ÑеÑедине, Ð¼Ð¾Ð¶ÐµÑ + иÑполÑзоваÑÑ ÑÑÑ ÑÑзвимоÑÑÑ Ð´Ð»Ñ Ð¿Ð¾Ð´Ð´ÐµÐ»ÐºÐ¸ SSL ÑеÑвеÑа, иÑполÑзÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованнÑй + ÑеÑÑиÑÐ¸ÐºÐ°Ñ X.509. ÐÑпÑавление Ð´Ð»Ñ <a href="https://security-tracker.debian.org/tracker/CVE-2012-6153">CVE-2012-6153</a> должно бÑло иÑпÑавиÑÑ + неполнÑÑ Ð·Ð°Ð¿Ð»Ð°ÑÑ Ð´Ð»Ñ <a href="https://security-tracker.debian.org/tracker/CVE-2012-5783">CVE-2012-5783</a>. ÐÐ°Ð½Ð½Ð°Ñ Ð¿Ñоблема ÑепеÑÑ Ð¿Ð¾Ð»Ð½Ð¾ÑÑÑÑ ÑеÑена + пÑÑÑм пÑÐ¸Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ñказанной заплаÑÑ Ð¸ заплаÑÑ Ð´Ð»Ñ Ð¿ÑедÑдÑÑей пÑÐ¾Ð±Ð»ÐµÐ¼Ñ CVE.</p></li> </ul> - -<p>This upload was prepared by Markus Koschany.</p> +<p>ÐÐ°Ð½Ð½Ð°Ñ Ð·Ð°Ð³ÑÑзка бÑла подгоÑовлена ÐаÑкÑÑом ÐоÑани.</p> </define-tag> # do not modify the following line - --- english/security/2015/dla-323.wml 2016-04-07 03:10:36.000000000 +0500 +++ russian/security/2015/dla-323.wml 2016-05-04 14:30:06.436562812 +0500 @@ -1,38 +1,41 @@ - -<define-tag description>LTS security update</define-tag> +#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov" +<define-tag description>обновление безопаÑноÑÑи LTS</define-tag> <define-tag moreinfo> - -<p>The following two issues have recently been fixed in Debian LTS (squeeze) - -for the fuseiso package.</p> +<p>РпакеÑе fuseiso в Debian LTS (squeeze) недавно бÑли иÑпÑÐ°Ð²Ð»ÐµÐ½Ñ +две пÑоблемÑ.</p> - -<p>Issue 1</p> +<p>ÐÑоблема 1</p> - - <p>An integer overflow, leading to a heap-based buffer overflow flaw was - - found in the way FuseISO, a FUSE module to mount ISO filesystem - - images, performed reading of certain ZF blocks of particular inodes. - - A remote attacker could provide a specially-crafted ISO file that, - - when mounted via the fuseiso tool would lead to fuseiso binary crash.</p> + <p>Ð ÑпоÑобе, иÑполÑзÑемом FuseISO, модÑле FUSE Ð´Ð»Ñ Ð¼Ð¾Ð½ÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ + обÑазов ÑайловÑÑ ÑиÑÑем ISO, бÑло обнаÑÑжено пеÑеполнение ÑелÑÑ + ÑиÑел, пÑоводÑÑее к пеÑÐµÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð±ÑÑеÑа и возникаÑÑее пÑи ÑÑении + опÑеделÑннÑÑ Ð±Ð»Ð¾ÐºÐ¾Ð² ZF опÑеделÑннÑÑ Ð¸Ð½Ð´ÐµÐºÑнÑÑ Ð´ÐµÑкÑипÑоÑов. + УдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¿ÐµÑедаÑÑ ÑпеÑиалÑно ÑÑоÑмиÑованнÑй Ñайл ISO, коÑоÑÑй пÑи + его монÑиÑовании ÑеÑез инÑÑÑÑÐ¼ÐµÐ½Ñ fuseiso пÑиведÑÑ Ðº аваÑийной оÑÑановке двоиÑного Ñайла fuseiso.</p> - - <p>This issue was discovered by Florian Weimer of Red Hat Product + <p>ÐÐ°Ð½Ð½Ð°Ñ Ð¿Ñоблема бÑла обнаÑÑжена ФлоÑианом ÐаймеÑом из Red Hat Product Security Team.</p> - - <p>The issue got resolve by bailing out before ZF blocks that exceed the - - supported block size of 2^17 are to be read.</p> + <p>ÐÑоблема бÑла ÑеÑена пÑÑÑм оÑÑановки до Ñого моменÑа, как блоки ZF, пÑевÑÑаÑÑие + поддеÑживаемÑй ÑÐ°Ð·Ð¼ÐµÑ Ð±Ð»Ð¾ÐºÐ° в 2^17, бÑдÑÑ Ð¿ÑоÑиÑанÑ.</p> - -<p>Issue 2</p> +<p>ÐÑоблема 2</p> - - <p>A stack-based buffer overflow flaw was found in the way FuseISO, a - - FUSE module to mount ISO filesystem images, performed expanding of - - directory portions for absolute path filename entries. A remote - - attacker could provide a specially-crafted ISO file that, when - - mounted via fuseiso tool would lead to fuseiso binary crash or, - - potentially, arbitrary code execution with the privileges of the user - - running the fuseiso executable.</p> + <p>Ð ÑпоÑобе, иÑполÑзÑемом FuseISO, модÑле FUSE Ð´Ð»Ñ Ð¼Ð¾Ð½ÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ + обÑазов ÑайловÑÑ ÑиÑÑем ISO, бÑло обнаÑÑжено пеÑеполнение бÑÑеÑа, + возникаÑÑее пÑи ÑаÑкÑÑÑии ÑаÑÑей каÑалога Ð´Ð»Ñ Ð°Ð±ÑолÑÑнÑÑ Ð¿ÑÑей имÑн + Ñайлов. УдалÑннÑй злоÑмÑÑленник Ð¼Ð¾Ð¶ÐµÑ Ð¿ÐµÑедаÑÑ + ÑпеÑиалÑно ÑÑоÑмиÑованнÑй Ñайл ISO, коÑоÑÑй пÑи его + монÑиÑовании ÑеÑез инÑÑÑÑÐ¼ÐµÐ½Ñ fuseiso пÑиведÑÑ Ðº аваÑийной оÑÑановке двоиÑного Ñайла fuseiso или + поÑенÑиалÑÐ½Ð¾Ð¼Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑоизволÑного кода Ñ Ð¿Ñавами полÑзоваÑелÑ, + запÑÑÑивÑего иÑполнÑемÑй Ñайл fuseiso.</p> - - <p>This issue was discovered by Florian Weimer of Red Hat Product + <p>ÐÑа пÑоблема бÑла обнаÑÑжена ФлоÑианом ÐаймеÑом из Red Hat Product Security Team.</p> - - <p>The issue got resolved by checking the resulting length of an - - absolute path name and by bailing out if the platform's PATH_MAX - - value gets exceeded.</p> + <p>ÐÑоблема бÑла ÑеÑена пÑÑÑм вÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¿ÑовеÑки оконÑаÑелÑной Ð´Ð»Ð¸Ð½Ñ + абÑолÑÑного пÑÑи и оÑÑановки в Ñом ÑлÑÑае, еÑли знаÑение PATH_MAX + данной плаÑÑоÑÐ¼Ñ Ñже пÑевÑÑено.</p> </define-tag> # do not modify the following line -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXKcEgAAoJEF7nbuICFtKlLjMP/jbYlZIJo+NUtw6S3wsO895h GoQd2IS00303OUbZBwmpx8J5INv98mvajVV3vTjPHbegFr8ltctzRkGlS7Tjc6os ueHH8KbYE0Qs8MuyTmxiMS6DHahLtbtW4KMpDgrjEJ5qQT/3yh1ZJQE6N1UXW5Ca 5K00cHgwmuedWcmWG3FBN34kNhMKY9bKC8XxSINEdN1N4OXU5B1o6EnyAHD9Q4k4 YkmmA4PLton0qYUeYy8aUSJ0nokQTkxloOjWP6lwQOTCHJSnXxapiGU7lDxbcoTa TiNljSOSpxaRbp38aXQQTfNTnijZX2zcl2DaqxdsI6lK5wD+OqNFOFKHhnHN6lm6 glN362DB3+F5YTtjjDdSvI3CBIAujgVeIlF82roY9i9KVMCL0tza/7b0NtHkcfPJ OjDs9rNNIvA8+8+9Rm9oSBe6yHFB2+lqGytWJ7WtBQnjFzf/MIa37bZmTl2CSPrT BJ07/FUPFKb4LQqCAFEOYe1Z85p90k36lGAnC4dL9l31yWQzCA0SbbiRq+09Z7xE OYkhNmeI1Yvl/439WJI0GYgLgZvWY/A4RsRza1JxX8VSh2vRUmYrpEmeaGUoGvkK QYBNzdvfGNLhtTvLSPTXbJ8JYHF4XWQSElzKYNIQQCJC691GiyaGIYIMWOzpqCPy p1YOFTLUqOVaQ7xPNNfg =2ase -----END PGP SIGNATURE-----