|
|
[ °ø Áö ] OpenSSL ½Å±Ô Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í |
|
2017-02-20 |
|
|
¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.
¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²² Áø½ÉÀ¸·Î °¨»çµå¸®¸ç
OpenSSL ½Å±Ô Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.
---------------------------------------------------------------------------
¡à °³¿ä
o OpenSSL¿¡¼ ¼ºñ½º °ÅºÎ °ø°ÝÀÌ °¡´ÉÇÑ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ [1]
¡à ¼³¸í
o ÇÚµå ¼ÎÀÌÅ©°¡ ÁøÇàµÇ´Â °úÁ¤¿¡¼ ¾ÏÈ£ ¾Ë°í¸®Áò(Encrypted-Then-Mac)À» Àç°ËÅä ÇÒ ¶§ Ãæµ¹ÀÌ ¹ß»ýÇÏ´Â Ãë¾àÁ¡
(CVE-2017-3733)
¡à ÇØ´ç ½Ã½ºÅÛ
o ¿µÇâÀ» ¹Þ´Â Á¦Ç° ¹× ¹öÀü
- OpenSSL 1.1.0 ¹öÀü
¡à ÇØ°á ¹æ¾È
o OpenSSL 1.1.0 ¹öÀü »ç¿ëÀÚ´Â 1.1.0e ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® [2]
¡à ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
[Âü°í»çÀÌÆ®]
[1] https://www.openssl.org/news/secadv/20170216.txt
[2] https://www.openssl.org/source/
°¨»çÇÕ´Ï´Ù.
---------------------------------------------------------------------------
Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼ºñ½º [ È£½ºÆ®¸ÕÆ® ]
|
|
|