°³¿ä
- Ãë¾àÇÑ OpenSSL ¹öÀüÀ» »ç¿ëÇÏ´Â ¼¹ö¿Í Ŭ¶óÀ̾ðÆ® »çÀÌ¿¡¼ °ø°ÝÀÚ°¡ ¾ÏÈ£ÈµÈ µ¥ÀÌÅ͸¦ º¹È£ÈÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡, ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ µî 7°³ÀÇ Ãë¾àÁ¡À» º¸¿ÏÇÑ º¸¾È¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥[1]
¼³¸í
- TLS ÇÁ·ÎÅäÄÝ¿¡¼ Diffie-Hellman Å° ±³È¯ ó¸® Áß 512ºñÆ®·Î ´Ù¿î±×·¹ÀÌµå ½ÃÅ°´Â Ãë¾àÁ¡(CVE-2015-4000)
- ECParameters ±¸Á¶ ó¸® Áß ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ (CVE-2015-1788)
- X509_cmp_time ÇÔ¼ö¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ °ø°Ý Ãë¾àÁ¡ (CVE-2015-1789)
- ASN.1 ÀÎÄÚµù µÈ PKCS#7 µ¥ÀÌÅÍ Ã³¸® Áß ¹ß»ýÇÏ´Â Out-of-bounds Àб⠰¡´É Ãë¾àÁ¡(CVE-2015-1790)
- ¾Ë ¼ö ¾ø´Â Çؽ¬ ÇÔ¼ö¸¦ »ç¿ëÇÏ´Â ¾ÏÈ£È ¸Þ½ÃÁö ó¸® Áß ¹ß»ýÇÏ´Â ¹«ÇÑ ·çÇÁ Ãë¾àÁ¡ (CVE-2015-1792)
- NewSessionTicket ó¸® Áß ¹ß»ýÇÏ´Â Race condition Ãë¾àÁ¡ (CVE-2015-1791)
- ChangeCipherSpec ¸Þ½ÃÁö¿Í ¿Ï·á ¸Þ½ÃÁö »çÀÌ¿¡ µ¥ÀÌÅÍ Ã³¸® Áß ¹ß»ýÇÏ´Â Double Free Ãë¾àÁ¡ (CVE-2014-8176)
ÇØ´ç ½Ã½ºÅÛ
- ¿µÇâ ¹Þ´Â Á¦Ç° ¹× ¹öÀü
- OpenSSL 1.0.2 ´ë ¹öÀü
- OpenSSL 1.0.1 ´ë ¹öÀü
- OpenSSL 1.0.0 ´ë ¹öÀü
- OpenSSL 0.9.8 ´ë ¹öÀü
ÇØ°á ¹æ¾È
- ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâ ¹Þ´Â ¹öÀüÀÇ »ç¿ëÀÚ´Â ¾Æ·¡ ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®[2]
- OpenSSL 1.0.2 »ç¿ëÀÚ : 1.0.2b·Î ¾÷µ¥ÀÌÆ®
- OpenSSL 1.0.1 »ç¿ëÀÚ : 1.0.1n·Î ¾÷µ¥ÀÌÆ®
- OpenSSL 1.0.0 »ç¿ëÀÚ : 1.0.0s·Î ¾÷µ¥ÀÌÆ®
- OpenSSL 0.9.8 »ç¿ëÀÚ : 0.9.8zg·Î ¾÷µ¥ÀÌÆ®
¡Ø CVE-2015-4000Àº OpenSSL 1.0.2b, 1.0.1n¿¡¼¸¸ ¼öÁ¤
¿ë¾î ¼³¸í
- Diffie-Hellman Å° ±³È¯ : ¾ÏÈ£È µÇÁö ¾ÊÀº Åë½Å¸Á¿¡¼ÀÇ °øÅëÀÇ ºñ¹Ð Å° °øÀ¯¸¦ À§ÇÑ ¾Ë°í¸®Áò
- PKCS#7 : RSA»ç°¡ Á¦½ÃÇÑ °ø°³ Å° ¾ÏÈ£ Ç¥ÁØÀÇ Çϳª·Î ¾ÏÈ£ÇÐÀû ¸Þ½ÃÁö ±¸¹® Ç¥ÁØ
Ãß°¡»çÇ×
- Open SSL 0.9.8, OpenSSL 1.0.0 ¹öÀüÀº 2015³â 12¿ù 31ÀϺηΠ¼ºñ½º Á¾·á ¿¹Á¤À¸·Î ÇØ´ç ¹öÀüÀ» »ç¿ëÁßÀÎ »ç¿ëÀÚ´Â ¾÷µ¥ÀÌÆ® °ËÅä ¿ä¸Á
±âŸ ¹®ÀÇ»çÇ×
- Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
[Âü°í»çÀÌÆ®]
- http://openssl.org/news/secadv_20150611.txt
- https://www.openssl.org
|