»Ë»Ñ Æ÷·³
·Î±×ÀΠȸ¿ø°¡ÀÔ|¾ÆÀ̵ðºñ¹øã±â
°³¹ßÀÚÆ÷·³ ÀÔ´Ï´Ù.
  • ºÏ¸¶Å© ¾ÆÀÌÄÜ

openssl°ú º¸¾È±Ç°í¹®..1

  • Èæ¿ì¿¬
  • µî·ÏÀÏ 2014-10-24 13:07
  • Á¶È¸¼ö 471
http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=22104


¿©±âº¸½Ã¸éÀº 1.0.1j·Î ¾÷µ¥ÀÌÆ® Ç϶ó°í Çϴµ¥
linux yumÀ¸·Î ¹ÞÀ¸¸é
22ÀÏ ÇöÀç openssl-1.0.1e-30.el6_5.2 ¹öÀüÀ» ´Ù¿î¹Þ°Åµç¿ä
À̹öÀüÀÌ À̹ø À̽´¿¡ Àû¿ëÀÌ µÈ ¹öÀüÀΰ¡¿ä?

À̽´µéÀº ÀÌ·±°ÍµéÀ̳׿ä..
DTLS SRTP Çڵ彦ÀÌÅ© ¸Þ½ÃÁö¸¦ ó¸®ÇÏ´Â Áß ¹ß»ýÇÏ´Â ¸Þ¸ð¸® °í°¥ Ãë¾àÁ¡ (CVE-2014-3513)
SSL/TLS/DTLS ¼­¹ö¿¡¼­ session ticket °ªÀ» ¹ÞÀ» ¶§ ¹ß»ýÇÏ´Â ¸Þ¸ð¸® °í°¥ Ãë¾àÁ¡ (CVE-2014-3567)
SSL3.0¿¡¼­ ´Ù¿î ±×·¹À̵带 ÅëÇØ MITM(man-in-the-middle)°ø°ÝÀ» °¡´ÉÇÏ°Ô Çϴ Ǫµé(Poodle, Padding Oracle On Downloaded Legacy Encryption) Ãë¾àÁ¡ (CVE-2014-3566)
OpenSSL build optionÀÎ no-ssl3¿¡¼­ ¹ß»ýÇÑ Ãë¾àÁ¡ (CVE-2014-3568)

0
 ÃßõÇϱ⠴ٸ¥ÀÇ°ß 0
 |
°øÀ¯¹öÆ°

´Ù¸¥ÀÇ°ß 0 Ãßõ 0 ilikec1
https://rhn.redhat.com/errata/RHSA-2014-1652.html
2014-10-25 Á¡¾ÆÀÌÄÜ
  1. ´ñ±ÛÁÖ¼Òº¹»ç
  • ¾Ë¸² ¿å¼³, »óó ÁÙ ¼ö ÀÖ´Â ¾ÇÇÃÀº »ï°¡ÁÖ¼¼¿ä.
©¹æ »çÁø  
¡â ÀÌÀü±Û¡ä ´ÙÀ½±Û
»çÀÌÆ®¼Ò°³ ¿î¿µÂü¿© °Ô½ÃÁß´Ü¿äû ÀÌ¿ë¾à°ü °³ÀÎÁ¤º¸Ã³¸®¹æħ û¼Ò³âº¸È£Á¤Ã¥ ºÒ¹ýÃÔ¿µ¹°µî ½Å°í ±¤°í/Á¦ÈÞ ¸ÞÀϹ®ÀÇ »Ë»Ñä¿ë ´ÙÅ©¸ðµå
Copyright 2005-2024 ppomppu. All rights reserved