http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=22104
¿©±âº¸½Ã¸éÀº 1.0.1j·Î ¾÷µ¥ÀÌÆ® Ç϶ó°í Çϴµ¥
linux yumÀ¸·Î ¹ÞÀ¸¸é
22ÀÏ ÇöÀç openssl-1.0.1e-30.el6_5.2 ¹öÀüÀ» ´Ù¿î¹Þ°Åµç¿ä
À̹öÀüÀÌ À̹ø À̽´¿¡ Àû¿ëÀÌ µÈ ¹öÀüÀΰ¡¿ä?
À̽´µéÀº ÀÌ·±°ÍµéÀ̳׿ä..
DTLS SRTP Çڵ彦ÀÌÅ© ¸Þ½ÃÁö¸¦ ó¸®ÇÏ´Â Áß ¹ß»ýÇÏ´Â ¸Þ¸ð¸® °í°¥ Ãë¾àÁ¡ (CVE-2014-3513)
SSL/TLS/DTLS ¼¹ö¿¡¼ session ticket °ªÀ» ¹ÞÀ» ¶§ ¹ß»ýÇÏ´Â ¸Þ¸ð¸® °í°¥ Ãë¾àÁ¡ (CVE-2014-3567)
SSL3.0¿¡¼ ´Ù¿î ±×·¹À̵带 ÅëÇØ MITM(man-in-the-middle)°ø°ÝÀ» °¡´ÉÇÏ°Ô Çϴ Ǫµé(Poodle, Padding Oracle On Downloaded Legacy Encryption) Ãë¾àÁ¡ (CVE-2014-3566)
OpenSSL build optionÀÎ no-ssl3¿¡¼ ¹ß»ýÇÑ Ãë¾àÁ¡ (CVE-2014-3568) | |
|