English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 210235
À§Çèµµ 40
Æ÷Æ® 80, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù WWW
»ó¼¼¼³¸í ¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ OpenSSLÀº 1.1.1t ÀÌÀüÀÔ´Ï´Ù. µû¶ó¼­ 1.1.1t ±Ç°í¿¡ ³ª¿­µÈ ¿©·¯ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.

- X.509 GeneralNameÀÇ X.400 ÁÖ¼Ò Ã³¸®¿Í °ü·ÃµÈ À¯ÇüÀÇ Ãë¾àÁ¡ Ãë¾àÁ¡ÀÌ ÀÖ½À´Ï´Ù.X.400 ÁÖ¼Ò´Â ASN1_STRINGÀ¸·Î ±¸¹® ºÐ¼®µÇ¾úÁö¸¸ GENERAL_NAMEÀÇ °ø¿ë ±¸Á¶Ã¼ Á¤ÀÇ¿¡¼­ x400Address Çʵå À¯ÇüÀÌ ASN1_TYPEÀ¸·Î ºÎÀûÀýÇÏ°Ô ÁöÁ¤µÇ¾ú½À´Ï´Ù.(CVE-2023-0286)

- °ø¿ë API ÇÔ¼ö BIO_new_NDEF´Â BIO¸¦ ÅëÇØ ASN.1 µ¥ÀÌÅ͸¦ ½ºÆ®¸®¹ÖÇÏ´Â µ¥ »ç¿ëµÇ´Â µµ¿ì¹Ì ÇÔ¼öÀÔ´Ï´Ù. ÀÌ´Â SMIME, CMS ¹× PKCS7 ½ºÆ®¸®¹Ö ±â´ÉÀ» Áö¿øÇϱâ À§ÇØ OpenSSL ³»ºÎ¿¡¼­ ÁÖ·Î »ç¿ëµÇÁö¸¸ ÃÖÁ¾ »ç¿ëÀÚ ÀÀ¿ë ÇÁ·Î±×·¥¿¡¼­ Á÷Á¢ È£ÃâµÉ ¼öµµ ÀÖ½À´Ï´Ù. (CVE-2023-0215)

- PEM_read_bio_ex() ÇÔ¼ö´Â BIO¿¡¼­ PEM ÆÄÀÏÀ» Àаí À̸§(¿¹:CERTIFICATE), ¸ðµç Çì´õ µ¥ÀÌÅÍ ¹× ÆäÀÌ·Îµå µ¥ÀÌÅ͸¦ ±¸¹® ºÐ¼®ÇÏ°í µðÄÚµùÇÕ´Ï´Ù. ÇÔ¼ö°¡ ¼º°øÇϸé name_out, header ¹× data Àμö´Â ¿¬°üµÈ µðÄÚµùµÈ µ¥ÀÌÅ͸¦ Æ÷ÇÔÇÏ´Â ¹öÆÛ¿¡ ´ëÇÑ Æ÷ÀÎÅ͸¦ ÀÔ·ÂÇÕ´Ï´Ù.(CVE-2022-4450)

- OpenSSL RSA Decryption ±¸Çö¿¡ ŸÀÌ¹Ö ±â¹Ý »çÀ̵å ä³ÎÀÌ ÀÖÀ¸¹Ç·Î Bleichenbacher ½ºÅ¸ÀÏ °ø°ÝÀ¸·Î Àüü ³×Æ®¿öÅ©ÀÇ ÀÏ¹Ý ÅؽºÆ®¸¦ ÃæºÐÈ÷ º¹¿ø ÇÒ ¼ö ÀÖ½À´Ï´Ù. ¼º°øÀûÀÎ µðÄÚµùÀ» À§Çؼ­´Â °ø°ÝÀÚ°¡ ¸Å¿ì ¸¹Àº ½Ãµµ ¸Þ½ÃÁö¸¦ Çص¶Çϱâ À§ÇØ Àü¼ÛÇÒ ¼ö ÀÖ¾î¾ß ÇÕ´Ï´Ù.(CVE-2022-4304)

* Âü°í »çÀÌÆ®:
https://www.cve.org/CVERecord?id=CVE-2023-0286
https://www.openssl.org/news/secadv/20230207.txt
https://www.openssl.org/policies/secpolicy.html
https://www.cve.org/CVERecord?id=CVE-2023-0215
https://www.cve.org/CVERecord?id=CVE-2022-4450
https://www.cve.org/CVERecord?id=CVE-2022-4304

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
1.1.1t ÀÌÀüÀÇ OpenSSL 1.1.x ¹öÀüµé
Linux Any version
Unix Any version
Microsoft Windows Any version
ÇØ°áÃ¥ OpenSSL À¥ »çÀÌÆ®ÀÎ http://www.openssl.org/ ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â OpenSSLÀÇ °¡Àå ÃֽŠ¹öÀü(1.1.1t ¶Ç´Â ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)