English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 22630
À§Çèµµ 30
Æ÷Æ® 80, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù CGI
»ó¼¼¼³¸í ÇØ´ç À¥ ¼­¹ö´Â 5.5.13 º¸´Ù ´õ ¿À·¡µÈ PHPÀÇ ¹öÀüÀ» °¡µ¿ ÁßÀÌ´Ù. PHP´Â À¥ °³¹ß¿¡ ÀûÇÕÇÏ°í HTML¿¡ ÀÓº£µðµå(embedded) µÉ ¼ö ÀÖ´Â ³Î¸® »ç¿ë ÁßÀÎ ¹ü¿ë ½ºÅ©¸³Æà ¾ð¾îÀÌ´Ù. PHPÀÇ 5.5.13 ÀÌÀüÀÇ ¹öÀü¿¡´Â ´ÙÁß Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

- 'src/cdf.c' ÆÄÀÏÀÇ 'cdf_unpack_summary_info()' ÇÔ¼ö¿¡ ¿À·ù°¡ Á¸ÀçÇØ Á¶ÀÛµÈ CDF ÆÄÀÏÀ» ´Ù·ê¶§ ¹«ÇÑ ·çÇÁ¿¡ ºüÁú ¼ö ÀÖ´Ù. (CVE-2014-0237)

- 'src/cdf.c' ÆÄÀÏÀÇ 'cdf_read_property_info()' ÇÔ¼ö¿¡ ¿À·ù°¡ Á¸ÀçÇØ Á¶ÀÛµÈ CDF ÆÄÀÏÀ» ´Ù·ê¶§, file_printf ´ÙÁß È£ÃâÇÏ¸é ¾îÇø®ÄÉÀ̼ÇÀÌ Å©·¡½ÃÇÒ ¼öÀÖ´Ù. (CVE-2014-0238)

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç ¿ø°ÝÁö PHP ¼­¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼­ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://www.php.net/ChangeLog-5.php#5.5.13
https://bugs.php.net/bug.php?id=67327
https://bugs.php.net/bug.php?id=67328

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
PHP 5.5.13 ÀÌÀüÀÇ ¹öÀüµé
Any operating system Any version
ÇØ°áÃ¥ PHP À¥ »çÀÌÆ®ÀÎ http://www.php.net/downloads.php ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â PHPÀÇ °¡Àå ÃֽŠ¹öÀü(5.5.13 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2014-0237,CVE-2014-0238 (CVE)
°ü·Ã URL 67759,67765 (SecurityFocus)
°ü·Ã URL (ISS)