Ãë¾àÁ¡ID |
22976 |
À§Çèµµ |
30 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
WWW |
»ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ OpenSSL ¹öÀüÀº 1.1.1j ÀÌÀüÀÔ´Ï´Ù. µû¶ó¼ 1.1.1j ±Ç°í¿¡ ¾ð±Þ µÈ ¿©·¯ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.
-OpenSSL °ø¿ë API ÇÔ¼ö X509_issuer_and_serial_hash ()´Â X509 ÀÎÁõ¼¿¡ Æ÷ÇÔ µÈ ¹ß±ÞÀÚ ¹× ÀÏ·Ã ¹øÈ£ µ¥ÀÌÅ͸¦ ±â¹ÝÀ¸·Î °íÀ¯ ÇÑ Çؽà °ªÀ» »ý¼ºÇÏ·Á°í ÇÕ´Ï´Ù. ±×·¯³ª issuer Çʵ带 ±¸¹® ºÐ¼®ÇÏ´Â µ¿¾È ¹ß»ýÇÒ ¼ö ÀÖ´Â ¿À·ù¸¦ ¿Ã¹Ù¸£°Ô ó¸®ÇÏÁö ¸øÇÕ´Ï´Ù (issuer Çʵ尡 ¾ÇÀÇÀûÀ¸·Î ±¸¼ºµÈ °æ¿ì ¹ß»ýÇÒ ¼ö ÀÖÀ½). ÀÌ·Î ÀÎÇØ NULL Æ÷ÀÎÅÍ deref°¡ ¹ß»ýÇÏ°í ¼ºñ½º °ÅºÎ °ø°ÝÀÌ ¹ß»ýÇÒ ¼ö ÀÖ´Â Ãæµ¹ÀÌ ¹ß»ýÇÒ ¼ö ÀÖ½À´Ï´Ù. X509_issuer_and_serial_hash () ÇÔ¼ö´Â OpenSSL ÀÚü¿¡¼ Á÷Á¢ È£ÃâµÇÁö ¾ÊÀ¸¹Ç·Î ÀÀ¿ë ÇÁ·Î±×·¥ÀºÀÌ ÇÔ¼ö¸¦ Á÷Á¢ »ç¿ëÇÏ°í ½Å·ÚÇÒ ¼ö ¾ø´Â ¼Ò½º¿¡¼ ¾òÀº ÀÎÁõ¼¿¡ »ç¿ëÇÏ´Â °æ¿ì¿¡¸¸ Ãë¾àÇÕ´Ï´Ù. OpenSSL ¹öÀü 1.1.1i ÀÌÇÏ´ÂÀÌ ¹®Á¦ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù. ÀÌ·¯ÇÑ ¹öÀüÀÇ »ç¿ëÀÚ´Â OpenSSL 1.1.1j·Î ¾÷±×·¹À̵å ÇؾßÇÕ´Ï´Ù. OpenSSL ¹öÀü 1.0.2x ÀÌÇÏ´ÂÀÌ ¹®Á¦ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù. ±×·¯³ª OpenSSL 1.0.2´Â Áö¿øµÇÁö ¾ÊÀ¸¸ç ´õ ÀÌ»ó °ø°³ ¾÷µ¥ÀÌÆ®¸¦ ¹ÞÁö ¾Ê½À´Ï´Ù. OpenSSL 1.0.2 ÇÁ¸®¹Ì¾ö Áö¿ø °í°´Àº 1.0.2y·Î ¾÷±×·¹À̵å ÇؾßÇÕ´Ï´Ù. ´Ù¸¥ »ç¿ëÀÚ´Â 1.1.1j·Î ¾÷±×·¹À̵å ÇؾßÇÕ´Ï´Ù. OpenSSL 1.1.1j¿¡¼ ¼öÁ¤µÇ¾ú½À´Ï´Ù (¿µÇâÀ» ¹Þ´Â 1.1.1-1.1.1i). OpenSSL 1.0.2y¿¡¼ ¼öÁ¤µÇ¾ú½À´Ï´Ù (¿µÇâÀ» ¹Þ´Â 1.0.2-1.0.2x). (CVE-2021-23841)
-EVP_CipherUpdate, EVP_EncryptUpdate ¹× EVP_DecryptUpdate¿¡ ´ëÇÑ È£ÃâÀº ÀÔ·Â ±æÀÌ°¡ Ç÷§ÆûÀÇ Á¤¼ö¿¡ ´ëÇØ Çã¿ëµÇ´Â ÃÖ´ë ±æÀÌ¿¡ °¡±î¿î °æ¿ì¿¡ Ãâ·Â ±æÀÌ Àμö¸¦ ¿À¹öÇ÷ΠÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ·¯ÇÑ °æ¿ì ÇÔ¼ö È£ÃâÀÇ ¹Ýȯ °ªÀº 1 (¼º°øÀ» ³ªÅ¸³¿)ÀÌ µÇÁö¸¸ Ãâ·Â ±æÀÌ °ªÀº À½¼ö°¡ µË´Ï´Ù. ÀÌ·Î ÀÎÇØ ÀÀ¿ë ÇÁ·Î±×·¥ÀÌ À߸ø ÀÛµ¿Çϰųª Ãæµ¹ÀÌ ¹ß»ýÇÒ ¼ö ÀÖ½À´Ï´Ù. OpenSSL ¹öÀü 1.1.1i ÀÌÇÏ´ÂÀÌ ¹®Á¦ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù. ÀÌ·¯ÇÑ ¹öÀüÀÇ »ç¿ëÀÚ´Â OpenSSL 1.1.1j·Î ¾÷±×·¹À̵å ÇؾßÇÕ´Ï´Ù. OpenSSL ¹öÀü 1.0.2x ÀÌÇÏ´ÂÀÌ ¹®Á¦ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù. ±×·¯³ª OpenSSL 1.0.2´Â Áö¿øµÇÁö ¾ÊÀ¸¸ç ´õ ÀÌ»ó °ø°³ ¾÷µ¥ÀÌÆ®¸¦ ¹ÞÁö ¾Ê½À´Ï´Ù. OpenSSL 1.0.2 ÇÁ¸®¹Ì¾ö Áö¿ø °í°´Àº 1.0.2y·Î ¾÷±×·¹À̵å ÇؾßÇÕ´Ï´Ù. ´Ù¸¥ »ç¿ëÀÚ´Â 1.1.1j·Î ¾÷±×·¹À̵å ÇؾßÇÕ´Ï´Ù. OpenSSL 1.1.1j¿¡¼ ¼öÁ¤µÇ¾ú½À´Ï´Ù (¿µÇâÀ» ¹Þ´Â 1.1.1-1.1.1i). OpenSSL 1.0.2y¿¡¼ ¼öÁ¤µÇ¾ú½À´Ï´Ù (¿µÇâÀ» ¹Þ´Â 1.0.2-1.0.2x). (CVE-2021-23840) * Âü°í »çÀÌÆ®: https://github.com/openssl/openssl/commit/122a19ab48091c657f7cb1fb3af9fc07bd557bbf https://www.openssl.org/news/secadv/20210216.txt https://github.com/openssl/openssl/commit/6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: 1.1.1j ÀÌÀüÀÇ OpenSSL 1.1.1x Linux Any version Unix Any version Microsoft Windows Any version |
ÇØ°áÃ¥ |
OpenSSL À¥ »çÀÌÆ®ÀÎ http://www.openssl.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â OpenSSLÀÇ °¡Àå ÃֽŠ¹öÀü(1.1.1j ¶Ç´Â ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2021-23840,CVE-2021-23841 (CVE) |
°ü·Ã URL |
(SecurityFocus) |
°ü·Ã URL |
(ISS) |
|