English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 50371
À§Çèµµ 30
Æ÷Æ® 139.445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í ¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ Oracle(ÀÌÀü Sun) Java SE ¶Ç´Â Java for Business ¹öÀüÀº 2022³â 1¿ù CPU ±Ç°í¿¡ ¾ð±ÞµÈ ¿©·¯ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.

- ½±°Ô ¾Ç¿ëµÉ ¼ö ÀÖ´Â Ãë¾àÁ¡À¸·Î ÀÎÇØ ÀÎÁõµÇÁö ¾ÊÀº °ø°ÝÀÚ°¡ ¿©·¯ ÇÁ·ÎÅäÄÝÀ» ÅëÇØ ³×Æ®¿öÅ©¿¡ ¾×¼¼½ºÇÏ¿© Oracle Java SE, Oracle GraalVM Enterprise EditionÀ» ¼Õ»ó½Ãų ¼ö ÀÖ½À´Ï´Ù. ÀÌ Ãë¾àÁ¡¿¡ ´ëÇÑ °ø°ÝÀÌ ¼º°øÇϸé Oracle Java SE, Oracle GraalVM Enterprise EditionÀÇ ºÎºÐ ¼­ºñ½º °ÅºÎ(ºÎºÐ DOS)¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ´Â ±ÇÇÑ ¾ø´Â ±â´ÉÀÌ ¹ß»ýÇÒ ¼ö ÀÖ½À´Ï´Ù. (CVE-2022-21349)

- ½±°Ô ¾Ç¿ëµÉ ¼ö ÀÖ´Â Ãë¾àÁ¡À¸·Î ÀÎÇØ ÀÎÁõµÇÁö ¾ÊÀº °ø°ÝÀÚ°¡ ¿©·¯ ÇÁ·ÎÅäÄÝÀ» ÅëÇØ ³×Æ®¿öÅ©¿¡ ¾×¼¼½ºÇÏ¿© Oracle Java SE, Oracle GraalVM Enterprise EditionÀ» ¼Õ»ó½Ãų ¼ö ÀÖ½À´Ï´Ù. ÀÌ Ãë¾àÁ¡¿¡ ´ëÇÑ °ø°ÝÀÌ ¼º°øÇϸé Oracle Java SE, Oracle GraalVM Enterprise Edition ¾×¼¼½º °¡´ÉÇÑ µ¥ÀÌÅÍ Áß ÀϺο¡ ´ëÇÑ ¹«´Ü ¾÷µ¥ÀÌÆ®, »ðÀÔ ¶Ç´Â »èÁ¦ ¾×¼¼½º°¡ ¹ß»ýÇÒ ¼ö ÀÖ½À´Ï´Ù. (CVE-2022-21291, CVE-2022-21305)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ ¿ø°ÝÁö È£½ºÆ®¿¡ ·Î±×ÀÎÇÒ ¼ö ÀÖ´Â Guest ȤÀº ±× ÀÌ»óÀÇ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
https://www.oracle.com/a/tech/docs/cpujan2022cvrf.xml
https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Oracle Java JDK and JRE 8 Update 321 ÀÌÀü ¹öÀüµé
Microsoft Windows Any version
Unix Any version
Linux Any version
ÇØ°áÃ¥ JDK¿Í JREÀÇ °¡Àå ÃֽŠ¹öÀü(Java JDK / JRE 8 Update 321 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ°í ¿µÇâÀÌ ÀÖ´Â ¹öÀüÀº Á¦°ÅÇÏ¿©¾ß ÇÑ´Ù.
http://www.java.com/ko/
°ü·Ã URL CVE-2022-21248,CVE-2022-21271,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)