¾È³çÇϽʴϱî? È£½ºÆ®¸ÞÄ« ¼¹ö °ü¸®ÆÀ ÀÔ´Ï´Ù.
ÃÖ±Ù OpenSSL ¶óÀ̺귯¸® Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ¿¡ µû¶ó º¸¾ÈÁ¶Ä¡ ´çºÎµå¸³´Ï´Ù.
°³¿ä
- OpenSSL ¶óÀ̺귯¸®¿¡¼ Á¤º¸ À¯Ãâ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥
- °ø°ÝÀÚ°¡ ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÒ °æ¿ì, ¼¹ö ¸Þ¸ð¸®¿¡ Á¸ÀçÇÏ´Â Á¤º¸¸¦ À¯Ãâ ½Ãų ¼ö ÀÖ´Â °ø°Ý °¡´É
¼³¸í
- OpenSSLÀÇ 1°³ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÊ
- ¼¹öÀÇ Á¤º¸¸¦ À¯Ãâ½Ãų ¼ö ÀÖ´Â Ãë¾àÁ¡ (CVE-2014-0160)
ÇØ´ç ½Ã½ºÅÛ
- ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
[1] OpenSSL 1.0.1 ~ OpenSSL 1.0.1f
[2] OpenSSL 1.0.2-beta, OpenSSL 1.0.2-beta1
- ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
[1] OpenSSL 1.0.0 ´ë ¹öÀü
[2] OpenSSL 0.9.x ´ë ¹öÀü
ÇØ°á ¹æ¾È
- ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâ ¹Þ´Â ¹öÀü »ç¿ëÀÚ
OpenSSL 1.0.1g ¹öÀüÀ¸·Î ¾÷±×·¹À̵å(http://www.openssl.org/source/)
Âü°í»çÀÌÆ®
- http://www.kb.cert.org/vuls/id/720951
- http://heartbleed.com/