[º¸¾È´º½º ±èÁö¾ð] SSL/TLS¸¦ ±¸ÇöÇÒ ¶§ »ç¿ëÇÏ´Â ¶óÀ̺귯¸®ÀÎ gnutls ¶óÀ̺귯¸®¿¡¼ ÀÎÁõ¼ °ËÁõ ¿ìȸ Ãë¾àÁ¡(CVE-2014-0092)ÀÌ ¹ß°ßµÅ »ç¿ëÀÚµéÀÇ ÁÖÀÇ°¡ ¿ä±¸µÈ´Ù.
¸¸¾à °ø°ÝÀÚ°¡ ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÒ °æ¿ì ÀÎÁõ¼ °ËÁõ ¿ìȸ¸¦ ÅëÇÑ Áß°£ÀÚ °ø°ÝÀÌ °¡´ÉÇÏ´Ù.
Áß°£ÀÚ °ø°Ý(man in the middle attack, ÀÌÇÏ MITM)À̶õ Åë½ÅÇÏ°í ÀÖ´Â µÎ ´ç»çÀÚ »çÀÌ¿¡ ³¢¾îµé¾î ±³È¯ÇÏ´Â Á¤º¸¸¦ Àڱ⠰Ͱú ¹Ù²Ù¾î¹ö¸²À¸·Î½á µéÅ°Áö ¾Ê°í µµÃ»À» Çϰųª Åë½Å³»¿ëÀ» ¹Ù²Ù´Â ÇØÅ· ±â¹ýÀÌ´Ù.
À̹ø Ãë¾àÁ¡¿¡ ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î´Â GnuTLS 3.1.21 ÀÌÇÏ ¹öÀü°ú GnuTLS 3.2.11 ÀÌÇϹöÀüÀ¸·Î »ç¿ëÀÚ´Â °¢°¢ GnuTLS 3.1.22 ¹öÀü(http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7340)°ú GnuTLS 3.2.12 ¹öÀü(http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7341)À¸·Î ¾÷±×·¹À̵åÇØ¾ß ÇÑ´Ù.
ÀÌ¿Ü ±âŸ ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)·Î ¹®ÀÇÇÒ ¼ö ÀÖÀ¸¸ç Âü°í»çÀÌÆ®´Â ´ÙÀ½°ú °°´Ù.
[Âü°í»çÀÌÆ®]
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
http://www.us-cert.gov/ncas/current-activity/2014/03/05/GnuTLS-Releases-Security-Update
[±èÁö¾ð ±âÀÚ(boan4@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>