Home > Àüü±â»ç

½Ã½ºÄÚ¡¤¾ÆÆÄÄ¡¡¤VMware¡¤¿À¶óŬ µî ±Û·Î¹ú SW, º¸¾È ÆÐÄ¡ ÁÙÀ̾î

ÀÔ·Â : 2017-04-21 16:21
ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â
ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Çʼö
ÆÐÄ¡ ÀÌÀü ¹öÀü »ç¿ë½Ã ÇØÅ· ¿ì·Á ³ô¾ÆÁ®


[º¸¾È´º½º ±Ç ÁØ ±âÀÚ] ÃÖ±Ù µé¾î ½Ã½ºÄÚ, ¾ÆÆÄÄ¡, VMware, ¿À¶óŬ µî Àü ¼¼°è¿¡¼­ ³Î¸® »ç¿ëµÇ´Â ±Û·Î¹ú IT ±â¾÷ÀÇ SW¿¡¼­ Ãë¾àÁ¡ ¹ß°ß°ú º¸¾È ÆÐÄ¡°¡ ÁÙÀ» ÀÕ°í ÀÖ´Ù. ÀÌ¿¡ ÇØ´ç±â¾÷ÀÇ SW¸¦ »ç¿ëÇÏ°í ÀÖ´Â ±â¾÷µéÀÇ º¸¾È´ã´çÀÚ³ª À¥ °ü¸®ÀÚµéÀº ÇØ´ç ±â¾÷¿¡¼­ ¹ßÇ¥ÇÑ º¸¾È ÆÐÄ¡¸¦ ¹Ýµå½Ã Àû¿ëÇØ¾ß ÇÑ´Ù.

¨Ï iclickart


½Ã½ºÄÚ, ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
½Ã½ºÄÚ´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© ¼­ºñ½º °ÅºÎÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŹöÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ÇØ¾ß ÇÑ´Ù. Ãë¾àÁ¡ ³»¿ëÀº ´ÙÀ½°ú °°´Ù.

-Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ DNS Äڵ忡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6607) [1]
-Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ IPsec Äڵ忡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6609) [2]
-Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ SSL/TLS Äڵ忡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6608) [3]
-Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ IKEv1 XAUTH¿¡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6610) [4]
-Cisco IOS, IOS XE ¼ÒÇÁÆ®¿þ¾îÀÇ EnergyWise ¸ðµâ¿¡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-3860, 3861, 3862) [5]
-Cisco Firepower System Software¸¦ À§ÇÑ PGM ÇÁ·ÎÅäÄÝÀÇ ÆÄ½Ì ¿£Áø¿¡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6368) [6]
-Cisco Unified Communications Manager(CM)ÀÇ SIP ÇÁ·ÎÅäÄÝ UDP Á¦¾î ÇÁ·Î¼¼½º¿¡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-3808) [7]

¿µÇâÀ» ¹Þ´Â Á¦Ç° ¹× ¹öÀüÀº ¾Æ·¡ Âü°í»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯À» ÅëÇØ È®ÀÎÇÒ ¼ö ÀÖ´Ù. Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ ½Ã½ºÄÚ ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ ½Ã½ºÄÚ ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.

[Âü°í»çÀÌÆ®]
[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns
[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec
[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls
[4]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth
[5]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
[6]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
[7]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

VMware, º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
VMware´Â ÀÚ»ç Á¦Ç°¿¡¼­ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥ÇßÀ¸¸ç, ¿µÇâ ¹Þ´Â ¹öÀüÀÇ »ç¿ëÀÚ´Â ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®°¡ ÇÊ¿äÇÏ´Ù. ¹ß°ßµÈ Ãë¾àÁ¡Àº ´ÙÀ½°ú °°´Ù.

-Èü ¹öÆÛ¿À¹öÇ÷ο츦 ÅëÇÑ ÀÓÀÇÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-4907)
-TPView.dll¿¡¼­ ¹ß»ýÇÏ´Â Èü ¹öÆÛ¿À¹öÇ÷οì Ãë¾àÁ¡(CVE-2017-4908, CVE-2017-4909)
-TPView.dll¿¡¼­ ¹ß»ýÇÏ´Â Out-of-bounds Àбâ/¾²±â Ãë¾àÁ¡(CVE-2017-4910, CVE-2017-4911, CVE-2017-4912)
-TPView.dllÀÇ TTF parser¿¡¼­ ¹ß»ýÇÏ´Â Á¤¼ö¿À¹öÇ÷οì Ãë¾àÁ¡(CVE-2017-4913)

¾Æ·¡ Âü°í»çÀÌÆ®¸¦ ÅëÇØ ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î¿¡ ´ëÇÑ ÃֽŠ¹öÀüÀ» ¼³Ä¡ÇØ¾ß ÇÑ´Ù.

[Âü°í»çÀÌÆ®]
[1]http://www.vmware.com/security/advisories/VMSA-2017-0008.html
[2]https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-APPS-710-ADV&productId=643&rPId=15408
[3]https://my.vmware.com/group/vmware/details?downloadGroup=VIDM_ONPREM_28&productId=577&rPId=13519
[4]https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/
vmware_horizon/7_1
[5]https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/
vmware_horizon/6_2
[6]https://www.vmware.com/go/downloadworkstation
[7]https://www.vmware.com/go/downloadplayer

Apache Log4j ¿ªÁ÷·ÄÈ­ Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ±Ç°í
Apache Log4j¿¡¼­ ÀÓÀÇ ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. Ãë¾àÇÑ ¹öÀüÀ» »ç¿ë ÁßÀÎ ¼­¹öÀÇ ´ã´çÀÚ´Â ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ÇØ¾ß ÇÑ´Ù. Log4j´Â ÇÁ·Î±×·¥À» ÀÛ¼ºÇÏ´Â µµÁß¿¡ ·Î±×¸¦ ³²±â±â À§ÇØ »ç¿ëµÇ´Â ÀÚ¹Ù ±â¹Ý ·Î±ë À¯Æ¿¸®Æ¼¸¦ ¸»ÇÑ´Ù.

ÇØ´ç Ãë¾àÁ¡Àº Log4j¸ðµâÀÌ ·Î±× À̺¥Æ®¸¦ ¿ªÁ÷·ÄÈ­ ÇÏ´Â °úÁ¤¿¡¼­ ÀÓÀÇ ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡(CVE-2017-5645)À¸·Î, ¿µÇâÀ» ¹Þ´Â ¹öÀüÀº Apache Log4j 2.0-alpha1 ~ 2.8.1 ¹öÀüÀÌ´Ù.

ÇØ°á ¹æ¾ÈÀ¸·Î´Â ¡â Apache Log4j 2.8.2 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ¼öÇà ¡â socket server class »ç¿ë ±ÝÁö ¡â AbstractSocketServer¿¡ Ŭ·¡½º ÇÊÅ͸µ Ãß°¡ µîÀÌ ÀÖ´Ù.

[Âü°í»çÀÌÆ®]
[1]https://issues.apache.org/jira/browse/LOG4J2-1863
[2]https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc192

2017³â 4¿ù Oracle Critical Patch Update ±Ç°í
¿À¶óŬÀº CPU(Critical Patch Update)¿¡¼­ ¿À¶óŬ Á¦Ç°ÀÇ º¸¾È Ãë¾àÁ¡ 299°³¿¡ ´ëÇÑ ÆÐÄ¡¸¦ ¹ßÇ¥Çß´Ù. ¿µÇâ ¹Þ´Â ¹öÀüÀÇ »ç¿ëÀÚ´Â ¾Ç¼ºÄÚµå °¨¿°¿¡ Ãë¾àÇÒ ¼ö ÀÖÀ¸¹Ç·Î, ¡®Oracle Critical Patch update Advisory – April 2017¡¯ ¹®¼­ ¹× ÆÐÄ¡»çÇ×À» °ËÅäÇÏ°í º¥´õ»ç ¹× À¯Áöº¸¼ö ¾÷ü¿Í ÇùÀÇÇؼ­ ÆÐÄ¡¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.

JAVA SE »ç¿ëÀÚ´Â ¼³Ä¡µÈ Á¦Ç°ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ ´Ù¿î·Îµå ¹Þ¾Æ ¼³Ä¡Çϰųª, JAVA ¾÷µ¥ÀÌÆ® ÀÚµ¿ ¾Ë¸² ¼³Á¤ÀÌ ÇÊ¿äÇÏ´Ù. ±¸Ã¼ÀûÀÎ »çÇ×Àº ¾Æ·¡ »çÀÌÆ®¸¦ Âü°íÇÏ¸é µÈ´Ù.

[Âü°í»çÀÌÆ®]
[1]http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
[2]http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3]https://www.java.com/ko/download/help/java_update.xml

À̹ø¿¡ ¹ßÇ¥µÈ º¸¾È ÆÐÄ¡¿Í °ü·ÃÇØ º¸´Ù ±¸Ã¼ÀûÀÎ »çÇ×Àº °¢ ¾÷ü ¶Ç´Â Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[±Ç ÁØ ±âÀÚ(editor@boannews.com)]

<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>

  •  
  • 1
  • ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

  • ¡°
  •  SNS¿¡¼­µµ º¸¾È´º½º¸¦ ¹Þ¾Æº¸¼¼¿ä!! 
  • ¡±
¾Æ½ºÆ®·Ð½ÃÅ¥¸®Æ¼ ÆÄ¿öºñÁî 2023³â2¿ù23ÀÏ ½ÃÀÛ ³Ý¾Øµå ÆÄ¿öºñÁî ÁøÇà 2020³â1¿ù8ÀÏ ½ÃÀÛ~2021³â 1¿ù8ÀϱîÁö À§Áîµð¿£¿¡½º 2018
¼³¹®Á¶»ç
³»³â ȸ»ç¿¡ ²À µµÀÔÇÏ°í ½ÍÀº º¸¾È ¼Ö·ç¼Ç ¶Ç´Â Ç÷§ÆûÀº ¹«¾ùÀΰ¡¿ä?
XDR
EDR
AI º¸¾È
Á¦·ÎÆ®·¯½ºÆ®
°ø±Þ¸Á º¸¾È ü°è(SBOM)
Ŭ¶ó¿ìµå º¸¾È ¼Ö·ç¼Ç
±âŸ(´ñ±Û·Î)