ÆÐÄ¡ ÀÌÀü ¹öÀü »ç¿ë½Ã ÇØÅ· ¿ì·Á ³ô¾ÆÁ®
[º¸¾È´º½º ±Ç ÁØ ±âÀÚ] ÃÖ±Ù µé¾î ½Ã½ºÄÚ, ¾ÆÆÄÄ¡, VMware, ¿À¶óŬ µî Àü ¼¼°è¿¡¼ ³Î¸® »ç¿ëµÇ´Â ±Û·Î¹ú IT ±â¾÷ÀÇ SW¿¡¼ Ãë¾àÁ¡ ¹ß°ß°ú º¸¾È ÆÐÄ¡°¡ ÁÙÀ» ÀÕ°í ÀÖ´Ù. ÀÌ¿¡ ÇØ´ç±â¾÷ÀÇ SW¸¦ »ç¿ëÇÏ°í ÀÖ´Â ±â¾÷µéÀÇ º¸¾È´ã´çÀÚ³ª À¥ °ü¸®ÀÚµéÀº ÇØ´ç ±â¾÷¿¡¼ ¹ßÇ¥ÇÑ º¸¾È ÆÐÄ¡¸¦ ¹Ýµå½Ã Àû¿ëÇØ¾ß ÇÑ´Ù.
¨Ï iclickart
½Ã½ºÄÚ, ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
½Ã½ºÄÚ´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© ¼ºñ½º °ÅºÎÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŹöÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ÇØ¾ß ÇÑ´Ù. Ãë¾àÁ¡ ³»¿ëÀº ´ÙÀ½°ú °°´Ù.
-Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ DNS Äڵ忡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6607) [1]
-Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ IPsec Äڵ忡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6609) [2]
-Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ SSL/TLS Äڵ忡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6608) [3]
-Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ IKEv1 XAUTH¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-6610) [4]
-Cisco IOS, IOS XE ¼ÒÇÁÆ®¿þ¾îÀÇ EnergyWise ¸ðµâ¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-3860, 3861, 3862) [5]
-Cisco Firepower System Software¸¦ À§ÇÑ PGM ÇÁ·ÎÅäÄÝÀÇ ÆÄ½Ì ¿£Áø¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6368) [6]
-Cisco Unified Communications Manager(CM)ÀÇ SIP ÇÁ·ÎÅäÄÝ UDP Á¦¾î ÇÁ·Î¼¼½º¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-3808) [7]
¿µÇâÀ» ¹Þ´Â Á¦Ç° ¹× ¹öÀüÀº ¾Æ·¡ Âü°í»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯À» ÅëÇØ È®ÀÎÇÒ ¼ö ÀÖ´Ù. Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ ½Ã½ºÄÚ ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ ½Ã½ºÄÚ ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
[Âü°í»çÀÌÆ®]
[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns
[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec
[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls
[4]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth
[5]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
[6]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
[7]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
VMware, º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
VMware´Â ÀÚ»ç Á¦Ç°¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥ÇßÀ¸¸ç, ¿µÇâ ¹Þ´Â ¹öÀüÀÇ »ç¿ëÀÚ´Â ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®°¡ ÇÊ¿äÇÏ´Ù. ¹ß°ßµÈ Ãë¾àÁ¡Àº ´ÙÀ½°ú °°´Ù.
-Èü ¹öÆÛ¿À¹öÇ÷ο츦 ÅëÇÑ ÀÓÀÇÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-4907)
-TPView.dll¿¡¼ ¹ß»ýÇÏ´Â Èü ¹öÆÛ¿À¹öÇ÷οì Ãë¾àÁ¡(CVE-2017-4908, CVE-2017-4909)
-TPView.dll¿¡¼ ¹ß»ýÇÏ´Â Out-of-bounds Àбâ/¾²±â Ãë¾àÁ¡(CVE-2017-4910, CVE-2017-4911, CVE-2017-4912)
-TPView.dllÀÇ TTF parser¿¡¼ ¹ß»ýÇÏ´Â Á¤¼ö¿À¹öÇ÷οì Ãë¾àÁ¡(CVE-2017-4913)
¾Æ·¡ Âü°í»çÀÌÆ®¸¦ ÅëÇØ ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î¿¡ ´ëÇÑ ÃֽŠ¹öÀüÀ» ¼³Ä¡ÇØ¾ß ÇÑ´Ù.
[Âü°í»çÀÌÆ®]
[1]http://www.vmware.com/security/advisories/VMSA-2017-0008.html
[2]https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-APPS-710-ADV&productId=643&rPId=15408
[3]https://my.vmware.com/group/vmware/details?downloadGroup=VIDM_ONPREM_28&productId=577&rPId=13519
[4]https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/
vmware_horizon/7_1
[5]https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/
vmware_horizon/6_2
[6]https://www.vmware.com/go/downloadworkstation
[7]https://www.vmware.com/go/downloadplayer
Apache Log4j ¿ªÁ÷·ÄÈ Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ±Ç°í
Apache Log4j¿¡¼ ÀÓÀÇ ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. Ãë¾àÇÑ ¹öÀüÀ» »ç¿ë ÁßÀÎ ¼¹öÀÇ ´ã´çÀÚ´Â ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ÇØ¾ß ÇÑ´Ù. Log4j´Â ÇÁ·Î±×·¥À» ÀÛ¼ºÇÏ´Â µµÁß¿¡ ·Î±×¸¦ ³²±â±â À§ÇØ »ç¿ëµÇ´Â ÀÚ¹Ù ±â¹Ý ·Î±ë À¯Æ¿¸®Æ¼¸¦ ¸»ÇÑ´Ù.
ÇØ´ç Ãë¾àÁ¡Àº Log4j¸ðµâÀÌ ·Î±× À̺¥Æ®¸¦ ¿ªÁ÷·ÄÈ ÇÏ´Â °úÁ¤¿¡¼ ÀÓÀÇ ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡(CVE-2017-5645)À¸·Î, ¿µÇâÀ» ¹Þ´Â ¹öÀüÀº Apache Log4j 2.0-alpha1 ~ 2.8.1 ¹öÀüÀÌ´Ù.
ÇØ°á ¹æ¾ÈÀ¸·Î´Â ¡â Apache Log4j 2.8.2 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ¼öÇà ¡â socket server class »ç¿ë ±ÝÁö ¡â AbstractSocketServer¿¡ Ŭ·¡½º ÇÊÅ͸µ Ãß°¡ µîÀÌ ÀÖ´Ù.
[Âü°í»çÀÌÆ®]
[1]https://issues.apache.org/jira/browse/LOG4J2-1863
[2]https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc192
2017³â 4¿ù Oracle Critical Patch Update ±Ç°í
¿À¶óŬÀº CPU(Critical Patch Update)¿¡¼ ¿À¶óŬ Á¦Ç°ÀÇ º¸¾È Ãë¾àÁ¡ 299°³¿¡ ´ëÇÑ ÆÐÄ¡¸¦ ¹ßÇ¥Çß´Ù. ¿µÇâ ¹Þ´Â ¹öÀüÀÇ »ç¿ëÀÚ´Â ¾Ç¼ºÄÚµå °¨¿°¿¡ Ãë¾àÇÒ ¼ö ÀÖÀ¸¹Ç·Î, ¡®Oracle Critical Patch update Advisory – April 2017¡¯ ¹®¼ ¹× ÆÐÄ¡»çÇ×À» °ËÅäÇÏ°í º¥´õ»ç ¹× À¯Áöº¸¼ö ¾÷ü¿Í ÇùÀÇÇؼ ÆÐÄ¡¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
JAVA SE »ç¿ëÀÚ´Â ¼³Ä¡µÈ Á¦Ç°ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ ´Ù¿î·Îµå ¹Þ¾Æ ¼³Ä¡Çϰųª, JAVA ¾÷µ¥ÀÌÆ® ÀÚµ¿ ¾Ë¸² ¼³Á¤ÀÌ ÇÊ¿äÇÏ´Ù. ±¸Ã¼ÀûÀÎ »çÇ×Àº ¾Æ·¡ »çÀÌÆ®¸¦ Âü°íÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1]http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
[2]http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3]https://www.java.com/ko/download/help/java_update.xml
À̹ø¿¡ ¹ßÇ¥µÈ º¸¾È ÆÐÄ¡¿Í °ü·ÃÇØ º¸´Ù ±¸Ã¼ÀûÀÎ »çÇ×Àº °¢ ¾÷ü ¶Ç´Â Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[±Ç ÁØ ±âÀÚ(editor@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>