{"id":12653,"date":"2016-12-13T09:28:56","date_gmt":"2016-12-13T00:28:56","guid":{"rendered":"https:\/\/jirak.net\/wp\/?p=12653"},"modified":"2016-12-13T09:28:56","modified_gmt":"2016-12-13T00:28:56","slug":"openssl-%eb%8b%a4%ec%a4%91-%ec%b7%a8%ec%95%bd%ec%a0%90-%eb%b3%b4%ec%95%88-%ec%97%85%eb%8d%b0%ec%9d%b4%ed%8a%b8-%ea%b6%8c%ea%b3%a0","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/openssl-%eb%8b%a4%ec%a4%91-%ec%b7%a8%ec%95%bd%ec%a0%90-%eb%b3%b4%ec%95%88-%ec%97%85%eb%8d%b0%ec%9d%b4%ed%8a%b8-%ea%b6%8c%ea%b3%a0\/","title":{"rendered":"OpenSSL \ub2e4\uc911 \ucde8\uc57d\uc810 \ubcf4\uc548 \uc5c5\ub370\uc774\ud2b8 \uad8c\uace0"},"content":{"rendered":"

\ucd9c\ucc98 :\u00a0http:\/\/www.boho.or.kr\/data\/secNoticeView.do?bulletin_writing_sequence=24746<\/p>\n

 <\/p>\n

\u25a1 \uac1c\uc694
\no OpenSSL\uc5d0\uc11c \ubc1c\uc0dd\ud55c \ud799 \uc624\ubc84\ud50c\ub85c\uc6b0 \ucde8\uc57d\uc810, Null \ud3ec\uc778\ud130 \uc5ed\ucc38\uc870 \ucde8\uc57d\uc810 \ub4f1 \ucd1d 3\uac1c\uc758 \ucde8\uc57d\uc810\uc744 \ubcf4\uc644\ud55c \ubcf4\uc548 \uc5c5\ub370\uc774\ud2b8\ub97c \ubc1c\ud45c\ud568 [1]<\/p>\n

\u25a1 \uc124\uba85
\no OpenSSL\uc758 ASN.1 CHOICE \ub370\uc774\ud130\ub97c \uc870\uc791 \uac00\ub2a5\ud55c Null \ud3ec\uc778\ud130 \uc5ed\ucc38\uc870 \ucde8\uc57d\uc810(CVE-2016-7053)
\no TLS \uc5f0\uacb0 \uc2dc \uc0ac\uc6a9\ud558\ub294 CHACHA20\/Poly1305 \uc554\ud638\ud654 \ubc29\uc2dd\uc5d0\uc11c \uc11c\ube44\uc2a4 \uac70\ubd80\uac00 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ud799 \uc624\ubc84\ud50c\ub85c\uc6b0 \ucde8\uc57d\uc810<\/p>\n

(CVE-2016-7054)
\no Montgomery Multiplication \uc54c\uace0\ub9ac\uc998\uc758 \uc785\ub825 \uac12\uc774 256bit\ubcf4\ub2e4 \ub9ce\uc744 \uc2dc \uc798\ubabb\ub41c \uacb0\uacfc \uac12\uc744 \ub9ac\ud134\ud560 \uc218 \uc788\ub294 \ucde8\uc57d\uc810<\/p>\n

(CVE-2016-7055)<\/p>\n

\u25a1 \ud574\ub2f9 \uc2dc\uc2a4\ud15c
\no \uc601\ud5a5\uc744 \ubc1b\ub294 \uc81c\ud488 \ubc0f \ubc84\uc804
\n– OpenSSL 1.1.0b \uc774\ud558 \ubc84\uc804
\n\u203b OpenSSL 1.1.0\u00a0\ub300 \ubc84\uc804\ub9cc \ud574\ub2f9\ub418\uba70, 1.0.2, 1.0.1\ub300 \ubc84\uc804\uc740 \ud574\ub2f9 \ucde8\uc57d\uc810\uc5d0 \uc601\ud5a5\uc744 \ubc1b\uc9c0 \uc54a\uc74c<\/p>\n

\u25a1 \ud574\uacb0 \ubc29\uc548
\no OpenSSL 1.1.0b \uc774\ud558 \ubc84\uc804 \uc0ac\uc6a9\uc790\ub294 1.1.0c \ubc84\uc804\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8 [2]
\n\u203b OpenSSL 0.9.8,\u00a01.0.0 \ubc84\uc804\uc740 \ub354 \uc774\uc0c1 \uc5c5\ub370\uc774\ud2b8 \uc9c0\uc6d0\uc744 \ud558\uc9c0 \uc54a\uc73c\ub2c8 \ud574\ub2f9 \ubc84\uc804 \uc0ac\uc6a9\uc790\ub294 \uc5c5\ub370\uc774\ud2b8\ub97c \uc9c0\uc6d0\ud558\ub294<\/p>\n

OpenSSL 1.1.0, 1.0.2,\u00a0 1.0.1\u00a0\ubc84\uc804\uc73c\ub85c \ubcc0\uacbd\ud560 \uac83\uc744 \uad8c\uace0\ud568<\/p>\n

o Null \ud3ec\uc778\ud130 \uc5ed\ucc38\uc870 \ucde8\uc57d\uc810 : Null \ud3ec\uc778\ud130\uc5d0 \uc5b4\ub5a0\ud55c \uac12\uc744 \ub300\uc785\ud558\ub824\uace0 \ud560 \ub54c \ubc1c\uc0dd\ud558\ub294 \ucde8\uc57d\uc810
\no Montgomery Multiplication \uc54c\uace0\ub9ac\uc998 : RSA \uc554\ud638\uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc694\uad6c\ub418\ub294 \ubaa8\ub4c8\ub7ec \uacf1\uc148 \uad6c\ud604\uc744 \ud6a8\uc728\uc801\uc73c\ub85c \ud558\uae30 \uc704\ud55c \uc54c\uace0\ub9ac\uc998<\/p>\n

\u25a1 \uae30\ud0c0 \ubb38\uc758\uc0ac\ud56d
\no \ud55c\uad6d\uc778\ud130\ub137\uc9c4\ud765\uc6d0 \uc778\ud130\ub137\uce68\ud574\ub300\uc751\uc13c\ud130: \uad6d\ubc88\uc5c6\uc774 118<\/p>\n

[\ucc38\uace0\uc0ac\uc774\ud2b8]
\n[1] https:\/\/www.openssl.org\/news\/secadv\/20161110.txt
\n[2] https:\/\/www.openssl.org\/source\/<\/p>\n","protected":false},"excerpt":{"rendered":"

\ucd9c\ucc98 :\u00a0http:\/\/www.boho.or.kr\/data\/secNoticeView.do?bulletin_writing_sequence=24746   \u25a1 \uac1c\uc694 o OpenSSL\uc5d0\uc11c \ubc1c\uc0dd\ud55c \ud799 \uc624\ubc84\ud50c\ub85c\uc6b0 \ucde8\uc57d\uc810, Null \ud3ec\uc778\ud130 \uc5ed\ucc38\uc870 \ucde8\uc57d\uc810 \ub4f1 \ucd1d 3\uac1c\uc758 \ucde8\uc57d\uc810\uc744 \ubcf4\uc644\ud55c \ubcf4\uc548 \uc5c5\ub370\uc774\ud2b8\ub97c \ubc1c\ud45c\ud568 [1] \u25a1 \uc124\uba85 o OpenSSL\uc758 ASN.1 CHOICE \ub370\uc774\ud130\ub97c \uc870\uc791 \uac00\ub2a5\ud55c Null \ud3ec\uc778\ud130 \uc5ed\ucc38\uc870 \ucde8\uc57d\uc810(CVE-2016-7053) o TLS \uc5f0\uacb0 \uc2dc \uc0ac\uc6a9\ud558\ub294 CHACHA20\/Poly1305 \uc554\ud638\ud654 \ubc29\uc2dd\uc5d0\uc11c \uc11c\ube44\uc2a4 \uac70\ubd80\uac00 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ud799 \uc624\ubc84\ud50c\ub85c\uc6b0 \ucde8\uc57d\uc810 (CVE-2016-7054) o Montgomery Multiplication \uc54c\uace0\ub9ac\uc998\uc758 \uc785\ub825 \uac12\uc774 256bit\ubcf4\ub2e4 \ub9ce\uc744 \uc2dc \uc798\ubabb\ub41c \uacb0\uacfc \uac12\uc744 \ub9ac\ud134\ud560 \uc218 \uc788\ub294 \ucde8\uc57d\uc810 (CVE-2016-7055) \u25a1 \ud574\ub2f9 \uc2dc\uc2a4\ud15c o \uc601\ud5a5\uc744 \ubc1b\ub294 \uc81c\ud488 \ubc0f \ubc84\uc804 – OpenSSL 1.1.0b \uc774\ud558 \ubc84\uc804 \u203b OpenSSL 1.1.0\u00a0\ub300 \ubc84\uc804\ub9cc \ud574\ub2f9\ub418\uba70, 1.0.2, 1.0.1\ub300 \ubc84\uc804\uc740 \ud574\ub2f9 \ucde8\uc57d\uc810\uc5d0 \uc601\ud5a5\uc744 \ubc1b\uc9c0 \uc54a\uc74c \u25a1 \ud574\uacb0 \ubc29\uc548 o OpenSSL 1.1.0b \uc774\ud558 \ubc84\uc804 \uc0ac\uc6a9\uc790\ub294 1.1.0c \ubc84\uc804\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8 [2] \u203b OpenSSL 0.9.8,\u00a01.0.0 \ubc84\uc804\uc740 \ub354 \uc774\uc0c1 \uc5c5\ub370\uc774\ud2b8 \uc9c0\uc6d0\uc744 \ud558\uc9c0 \uc54a\uc73c\ub2c8 \ud574\ub2f9 \ubc84\uc804 \uc0ac\uc6a9\uc790\ub294 \uc5c5\ub370\uc774\ud2b8\ub97c \uc9c0\uc6d0\ud558\ub294 OpenSSL 1.1.0, 1.0.2,\u00a0 1.0.1\u00a0\ubc84\uc804\uc73c\ub85c \ubcc0\uacbd\ud560 \uac83\uc744 \uad8c\uace0\ud568 o Null \ud3ec\uc778\ud130 \uc5ed\ucc38\uc870 \ucde8\uc57d\uc810 : Null [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[575],"tags":[],"class_list":["post-12653","post","type-post","status-publish","format-standard","hentry","category-kisa-security-notice"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/12653","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=12653"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/12653\/revisions"}],"predecessor-version":[{"id":12654,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/12653\/revisions\/12654"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=12653"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=12653"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=12653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}