MENU MENU
CISO News
HOME > CISO News > ÃֽŴº½º
 |
 |
 |
 |
 |
 |
 |
ÃֽŴº½º
| [7.26 ¹ö±×¸®Æ÷Æ®] CVE-2017-11624 èâ | 2017.07.26 |
CVE-2017-11624, CVE-2017-11625, CVE-2017-11626 CVE-2017-11627, CVE-2017-11628 [º¸¾È´º½º ¹®°¡¿ë ±âÀÚ] ÇöÁö ½Ã°¢À¸·Î 7¿ù 25ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 25ÀÏ¿¡¼ 26ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÌ´Ù. .jpg) [À̹ÌÁö = iclickart] 1. CVE-2017-11624 QPDF 6.0.0ÀÇ libqpdfÀÇ ½ºÅà ¼Òºñ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚµéÀÌ Á¶ÀÛµÈ ÆÄÀÏÀ» ÅëÇØ DoS °ø°ÝÀ» °¨ÇàÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. QPDFTokenizer.ccÀÇ QPDFTokenizer::resolveLiteral ÇÔ¼ö¿Í °ü·ÃÀÌ ÀÖ´Ù. 2. CVE-2017-11625 QPDF 6.0.0ÀÇ libqpdfÀÇ ½ºÅà ¼Òºñ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚµéÀÌ Á¶ÀÛµÈ ÆÄÀÏÀ» ÅëÇØ DoS °ø°ÝÀ» °¨ÇàÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. QPDF.ccÀÇ QPDF::resolveObjectsInStream ÇÔ¼ö¿Í °ü·ÃÀÌ ÀÖ´Ù. 3. CVE-2017-11626 QPDF 6.0.0ÀÇ libqpdfÀÇ ½ºÅà ¼Òºñ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚµéÀÌ Á¶ÀÛµÈ ÆÄÀÏÀ» ÅëÇØ DoS °ø°ÝÀ» °¨ÇàÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. QPDFTokenizer.ccÀÇ QPDFTokenizer::resolveLiteral ÇÔ¼ö¿Í °ü·ÃÀÌ ÀÖ´Ù. 4. CVE-2017-11627 QPDF 6.0.0ÀÇ libqpdfÀÇ ½ºÅà ¼Òºñ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚµéÀÌ Á¶ÀÛµÈ ÆÄÀÏÀ» ÅëÇØ DoS °ø°ÝÀ» °¨ÇàÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. PointerHolder.hhÀÇ PointerHolder ÇÔ¼ö¿Í °ü·ÃÀÌ ÀÖ´Ù. 5. CVE-2017-11628 PHP 5.6.31 ÀÌÀü ¹öÀü, 7.0.21 ÀÌÀüÀÇ 7.x ¹öÀü, 7.1.7 ÀÌÀüÀÇ 7.1.x ¹öÀüÀÇ Zend/zend_ini_parser.cÀÇ zend_ini_do_op() ÇÔ¼öÀÇ ½ºÅà ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡À¸·Î DoS °ø°ÝÀ̳ª ÄÚµå ½ÇÇàÀÌ °¡´ÉÇØÁø´Ù. [±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)] <ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö> |
|
 |
ÁÖ¿ä ȸ¿ø»ç
