CVE-2015-7311, CVE-2015-7612
[º¸¾È´º½º ÁÖ¼ÒÇü] ÇöÁö ½Ã°¢À¸·Î 10¿ù 1ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 10¿ù 1ÀÏ¿¡¼ 2ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÔ´Ï´Ù.
1. CVE-2015-1335
lxc-start in lxc 1.0.8, 1.1.x, 1.1.4 ÀÌÀü ¹öÀü¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î ·ÎÄà ÄÁÅ×ÀÌ³Ê °ü¸®ÀÚ°¡ 1) mount target, 2) bind mount source »ó¿¡ ÀÖ´Â symlink °ø°ÝÀ» ÅëÇØ AppArmor·ÎºÎÅÍ Å»ÃâÇÒ ¼ö ÀÖ½À´Ï´Ù.
2. CVE-2015-1338
Apport 2.19 ÀÌÀü ¹öÀüÀÇ kernel_crashdump¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î ·ÎÄà »ç¿ëÀÚ°¡ 1) symlink, 2) hard link °ø°ÝÀ» ÅëÇØ ¼ºñ½º °ÅºÎ¸¦ Çϰųª Ư±ÇÀ» Å»ÃëÇÒ ¼ö ÀÖ½À´Ï´Ù.
3. CVE-2015-7236
rpcbind 0.2.1 ¹öÀü ¹× xprt_set_caller ¹× rpcb_svc_com.c¿¡¼ ¹ß°ßµÈ Use-after-free Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ Á¶ÀÛµÈ ÆÐŶÀ» ÅëÇØ ¼ºñ½º °ÅºÎ¸¦ ÇÒ ¼ö ÀÖ½À´Ï´Ù.
4. CVE-2015-7311
Xen 4.1.x-4.6.x ¹öÀüÀÇ libxl¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î ·ÎÄà °Ô½ºÆ® »ç¿ëÀÚ°¡ µð½ºÆ® À̹ÌÁö ÀбâÀü¿ëÀ» ¿¶÷ÇÒ ¼ö ÀÖ½À´Ï´Ù.
5. CVE-2015-7612
McAfee Vulnerability Manager(MVM) 7.5.9 ÀÌÀü ¹öÀü Enterprise ManagerÀÇ Organizations page¿¡¼ ¹ß°ßµÈ CSRF Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ ¾Ë·ÁÁöÁö ¾ÊÀº º¤Å͸¦ ÅëÇØ ¸í½ÃµÇÁö ¾ÊÀº Ãæ°ÝÀ» °¡ÇÏ°í °ü¸®ÀÚÀÇ ÀÎÁõÀ» ³³Ä¡ÇÒ ¼ö ÀÖ½À´Ï´Ù.
Copyrighted 2015. UBM-Tech. 117153:0515BC
[±¹Á¦ºÎ ÁÖ¼ÒÇü ±âÀÚ(sochu@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
ÁÖ¼ÒÇü±âÀÚ ±â»çº¸±â
[2024-04-24] 
_m.jpg)
.jpg)
.jpg)
.jpg)
