2018-07-19
▷ 개요
l
Cisco社는 오라클社 CPU에서 자사 제품의 보안
취약점 334개에 대한 패치를 발표 [1]
※
CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
l
영향 받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래
해결방안에 따라 최신버전으로 업데이트 권고
▷ 영향 받는
제품 및 버전
l
Agile
Recipe Management for Pharmaceuticals, version 9.3.4
l
Enterprise Manager Base Platform,
versions 12.1.0.5, 13.2.x
l
Enterprise Manager for Fusion
Middleware, versions 12.1.0.5, 13.2.x
l
Enterprise Manager for MySQL Database,
versions 13.2.2.0.0 and prior
l
Enterprise Manager for Oracle Database,
versions 12.1.0.8, 13.2.2
l
Enterprise Manager for Peoplesoft,
versions 13.1.1.1, 13.2.1.1
l
Enterprise Manager for Virtualization,
versions 13.2.2, 13.2.3
l
Enterprise Manager Ops Center, versions
12.2.2, 12.3.3
l
FMW Platform, versions 12.2.1.2.0,
12.2.1.3.0
l
Hardware Management Pack, version 11.3
l
Hyperion Data Relationship Management,
version 11.1.2.4.330
l
Hyperion Financial Reporting, version
11.1.2
l
JD Edwards EnterpriseOne Tools, version
9.2
l
JD Edwards World Security, versions
A9.3, A9.3.1, A9.4
l
MICROS 700 Series Tablet, versions
Prior tBIOS 0.00.13ORC, Prior tBIOS 0.01.25ORC
l
MICROS Handheld Terminal, versions
2018, Android 4.4.4 Security Patch Bulletin prior tFebruary 1
l
MICROS Kitchen Display Controller,
versions Prior tBIOS 0.00.16ORC
l
MICROS Lucas, versions 2.9.5.3,
2.9.5.4, 2.9.5.5, 2.9.5.6
l
MICROS Relate CRM Software, versions
10.8.x, 11.4.x
l
MICROS Retail-J, versions 10.2.x,
11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x, 13.1.x
l
MICROS Workstation 6, versions prior
tBIOS 1.3.1.0, prior tBIOS 1.5.2.0, prior tBIOS 2.3.1.0
l
MICROS XBR, versions 7.0.2, 7.0.4
l
MySQL Client, versions 5.5.60 and
prior, 5.6.40 and prior, 5.7.22 and prior, 8.0.11 and prior
l
MySQL Connectors, versions 5.3.10 and
prior, 8.0.11 and prior
l
MySQL Enterprise Monitor, versions
3.4.7.4297 and prior, 4.0.4.5235 and prior, 8.0.0.8131 and prior
l
MySQL Server, versions 5.5.60 and prior,
5.6.40 and prior, 5.7.22 and prior, 8.0.11 and prior
l
MySQL Workbench, versions 6.3.10 and
prior, 8.0.11 and prior
l
Oracle Agile Engineering Data
Management, versions 6.1.3, 6.2.0, 6.2.1
l
Oracle Agile PLM, versions 9.3.3,
9.3.4, 9.3.5, 9.3.6
l
Oracle Agile PLM MCAD Connector,
versions 3.3, 3.4, 3.5, 3.6
l
Oracle Agile Product Lifecycle
Management for Process, version 6.2.0.0
l
Oracle API Gateway, version 11.1.2.4.0
l
Oracle Application Testing Suite,
version 10.1
l
Oracle AutoVue VueLink Integration,
versions 21.0.0, 21.0.1
l
Oracle Banking Corporate Lending,
versions 12.3.0, 12.4.0, 12.5.0, 14.0.0, 14.1.0
l
Oracle Banking Payments, versions
12.2.0, 12.3.0, 12.4.0, 12.5.0, 14.1.0
l
Oracle Banking Platform, versions 2.6.0,
2.6.1, 2.6.2
l
Oracle BI Publisher, versions
11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
l
Oracle
Business Process Management Suite, versions 11.1.1.7.0,11.1.1.9.0,12.1.3.0.0,12.2.1.2.0,12.2.1.3.0
l
Oracle Communications Diameter
Signaling Router (DSR), versions 7.x, 8.x
l
Oracle Communications EAGLE LNP
Application Processor, version 10.x
l
Oracle Communications Interactive
Session Recorder, versions 5.x, 6.x
l
Oracle Communications Messaging Server,
version 3.x
l
Oracle Communications Network Charging and
Control, versions 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0
l
Oracle Communications Policy
Management, version 12.x
l
Oracle Communications Session Border
Controller, versions ECz7.x, ECz8.x
l
Oracle Communications User Data
Repository, versions 10.x, 12.x
l
Oracle Database Server, versions
11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, 18.2
l
Oracle E-Business Suite, versions
12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
l
Oracle Endeca Information Discovery
Studio, versions 3.1, 3.2
l
Oracle Enterprise Data Quality, version
12.2.1.3.0
l
Oracle Enterprise Repository, versions
11.1.1.7.0, 12.1.3.0.0
l
Oracle Financial Services Analytical
Applications Infrastructure, versions 7.3.3.x, 8.0.x
l
Oracle Financial Services Behavior
Detection Platform, version 8.0.x
l
Oracle Financial Services Funds
Transfer Pricing, versions 6.1.1, 8.0.x
l
Oracle Financial Services Hedge
Management and IFRS Valuations, versions 8.0.4, 8.0.5
l
Oracle Financial Services Loan Loss
Forecasting and Provisioning, versions 8.0.4, 8.0.5
l
Oracle Financial Services Profitability
Management, versions 6.1.1, 8.0.x
l
Oracle Financial Services Revenue
Management and Billing, versions 2.3.0.2.0, 2.4.0.0.0, 2.4.0.1.0, 2.5.0.1.0,
2.5.0.2.0, 2.5.0.3.0
l
Oracle FLEXCUBE Enterprise Limits and
Collateral Management, versions 12.3.0, 14.0.0, 14.1.0
l
Oracle FLEXCUBE Investor Servicing,
versions 12.0.4, 12.1.0, 12.3.0, 12.4.0
l
Oracle FLEXCUBE Universal Banking,
versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0,
12.4.0, 14.0.0, 14.1.0
l
Oracle Fusion Middleware, versions
12.2.1.2, 12.2.1.3
l
Oracle Fusion Middleware MapViewer,
versions 12.2.1.2, 12.2.1.3
l
Oracle Global Lifecycle Management
OPatchAuto, version All
l
Oracle Hospitality Cruise Fleet
Management System, version 9.x
l
Oracle Hospitality Cruise Shipboard
Property Management System, version 8.x
l
Oracle Hospitality Gift and Loyalty,
version 9.0.0
l
Oracle Hospitality OPERA 5 Property
Services, version 5.5.x
l
Oracle Hospitality Reporting and
Analytics, version 9.0.0
l
Oracle Hospitality Simphony, versions
2.8, 2.9, 2.10
l
Oracle Insurance Policy Administration,
versions 10.0, 10.1, 10.2, 11.0
l
Oracle Internet Directory, version
11.1.1.9.0
l
Oracle Java SE, versions 6u191, 7u181,
8u172, 10.0.1
l
Oracle Java SE Embedded, version 8u171
l
Oracle JDeveloper, versions 12.1.3.0.0,
12.2.1.2.0, 12.2.1.3.0
l
Oracle JRockit, version R28.3.18
l
Oracle Outside In Technology, version
8.5.3
l
Oracle Policy Automation, versions
10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6,
12.2.7, 12.2.8, 12.2.9, 12.2.10
l
Oracle Policy Automation Connector for
Siebel, version 10.4.6
l
Oracle Policy Automation for Mobile
Devices, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3,
12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10
l
Oracle Retail Back Office, versions
14.0, 14.1
l
Oracle Retail Bulk Data Integration,
version 16.0
l
Oracle Retail Central Office, versions
14.0, 14.1
l
Oracle Retail Clearance Optimization
Engine, version 14.0.5
l
Oracle Retail Convenience and Fuel POS
Software, version 2.1.132
l
Oracle Retail Customer Management and
Segmentation Foundation, versions 16.x, 17.x
l
Oracle Retail Financial Integration,
versions 13.2.x, 14.0.x, 14.1.x, 15.0.x, 16.0.x
l
Oracle Retail Integration Bus, versions
12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.0 14.1.0, 14.0.x, 14.1.x, 15.0, 15.0.x,
16.0, 16.0.x
l
Oracle Retail Order Broker, versions
5.2, 15.0, 16.0
l
Oracle Retail Point-of-Sale, versions
14.0, 14.1
l
Oracle Retail Point-of-Service,
versions 14.0, 14.1
l
Oracle Retail Predictive Application
Server, version 15.0.3
l
Oracle Retail Returns Management,
versions 14.0, 14.1
l
Oracle Retail Service Backbone,
versions 14.0.x, 14.1.x, 15.0.x, 16.0.x
l
Oracle Retail Service Layer, versions
12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.x
l
Oracle Secure Global Desktop, versions
5.3, 5.4
l
Oracle SOA Suite, versions 11.1.1.7.0,
11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
l
Oracle SuperCluster Specific Software,
versions prior t2.5.0
l
Oracle Transportation Management,
versions 6.2, 6.3.7, 6.4.1
l
Oracle Tuxedo, versions 12.1.1, 12.1.3,
12.2.2
l
Oracle Utilities Framework, version
4.3.x
l
Oracle Utilities Network Management
System, versions 1.12.x, 2.3.x
l
Oracle Utilities Work and Asset
Management, version 1.9.1.2.12
l
Oracle VM VirtualBox, versions prior
t5.2.16
l
Oracle WebCenter Portal, versions
11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
l
Oracle WebLogic Server, versions
10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3
l
OSS Support Tools, versions prior t18.3
l
PeopleSoft Enterprise CS Financial Aid,
versions 9.0, 9.2
l
PeopleSoft Enterprise FIN Install,
version 9.2
l
PeopleSoft Enterprise HCM Human Resources,
version 9.2
l
PeopleSoft Enterprise PeopleTools,
versions 8.55, 8.56
l
PeopleSoft HRMS, version 9.2
l
Primavera P6 Enterprise Project
PortfoliManagement, versions 8.4, 15.x, 16.x, 17.x
l
Primavera Unifier, versions 16.x, 17.x,
18.x
l
Siebel Applications, version 18.0
l
Solaris, versions 10, 11.2, 11.3
l
Solaris Cluster, versions 3.3, 4.3
l
Sun ZFS Storage Appliance Kit (AK),
versions prior t8.7.20
l
Tape Library ACSLS, versions Prior
tACSLS 8.4.0-3
▷ 해결 방안
l
"Oracle Critical Patch Update Advisory –
April 2018“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토
후 패치 적용 [1]
l JAVA SE 사용자는 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 설정 권고 [3]
▷ 참고 자료
- [1]
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- [2]
http://www.oracle.com/technetwork/java/javase/downloads/index.html
- [3] https://www.java.com/ko/download/help/java_update.xml