□ 개요
o 오라클社 CPU에서 자사 제품의 보안취약점 253개에 대한 패치를 발표[1]
※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
o 영향 받는 버전의 사용자는 악성코드 감염에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고
□ 영향 받는 소프트웨어
o Application Express, version(s) prior to 5.0.4.0.7
o Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2
o Oracle Secure Backup, version(s) prior to 10.4.0.4.0, prior to 12.1.0.2.0
o Big Data Graph, version(s) prior to 1.2
o NetBeans, version(s) 8.1
o Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
o Oracle Big Data Discovery, version(s) 1.1.1, 1.1.3, 1.2.0
o Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.1.1.0.0, 12.2.1.1.0
o Oracle Data Integrator, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0
o Oracle Discoverer, version(s) 11.1.1.7.0
o Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.3, 11.1.2.4, 12.1.3.0, 12.2.1.0, 12.2.1.1
o Oracle GlassFish Server, version(s) 2.1.1, 3.0.1, 3.1.2
o Oracle Identity Manager, version(s) -
o Oracle iPlanet Web Proxy Server, version(s) 4.0
o Oracle iPlanet Web Server, version(s) 7.0
o Oracle Outside In Technology, version(s) 8.4.0, 8.5.1, 8.5.2, 8.5.3
o Oracle Platform Security for Java, version(s) 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0
o Oracle Web Services, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0
o Oracle WebCenter Sites, version(s) 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0
o Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1
o Enterprise Manager, version(s) 12.1.4, 12.2.2, 12.3.2
o Enterprise Manager Base Platform, version(s) 12.1.0.5
o Oracle Application Testing Suite, version(s) 12.5.0.1, 12.5.0.2, 12.5.0.3
o Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
o Oracle Advanced Supply Chain Planning, version(s) 12.2.3, 12.2.4, 12.2.5
o Oracle Agile Engineering Data Management, version(s) 6.1.3.0, 6.2.0.0
o Oracle Agile PLM, version(s) 9.3.4, 9.3.5
o Oracle Agile Product Lifecycle Management for Process, version(s) 6.1.0.4, 6.1.1.6, 6.2.0.0
o Oracle Transportation Management, version(s) 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7
o PeopleSoft Enterprise HCM, version(s) 9.2
o PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55
o PeopleSoft Enterprise SCM Services Procurement, version(s) 9.1, 9.2 PeopleSoft
o JD Edwards EnterpriseOne Tools, version(s) 9.1
o JD Edwards World Security, version(s) A9.4
o Siebel Applications, version(s) 7.1, 16.1
o Oracle Commerce Guided Search, version(s) 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2
o Oracle Commerce Guided Search / Oracle Commerce Experience Manager, version(s) 3.1.1, 3.1.2, 6.2.2, 6.3.0, 6.4.1.2,
6.5.0, 6.5.1, 6.5.2, 11.0, 11.1, 11.2
o Oracle Commerce Platform, version(s) 10.0.3.5, 10.2.0.5, 11.2.0.1
o Oracle Commerce Service Center, version(s) 10.0.3.5, 10.2.0.5
o Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9
o Oracle Communications Policy Management, version(s) 9.7.3, 9.9.1, 10.4.1, 12.1.1 and prior
o Oracle Enterprise Communications Broker, version(s) Pcz2.0.0m4p5 and earlier
o Oracle Enterprise Session Border Controller, version(s) Ecz7.3m2p2 and earlier
o Oracle Banking Digital Experience, version(s) 15.1
o Oracle Financial Services Analytical Applications Infrastructure, version(s) 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 8.0.0,
8.0.1, 8.0.2, 8.0.3
o Oracle Financial Services Lending and Leasing, version(s) 14.1.0, 14.2.0
o Oracle FLEXCUBE Core Banking, version(s) 11.5.0.0.0, 11.6.0.0.0
o Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.1.0
o Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1
o Oracle FLEXCUBE Private Banking, version(s) 2.0.0, 2.0.1, 2.2.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0
o Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.87.1, 12.87.2
o Oracle Life Sciences Data Hub, version(s) 2.x
o Oracle Hospitality OPERA 5 Property Services, version(s) 5.4.0.0, 5.4.1.0, 5.4.2.0, 5.4.3.0, 5.5.0.0, 5.5.1.0
o Oracle Insurance IStream, version(s) 4.3.2
o MICROS XBR, version(s) 7.0.2, 7.0.4
o Oracle Retail Back Office, version(s) 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, 14.1
o Oracle Retail Central Office, version(s) 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, 14.1
o Oracle Retail Clearance Optimization Engine, version(s) 13.2, 13.3, 13.4, 14.0
o Oracle Retail Customer Insights, version(s) 15.0
o Oracle Retail Merchandising Insights, version(s) 15.0
o Oracle Retail Returns Management, version(s) 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, 14.1
o Oracle Retail Xstore Payment, version(s) 1.x
o Oracle Retail Xstore Point of Service, version(s) 5.0, 5.5, 6.0, 6.5, 7.0, 7.1
o Primavera P6 Enterprise Project Portfolio Management, version(s) 8.4, 15.x, 16.x
o Primavera P6 Professional Project Management, version(s) 8.3, 8.4, 15.x, 16.x
o Oracle Java SE, version(s) 6u121, 7u111, 8u102
o Oracle Java SE Embedded, version(s) 8u101
o Solaris, version(s) 10, 11.3
o Solaris Cluster, version(s) 3.3, 4.3
o Sun ZFS Storage Appliance Kit (AK), version(s) AK 2013
o Oracle VM VirtualBox, version(s) prior to 5.0.28, prior to 5.1.8
o Secure Global Desktop, version(s) 4.7, 5.2
o Sun Ray Operating Software, version(s) prior to 11.1.7
o Virtual Desktop Infrastructure, version(s) prior to 3.5.3
o MySQL Connector, version(s) 2.0.4 and prior, 2.1.3 and prior
o MySQL Server, version(s) 5.5.52 and prior, 5.6.33 and prior, 5.7.15 and prior
※ 영향받는 시스템의 상세 정보는 참고사이트[1]를 참조
□ 해결방안
o "Oracle Critical Patch Update Advisory - October 2016" 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와
협의/검토 후 패치 적용[1]
o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고[3]
[참고사이트]
[1] http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] http://www.java.com/ko/download/help/java_update.xml
'취약점 정보2' 카테고리의 다른 글
리눅스 로컬 권한 상승(Dirty Cow) 취약점 보안 업데이트 권고 (0) | 2016.10.21 |
---|---|
시스코 제품군 업데이트 안내 (0) | 2016.10.20 |
한컴 자동 업데이트 시 위험 요소 해결 방법 안내 (0) | 2016.10.18 |
한컴오피스 업데이트 안내 (0) | 2016.10.18 |
EMC Unisphere에서 제로데이 취약점 발견 (0) | 2016.10.17 |