□ 개요
o 오라클社 CPU에서 자사 제품의 보안취약점 270개에 대한 패치를 발표[1]
※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
o 영향 받는 버전의 사용자는 악성코드 감염에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고
□ 영향 받는 소프트웨어
o Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2
o Oracle Secure Backup, version(s) prior to 12.1.0.3
o Spatial, version(s) prior to 1.2
o Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.3, 11.1.2.4, 12.1.3.0, 12.2.1.0, 12.2.1.1
o Oracle GlassFish Server, version(s) 2.1.1, 3.0.1, 3.1.2
o Oracle JDeveloper, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0
o Oracle Outside In Technology, version(s) 8.5.2, 8.5.3
o Oracle Tuxedo, version(s) 12.1.1
o Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1
o Application Testing Suite, version(s) 12.4.0.2, 12.5.0.2, 12.5.0.3
o Enterprise Manager Base Platform, version(s) 12.1.0.5, 13.1, 13.2
o Enterprise Manager Ops Center, version(s) 12.1.4, 12.2.2, 12.3.2
o Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
o Oracle Transportation Management, version(s) 6.1, 6.2
o PeolpeSoft Enterprise HCM ePerformance, version(s) 9.2
o PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55
o JD Edwards EnterpriseOne Tools, version(s) 9.2
o Siebel Applications, version(s) 16.1
o Oracle Commerce Platform, version(s) 10.0.3.5, 10.2.0.5, 11.2.0.2
o Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9
o Oracle Communications Indexing and Search Service, version(s) prior to 1.0.5.28.0
o Oracle Communications Network Charging and Control, version(s) 4.4.1.5, 5.0.0.1, 5.0.0.2, 5.0.1.0, 5.0.2.0
o Oracle Communications Network Intelligence, version(s) 7.3.0.0
o Oracle FLEXCUBE Core Banking, version(s) 5.1.0, 5.2.0, 11.5.0
o Oracle FLEXCUBE Direct Banking, version(s) 12.0.0, 12.0.1, 12.0.2, 12.0.3
o Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.0.2
o Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1, 12.0.2, 12.0.4, 12.1.0, 12.3.0
o Oracle FLEXCUBE Private Banking, version(s) 2.0.1, 2.2.0, 12.0.1
o Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0
o MICROS Lucas, version(s) 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5
o Oracle Retail Allocation, version(s) 12.0, 13.0, 13.1, 13.2, 13.3, 14.0, 14.1
o Oracle Retail Assortment Planning, version(s) 14.1, 15.0
o Oracle Retail Order Broker, version(s) 4.1, 5.1, 5.2, 15.0, 16.0
o Oracle Retail Predictive Application Server, version(s) 13.1, 13.2, 13.3, 13.4, 14.0, 14.1, 15.0
o Oracle Retail Price Management, version(s) 13.1, 13.2, 14.0, 14.1
o Primavera P6 Enterprise Project Portfolio Management, version(s) 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
o Oracle Java SE, version(s) 6u131, 7u121, 8u112
o Oracle Java SE Embedded, version(s) 8u111
o Oracle JRockit, version(s) R28.3.12
o Oracle VM Server for Sparc, version(s) 3.2, 3.4
o Solaris, version(s) 11.3
o Oracle VM VirtualBox, version(s) prior to 5.0.32, prior to 5.1.14
o MySQL Cluster, version(s) 7.2.26 and prior, 7.3.14 and prior, 7.4.12 and prior
o MySQL Enterprise Monitor, version(s) 3.1.3.7856 and prior, 3.1.4.7895 and prior, 3.1.5.7958 and prior,
3.2.1.1049 and prior, 3.2.4.1102 and prior, 3.3.0.1098 and prior
o MySQL Server, version(s) 5.5.53 and prior, 5.6.34 and prior, 5.7.16 and prior
※ 영향받는 시스템의 상세 정보는 참고사이트[1]를 참조
□ 해결방안
o "Oracle Critical Patch Update Advisory - January 2017" 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와
협의/검토 후 패치 적용[1]
o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고[3]
[참고사이트]
[1] http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] http://www.java.com/ko/download/help/java_update.xml
'취약점 정보2' 카테고리의 다른 글
| 곰플레이어 업데이트 내역 (0) | 2017.01.20 |
|---|---|
| mysql-5.5 security update (0) | 2017.01.20 |
| Java 8 Update 121(8u121) 릴리스 주요 기능 (0) | 2017.01.19 |
| java 업데이트 소식 (0) | 2017.01.19 |
| SMB Security Best Practices (0) | 2017.01.18 |