• Korea Council of Chief Information Security Officers
      회원안내      

자료실

  • HOME
  • 자료실
  • 보안 제품정보

자료실

보안 제품정보

2014년 1월 Oracle 보안 패치 권고 2014.01.16

Oracle 144개 보안취약점 업데이트 발표


[보안뉴스 김지언] Oracle 사의 제품에 보안취약점 144개가 발견돼 사용자들의 주의가 요구된다.



이와 관련 한국인터넷진흥원(이하 KISA)은 Oracle CPU에서 2014년 1월 보안취약점 패치를 발표했다고 밝혔다.


KISA 관계자는 “이번에 패치된 취약점이 원격 및 로컬 공격을 통해 취약한 서버를 공격하는데 악용될 가능성이 있고 DB의 가용성·기밀성·무결성에 영향을 줄 수 있는 취약점 등이 존재하므로 빠른 업데이트가 필요할 것”이라고 밝혔다. 이에 영향을 받는 시스템은 다음과 같다.

 

영향을 받는 시스템

△Oracle Database 11g Release 1, version 11.1.0.7 Database

△Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4 Database

△Oracle Database 12c Release 1, version 12.1.0.1 Database

△Oracle Fusion Middleware 11g Release 1, versions 11.1.1.6, 11.1.1.7 Fusion Middleware

△Oracle Fusion Middleware 11g Release 2, versions 11.1.2.0, 11.1.2.1 Fusion Middleware

△Oracle Fusion Middleware 12c Release 2, version 12.1.2 Fusion Middleware

△Oracle Containers for J2EE, version 10.1.3.5 Fusion Middleware

△Oracle Enterprise Data Quality, versions 8.1, 9.0.8 Fusion Middleware

△Oracle Forms and Reports 11g, Release 2, version 11.1.2.1 Fusion Middleware

△Oracle GlassFish Server, version 2.1.1, Sun Java Application Server, versions 8.1, 8.2 Fusion Middleware

△Oracle HTTP Server 11g, versions 11.1.1.6, 11.1.1.7 Fusion Middleware

△Oracle HTTP Server 12c, version 12.1.2 Fusion Middleware

△Oracle Identity Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.0, 11.1.2.1 Fusion Middleware

△Oracle Internet Directory, versions 11.1.1.6, 11.1.1.7 Fusion Middleware

△Oracle iPlanet Web Proxy Server, version 4.0 Fusion Middleware

△Oracle iPlanet Web Server, versions 6.1, 7.0 Fusion Middleware

△Oracle Outside In Technology, versions 8.4.0, 8.4.1 Fusion Middleware

△Oracle Portal, version 11.1.1.6 Fusion Middleware

△Oracle Reports Developer, versions 11.1.1.6, 11.1.1.7, 11.1.2.1 Fusion Middleware

△Oracle Traffic Director, versions 11.1.1.6, 11.1.1.7 Fusion Middleware

△Oracle WebCenter Portal versions 11.1.1.6.0, 11.1.1.7.0, 11.1.1.8.0 Fusion Middleware

△Oracle WebCenter Sites versions 11.1.1.6.1, 11.1.1.8.0 Fusion Middleware

△Oracle Hyperion Essbase Administration Services, versions 11.1.2.1, 11.1.2.2, 11.1.2.3 Fusion Middleware

△Oracle Hyperion Strategic Finance, versions 11.1.2.1, 11.1.2.2 Fusion Middleware

△Oracle E-Business Suite Release 11i, version 11.5.10.2 E-Business Suite

△Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 E-Business Suite

△Oracle Agile Product Lifecycle Management for Process, versions 6.0, 6.1, 6.1.1 Oracle Supply Chain

△Oracle AutoVue, versions 20.1.1 Oracle Supply Chain

△Oracle Demantra Demand Management, versions 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3 Oracle Supply Chain

△Oracle Transportation Management, versions 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2 Oracle Supply Chain

△Oracle PeopleSoft Enterprise HRMS, versions 9.1.0, 9.2.0 PeopleSoft

△Oracle PeopleSoft Enterprise HRMS Human Resources, versions 9.1, 9.2 PeopleSoft

△Oracle PeopleSoft Enterprise PeopleTools, versions 8.52, 8.53 PeopleSoft

△Oracle PeopleSoft Enterprise SCM Services Procurement, version 9.2 PeopleSoft

△Oracle Siebel Core, versions 8.1.1, 8.2.2 Siebel

△Oracle Siebel Life Sciences, versions 8.1.1, 8.2.2 Siebel

△Oracle iLearning, version 6.0 iLearning

△Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1, 12.0.2 Oracle FLEXCUBE

△Oracle JavaFX, versions 2.2.45 and earlier Oracle Java SE

△Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier Oracle Java SE

△Oracle Java SE Embedded, versions 7u45 and earlier Oracle Java SE

△Oracle JRockit, versions R27.7.7 and earlier, R28.2.9 and earlier Oracle Java SE

△Oracle Solaris versions 8, 9, 10, 11.1 Oracle and Sun Systems Products Suite

△Oracle Secure Global Desktop, versions 4.63.x, 4.71.x, 5.0.x, 5.10 Oracle Linux and Virtualization

△Oracle VM VirtualBox, versions prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, 4.3.6 Oracle Linux and Virtualization

△Oracle MySQL Enterprise Monitor, versions 2.3, 3.0 Oracle MySQL Product Suite

△Oracle MySQL Server, versions 5.1, 5.5, 5.6 Oracle MySQL Product Suite

 

이와 같이 취약점에 영향 받는 제품을 운영하고 있는 관리자는 참고사이트(http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html)에 명시되어 있는 ‘Affected Products and Components’와 ‘Patch Availability Table’ 내용을 확인하고 패치를 적용해야 한다.

[김지언 기자(boan4@boannews.com)]


<저작권자: 보안뉴스(http://www.boannews.com/) 무단전재-재배포금지>