[보안뉴스 김지언] MS 보안업데이트에 이어 오라클 제품군에서 다수의 보안취약점 패치가 발표됐다.

이와 관련 오라클 사는 Oracle Critical Patch Update(CPU)를 통해 오라클사의 제품을 대상으로 154개의 보안 패치를 발표하고 취약점에 대한 빠른 패치를 권고했다.

이번에 발견된 취약점은 원격·로컬 공격을 통해 취약한 서버를 공격하는데 악용될 수 있는 취약점, DB 가용성·기밀성·무결성에 영향을 줄 수 있는 취약점 등이다. 이에 영향을 받는 시스템은 다음과 같다.

△Oracle Database 11g Release 1, version 11.1.0.7

△Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4

△Oracle Database 12c Release 1, versions 12.1.0.1, 12.1.0.2

△Oracle Application Express, versions prior to 4.2.6

△Oracle Fusion Middleware 11g Release 1, versions 11.1.1.5, 11.1.1.7

△Oracle Fusion Middleware 11g Release 2, versions 11.1.2.1, 11.1.2.2, 11.1.2.4

△Oracle Fusion Middleware 12c, versions 12.1.1.0, 12.1.2.0, 12.1.3.0

△Oracle Fusion Applications, versions 11.1.2 through 11.1.8

△Oracle Access Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2

△Oracle Adaptive Access Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2

△Oracle Endeca Information Discovery Studio versions 2.2.2, 2.3, 2.4, 3.0, 3.1

△Oracle Enterprise Data Quality versions 8.1.2, 9.0.11

△Oracle Identity Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2

△Oracle JDeveloper, versions 10.1.3.5, 11.1.1.7, 11.1.2.4, 12.1.2.0, 12.1.3.0

△Oracle OpenSSO version 3.0-04

△Oracle WebLogic Server, versions 10.0.2, 10.3.6, 12.1.1, 12.1.2, 12.1.3

△Application Performance Management, versions prior to 12.1.0.6.2

△Enterprise Manager for Oracle Database Releases 10g, 11g, 12c

△Oracle E-Business Suite Release 11i version 11.5.10.2

△Oracle E-Business Suite Release 12 versions 12.0.4, 12.0.6, 12.1.1, 12.1.2,   12.1.3, 12.2.2, 12.2.3, 12.2.4

△Oracle Agile PLM, versions 9.3.1.2, 9.3.3

△Oracle Transportation Management, versions 6.1, 6.2, 6.3.0 through 6.3.5

△Oracle PeopleSoft Enterprise HRMS, version 9.2

△Oracle PeopleSoft Enterprise PeopleTools, versions 8.52, 8.53, 8.54

△Oracle JD Edwards EnterpriseOne Tools, version 8.98

△Oracle Communications MetaSolv Solution, versions MetaSolv Solution: 6.2.1.0.0, LSR: 9.4.0, 10.1.0, ASR: 49.0.0

△Oracle Communications Session Border Controller, version SCX640m5

△Oracle Retail Allocation, versions 10.0, 11.0, 12.0, 13.0, 13.1, 13.2

△Oracle Retail Clearance Optimization Engine, versions 13.3, 13.4, 14.0

△Oracle Retail Invoice Matching, versions 11.0, 12.0, 12.0 IN, 12.1, 13.0, 13.1, 13.2, 14.0

△Oracle Retail Markdown Optimization, versions 12.0, 13.0, 13.1, 13.2, 13.4

△Oracle Health Sciences Empirica Inspections, versions 1.0.1.0 and prior

△Oracle Health Sciences Empirica Signal, versions 7.3.3.3 and prior

△Oracle Health Sciences Empirica Study, versions 3.1.2.0 and prior

△Oracle Primavera Contract Management, versions 13.1, 14.0

△Oracle Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2, 8.3

△Oracle JavaFX, version 2.2.65

△Oracle Java SE, versions 5.0u71, 6u81, 7u67, 8u20

△Oracle Java SE Embedded, version 7u60

△Oracle JRockit, versions R27.8.3, R28.3.3

△Oracle Fujitsu server, versions M10-1, M10-4, M10-4S

△Oracle Solaris, versions 10, 11

△Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1

△Oracle VM VirtualBox, versions prior to 4.1.34, 4.2.26, 4.3.14

△Oracle MySQL Server, versions 5.5.39 and earlier, 5.6.20 and earlier     

이를 해결하기 위해서는 ‘Oracle Critical Patch Update Advisory - October 2014’ 문서를 검토하고 벤더사 및 유지보수업체와 협의해 패치를 적용해야 한다.

[김지언 기자(boan4@boannews.com)]

<저작권자: 보안뉴스(http://www.boannews.com/) 무단전재-재배포금지>