• Korea Council of Chief Information Security Officers
      회원안내      

자료실

  • HOME
  • 자료실
  • 보안 제품정보

자료실

보안 제품정보

오라클, 자사 제품 보안취약점 276개 패치 2016.07.21

2016년 7월 Oracle Critical Patch Update 권고

[보안뉴스 민세아] 오라클 CPU(Critical Patch Update)에서 자사 제품의 보안취약점 276개에 대한 패치를 발표했다.

영향 받는 버전의 사용자는 악성코드 감염에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트하는 것이 안전하다.

해당 취약점으로 영향받는 버전은 다음과 같다.

- Application Express, version(s) prior to 5.0.4
- Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2
- Oracle Access Manager, version(s) 10.1.4.x, 11.1.1.7
- Application Express, version(s) prior to 5.0.4
- Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2
- Oracle Access Manager, version(s) 10.1.4.x, 11.1.1.7
- Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
- Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.2.1.0.0
- Oracle Directory Server Enterprise Edition, version(s) 7.0, 11.1.1.7.0
- Oracle Exalogic Infrastructure, version(s) 1.x, 2.x
- Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.8, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.0
- Oracle GlassFish Server, version(s) 2.1.1, 3.0.1, 3.1.2
- Oracle HTTP Server, version(s) 11.1.1.9, 12.1.3.0
- Oracle JDeveloper, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0
- Oracle Portal, version(s) 11.1.1.6
- Oracle TopLink, version(s) 12.1.3.0, 12.2.1.0, 12.2.1.1
- Oracle WebCenter Sites, version(s) 11.1.1.8, 12.2.1.0
- Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0
- Outside In Technology, version(s) 8.5.0, 8.5.1, 8.5.2
- Hyperion Financial Reporting, version(s) 11.1.2.4
- Enterprise Manager Base Platform, version(s) 12.1.0.5, 13.1.0.0
- Enterprise Manager for Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9
- Enterprise Manager Ops Center, version(s) 12.1.4, 12.2.2, 12.3.2
- Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5
- Oracle Agile Engineering Data Management, version(s) 6.1.3.0, 6.2.0.0
- Oracle Agile PLM, version(s) 9.3.4, 9.3.5
- Oracle Demand Planning, version(s) 12.1, 12.2
- Oracle Transportation Management, version(s) 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1
- PeopleSoft Enterprise FSCM, version(s) 9.1, 9.2
- PeopleSoft Enterprise PeopleTools, version(s) 8.53, 8.54, 8.55
- JD Edwards EnterpriseOne Tools, version(s) 9.2.0.5
- Oracle Knowledge, version(s) 8.5.x
- Siebel Applications, version(s) 8.1.1, 8.2.2, IP2014, IP2015, IP2016
- Oracle Fusion Applications, version(s) 11.1.2 through 11.1.10
- Oracle Communications ASAP, version(s) 7.0, 7.2, 7.3
- Oracle Communications Core Session Manager, version(s) 7.2.5, 7.3.5
- Oracle Communications EAGLE Application Processor, version(s) 16.0
- Oracle Communications Messaging Server, version(s) 6.3, 7.0, 8.0, Prior to 7.0.5.37.0 and 8.0.1.1.0
- Oracle Communications Network Charging and Control, version(s) 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0
- Oracle Communications Operations Monitor, version(s) prior to 3.3.92.0.0
- Oracle Communications Policy Management, version(s) prior to 9.9.2
- Oracle Communications Session Border Controller, version(s) 7.2.0, 7.3.0
- Oracle Communications Unified Session Manager, version(s) 7.2.5, 7.3.5
- Oracle Enterprise Communications Broker, version(s) Prior to PCz 2.0.0m4p1
- Oracle Banking Platform, version(s) 2.3.0, 2.4.0, 2.4.1, 2.5.0
- Oracle Financial Services Lending and Leasing, version(s) 14.1, 14.2
- Oracle FLEXCUBE Direct Banking, version(s) 12.0.1, 12.0.2, 12.0.3
- Oracle Health Sciences Clinical Development Center, version(s) 3.1.1.x, 3.1.2.x
- Oracle Health Sciences Information Manager, version(s) 1.2.8.3, 2.0.2.3, 3.0.1.0
- Oracle Healthcare Analytics Data Integration, version(s) 3.1.0.0.0
- Oracle Healthcare Master Person Index, version(s) 2.0.12, 3.0.0, 4.0.1
- Oracle Documaker, version(s) prior to 12.5
- Oracle Insurance Calculation Engine, version(s) 9.7.1, 10.1.2, 10.2.2
- Oracle Insurance Policy Administration J2EE, version(s) 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, 10.2.2
- Oracle Insurance Rules Palette, version(s) 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, 10.2.2
- MICROS Retail XBRi Loss Prevention, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1
- Oracle Retail Central, Back Office, Returns Management, version(s) 13.1, 13.2, 13.3, 13.4, 14.0, 14.1, 12.0 13.0
- Oracle Retail Integration Bus, version(s) 13.0, 13.1, 13.2, 14.0, 14.1, 15.0
- Oracle Retail Order Broker, version(s) 4.1, 5.1, 5.2, 15.0
- Oracle Retail Service Backbone, version(s) 13.0, 13.1, 13.2, 14.0, 14.1, 15.0
- Oracle Retail Store Inventory Management, version(s) 12.0, 13.0, 13.1, 13.2, 14.0, 14.1
- Oracle Utilities Framework, version(s) 2.2.0.0.0, 4.1.0.1.0, 4.1.0.2.0, 4.2.0.1.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0, 4.3.0.2.0
- Oracle Utilities Network Management System, version(s) 1.10.0.6.27, 1.11.0.4.41, 1.11.0.5.4, 1.12.0.1.16, 1.12.0.2.12. 1.12.0.3.5
- Oracle Utilities Work and Asset Management, version(s) 1.9.1.2.8
- Oracle In-Memory Policy Analytics, version(s) 12.0.1
- Oracle Policy Automation, version(s) 10.3.0, 10.3.1, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 12.1.0, 12.1.1
- Oracle Policy Automation Connector for Siebel, version(s) 10.3.0, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6
- Oracle Policy Automation for Mobile Devices, version(s) 12.1.1
- Primavera Contract Management, version(s) 14.2
- Primavera P6 Enterprise Project Portfolio Management, version(s) 8.2, 8.3, 8.4, 15.1, 15.2, 16.1
- Oracle Java SE, version(s) 6u115, 7u101, 8u92
- Oracle Java SE Embedded, version(s) 8u91
- Oracle JRockit, version(s) R28.3.10
- 40G 10G 72/64 Ethernet Switch, version(s) 2.0.0
- Fujitsu M10-1, M10-4, M10-4S Servers, version(s) prior to XCP 2320
- ILOM, version(s) 3.0, 3.1, 3.2
- Oracle Switch ES1-24, version(s) 1.3
- Solaris, version(s) 10, 11.3
- Solaris Cluster, version(s) 3.3, 4.3
- SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, version(s) prior to XCP 1121
- Sun Blade 6000 Ethernet Switched NEM 24P 10GE, version(s) 1.2
- Sun Data Center InfiniBand Switch 36, version(s) prior to 2.2.2
- Sun Network 10GE Switch 72p, version(s) 1.2
- Sun Network QDR InfiniBand Gateway Switch, version(s) prior to 2.2.2
- Oracle Secure Global Desktop, version(s) 4.63, 4.71, 5.2
- Oracle VM VirtualBox, version(s) prior to 5.0.26
- MySQL Server, version(s) 5.5.49 and prior, 5.6.30 and prior, 5.7.12 and prior

해당되는 취약 시스템 버전 이용자는 ‘Oracle Critical Patch Update Advisory - July 2016’ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의 및 검토 후 패치를 적용해야 한다. 또한. JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드 받아 설치해 해결할 수 있다.

영향받는 시스템의 상세 정보는 아래의 참고사이트를 확인하거나 한국인터넷진흥원 인터넷침해대응센터(국번없이 118)로 문의하면 된다.

[참고사이트]
1. http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
2. http://www.oracle.com/technetwork/java/javase/downloads/index.html
3. http://www.java.com/ko/download/help/java_update.xml
[민세아 기자(boan5@boannews.com)]

<저작권자: 보안뉴스(www.boannews.com) 무단전재-재배포금지>