• Korea Council of Chief Information Security Officers
      회원안내      

자료실

  • HOME
  • 자료실
  • 보안 제품정보

자료실

보안 제품정보

오라클 252개 취약점 보안 업데이트 필수 2017.10.22

오라클 발표 2017년 10월 Oracle Critical 패치 리스트

[보안뉴스 김경애 기자] 오라클에서 2017년 10월 Oracle Critical 패치 업데이트를 발표했다.
이번 업데이트에서는 오라클 제품에서 발견된 보안취약점 252개를 패치했다, 따라서 영향 받는 버전의 사용자는 악성코드 감염에 취약할 수 있어 최신 버전으로 업데이트해야 한다.

[이미지=오라클]


취약점에 영향 받는 시스템은 다음과 같다.
△Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2340 and prior to XCP3030
△Java Advanced Management Console, version 2.7
△JD Edwards EnterpriseOne Tools, version 9.2

△JD Edwards World Security, versions A9.1, A9.2, A9.3, A9.4
△Management Pack for Oracle GoldenGate, version 11.2.1.0.12
△MICROS Retail XBRi Loss Prevention, versions 10.0.1, 10.5.0, 10.6.0, 10.7.7, 10.8.0, 10.8.1

△MySQL Connectors, versions 6.9.9 and prior
△MySQL Enterprise Monitor, versions 3.2.8.2223 and prior, 3.3.4.3247 and prior, 3.4.2.4181 and prior
△MySQL Server, versions 5.5.57 and prior, 5.6.37 and prior, 5.7.19 and prior

△Oracle Access Manager, version 11.1.2.3.0
△Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0
△Oracle Agile PLM, versions 9.3.5, 9.3.6

△Oracle API Gateway, version 11.1.2.4.0
△Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
△Oracle Business Intelligence Enterprise Edition, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0

△Oracle Business Process Management Suite, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0
△Oracle Communications Billing and Revenue Management, version 7.5
△Oracle Communications Diameter Signaling Router (DSR), version 7.x

△Oracle Communications EAGLE LNP Application Processor, version 10.x
△Oracle Communications Messaging Server, version 8.x
△Oracle Communications Order and Service Management, versions 7.2.4.x.x, 7.3.0.x.x, 7.3.1.x.x, 7.3.5.x.x

△Oracle Communications Policy Management, versions 11.5, 12.x
△Oracle Communications Services Gatekeeper, versions 5.1, 6.0
△Oracle Communications Unified Session Manager, version SCz 7.x

△Oracle Communications User Data Repository, version 10.x
△Oracle Communications WebRTC Session Controller, versions 7.0, 7.1, 7.2
△Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1

△Oracle Directory Server Enterprise Edition, version 11.1.1.7.0
△Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
△Oracle Endeca Information Discovery Integrator, versions 2.4, 3.0, 3.1, 3.2

△Oracle Engineering Data Management, versions 6.1.3.0, 6.2.2.0
△Oracle Enterprise Manager Ops Center, versions 12.2.2, 12.3.2
△Oracle FLEXCUBE Universal Banking, versions 11.3, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0

△Oracle Fusion Applications, versions 11.1.2 through 11.1.9
△Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.1, 12.2.1.2, 12.2.1.3
△Oracle GlassFish Server, versions 3.0.1, 3.1.2

△Oracle Healthcare Master Person Index, version 4.x
△Oracle Hospitality Cruise AffairWhere, versions 2.2.5.0, 2.2.6.0, 2.2.7.0
△Oracle Hospitality Cruise Fleet Management, version 9.0.2.0

△Oracle Hospitality Cruise Materials Management, version 7.30.564.0
△Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.2.0
△Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1

△Oracle Hospitality Hotel Mobile, version 1.1
△Oracle Hospitality OPERA 5 Property Services, versions 5.4.2.x through 5.5.1.x
△Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0

△Oracle Hospitality Simphony, versions 2.6, 2.7, 2.8, 2.9
△Oracle Hospitality Suite8, versions 8.10.1, 8.10.2
△Oracle HTTP Server, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0

△Oracle Hyperion BI+, version 11.1.2.4
△Oracle Hyperion Financial Reporting, version 11.1.2
△Oracle Identity Manager, version 11.1.2.3.0

△Oracle Identity Manager Connector, version 9.1.1.5.0
△Oracle Integrated Lights Out Manager (ILOM), versions prior to 3.2.6
△Oracle iPlanet Web Server, version 7.0

△Oracle Java SE, versions 6u161, 7u151, 8u144, 9
△Oracle Java SE Embedded, version 8u144
△Oracle JDeveloper, versions 12.1.3.0.0, 12.2.1.2.0

△Oracle JRockit, version R28.3.15
△Oracle Managed File Transfer, versions 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0
△Oracle Outside In Technology, version 8.5.3.0

△Oracle Retail Back Office, versions 13.2, 13.3, 13.4, 14.0, 14.1
△Oracle Retail Clearance Optimization Engine, version 13.4
△Oracle Retail Convenience and Fuel POS Software, version 2.1.132

△Oracle Retail Markdown Optimization, versions 13.4, 14.0
△Oracle Retail Point-of-Service, versions 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x, 16.0.0
△Oracle Retail Store Inventory Management, versions 13.2.9, 14.0.4, 14.1.3, 15.0.1, 16.0.1

△Oracle Retail Xstore Point of Service, versions 6.0.11, 6.5.11, 7.0.6, 7.1.6, 15.0.1
△Oracle Secure Global Desktop (SGD), version 5.3
△Oracle SOA Suite, version 11.1.1.7.0

△Oracle Transportation Management, versions 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.1, 6.4.2
△Oracle Virtual Directory, versions 11.1.1.7.0, 11.1.1.9.0
△Oracle VM VirtualBox, versions prior to 5.1.30

△Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
△Oracle WebCenter Sites, versions 11.1.1.8.0, 12.2.1.2.0
△Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0

△PeopleSoft Enterprise FSCM, version 9.2
△PeopleSoft Enterprise HCM, version 9.2
△PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55, 8.56

△PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.00
△PeopleSoft Enterprise PT PeopleTools, versions 8.54, 8.55, 8.56
△PeopleSoft Enterprise SCM eProcurement, versions 9.1.00, 9.2.00

△Primavera Unifier, versions 9.13, 9.14, 10.x, 15.x, 16.x
△Siebel Applications, versions 16.0, 17.0
△Solaris Cluster, versions 3.3, 4.3

△SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, versions prior to XCP 1123
△SPARC M7, T7, S7 based Servers, versions prior to 9.7.6.b
△Sun ZFS Storage Appliance Kit (AK), version AK 2013
△Tekelec HLR Router, version 4.x

이에 ‘Oracle Critical Patch Update Advisory - July 2017’ 문서와 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의 및 검토 후 패치를 적용[1]해야 한다.

Java SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정[3]하는 것이 바람직하다.

좀더 자세한 문의사항은 한국인터넷진흥원 인터넷침해대응센터(국번없이 118)에 문의하면 된다.

[참고사이트]
[1] http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] http://www.java.com/ko/download/help/java_update.xml

[김경애 기자(boan3@boannews.com)]

<저작권자: 보안뉴스(www.boannews.com) 무단전재-재배포금지>