보안정보

취약점 정보

취약점정보

2017년 7월 Oracle Critical Patch Update 권고

2017-07-26
  • 해당제품

    o Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1
    o Oracle REST Data Services, versions prior to 3.0.10.25.02.36
    o Oracle API Gateway, version 11.1.2.4.0
    o Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
    o Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
    o Oracle Data Integrator, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0
    o Oracle Endeca Server, versions 7.3.0.0, 7.4.0.0, 7.5.0.0, 7.5.1.0, 7.6.0.0, 7.6.1.0, 7.7.0.0
    o Oracle Enterprise Data Quality, version 8.1.13.0.0
    o Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0
    o Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.1, 12.2.1.2
    o Oracle OpenSSO, version 3.0.0.8
    o Oracle Outside In Technology, version 8.5.3.0
    o Oracle Secure Enterprise Search, version 11.2.2.2.0
    o Oracle Service Bus, version 11.1.1.9.0
    o Oracle Traffic Director, versions 11.1.1.7.0, 11.1.1.9.0
    o Oracle Tuxedo, version 12.1.1
    o Oracle Tuxedo System and Applications Monitor, versions 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.2, 12.1.1.1.0, 12.1.3.0.0, 12.2.2.0.0
    o Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
    o Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.1, 12.2.1.2
    o Hyperion Essbase, version 12.2.1.1
    o Enterprise Manager Base Platform, versions 12.1.0, 13.1.0, 13.2.0
    o Enterprise Manager Ops Center, versions 12.2.2, 12.3.2
    o Oracle Application Testing Suite, versions 12.5.0.2, 12.5.0.3
    o Oracle Business Transaction Management, versions 11.1.x, 12.1.x
    o Oracle Configuration Manager, versions prior to 12.1.2.0.4
    o Application Management Pack for Oracle E-Business Suite, versions AMP 12.1.0.4.0, AMP 13.1.1.1.0
    o Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
    o Oracle Agile PLM, versions 9.3.5, 9.3.6
    o Oracle Transportation Management, versions 6.1, 6.2, 6.3.4.1, 6.3.5.1, 6.3.6.1, 6.3.7.1, 6.4.0, 6.4.1, 6.4.2
    o PeopleSoft Enterprise FSCM, version 9.2
    o PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55
    o PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.0
    o Siebel Applications, versions 16.0, 17.0
    o Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 6.1.4, 11.0, 11.1, 11.2
    o Oracle iLearning, version 6.2
    o Oracle Fusion Applications, versions 11.1.2 through 11.1.9
    o Oracle Communications BRM, versions 11.2.0.0.0, 11.3.0.0.0
    o Oracle Communications Convergence, versions 3.0, 3.0.1
    o Oracle Communications EAGLE LNP Application Processor, version 10.0
    o Oracle Communications Network Charging and Control, versions 4.4.1.5, 5.0.0.1, 5.0.0.2, 5.0.1.0, 5.0.2.0
    o Oracle Communications Policy Management, version 11.5
    o Oracle Communications Session Router, versions ECZ730, SCZ730, SCZ740
    o Oracle Enterprise Communications Broker, version PCZ210
    o Oracle Enterprise Session Border Controller, version ECZ7.3.0
    o Financial Services Behavior Detection Platform, versions 8.0.1, 8.0.2
    o Oracle Banking Platform, versions 2.3, 2.4, 2.4.1, 2.5
    o Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3
    o Oracle FLEXCUBE Private Banking, versions 2.0.0, 2.0.1, 2.2.0, 12.0.1
    o Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0
    o Hospitality Hotel Mobile, versions 1.01, 1.05, 1.1
    o Hospitality Property Interfaces, version 8.10.x
    o Hospitality Suite8, version 8.10.x
    o Hospitality WebSuite8 Cloud Service, versions 8.9.6, 8.10.x
    o MICROS BellaVita, version 2.7.x
    o MICROS PC Workstation 2015, versions Prior to O1302h
    o MICROS Workstation 650, versions Prior to E1500n
    o Oracle Hospitality 9700, version 4.0
    o Oracle Hospitality Cruise AffairWhere, version 2.2.05.062
    o Oracle Hospitality Cruise Dining Room Management, version 8.0.75
    o Oracle Hospitality Cruise Fleet Management, version 9.0
    o Oracle Hospitality Cruise Materials Management, version 7.30.562
    o Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.0.0
    o Oracle Hospitality e7, version 4.2.1
    o Oracle Hospitality Guest Access, versions 4.2.0.0, 4.2.1.0
    o Oracle Hospitality Inventory Management, versions 8.5.1, 9.0.0
    o Oracle Hospitality Materials Control, versions 8.31.4, 8.32.0
    o Oracle Hospitality OPERA 5 Property Services, versions 5.4.0.x, 5.4.1.x, 5.4.3.x
    o Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0
    o Oracle Hospitality RES 3700, version 5.5
    o Oracle Hospitality Simphony, versions 2.8, 2.9
    o Oracle Hospitality Simphony First Edition, version 1.7.1
    o Oracle Hospitality Simphony First Edition Venue Management, version 3.9
    o Oracle Hospitality Suites Management, version 3.7
    o Oracle Payment Interface, version 6.1.1
    o Oracle Retail Allocation, versions 13.3.1, 14.0.4, 14.1.3, 15.0.1, 16.0.1
    o Oracle Retail Customer Insights, versions 15.0, 16.0
    o Oracle Retail Open Commerce Platform, versions 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0, 15.1
    o Oracle Retail Warehouse Management System, versions 14.0.4, 14.1.3, 15.0.1
    o Oracle Retail Workforce Management, versions 1.60.7, 1.64.0
    o Oracle Retail Xstore Point of Service, versions 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x, 16.0.0
    o Oracle Policy Automation, versions 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3
    o Primavera Gateway, versions 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2
    o Primavera P6 Enterprise Project Portfolio Management, versions 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
    o Primavera Unifier, versions 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1, 16.2
    o Java Advanced Management Console, version 2.6
    o Oracle Java SE, versions 6u151, 7u141, 8u131
    o Oracle Java SE Embedded, version 8u131
    o Oracle JRockit, version R28.3.14
    o Solaris, versions 10, 11
    o Solaris Cluster, version 4
    o Sun ZFS Storage Appliance Kit (AK), version AK 2013
    o Oracle VM VirtualBox, versions prior to 5.1.24
    o MySQL Cluster, versions 7.3.5 and prior
    o MySQL Connectors, versions 5.3.7 and prior, 6.1.10 and prior
    o MySQL Enterprise Monitor, versions 3.1.5.7958 and prior, 3.2.5.1141 and prior, 3.2.7.1204 and prior, 3.3.2.1162 and prior, 3.3.3.1199 and prior
    o MySQL Server, versions 5.5.56 and prior, 5.6.36 and prior, 5.7.18 and prior
    o Oracle Explorer, versions prior to 8.16
    ※ 영향받는 시스템의 상세 정보는 참고사이트[1]를 참조

  • 작성 일자

    2017-07-19

  • 취약점 요약정보

    o 오라클社 CPU에서 자사 제품의 보안취약점 308개에 대한 패치를 발표[1]
    ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

  • 취약점 상세정보

    o 영향 받는 버전의 사용자는 악성코드 감염에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고

  • 해결방법

    o "Oracle Critical Patch Update Advisory - July 2017“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용[1]
    o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고[3]

    [참고사이트]
    [1]http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
    [2]http://www.oracle.com/technetwork/java/javase/downloads/index.html
    [3]http://www.java.com/ko/download/help/java_update.xml

웨스트코스트랩/한국산업기술시험원 /OPSWAT/국정원/ICSA/바이러스 블러틴
사이트맵 메뉴 닫기