[EhostICT] 2019년 4월 Oracle Critical Patch Update 권고

□ 개요

 o 오라클社 CPU에서 자사 제품의 보안 취약점 297개에 대한 패치를 발표 [1]

  ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

 o 영향 받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고

 

□ 영향받는 제품 및 버전

Agile Recipe Management for Pharmaceuticals, versions 9.3.3, 9.3.4

Enterprise Manager Base Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0

Enterprise Manager Ops Center, version 12.3.3

FMW Platform, version 12.2.1.3.0

Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3

JD Edwards EnterpriseOne Tools, version 9.2

JD Edwards World Technical Foundation, versions A9.2, A9.3.1, A9.4

MICROS Lucas, versions 2.9.5.6, 2.9.5.7

MICROS Relate CRM Software, version 11.4

MICROS Retail-J, version 12.1.2

MySQL Connectors, versions 5.3.12 and prior, 8.0.15 and prior

MySQL Enterprise Backup, versions 3.12.3 and prior, 4.1.2 and prior

MySQL Enterprise Monitor, versions 4.0.8 and prior, 8.0.14 and prior

MySQL Server, versions 5.6.43 and prior, 5.7.25 and prior, 8.0.15 and prior

Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5

Oracle API Gateway, version 11.1.2.4.0

Oracle Application Testing Suite, version 13.3.0.1

Oracle AutoVue 3D Professional Advanced, versions 21.0.0, 21.0.1

Oracle Banking Platform, versions 2.4.0, 2.4.1, 2.5.0, 2.6.0

Oracle Berkeley DB, versions prior to 6.138, prior to 18.1.32

Oracle BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

Oracle Business Transaction Management, version 12.1.0

Oracle Commerce Merchandising, version 11.2.0.3

Oracle Commerce Platform, versions 11.2.0.3, 11.3.1

Oracle Communications Application Session Controller, versions 3.7.1, 3.8.0

Oracle Communications EAGLE Application Processor, versions 16.1.0, 16.2.0

Oracle Communications EAGLE LNP Application Processor, versions 10.0, 10.1, 10.2

Oracle Communications Instant Messaging Server, version 10.0.1

Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2

Oracle Communications LSMS, versions 13.1, 13.2, 13.3

Oracle Communications Messaging Server, versions 8.0, 8.1

Oracle Communications Operations Monitor, versions 3.4, 4.0

Oracle Communications Policy Management, versions 12.1, 12.2, 12.3, 12.4

Oracle Communications Pricing Design Center, versions 11.1, 12.0

Oracle Communications Service Broker, version 6.0

Oracle Communications Service Broker Engineered System Edition, version 6.0

Oracle Communications Session Border Controller, versions 8.0.0, 8.1.0, 8.2.0

Oracle Communications Unified Inventory Management, versions 7.3.2, 7.3.4, 7.3.5, 7.4.0

Oracle Configuration Manager, version 12.1.0

Oracle Configurator, versions 12.1, 12.2

Oracle Data Integrator, versions 11.1.1.9.0, 12.2.1.3.0

Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

Oracle E-Business Suite, versions 0.9.8, 1.0.0, 1.0.1, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8

Oracle Endeca Information Discovery Integrator, version 3.2.0

Oracle Enterprise Communications Broker, versions 3.0.0, 3.1.0

Oracle Enterprise Operations Monitor, versions 3.4, 4.0

Oracle Enterprise Session Border Controller, versions 8.0.0, 8.1.0, 8.2.0

Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3 - 7.3.5, 8.0.0 - 8.0.7

Oracle Financial Services Asset Liability Management, versions 8.0.4 - 8.0.7

Oracle Financial Services Data Integration Hub, versions 8.0.5 - 8.0.7

Oracle Financial Services Funds Transfer Pricing, versions 8.0.4 - 8.0.7

Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4 - 8.0.7

Oracle Financial Services Liquidity Risk Management, versions 8.0.2 - 8.0.6

Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.2 - 8.0.7

Oracle Financial Services Market Risk Measurement and Management, versions 8.0.5, 8.0.6

Oracle Financial Services Profitability Management, versions 8.0.4 - 8.0.6

Oracle Financial Services Reconciliation Framework, versions 8.0.5, 8.0.6

Oracle FLEXCUBE Private Banking, versions 2.0.0.0, 2.2.0.1, 12.0.1.0, 12.0.3.0, 12.1.0.0

Oracle Fusion Middleware MapViewer, version 12.2.1.3.0

Oracle Health Sciences Data Management Workbench, version 2.4.8

Oracle Healthcare Master Person Index, versions 3.0, 4.0

Oracle Hospitality Cruise Dining Room Management, version 8.0.80

Oracle Hospitality Cruise Fleet Management, version 9.0.11

Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1

Oracle Hospitality Reporting and Analytics, version 9.1.0

Oracle HTTP Server, version 12.2.1.3.0

Oracle Identity Analytics, version 11.1.1.5.8

Oracle Java SE, versions 7u211, 8u202, 11.0.2, 12

Oracle Java SE Embedded, version 8u201

Oracle JDeveloper, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

Oracle Knowledge, versions 8.5.1.0 - 8.5.1.7, 8.6.0, 8.6.1

Oracle Managed File Transfer, versions 12.1.3.0.0, 12.2.1.3.0

Oracle Outside In Technology, versions 8.5.3, 8.5.4

Oracle Real-Time Scheduler, version 2.3.0

Oracle Retail Allocation, version 15.0.2

Oracle Retail Convenience Store Back Office, version 3.6

Oracle Retail Customer Engagement, versions 16.0, 17.0

Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0

Oracle Retail Invoice Matching, versions 12.0, 13.0, 13.1, 13.2, 14.0, 14.1, 15.0

Oracle Retail Merchandising System, versions 15.0, 16.0

Oracle Retail Order Broker, versions 5.1, 5.2, 15.0, 16.0

Oracle Retail Point-of-Service, versions 13.4, 14.0, 14.1

Oracle Retail Workforce Management Software, version 1.60.9.0.0

Oracle Retail Xstore Point of Service, versions 7.0, 7.1

Oracle Secure Global Desktop, version 5.4

Oracle Service Bus, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

Oracle SOA Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

Oracle Solaris, versions 10, 11

Oracle Traffic Director, version 11.1.1.9.0

Oracle Transportation Management, versions 6.3.7, 6.4.2, 6.4.3

Oracle Tuxedo, version 12.1.1.0.0

Oracle Utilities Framework, versions 2.2.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.2.0, 4.3.0.3.0, 4.3.0.4.0, 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0

Oracle Utilities Mobile Workforce Management, version 2.3.0

Oracle Utilities Network Management System, version 1.12.0.3

Oracle VM VirtualBox, versions prior to 5.2.28, prior to 6.0.6

Oracle WebCenter Portal, version 12.2.1.3.0

Oracle WebCenter Sites, version 12.2.1.3.0

Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

OSS Support Tools, version 19.1

PeopleSoft Enterprise ELM, version 9.2

PeopleSoft Enterprise ELM Enterprise Learning Management, version 9.2

PeopleSoft Enterprise HCM Talent Acquisition Manager, version 9.2

PeopleSoft Enterprise HRMS, version 9.2

PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57

PeopleSoft Enterprise PT PeopleTools, versions 8.55, 8.56, 8.57

Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 - 17.12, 18.8

Primavera Unifier, versions 16.1, 16.2, 17.7 - 17.12, 18.8

Siebel Applications, version 19.3

 

□ 해결 방안

 o "Oracle Critical Patch Update Advisory – April 2019“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]

 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

 

□ 기타 문의사항

o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118

 

[참고사이트]

[1] https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html

[3] https://www.java.com/ko/download/help/java_update.xml