□ 개요 o 오라클社 CPU에서 자사 제품의 보안 취약점 319개에 대한 패치를 발표 [1] ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트 o 영향 받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래
해결방안에 따라
최신버전으로 업데이트 권고 □ 영향받는 제품 및 버전
Application Express, versions
5.1, 18.2 |
Diagnostic Assistant, versions
prior to 2.12.36 |
Enterprise Manager Base
Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0 |
Enterprise Manager for Fusion
Middleware, versions 13.2, 13.3 |
Enterprise Manager for
Virtualization, versions 13.1, 13.2, 13.3 |
Enterprise Manager Ops Center,
versions 12.3.3, 12.4.0 |
Instantis EnterpriseTrack,
versions 17.1, 17.2, 17.3 |
JD Edwards EnterpriseOne Tools,
version 9.2 |
JD Edwards World Security,
versions A9.3, A9.3.1, A9.4 |
MICROS Retail XBRi Loss
Prevention, versions 10.8.0 - 10.8.3 |
MICROS Retail-J, versions
12.1.0, 12.1.1, 12.1.2, 13.1 |
MySQL Enterprise Monitor,
versions 4.0.9 and prior, 8.0.14 and prior |
MySQL Server, versions 5.6.44
and prior, 5.7.26 and prior, 8.0.16 and prior |
MySQL Workbench, versions
8.0.16 and prior |
Oracle Agile Engineering Data
Management, versions 6.2.0, 6.2.1 |
Oracle Agile PLM, versions
9.3.3, 9.3.4, 9.3.5, 9.3.6 |
Oracle Application Testing
Suite, versions 13.1, 13.2, 13.3 |
Oracle Banking Platform,
versions 2.4.0 - 2.7.1 |
Oracle Berkeley DB, versions
12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23, 12.1.6.2.32 |
Oracle BI Publisher, version
11.1.1.9.0 |
Oracle Business Intelligence
Enterprise Edition, versions 11.1.1.9.0, 12.2.1.4.0 |
Oracle Clusterware, version
12.1.0.2.0 |
Oracle Communications Application
Session Controller, versions 3.7.1, 3.8.0 |
Oracle Communications Billing
and Revenue Management, versions 7.5, 12.0 |
Oracle Communications Converged
Application Server, versions 5.1, 7.0, 7.1 |
Oracle Communications Converged
Application Server - Service Controller, versions 6.0, 6.1 |
Oracle Communications
Convergence, version 3.0.2 |
Oracle Communications Diameter
Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3 |
Oracle Communications EAGLE
(Software), versions 46.5, 46.6, 46.7 |
Oracle Communications Instant
Messaging Server, version 10.0.1.2.0 |
Oracle Communications
Interactive Session Recorder, versions 6.0, 6.1, 6.2 |
Oracle Communications Messaging
Server, versions 8.0.2, 8.1.0 |
Oracle Communications Online
Mediation Controller, version 6.1 |
Oracle Communications Unified,
version 8.0.0.2.0 |
Oracle Data Integrator, version
12.2.1.3.0 |
Oracle Database Server,
versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c |
Oracle Demantra Demand
Management, version 7.3.1.5.2 |
Oracle E-Business Suite,
versions 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 |
Oracle Endeca Information
Discovery Integrator, version 3.2.0 |
Oracle Endeca Server, version
7.7.0 |
Oracle Enterprise Manager Base
Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0 |
Oracle Enterprise Repository,
version 12.1.3.0.0 |
Oracle Financial Services -
Regulatory Reporting for Reserve Bank of India - Lombard Risk Integration
Pack, version 8.0.7 |
Oracle Financial Services -
Regulatory Reporting for US Federal Reserve - Lombard Risk Integration Pack,
versions 8.0.4 - 8.0.7 |
Oracle Financial Services
Analytical Applications Infrastructure, versions 7.3.3 - 7.3.5, 8.0.2 - 8.0.8 |
Oracle Financial Services
Analytical Applications Reconciliation Framework, versions 8.0.4 - 8.0.7 |
Oracle Financial Services Asset
Liability Management, versions 8.0.4 - 8.0.7 |
Oracle Financial Services Basel
Regulatory Capital Basic, versions 8.0.4 - 8.0.7 |
Oracle Financial Services Basel
Regulatory Capital Internal Ratings Based Approach, versions 8.0.4 - 8.0.7 |
Oracle Financial Services Data
Foundation, versions 8.0.4 - 8.0.8 |
Oracle Financial Services Data
Integration Hub, versions 8.0.5 - 8.0.7 |
Oracle Financial Services Funds
Transfer Pricing, versions 8.0.4 - 8.0.7 |
Oracle Financial Services Hedge
Management and IFRS Valuations, versions 8.0.4 - 8.0.7 |
Oracle Financial Services
Institutional Performance Analytics, versions 8.0.4 - 8.0.7 |
Oracle Financial Services
Liquidity Risk Management, versions 8.0.1, 8.0.2, 8.0.4, 8.0.5, 8.0.6 |
Oracle Financial Services
Liquidity Risk Measurement and Management, versions 8.0.7, 8.0.8 |
Oracle Financial Services Loan
Loss Forecasting and Provisioning, versions 8.0.2 - 8.0.7 |
Oracle Financial Services
Market Risk Measurement and Management, versions 8.0.5, 8.0.6, 8.0.8 |
Oracle Financial Services Price
Creation and Discovery, versions 8.0.4 - 8.0.7 |
Oracle Financial Services
Profitability Management, versions 8.0.4 - 8.0.7 |
Oracle Financial Services
Regulatory Reporting for European Banking Authority, versions 8.0.6, 8.0.7 |
Oracle Financial Services
Regulatory Reporting for European Banking Authority - Integration Pack for
Lombard Risk, versions 8.0.6, 8.0.7 |
Oracle Financial Services
Regulatory Reporting for US Federal Reserve, versions 8.0.4 - 8.0.7 |
Oracle Financial Services
Retail Customer Analytics, versions 8.0.4 - 8.0.6 |
Oracle Financial Services
Revenue Management and Billing, versions 2.4.0.0, 2.4.0.1 |
Oracle FLEXCUBE Core Banking,
versions 5.2.0, 11.6.0, 11.7.0, 11.8.0 |
Oracle FLEXCUBE Enterprise
Limits and Collateral Management, versions 12.0, 12.1 |
Oracle FLEXCUBE Investor
Servicing, versions 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0,
14.1.0 |
Oracle FLEXCUBE Private
Banking, versions 12.0.1, 12.0.3, 12.1.0 |
Oracle FLEXCUBE Universal
Banking, versions 12.0.1 - 12.0.3, 12.1.0 - 12.4.0, 14.0.0 - 14.2.0 |
Oracle Global Lifecycle
Management OPatchAuto, versions prior to 12.2.0.1.14 |
Oracle GraalVM Enterprise
Edition, version 19.0.0 |
Oracle Hospitality Gift and
Loyalty, versions 9.0.0, 9.1.0 |
Oracle Hospitality Guest
Access, versions 4.2, 4.2.1 |
Oracle Hospitality Simphony,
version 18.2.1 |
Oracle Hospitality Suite8,
versions 8.9.6, 8.10.2, 8.11 - 8.14 |
Oracle HTTP Server, versions
12.1.3.0.0, 12.2.1.3.0 |
Oracle Hyperion Planning,
version 11.1.2.4 |
Oracle Hyperion Workspace,
version 11.1.2.4 |
Oracle Identity Manager,
versions 11.1.2.3.0, 12.2.1.3.0 |
Oracle Insurance Allocation
Manager for Enterprise Profitability, version 8.0.8 |
Oracle Insurance Calculation
Engine, versions 9.7, 10.0, 10.1, 10.2 |
Oracle Insurance Data
Foundation, versions 8.0.4 - 8.0.7 |
Oracle Insurance IFRS 17
Analyzer, versions 8.0.6, 8.0.7 |
Oracle Insurance Performance Insight,
version 8.0.7 |
Oracle Insurance Policy
Administration J2EE, versions 10.0, 10.1, 10.2, 11.0 |
Oracle Insurance Rules Palette,
versions 10.0, 10.1, 10.2, 11.0 |
Oracle Java SE, versions 7u221,
8u212, 11.0.3, 12.0.1 |
Oracle Java SE Embedded, version
8u211 |
Oracle Outside In Technology,
version 8.5.4 |
Oracle Retail Advanced
Inventory Planning, version 15.0 |
Oracle Retail Customer
Management and Segmentation Foundation, versions 16.0, 17.0, 18.0 |
Oracle Retail Financial
Integration, versions 14.0, 14.1, 15.0, 16.0 |
Oracle Retail Integration Bus,
versions 15.0, 16.0 |
Oracle Retail Order Broker,
versions 5.2, 15.0 |
Oracle Retail Order Management
System, version 5.0 |
Oracle Retail Predictive
Application Server, versions 14.0.3.26, 14.1.3.37, 15.0.3.100, 16.0 |
Oracle Retail Service Backbone,
version 16.0.1 |
Oracle Retail Xstore Office,
versions 7.0, 7.1 |
Oracle Retail Xstore Point of
Service, versions 7.0, 7.1, 15.0, 16.0, 17.0, 18.0 |
Oracle Security Service,
versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 |
Oracle SOA Suite, version
12.2.1.3.0 |
Oracle Solaris, versions 10,
11.3, 11.4 |
Oracle Transportation
Management, version 6.3.7 |
Oracle Utilities Advanced
Spatial and Operational Analytics, version 2.7.0.1 |
Oracle Utilities Framework,
versions 4.3.0.2.0 - 4.3.0.6.0, 4.4.0.0.0 |
Oracle VM VirtualBox, versions
prior to 5.2.32, prior to 6.0.10 |
Oracle WebCenter Sites, version
12.2.1.3.0 |
Oracle WebLogic Server,
versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 |
PeopleSoft Enterprise FIN
Project Costing, version 9.2 |
PeopleSoft Enterprise PeopleTools,
versions 8.55, 8.56, 8.57 |
PeopleSoft Enterprise PT
PeopleTools, versions 8.55, 8.56, 8.57 |
Primavera Analytics, version
18.8 |
Primavera Gateway, versions
15.2, 16.2, 17.12, 18.8 |
Primavera Unifier, versions
16.1, 16.2, 17.7 - 17.12, 18.8 |
Services Tools Bundle, version
19.2 |
Siebel Applications, versions
19.0 and prior |
StorageTek Tape Analytics SW
Tool, version 2.3.0 |
Sun ZFS Storage Appliance Kit
(AK), version 8.8.3 |
System Utilities, version 19.1 |
Tape Virtual Storage Manager
GUI, version 6.2 |
□
해결 방안 o "Oracle Critical Patch Update Advisory –July 2019“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수
업체와 협의/검토 후 패치 적용 [1] o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아
설치하거나, Java 업데이트 자동 알림 설정을 권고 [3] [참고사이트] [1] https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html [2] http://www.oracle.com/technetwork/java/javase/downloads/index.html [3] https://www.java.com/ko/download/help/java_update.xml |