2016년 1월 Oracle Critical Patch Update 권고

Security Notice

2016년 1월 Oracle Critical Patch Update 권고

□ 개요
o Oracle Critical Patch Update(CPU)는 Oracle사의 제품을 대상으로 다수의 보안 패치를 발표하는 주요 수단
o Oracle CPU 발표 이후, 관련 공격코드의 출현으로 인한 피해가 예상되는 바 Oracle 제품의 다중 취약점에 대한 패치를 권고
 
□ 설명
o 2016년 1월 Oracle CPU에서는 Oracle 자사 제품의 보안취약점 248개에 대한 패치를 발표[1]
 
□ 해당 소프트웨어
ㅇ Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2 Database
ㅇ Oracle GoldenGate, version(s) 11.2, 12.1.2 Oracle GoldenGate
ㅇ Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0 Fusion Middleware
ㅇ Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0 Fusion Middleware
ㅇ Oracle Endeca Server, version(s) 7.3.0.0, 7.4.0.0, 7.5.0.0, 7.6.0.0 Fusion Middleware
ㅇ Oracle Fusion Middleware, version(s) 10.1.3.5, 11.1.1.7, 11.1.1.8, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.2.0, 12.1.3.0, 12.2.1 Fusion Middleware
ㅇ Oracle GlassFish Server, version(s) 3.1.2 Fusion Middleware
ㅇ Oracle Identity Federation, version(s) 11.1.1.7, 11.1.2.2 Fusion Middleware
ㅇ Oracle Outside In Technology, version(s) 8.5.0, 8.5.1, 8.5.2 Fusion Middleware
ㅇ Oracle Tuxedo, version(s) 12.1.1.0 Fusion Middleware
ㅇ Oracle Web Cache, version(s) 11.1.1.7.0, 11.1.1.9.0 Fusion Middleware
ㅇ Oracle WebCenter Sites, version(s) 7.6.2, 11.1.1.8.0 Fusion Middleware
ㅇ Oracle WebLogic Portal, version(s) 10.3.6 Fusion Middleware
ㅇ Oracle WebLogic Server, version(s) 10.3.6, 12.1.2, 12.1.3, 12.2.1 Fusion Middleware
ㅇ Enterprise Manager Base Platform, version(s) 11.1.0.1, 11.2.0.4, 12.1.0.4, 12.1.0.5 Enterprise Manager
ㅇ Enterprise Manager Ops Center, version(s) prior to 12.1.4, 12.2.0, 12.2.1, 12.3.0 Enterprise Manager
ㅇ Oracle Application Testing Suite, version(s) 12.4.0.2, 12.5.0.2 Enterprise Manager
ㅇ Application Mgmt Pack for E-Business Suite, version(s) 12.1, 12.2 E-Business Suite
ㅇ Oracle E-Business Suite, version(s) 11.5.10.2, 12.1, 12.1.1, 12.1.2, 12.1.3, 12.2, 12.2.3, 12.2.4, 12.2.5 E-Business Suite –60-
ㅇ Oracle Agile Engineering Data Management, version(s) 6.1.2.2, 6.1.3.0, 6.2.0.0 Oracle Supply Chain Products
ㅇ Oracle Agile PLM, version(s) 9.3.1.1, 9.3.1.2, 9.3.2, 9.3.3 Oracle Supply Chain Products
ㅇ Oracle Configurator, version(s) 11.5.10.2, 12.1, 12.2 Oracle Supply Chain Products
ㅇ PeopleSoft Enterprise HCM Global Payroll Switzerland, version(s) 9.1, 9.2 PeopleSoft
ㅇ PeopleSoft Enterprise PeopleTools, version(s) 8.53, 8.54, 8.55 PeopleSoft
ㅇ PeopleSoft Enterprise SCM eProcurement, version(s) 9.1, 9.2 PeopleSoft
ㅇ PeopleSoft Enterprise SCM Order Management, version(s) 9.1, 9.2 PeopleSoft
ㅇ PeopleSoft Enterprise SCM Purchasing, version(s) 9.1, 9.2 PeopleSoft
ㅇ JD Edwards EnterpriseOne Tools, version(s) 9.1, 9.2 JD Edwards
ㅇ Oracle iLearning, version(s) 6.0, 6.1 iLearning
ㅇ Oracle Fusion Applications, version(s) 11.1.2 through 11.1.10 Fusion Applications
ㅇ Oracle Communications Converged Application Server - Service Controller, version(s) 6.1 Communications Converged Application Server - Service Controller
ㅇ Oracle Communications EAGLE LNP Application Processor, version(s) 10.0 Communications EAGLE LNP Application Processor
ㅇ Oracle Communications Online Mediation Controller, version(s) 6.1 Communications Online Mediation Controller
ㅇ Oracle Communications Service Broker, version(s) 6.0, 6.1 Communications Service Broker –95-
ㅇ Oracle Communications Service Broker Engineered System Edition, version(s) 6.0 Communications Service Broker Engineered System Edition
ㅇ MICROS CWDirect, version(s) 12.5, 13.0, 14.0, 15.0, 16.0, 17.0 18.0 MICROS CWDirect
ㅇ Oracle Retail Open Commerce Platform Cloud Service, version(s) 3.5, 4.5, 4.7, 5.0 Retail Open Commerce Platform Cloud Service
ㅇ Oracle Retail Order Broker Cloud Service, version(s) 4.0, 4.1. Retail Order Broker Cloud Service
ㅇ Oracle Retail Order Management System Cloud Service, version(s) 3.5, 4.5, 4.7, 5.0, 15.0 Retail Order Management System Cloud Service
ㅇ Oracle Retail Point-of-Service, version(s) 13.4, 14.0, 14.1 Retail Point-of-Service
ㅇ Oracle Java SE, version(s) 6u105, 7u91, 8u66 Oracle Java SE
ㅇ Oracle Java SE Embedded, version(s) 8u65 Oracle Java SE
ㅇ Oracle JRockit, version(s) R28.3.8 Oracle Java SE
ㅇ Oracle Switch ES1-24, version(s) prior to 1.3.1.13 Oracle and Sun Systems Products Suite
ㅇ Solaris, version(s) 10, 11 Oracle and Sun Systems Products Suite
ㅇ Solaris Cluster, version(s) 3.3, 4, 4.2 Oracle and Sun Systems Products Suite
ㅇ Sun Blade 6000 Ethernet Switched NEM 24P 10GE, version(s) prior to 1.2.2.13 Oracle and Sun Systems Products Suite
ㅇ Sun Network 10GE Switch 72p, version(s) prior to 1.2.2.15 Oracle and Sun Systems Products Suite
ㅇ Oracle Secure Global Desktop, version(s) 4.63, 4.71, 5.2 Oracle Linux and Virtualization
ㅇ Oracle VM VirtualBox, version(s) prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.36, prior to 5.0.14 Oracle Linux and Virtualization
ㅇ MySQL Server, version(s) 5.5.46 and prior, 5.6.27 and prior, 5.7.9 Oracle MySQL Product Suite
 
※ 영향받는 시스템의 상세 정보는 참고사이트[1]를 참조
 
□ 해결방안 
o 해결방안으로서 "Oracle Critical Patch Update Advisory - January 2016" 문서를 검토하고 벤더사 및 유지보수업체와 협의/검토 후 패치적용 요망[1]
o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 자동업데이트 설정을 권고[3]
 
□ 기타 문의사항 
o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118
 
[참고사이트] 
[1] http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html 
[3] http://www.java.com/ko/download/help/java_update.xml
0 변경된 사항