2014년 1월 Oracle Critical Patch Update 권고

Security Notice

2014년 1월 Oracle Critical Patch Update 권고

개요

  • Oracle Critical Patch Update(CPU)는 Oracle社의 제품을 대상으로 다수의 보안 패치를 발표하는 주요 수단
  • Oracle CPU 발표 이후, 관련 공격코드의 출현으로 인한 피해가 예상되는 바 Oracle 제품의 다중 취약점에 대한 패치를 권고

 

설명

  • 2014년 1월 Oracle CPU에서는 Oracle 자사 제품의 보안취약점 144개에 대한 패치를 발표[1]
  • 원격 및 로컬 공격을 통하여 취약한 서버를 공격하는데 악용될 가능성이 있는 취약점을 포함하여 DB의 가용성/기밀성/무결성에 영향을 줄 수 있는 취약점 존재

 

영향을 받는 시스템

  • Oracle Database 11g Release 1, version 11.1.0.7 Database
  • Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4 Database
  • Oracle Database 12c Release 1, version 12.1.0.1 Database
  • Oracle Fusion Middleware 11g Release 1, versions 11.1.1.6, 11.1.1.7 Fusion Middleware
  • Oracle Fusion Middleware 11g Release 2, versions 11.1.2.0, 11.1.2.1 Fusion Middleware
  • Oracle Fusion Middleware 12c Release 2, version 12.1.2 Fusion Middleware
  • Oracle Containers for J2EE, version 10.1.3.5 Fusion Middleware
  • Oracle Enterprise Data Quality, versions 8.1, 9.0.8 Fusion Middleware
  • Oracle Forms and Reports 11g, Release 2, version 11.1.2.1 Fusion Middleware
  • Oracle GlassFish Server, version 2.1.1, Sun Java Application Server, versions 8.1, 8.2 Fusion Middleware
  • Oracle HTTP Server 11g, versions 11.1.1.6, 11.1.1.7 Fusion Middleware
  • Oracle HTTP Server 12c, version 12.1.2 Fusion Middleware
  • Oracle Identity Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.0, 11.1.2.1 Fusion Middleware
  • Oracle Internet Directory, versions 11.1.1.6, 11.1.1.7 Fusion Middleware
  • Oracle iPlanet Web Proxy Server, version 4.0 Fusion Middleware
  • Oracle iPlanet Web Server, versions 6.1, 7.0 Fusion Middleware
  • Oracle Outside In Technology, versions 8.4.0, 8.4.1 Fusion Middleware
  • Oracle Portal, version 11.1.1.6 Fusion Middleware
  • Oracle Reports Developer, versions 11.1.1.6, 11.1.1.7, 11.1.2.1 Fusion Middleware
  • Oracle Traffic Director, versions 11.1.1.6, 11.1.1.7 Fusion Middleware
  • Oracle WebCenter Portal versions 11.1.1.6.0, 11.1.1.7.0, 11.1.1.8.0 Fusion Middleware
  • Oracle WebCenter Sites versions 11.1.1.6.1, 11.1.1.8.0 Fusion Middleware
  • Oracle Hyperion Essbase Administration Services, versions 11.1.2.1, 11.1.2.2, 11.1.2.3 Fusion Middleware
  • Oracle Hyperion Strategic Finance, versions 11.1.2.1, 11.1.2.2 Fusion Middleware
  • Oracle E-Business Suite Release 11i, version 11.5.10.2 E-Business Suite
  • Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 E-Business Suite
  • Oracle Agile Product Lifecycle Management for Process, versions 6.0, 6.1, 6.1.1 Oracle Supply Chain
  • Oracle AutoVue, versions 20.1.1 Oracle Supply Chain
  • Oracle Demantra Demand Management, versions 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3 Oracle Supply Chain
  • Oracle Transportation Management, versions 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2 Oracle Supply Chain
  • Oracle PeopleSoft Enterprise HRMS, versions 9.1.0, 9.2.0 PeopleSoft
  • Oracle PeopleSoft Enterprise HRMS Human Resources, versions 9.1, 9.2 PeopleSoft
  • Oracle PeopleSoft Enterprise PeopleTools, versions 8.52, 8.53 PeopleSoft
  • Oracle PeopleSoft Enterprise SCM Services Procurement, version 9.2 PeopleSoft
  • Oracle Siebel Core, versions 8.1.1, 8.2.2 Siebel
  • Oracle Siebel Life Sciences, versions 8.1.1, 8.2.2 Siebel
  • Oracle iLearning, version 6.0 iLearning
  • Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1, 12.0.2 Oracle FLEXCUBE
  • Oracle JavaFX, versions 2.2.45 and earlier Oracle Java SE
  • Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier Oracle Java SE
  • Oracle Java SE Embedded, versions 7u45 and earlier Oracle Java SE
  • Oracle JRockit, versions R27.7.7 and earlier, R28.2.9 and earlier Oracle Java SE
  • Oracle Solaris versions 8, 9, 10, 11.1 Oracle and Sun Systems Products Suite
  • Oracle Secure Global Desktop, versions 4.63.x, 4.71.x, 5.0.x, 5.10 Oracle Linux and Virtualization
  • Oracle VM VirtualBox, versions prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, 4.3.6 Oracle Linux and Virtualization
  • Oracle MySQL Enterprise Monitor, versions 2.3, 3.0 Oracle MySQL Product Suite
  • Oracle MySQL Server, versions 5.1, 5.5, 5.6 Oracle MySQL Product Suite

 

해결 방안

  • 해당 취약점에 영향 받는 제품을 운영하고 있는 관리자는 참고사이트에 명시되어 있는 “Affected Products and Components” 및 “Patch Availability Table” 내용을 확인하여 패치 적용

 

기타 문의사항

  • 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118

 

[참고사이트]
[1] http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

0 변경된 사항