2013년 10월 Oracle Critical Patch Update 권고

Security Notice

2013년 10월 Oracle Critical Patch Update 권고

개요

  • Oracle Critical Patch Update(CPU)는 Oracle사의 제품을 대상으로 다수의 보안 패치를 발표하는 주요 수단임
  • Oracle CPU 발표 이후,  관련 공격코드의 출현으로 인한 피해가 예상되는 바  Oracle 제품의  다중 취약점에  대한 패치를 권고함


설명

  • 2013년 10월 Oracle CPU에서는 Oracle 자사 제품의 보안취약점 127개에 대한 패치를 발표함[1]
  • 원격 및 로컬 공격을 통하여 취약한 서버를 공격하는데 악용될 가능성이 있는 취약점을 포함하여 DB의 가용성/기밀성/무결성에 영향을 줄 수 있는 취약점 존재


영향받는 시스템

  • Oracle Database 11g Release 1, version 11.1.0.7 Database
  • Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Database
  • Oracle Database 12c Release 1, version 12.1.0.1 Database
  • Oracle Fusion Middleware 11g Release 1, versions 11.1.1.6, 11.1.1.7 Fusion Middleware
  • Oracle Access Manager, versions 11.1.1.5.0, 11.1.2.0.0 Fusion Middleware
  • Oracle Forms and Reports 11g, Release 2, version 11.1.2.1 Fusion Middleware
  • Oracle GlassFish Server, versions 2.1.1, 3.0.1, 3.1.2 Fusion Middleware
  • Oracle HTTP Server 12c, version 12.1.2 Fusion Middleware
  • Oracle Identity Analytics, version 11.1.1.5; Sun Role Manager, versions 4.1, 5.0 Fusion Middleware
  • Oracle Identity Manager, versions 11.1.2.0.0, 11.1.2.1.0 Fusion Middleware
  • Oracle JDeveloper, versions 11.1.2.3.0, 11.1.2.4.0, 12.1.2.0.0 Fusion Middleware
  • Oracle Outside In Technology, versions 8.4.0, 8.4.1 Fusion Middleware
  • Oracle Portal, version 11.1.1.6.0 Fusion Middleware
  • Oracle Web Cache, versions 11.1.1.6, 11.1.1.7 Fusion Middleware
  • Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0, 11.1.1.8.0 Fusion Middleware
  • Oracle WebLogic Server, versions 10.3.6.0, 12.1.1.0 Fusion Middleware
  • Oracle Web Services, versions 10.1.3.5, 11.1.1.6.0 Fusion Middleware
  • Oracle Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5 Enterprise Manager
  • Oracle Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1 Enterprise Manager
  • Oracle Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.2, 12.1.0.3, 12.1.0.4 Enterprise Manager
  • Oracle E-Business Suite Release 12i, version 12.1 E-Business Suite
  • Oracle Agile PLM Framework, version 9.3.2 Oracle Supply Chain
  • Oracle Transportation Management, versions 6.2, 6.3, 6.3.1, 6.3.2 Oracle Supply Chain
  • Oracle PeopleSoft HRMS, version 9.1 PeopleSoft
  • Oracle PeopleSoft HRMS eCompensation, versions 9.1, 9.2 PeopleSoft
  • Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53 PeopleSoft
  • Oracle Siebel Core, versions 8.1.1, 8.2.2 Siebel
  • Oracle Siebel Server Remote, versions 8.1.1, 8.2.2 Siebel
  • Oracle Siebel UI Framework, versions 8.1.1, 8.2.2 Siebel
  • Oracle iLearning, versions 5.2.1, 6.0 iLearning
  • Oracle Health Sciences InForm, versions 4.5.x, 4.6.x, 5.0.x, 5.5.x and 6.0.0 Oracle Health Sciences Products Suite
  • Oracle Siebel CTMS, version 8.1.1.x Oracle Health Sciences Products Suite
  • Oracle Retail Invoice Matching, versions 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, 13.2 Oracle Retail Products Suite
  • Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1 Oracle FLEXCUBE
  • Oracle Instantis EnterpriseTrack, versions 8.0.6, 8.5 Oracle Primavera Products Suite
  • Oracle Primavera P6 Enterprise Project Portfolio Management, versions 8.1, 8.2, 8.3 Oracle Primavera Products Suite
  • Oracle JavaFX, versions 2.2.40 and earlier Oracle Java SE
  • Oracle Java JDK and JRE, versions 5.0u51 and earlier, 6u60 and earlier, 7u40 and earlier Oracle Java SE
  • Oracle Java SE Embedded, versions 7u40 and earlier Oracle Java SE
  • Oracle JRockit, versions R27.7.6 and earlier, R28.2.8 and earlier Oracle Java SE
  • Oracle Solaris versions 10, 11.1 Oracle and Sun Systems Products Suite
  • Oracle SPARC Enterprise T series and M Series Servers Firmware versions prior to 6.7.13, 7.4.6.c, 8.3.0.b, 9.0.0.d, 9.0.1.e Oracle and Sun Systems Products Suite
  • Oracle Sun Blade 6000 10GBE switched NEM 1.2, Sun Network 10GBE Switch 72P 1.2, Oracle Switch ES1-24 1.3 Oracle and Sun Systems Products Suite
  • Oracle Secure Global Desktop, version 5 Oracle Linux and Virtualization
  • Oracle VM VirtualBox, versions prior to 3.2.18, 4.0.20, 4.1.28, 4.2.18 Oracle Linux and Virtualization
  • Oracle MySQL Server, versions 5.1, 5.5, 5.6 Oracle MySQL Product Suite
  • Oracle MySQL Enterprise Monitor, version 2.3 Oracle MySQL Product Suite
    ※ 영향받는 시스템의 상세 정보는 참고사이트[1]를 참조


해결방안

  • 해결방안으로서 “Oracle Critical Patch Update Advisory – October 2013”문서를 검토하고 벤더사 및 유지보수업체와 협의/검토 후 패치적용 요망[1]


기타 문의사항

  • 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118


[참고사이트]
[1] http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

0 변경된 사항