본문 바로가기 주메뉴 바로가기 페이지하단 바로가기

사이버보안 동향

[KISA] Oracle Critical Patch Update 보안 업데이트 권고 2020.01.15
Oracle Critical Patch Update 보안 업데이트 권고2020.01.15

□ 개요

 o 오라클社 CPU에서 자사 제품의 보안 취약점 334개에 대한 패치를 발표 [1]

  ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

 o 영향 받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고

 

□ 영향받는 제품 및 버전

Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
Enterprise Manager for Fusion Middleware, versions 13.2.0.0, 13.3.0.0
Enterprise Manager for Oracle Database, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
Enterprise Manager Ops Center, versions 12.3.3, 12.4.0
Hyperion Financial Close Management, version 11.1.2.4
Hyperion Planning, version 11.1.2.4
Identity Manager, versions 11.1.2.3.0, 12.2.1.3.0
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3
JD Edwards EnterpriseOne Orchestrator, version 9.2
JD Edwards EnterpriseOne Tools, version 9.2
MySQL Client, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior
MySQL Cluster, versions 7.3.27 and prior, 7.4.25 and prior, 7.5.15 and prior, 7.6.12 and prior
MySQL Connectors, versions 5.3.13 and prior, 8.0.18 and prior
MySQL Enterprise Backup, versions 3.12.4 and prior, 4.1.3 and prior
MySQL Server, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior
MySQL Workbench, versions 8.0.18 and prior
Oracle Agile Engineering Data Management, versions 6.2.0, 6.2.1
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
Oracle Agile PLM Framework, version 9.3.3
Oracle Agile PLM MCAD Connector, versions 3.4, 3.5, 3.6
Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1
Oracle AutoVue, version 12.0.2
Oracle Banking Corporate Lending, versions 12.3.0-12.4.0, 14.0.0-14.3.0
Oracle Banking Payments, versions 14.1.0-14.3.0
Oracle Big Data Discovery, version 1.6
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Clinical, version 5.2
Oracle Coherence, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Communications Design Studio, versions 7.3.4.3.0, 7.3.5.5.0, 7.4.0.4.0, 7.4.1.1.0
Oracle Communications Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3, 8.4
Oracle Communications Instant Messaging Server, version 10.0.1.3.0
Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2, 6.3
Oracle Communications IP Service Activator, versions 7.3.4, 7.4.0
Oracle Communications Session Border Controller, versions 7.4, 8.0, 8.1, 8.2, 8.3
Oracle Communications Session Router, versions 7.4, 8.0, 8.1, 8.2, 8.3
Oracle Communications Subscriber-Aware Load Balancer, versions 7.3, 8.1, 8.3
Oracle Communications Unified Inventory Management, versions 7.3, 7.4
Oracle Communications Unified Session Manager, versions 7.3.5, 8.2.5
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.1.0.11, 12.2.0.1, 18c, 19c, 29, 212.2.0.1
Oracle Demantra Demand Management, versions 12.2.4, 12.2.4.1, 12.2.5, 12.2.5.1
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9
Oracle Endeca Information Discovery Integrator, version 3.2.0
Oracle Endeca Information Discovery Studio, version 3.2.0
Oracle Enterprise Communications Broker, versions PCz3.0, PCz3.1, PCz3.2
Oracle Enterprise Repository, version 12.1.3.0.0
Oracle Enterprise Session Border Controller, versions 7.5, 8.0, 8.1, 8.2, 8.3
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3-7.3.5, 8.0.0-8.0.8
Oracle Financial Services Funds Transfer Pricing, versions 8.0.2-8.0.7
Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0
Oracle FLEXCUBE Investor Servicing, versions 12.1.0-12.4.0, 14.0.0-14.1.0
Oracle FLEXCUBE Universal Banking, versions 12.0.1-12.4.0, 14.0.0-14.3.0
Oracle GraalVM Enterprise Edition, version 19.3.0.2
Oracle Health Sciences Data Management Workbench, versions 2.4, 2.5
Oracle Healthcare Master Person Index, version 3.0
Oracle Hospitality Cruise Materials Management, version 7.30.567
Oracle Hospitality Guest Access, version 4.2
Oracle Hospitality OPERA 5, versions 5.5, 5.6
Oracle Hospitality Suites Management, versions 3.7, 3.8
Oracle HTTP Server, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
Oracle iLearning, version 6.1
Oracle Java SE, versions 7u241, 8u231, 8u241, 11.0.5, 13.0.1
Oracle Java SE Embedded, version 8u231
Oracle Outside In Technology, version 8.5.4
Oracle Real-Time Scheduler, versions 2.3.0.1-2.3.0.3
Oracle Reports Developer, versions 12.2.1.3.0, 12.2.1.4.0
Oracle Retail Assortment Planning, versions 15.0.3, 16.0.3
Oracle Retail Clearance Optimization Engine, versions 13.4, 14.0, 14.0.3, 14.0.5
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0
Oracle Retail Markdown Optimization, versions 13.4, 13.4.4
Oracle Retail Order Broker, versions 5.2, 15.0, 16.0, 18.0
Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3
Oracle Retail Sales Audit, version 15.0.3.16.0.2
Oracle Secure Global Desktop, versions 5.4, 5.5
Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
Oracle Solaris, versions 10, 11
Oracle Tuxedo, versions 12.1.1.0.0, 12.1.3.0.0
Oracle Utilities Framework, versions 4.2.0.2-4.2.0.3, 4.3.0.1-4.3.0.4
Oracle Utilities Mobile Workforce Management, versions 2.3.0.1-2.3.0.3
Oracle Utilities Work and Asset Management (v1), version 1.9.1.2
Oracle VM Server for SPARC, version 3.6
Oracle VM VirtualBox, versions prior to 5.2.36, prior to 6.0.16, prior to 6.1.2
Oracle WebCenter Sites, version 12.2.1.3.0
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
PeopleSoft Enterprise CC Common Application Objects, versions 9.1, 9.2
PeopleSoft Enterprise HCM Human Resources, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58
PeopleSoft PeopleTools, versions 8.56, 8.57
Primavera Gateway, versions 15.2.18, 16.2.11, 17.12.6, 18.8.8.1
Primavera P6 Enterprise Project Portfolio Management, versions 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0, 19.12.0.0, 20.1.0.0
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12
Siebel Applications, versions 19.10 and prior
Sun ZFS Storage Appliance Kit, version 8.8.6
Tape Library ACSLS, versions 8.5, 8.5.1

 

 

□ 해결 방안

 o "Oracle Critical Patch Update Advisory – January 2020“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]

 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

 

□ 기타 문의사항

 o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118

 

[참고사이트]

[1] https://www.oracle.com/security-alerts/cpujan2020.html

[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html

[3] https://www.java.com/ko/download/help/java_update.xml

 

이전글
[KISA] Adobe 제품군 보안 업데이트 권고
다음글
[KISA] Cisco Data Center Network Manager 취약점업데이트
목록

레이어팝업

레이어팝업 내용


잠시만 기다려주세요.