2014년 7월 Oracle Critical Patch Update 권고

Security Notice

2014년 7월 Oracle Critical Patch Update 권고

개요

  • Oracle Critical Patch Update(CPU)는 Oracle사의 제품을 대상으로 다수의 보안 패치를 발표하는 주요 수단임
  • Oracle CPU 발표 이후, 관련 공격코드의 출현으로 인한 피해가 예상되는 바 Oracle 제품의 다중 취약점에 대한 패치를 권고함


설명

  • 2014년 7월 Oracle CPU에서는 Oracle 자사 제품의 보안취약점 113개에 대한 패치를 발표함
    • 원격 및 로컬 공격을 통하여 취약한 서버를 공격하는데 악용될 가능성이 있는 취약점을 포함하여 DB의 가용성 및 기밀성/무결성에 영향을 줄 수 있는 취약점 존재


영향받는 시스템

  • Oracle Database 11g Release 1, version 11.1.0.7 Database
  • Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4 Database
  • Oracle Database 12c Release 1, version 12.1.0.1 Database
  • Oracle Fusion Middleware 11g Release 1, version 11.1.1.7 Fusion Middleware
  • Oracle Fusion Middleware 12c Release 1, version 12.1.2.0 Fusion Middleware
  • Oracle Fusion Applications, versions 11.1.2 through 11.1.8 Fusion Applications
  • Oracle Glassfish Server, versions 2.1.1, 3.0.1, 3.1.2 Fusion Middleware
  • Oracle Traffic Director, version 11.1.1.7.0 Fusion Middleware
  • Oracle iPlanet Web Proxy Server, version 4.0.24 Fusion Middleware
  • Oracle iPlanet Web Server, versions 6.1, 7.0 Fusion Middleware
  • Oracle WebCenter Portal, versions 11.1.1.7.0, 11.1.1.8.0 Fusion Middleware
  • Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 Fusion Middleware
  • Oracle JDeveloper, versions 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0 Fusion Middleware
  • Oracle BI Publisher, version 11.1.1.7 Fusion Middleware
  • Oracle Glassfish Communications Server, version 2.0 Fusion Middleware
  • Oracle HTTP Server, versions 11.1.1.7.0, 12.1.2.0 Fusion Middleware
  • Oracle Hyperion Essbase, versions 11.1.2.2, 11.1.2.3 Fusion Middleware
  • Oracle Hyperion BI+, versions 11.1.2.2, 11.1.2.3 Fusion Middleware
  • Oracle Hyperion Enterprise Performance Management Architect, versions 11.1.2.2, 11.1.2.3 Fusion Middleware
  • Oracle Hyperion Common Admin, versions 11.1.2.2, 11.1.2.3 Fusion Middleware
  • Oracle Hyperion Analytic Provider Services, versions 11.1.2.2, 11.1.2.3 Fusion Middleware
  • Oracle E-Business Suite Release 11i, version 11.5.10.2 E-Business Suite
  • Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.3, 12.2.2, 12.2.3 E-Business Suite
  • Oracle Transportation Management, versions 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4 Oracle Supply Chain
  • Oracle Agile Product Collaboration, version 9.3.3 Oracle Supply Chain
  • Oracle PeopleSoft Enterprise ELS Enterprise Learning Management, versions 9.1, 9.2 PeopleSoft
  • Oracle PeopleSoft Enterprise PT PeopleTools, versions 8.52, 8.53 PeopleSoft
  • Oracle PeopleSoft Enterprise FIN Install, versions 9.1, 9.2 PeopleSoft
  • Oracle PeopleSoft Enterprise SCM Purchasing, versions 9.1, 9.2 PeopleSoft
  • Oracle Siebel Travel & Transportation, versions 8.1.1, 8.2.2 Siebel
  • Oracle Siebel UI Framework, versions 8.1.1, 8.2.2 Siebel
  • Oracle Siebel Core - Server OM Frwks, versions 8.1.1, 8.2.2 Siebel
  • Oracle Siebel Core - EAI, versions 8.1.1, 8.2.2 Siebel
  • Oracle Communications Messaging Server, version 7.0.5.30.0 Oracle Communications Applications
  • Oracle Retail Back Office, versions 8.0, 12.0, 12.0.9IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0 Retail
  • Oracle Retail Central Office, versions 8.0, 12.0, 12.0.9IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0 Retail
  • Oracle Retail Returns Management, versions 2.0, 13.1, 13.2, 13.3, 13.4, 14.0 Retail
  • Oracle Java SE, versions 5.0u65, 6u75, 7u60, 8u5 Oracle Java SE
  • Oracle JRockit, versions R27.8.2, R28.3.2 Oracle Java SE
  • Oracle Solaris, versions 8, 9, 10, 11.1 Oracle and Sun Systems Products Suite
  • Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1 Oracle Linux and Virtualization
  • Oracle VM VirtualBox, versions prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26, 4.3.14 Oracle Linux and Virtualization
  • Oracle Virtual Desktop Infrastructure (VDI), versions prior to 3.5.1 Oracle Linux and Virtualization
  • Sun Ray Software, versions prior to 5.4.3 Oracle Linux and Virtualization
  • Oracle MySQL Server, versions 5.5, 5.6 Oracle MySQL Product Suite
  • 영향받는 시스템의 상세 정보는 참고사이트[1]를 참조


해결 방안

  • 해결방안으로서 "Oracle Critical Patch Update Advisory - July 2014" 문서를 검토하고 벤더사 및 유지보수업체와 협의/검토 후 패치적용 요망[1]


기타 문의사항

  • 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118

 

[참고사이트]

[1] http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

0 변경된 사항