□ 개요
o 오라클社 CPU에서 자사 제품의 보안 취약점 284개에 대한 패치를 발표 [1]
※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
o 영향 받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고
□ 영향받는 제품 및 버전
| Enterprise Manager Base Platform, versions 12.1.0.5, 13.2, 13.3 |
| Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1 |
| Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 |
| Hyperion BI+, version 11.1.2.4 |
| Java Advanced Management Console, version 2.12 |
| JD Edwards EnterpriseOne Tools, version 9.2 |
| JD Edwards World Security, versions A9.3, A9.3.1, A9.4 |
| MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and prior |
| MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and prior |
| MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior |
| MySQL Workbench, versions 8.0.13 and prior |
| Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1 |
| Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6 |
| Oracle Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0, 6.2.3.1 |
| Oracle API Gateway, version 11.1.2.4.0 |
| Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1 |
| Oracle Argus Safety, versions 8.1, 8.2 |
| Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2 |
| Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 |
| Oracle Communications Billing and Revenue Management, versions 7.5, 12.0 |
| Oracle Communications Converged Application Server, versions prior to 7.0.0.1 |
| Oracle Communications Converged Application Server - Service Controller, version 6.1 |
| Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3 |
| Oracle Communications Online Mediation Controller, version 6.1 |
| Oracle Communications Performance Intelligence Center (PIC) Software, versions prior to 10.2.1 |
| Oracle Communications Policy Management, versions prior to 12.5 |
| Oracle Communications Service Broker, version 6.0 |
| Oracle Communications Services Gatekeeper, versions prior to 6.1.0.4.0 |
| Oracle Communications Session Border Controller, versions SCz7.4.0, SCz7.4.1, SCz8.0.0, SCz8.1.0 |
| Oracle Communications Unified Inventory Management, versions prior to 7.4.0 |
| Oracle Communications Unified Session Manager, version SCz7.3.5 |
| Oracle Communications WebRTC Session Controller, versions prior to 7.2 |
| Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c |
| Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 |
| Oracle Endeca Server, version 7.7.0 |
| Oracle Enterprise Communications Broker, versions PCz2.1, PCz2.2, PCz3.0 |
| Oracle Enterprise Repository, version 12.1.3.0.0 |
| Oracle Enterprise Session Border Controller, versions ECz7.4.0, ECz7.5.0, ECz8.0.0, ECz8.1.0 |
| Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7 |
| Oracle FLEXCUBE Direct Banking, version 12.0.2 |
| Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 |
| Oracle Fusion Middleware MapViewer, version 12.2.1.3.0 |
| Oracle GoldenGate Application Adapters, version 12.3.2.1.1 |
| Oracle Health Sciences Information Manager, version 3.0 |
| Oracle Healthcare Foundation, versions 7.1, 7.2 |
| Oracle Healthcare Master Person Index, versions 3.0, 4.0 |
| Oracle Hospitality Cruise Fleet Management, version 9.0.10 |
| Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8 |
| Oracle Hospitality Reporting and Analytics, version 9.1.0 |
| Oracle Hospitality Simphony, version 2.10 |
| Oracle HTTP Server, version 12.2.1.3 |
| Oracle Insurance Calculation Engine, version 10.2 |
| Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5 |
| Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2 |
| Oracle Insurance Rules Palette, versions 10.0, 10.2 |
| Oracle Java SE, versions 7u201, 8u192, 11.0.1 |
| Oracle Java SE Embedded, version 8u191 |
| Oracle Managed File Transfer, versions 12.2.1.3.0, 19.1.0.0.0 |
| Oracle Outside In Technology, versions 8.5.3, 8.5.4 |
| Oracle Reports Developer, version 12.2.1.3 |
| Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1 |
| Oracle Retail Central Office, versions 13.3, 13.4, 14.0, 14.1 |
| Oracle Retail Convenience and Fuel POS Software, version 2.8.1 |
| Oracle Retail Customer Insights, versions 15.0, 16.0 |
| Oracle Retail Integration Bus, version 17.0 |
| Oracle Retail Merchandising System, version 14.1 |
| Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1 |
| Oracle Retail Sales Audit, version 15.0 |
| Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0 |
| Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0 |
| Oracle Retail Xstore Payment, version 3.3 |
| Oracle Secure Global Desktop (SGD), version 5.4 |
| Oracle Service Architecture Leveraging Tuxedo, versions 12.1.3.0.0, 12.2.2.0.0 |
| Oracle SOA Suite, versions 12.1.3.0.0, 12.2.1.3.0 |
| Oracle Solaris, versions 10, 11 |
| Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3 |
| Oracle Utilities Framework, version 4.3.0.1-4.3.0.4 |
| Oracle Utilities Network Management System, versions 1.12.0.3, 2.3.0.0, 2.3.0.1, 2.3.0.2 |
| Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2 |
| Oracle Web Cache, version 11.1.1.9.0 |
| Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0 |
| Oracle WebCenter Sites, version 11.1.1.8.0 |
| Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3 |
| OSS Support Tools, versions prior to 19.1 |
| PeopleSoft Enterprise CC Common Application Objects, version 9.2 |
| PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2 |
| PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2 |
| PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57 |
| PeopleSoft Enterprise SCM eProcurement, version 9.2 |
| Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8 |
| Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8 |
| Siebel Applications, versions 18.10, 18.11 |
| Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.2 |
| Tape Library ACSLS, version 8.4 |
□ 해결 방안
o "Oracle Critical Patch Update Advisory – January 2019“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]
□ 기타 문의사항
o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118
[참고사이트]
[1] https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.xml
