본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

보안공지

Oracle Critical Patch Update 보안 업데이트 권고2020.04.16

□ 개요

 o 오라클社 CPU에서 자사 제품의 보안 취약점 397개에 대한 패치를 발표 [1]

  ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

 o 영향 받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고

 

□ 영향받는 제품 및 버전

Application Performance Management, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
Application Service Level Management, versions 13.2.0.0, 13.3.0.0
Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
Hyperion Financial Management, version 11.1.2.4
Hyperion Financial Reporting, version 11.1.2.4
Identity Manager Connector, version 9.0
Instantis EnterpriseTrack, versions 17.1-17.3
Java Advanced Management Console, version 2.16
JD Edwards EnterpriseOne Tools, version 9.2
JD Edwards World Security, versions A9.3, A9.3.1, A9.4
MICROS Relate CRM Software, version 11.4
MySQL Client, versions 5.6.47 and prior, 5.7.29 and prior, 8.0.18 and prior
MySQL Cluster, versions 7.3.28 and prior, 7.4.27 and prior, 7.5.17 and prior, 7.6.13 and prior, 8.0.19 and prior
MySQL Connectors, versions 5.1.48 and prior, 8.0.19 and prior
MySQL Enterprise Monitor, versions 4.0.11.5331 and prior, 8.0.18.1217 and prior
MySQL Server, versions 5.6.47 and prior, 5.7.29 and prior, 8.0.19 and prior
MySQL Workbench, versions 8.0.19 and prior
Oracle Access Manager, versions 11.1.2.3.0, 12.2.1.3.0
Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6
Oracle API Gateway, version 11.1.2.4.0
Oracle Application Express, versions prior to 19.2
Oracle Application Testing Suite, versions 13.2.0.1, 13.3.0.1
Oracle Banking Enterprise Collections, versions 2.7.0, 2.8.0
Oracle Banking Enterprise Originations, versions 2.7.0, 2.8.0
Oracle Banking Enterprise Product Manufacturing, versions 2.7.0, 2.8.0
Oracle Banking Platform, versions 2.4.0, 2.4.1, 2.5.0, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, 2.9.0
Oracle Big Data Discovery, version 1.6
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Business Process Management Suite, version 12.2.1.4.0
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Communications ASAP Cartridges, versions 7.2, 7.3
Oracle Communications Calendar Server, versions 8.0.0.2.0, 8.0.0.3.0
Oracle Communications Converged Application Server - Service Controller, version 6.1
Oracle Communications Diameter Signaling Router (DSR), versions 8.0.0, 8.1.0, 8.2.0, 8.2.1
Oracle Communications Element Manager, versions 8.0.0, 8.1.0, 8.1.1, 8.2.0
Oracle Communications Evolved Communications Application Server, version 7.1
Oracle Communications Messaging Server, versions 8.0.2, 8.1.0
Oracle Communications Operations Monitor, versions 3.4.0, 4.0.0, 4.1.0, 4.2.0, 4.3.0
Oracle Communications Service Broker, versions 6.0, 6.1
Oracle Communications Services Gatekeeper, versions 6.0, 6.1
Oracle Communications Session Report Manager, versions 8.0.0, 8.1.0, 8.1.1, 8.2.0
Oracle Communications Session Route Manager, versions 8.0.0, 8.1.0, 8.1.1, 8.2.0
Oracle Communications Unified Inventory Management, versions 7.3.0, 7.4.0
Oracle Communications WebRTC Session Controller, version 7.2
Oracle Configurator, versions 12.1, 12.2
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9
Oracle Endeca Information Discovery Integrator, version 3.2.0
Oracle Endeca Server, version 7.7.0
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.0.9
Oracle Financial Services Asset Liability Management, versions 8.0.6, 8.0.7
Oracle Financial Services Balance Sheet Planning, version 8.0.8
Oracle Financial Services Data Foundation, versions 8.0.6-8.0.9
Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management, versions 8.0.7, 8.0.8
Oracle Financial Services Funds Transfer Pricing, versions 8.0.6, 8.0.7
Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.6-8.0.8
Oracle Financial Services Liquidity Risk Management, version 8.0.6
Oracle Financial Services Liquidity Risk Measurement and Management, versions 8.0.7, 8.0.8
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.6-8.0.8
Oracle Financial Services Market Risk Measurement and Management, versions 8.0.6, 8.0.8
Oracle Financial Services Price Creation and Discovery, version 8.0.7
Oracle Financial Services Profitability Management, versions 8.0.6, 8.0.7
Oracle Financial Services Revenue Management and Billing Analytics, versions 2.6, 2.7, 2.8
Oracle FLEXCUBE Core Banking, version 4.0
Oracle FLEXCUBE Private Banking, versions 12.0, 12.1
Oracle Fusion Middleware MapViewer, version 12.2.1.3.0
Oracle Global Lifecycle Management NextGen OUI Framework, versions 12.2.1.3.0, 12.2.1.4.0, 13.9.4.2.2
Oracle Global Lifecycle Management OPatch, versions prior to 11.2.0.3.23, prior to 12.2.0.1.19, prior to 13.9.4.2.1
Oracle GraalVM Enterprise Edition, versions 19.3.1, 20.0.0
Oracle Health Sciences Information Manager, version 3.0
Oracle Healthcare Data Repository, version 7.0
Oracle Hospitality Reporting and Analytics, version 9.1.0
Oracle HTTP Server, version 11.1.1.9.0
Oracle In-Memory Performance-Driven Planning, versions 12.1, 12.2
Oracle Insurance Accounting Analyzer, versions 8.0.6-8.0.9
Oracle Java SE, versions 7u251, 8u241, 11.0.6, 14
Oracle Java SE Embedded, version 8u241
Oracle Knowledge, versions 8.6.0-8.6.3
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0
Oracle Outside In Technology, versions 8.5.4, 8.5.5
Oracle Real User Experience Insight, versions 13.1.2.1, 13.2.3.1, 13.3.1.0
Oracle Retail Advanced Inventory Planning, versions 14.0, 15.0, 16.0
Oracle Retail Back Office, version 14.1
Oracle Retail Central Office, version 14.1
Oracle Retail Customer Management and Segmentation Foundation, version 18.0
Oracle Retail Merchandising System, version 16.0
Oracle Retail Order Broker, versions 15.0, 16.0, 18.0, 19.0
Oracle Retail Point-of-Service, version 14.1
Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3
Oracle Retail Returns Management, version 14.1
Oracle Retail Store Inventory Management, version 16.0
Oracle Retail Xstore Point of Service, versions 7.1, 15.0, 16.0, 17.0, 18.0, 18.0.1
Oracle SD-WAN Edge, versions 7.3, 8.0, 8.1, 8.2
Oracle Secure Backup, versions prior to 18.1
Oracle SOA Suite, versions 12.2.1.3.0, 12.2.1.4.0
Oracle Solaris, versions 10, 11
Oracle Transportation Management, versions 6.3.7, 6.4.2, 6.4.3
Oracle Unified Directory, versions 12.2.1.3.0, 12.2.1.4.0
Oracle Utilities Framework, versions 2.2.0, 4.2.0.2, 4.2.0.3, 4.3.0.2-4.3.0.6, 4.4.0.0, 4.4.0.2
Oracle Utilities Network Management System, versions 1.12.0.3, 2.3.0.1, 2.3.0.2, 2.4.0.0
Oracle VM VirtualBox, versions prior to 5.2.40, prior to 6.0.20, prior to 6.1.6
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
OSS Support Tools, versions 20.0, 20.1
PeopleSoft Enterprise CS Campus Community, version 9.2
PeopleSoft Enterprise HCM Absence Management, version 9.2
PeopleSoft Enterprise HRMS, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58
PeopleSoft Enterprise SCM Purchasing, version 9.2
Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.6, 18.8.0-18.8.8, 19.12.0
Primavera P6 Enterprise Project Portfolio Management, versions 16.2.0.0-16.2.19.3, 17.12.0.0-17.12.17.0, 18.8.0.0-18.8.18.0, 19.12.1.0-19.12.3.0, 20.1.0.0-20.2.0.0
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12
Siebel Applications, versions 20.2 and prior
StorageTek Tape Analytics SW Tool, version 2.3.0
Sun ZFS Storage Appliance Kit, version 8.8

 

□ 해결 방안 

 o "Oracle Critical Patch Update Advisory – April 2020“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]

 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

 

□ 기타 문의사항

 o 한국인터넷진흥원 사이버민원센터: 국번없이 118

 

[참고사이트]

[1] https://www.oracle.com/security-alerts/cpuapr2020.html

[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html

[3] https://www.java.com/ko/download/help/java_update.xml