【威胁通告】Oracle全系产品2018年7月关键补丁更新

当地时间2018年7月17日,Oracle官方发布了2018年7月(第二季度)关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了334个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

 

25个产品存在漏洞

产品漏洞个数未授权远程利用个数最高CVSS评分
Oracle Database server319.8
Oracle Communications Applications14109.8
Oracle Constructions and Engineering Suite1167.4
Oracle E-Business Suite14138.2
Oracle Enterprise Manager Products Suite16169.8
Oracle Financial Services Applications56219.8
Oracle Fusion Middleware40369.8
Oracle Hospitality Applications2478.1
Oracle Hyperion228.6
Oracle iLearning118.2
Oracle Insurance Applications229.8
Oracle Java SE889.0
Oracle JD Edwards1097.5
Oracle MySQL3179.8
Oracle PerpleSoft Products18139.8
Oracle Policy Automation339.8
Oracle Retail Applications32279.8
Oracle Siebel CRM114.3
Oracle Sun Systems Products22109.8
Oracle Supply Chain Products Suite869.8
Oracle Support Tools117.5
Oracle Utilities Applications439.8
Oracle Virtualization1228.6

受影响的产品及版本

受影响的产品及版本信息请参考文末附录。

详情见如下链接:

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

关键补丁更新(cpu)

关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新修补程序通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

 

附录

受影响产品(含版本)以及相关补丁情况如下表:

Affected Products and VersionsPatch Availability Document
Agile Recipe Management for Pharmaceuticals, version 9.3.4Oracle Supply Chain Products
Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.xEnterprise Manager
Enterprise Manager for Fusion Middleware, versions 12.1.0.5, 13.2.xEnterprise Manager
Enterprise Manager for MySQL Database, versions 13.2.2.0.0 and priorEnterprise Manager
Enterprise Manager for Oracle Database, versions 12.1.0.8, 13.2.2Enterprise Manager
Enterprise Manager for Peoplesoft, versions 13.1.1.1, 13.2.1.1Enterprise Manager
Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3Enterprise Manager
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3Enterprise Manager
FMW Platform, versions 12.2.1.2.0, 12.2.1.3.0Fusion Middleware
Hardware Management Pack, version 11.3Systems
Hyperion Data Relationship Management, version 11.1.2.4.330Fusion Middleware
Hyperion Financial Reporting, version 11.1.2Fusion Middleware
JD Edwards EnterpriseOne Tools, version 9.2JD Edwards
JD Edwards World Security, versions A9.3, A9.3.1, A9.4JD Edwards
MICROS 700 Series Tablet, versions Prior to BIOS 0.00.13ORC, Prior to BIOS 0.01.25ORCMICROS 700 Series Tablet
MICROS Handheld Terminal, versions 2018, Android 4.4.4 Security Patch Bulletin prior to February 1MICROS Handheld Terminal
MICROS Kitchen Display Controller, versions Prior to BIOS 0.00.16ORCMICROS Kitchen Display System Hardware
MICROS Lucas, versions 2.9.5.3, 2.9.5.4, 2.9.5.5, 2.9.5.6Retail Applications
MICROS Relate CRM Software, versions 10.8.x, 11.4.xRetail Applications
MICROS Retail-J, versions 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x, 13.1.xRetail Applications
MICROS Workstation 6, versions prior to BIOS 1.3.1.0, prior to BIOS 1.5.2.0, prior to BIOS 2.3.1.0MICROS Workstation
MICROS XBR, versions 7.0.2, 7.0.4Retail Applications
MySQL Client, versions 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, 8.0.11 and priorMySQL
MySQL Connectors, versions 5.3.10 and prior, 8.0.11 and priorMySQL
MySQL Enterprise Monitor, versions 3.4.7.4297 and prior, 4.0.4.5235 and prior, 8.0.0.8131 and priorMySQL
MySQL Server, versions 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, 8.0.11 and priorMySQL
MySQL Workbench, versions 6.3.10 and prior, 8.0.11 and priorMySQL
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6Oracle Supply Chain Products
Oracle Agile PLM MCAD Connector, versions 3.3, 3.4, 3.5, 3.6Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, version 6.2.0.0Oracle Supply Chain Products
Oracle API Gateway, version 11.1.2.4.0Fusion Middleware
Oracle Application Testing Suite, version 10.1Enterprise Manager
Oracle AutoVue VueLink Integration, versions 21.0.0, 21.0.1Oracle Supply Chain Products
Oracle Banking Corporate Lending, versions 12.3.0, 12.4.0, 12.5.0, 14.0.0, 14.1.0Oracle Financial Services Applications
Oracle Banking Payments, versions 12.2.0, 12.3.0, 12.4.0, 12.5.0, 14.1.0Oracle Financial Services Applications
Oracle Banking Platform, versions 2.6.0, 2.6.1, 2.6.2Oracle Banking Platform
Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0Fusion Middleware
Oracle Business Process Management Suite, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0Fusion Middleware
Oracle Communications Diameter Signaling Router (DSR), versions 7.x, 8.xOracle Communications Diameter Signaling Router
Oracle Communications EAGLE LNP Application Processor, version 10.xOracle Communications EAGLE LNP Application Processor
Oracle Communications Interactive Session Recorder, versions 5.x, 6.xOracle Communications Interactive Session Recorder
Oracle Communications Messaging Server, version 3.xOracle Communications Convergence
Oracle Communications Network Charging and Control, versions 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0Oracle Communications Network Charging and Control
Oracle Communications Policy Management, version 12.xOracle Communications Policy Management
Oracle Communications Session Border Controller, versions ECz7.x, ECz8.xOracle Communications Session Border Controller
Oracle Communications User Data Repository, versions 10.x, 12.xOracle Communications User Data Repository
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, 18.2Database
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7E-Business Suite
Oracle Endeca Information Discovery Studio, versions 3.1, 3.2Fusion Middleware
Oracle Enterprise Data Quality, version 12.2.1.3.0Fusion Middleware
Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0Fusion Middleware
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3.x, 8.0.xOracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform, version 8.0.xOracle Financial Services Behavior Detection Platform
Oracle Financial Services Funds Transfer Pricing, versions 6.1.1, 8.0.xOracle Financial Services Funds Transfer Pricing
Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4, 8.0.5Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.4, 8.0.5Oracle Financial Services Loan Loss Forecasting and Provisioning
Oracle Financial Services Profitability Management, versions 6.1.1, 8.0.xOracle Financial Services Profitability Management
Oracle Financial Services Revenue Management and Billing, versions 2.3.0.2.0, 2.4.0.0.0, 2.4.0.1.0, 2.5.0.1.0, 2.5.0.2.0, 2.5.0.3.0Oracle Financial Services Revenue Management and Billing
Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.3.0, 14.0.0, 14.1.0Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0Oracle Financial Services Applications
Oracle Fusion Middleware, versions 12.2.1.2, 12.2.1.3Fusion Middleware
Oracle Fusion Middleware MapViewer, versions 12.2.1.2, 12.2.1.3Fusion Middleware
Oracle Global Lifecycle Management OPatchAuto, version AllOracle Global Lifecycle Management OPatchAuto
Oracle Hospitality Cruise Fleet Management System, version 9.xOracle Hospitality Cruise Fleet Management
Oracle Hospitality Cruise Shipboard Property Management System, version 8.xOracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Gift and Loyalty, version 9.0.0Oracle Hospitality Gift and Loyalty
Oracle Hospitality OPERA 5 Property Services, version 5.5.xOracle Hospitality OPERA 5 Property Services
Oracle Hospitality Reporting and Analytics, version 9.0.0Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, versions 2.8, 2.9, 2.10Oracle Hospitality Simphony
Oracle iLearning, version 6.2iLearning
Oracle Insurance Policy Administration, versions 10.0, 10.1, 10.2, 11.0Oracle Insurance Applications
Oracle Internet Directory, version 11.1.1.9.0Fusion Middleware
Oracle Java SE, versions 6u191, 7u181, 8u172, 10.0.1Java SE
Oracle Java SE Embedded, version 8u171Java SE
Oracle JDeveloper, versions 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0Fusion Middleware
Oracle JRockit, version R28.3.18Java SE
Oracle Outside In Technology, version 8.5.3Fusion Middleware
Oracle Policy Automation, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10Oracle Policy Automation
Oracle Policy Automation Connector for Siebel, version 10.4.6Oracle Policy Automation
Oracle Policy Automation for Mobile Devices, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10Oracle Policy Automation
Oracle Retail Back Office, versions 14.0, 14.1Retail Applications
Oracle Retail Bulk Data Integration, version 16.0Retail Applications
Oracle Retail Central Office, versions 14.0, 14.1Retail Applications
Oracle Retail Clearance Optimization Engine, version 14.0.5Retail Applications
Oracle Retail Convenience and Fuel POS Software, version 2.1.132Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 16.x, 17.xRetail Applications
Oracle Retail Financial Integration, versions 13.2.x, 14.0.x, 14.1.x, 15.0.x, 16.0.xRetail Applications
Oracle Retail Integration Bus, versions 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.0 14.1.0, 14.0.x, 14.1.x, 15.0, 15.0.x, 16.0, 16.0.xRetail Applications
Oracle Retail Order Broker, versions 5.2, 15.0, 16.0Retail Applications
Oracle Retail Point-of-Sale, versions 14.0, 14.1Retail Applications
Oracle Retail Point-of-Service, versions 14.0, 14.1Retail Applications
Oracle Retail Predictive Application Server, version 15.0.3Retail Applications
Oracle Retail Returns Management, versions 14.0, 14.1Retail Applications
Oracle Retail Service Backbone, versions 14.0.x, 14.1.x, 15.0.x, 16.0.xRetail Applications
Oracle Retail Service Layer, versions 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.xRetail Applications
Oracle Secure Global Desktop, versions 5.3, 5.4Virtualization
Oracle SOA Suite, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0Fusion Middleware
Oracle SuperCluster Specific Software, versions prior to 2.5.0Systems
Oracle Transportation Management, versions 6.2, 6.3.7, 6.4.1Oracle Supply Chain Products
Oracle Tuxedo, versions 12.1.1, 12.1.3, 12.2.2Fusion Middleware
Oracle Utilities Framework, version 4.3.xOracle Utilities Applications
Oracle Utilities Network Management System, versions 1.12.x, 2.3.xOracle Utilities Applications
Oracle Utilities Work and Asset Management, version 1.9.1.2.12Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 5.2.16Virtualization
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3Fusion Middleware
OSS Support Tools, versions prior to 18.3Support Tools
PeopleSoft Enterprise CS Financial Aid, versions 9.0, 9.2PeopleSoft
PeopleSoft Enterprise FIN Install, version 9.2PeopleSoft
PeopleSoft Enterprise HCM Human Resources, version 9.2PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56PeopleSoft
PeopleSoft HRMS, version 9.2PeopleSoft
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.x, 16.x, 17.xOracle Construction and Engineering Suite
Primavera Unifier, versions 16.x, 17.x, 18.xOracle Construction and Engineering Suite
Siebel Applications, version 18.0Siebel
Solaris, versions 10, 11.2, 11.3Systems
Solaris Cluster, versions 3.3, 4.3Systems
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.7.20Systems
Tape Library ACSLS, versions Prior to ACSLS 8.4.0-3Systems

附录下载 

Oracle全系产品2018年7月关键补丁更新

 明

=============

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

 

关于绿盟科技

==============

北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。

基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。

北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市交易,股票简称:绿盟科技,股票代码:300369。

Spread the word. Share this post!

Meet The Author

Leave Comment