【威胁通告】Oracle全系产品2019年7月关键补丁更新

当地时间2019年7月16日,Oracle官方发布了2019年7月关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了319个不同程度的漏洞。

综述

当地时间2019年7月16日,Oracle官方发布了2019年7月关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了319个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

完整信息请查看官方通告:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

漏洞总结

产品 漏洞个数 未授权远程利用个数 最高CVSS评分
Oracle Database server 8 1 9.8
Oracle Global Lifecycle Management 1 0 7.2
Oracle Berkeley DB 5 0 7.0
Oracle Communications Applications 24 21 9.8
Oracle Construction and Engineering Suite 8 8 9.8
Oracle E-Business Suite 13 12 9.6
Oracle Enterprise Manager Products Suite 12 10 9.8
Oracle Financial Services Applications 60 50 9.8
Oracle Food and Beverage Applications 3 2 8.2
Oracle Fusion Middleware 33 28 9.8
Oracle Hospitality Applications 2 1 6.5
Oracle Hyperion 3 0 4.5
Oracle Insurance Applications 7 7 9.8
Oracle Java SE 10 9 6.8
Oracle GraalVM 2 1 7.7
Oracle JD Edwards Products 5 5 9.8
Oracle MySQL 45 4 9.8
Oracle PeopleSoft Products 8 5 7.5
Oracle Retail Applications 21 14 9.8
Oracle Siebel CRM 3 1 6.1
Oracle Sun Systems Products Suite 14 8 9.8
Oracle Supply Chain Products Suite 8 6 9.8
Oracle Support Tools 7 7 9.8
Oracle Utilities Applications 3 3 9.8
Oracle Virtualization 14 1 8.8

受影响的产品及版本

受影响的产品及版本信息请参考文末附录。

关键补丁更新(cpu)

关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

附录

受影响产品(含版本)以及相关补丁情况如下表:

Affected Products and Versions Patch Availability Document
Application Express, versions 5.1, 18.2 Database
Diagnostic Assistant, versions prior to 2.12.36 Support Tools
Enterprise Manager Base Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0 Enterprise Manager
Enterprise Manager for Fusion Middleware, versions 13.2, 13.3 Enterprise Manager
Enterprise Manager for Virtualization, versions 13.1, 13.2, 13.3 Enterprise Manager
Enterprise Manager Ops Center, versions 12.3.3, 12.4.0 Enterprise Manager
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3 Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Tools, version 9.2 JD Edwards
JD Edwards World Security, versions A9.3, A9.3.1, A9.4 JD Edwards
MICROS Retail XBRi Loss Prevention, versions 10.8.0 – 10.8.3 Retail Applications
MICROS Retail-J, versions 12.1.0, 12.1.1, 12.1.2, 13.1 Retail Applications
MySQL Enterprise Monitor, versions 4.0.9 and prior, 8.0.14 and prior MySQL
MySQL Server, versions 5.6.44 and prior, 5.7.26 and prior, 8.0.16 and prior MySQL
MySQL Workbench, versions 8.0.16 and prior MySQL
Oracle Agile Engineering Data Management, versions 6.2.0, 6.2.1 Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6 Oracle Supply Chain Products
Oracle Application Testing Suite, versions 13.1, 13.2, 13.3 Enterprise Manager
Oracle Banking Platform, versions 2.4.0 – 2.7.1 Oracle Banking Platform
Oracle Berkeley DB, versions 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23, 12.1.6.2.32 Berkeley DB
Oracle BI Publisher, version 11.1.1.9.0 Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.4.0 Fusion Middleware
Oracle Clusterware, version 12.1.0.2.0 Support Tools
Oracle Communications Application Session Controller, versions 3.7.1, 3.8.0 Oracle Communications Application Session Controller
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0 Oracle Communications Billing and Revenue Management
Oracle Communications Converged Application Server, versions 5.1, 7.0, 7.1 Oracle Communications Converged Application Server
Oracle Communications Converged Application Server – Service Controller, versions 6.0, 6.1 Oracle Communications Converged Application Server – Service Controller
Oracle Communications Convergence, version 3.0.2 Oracle Communications Convergence
Oracle Communications Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3 Oracle Communications Diameter Signaling Router
Oracle Communications EAGLE (Software), versions 46.5, 46.6, 46.7 Oracle Communications EAGLE (Software)
Oracle Communications Instant Messaging Server, version 10.0.1.2.0 Oracle Communications Instant Messaging Server
Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2 Oracle Communications Interactive Session Recorder
Oracle Communications Messaging Server, versions 8.0.2, 8.1.0 Oracle Communications Messaging Server
Oracle Communications Online Mediation Controller, version 6.1 Oracle Communications Online Mediation Controller
Oracle Communications Unified, version 8.0.0.2.0 Oracle Communications Calendar Server
Oracle Data Integrator, version 12.2.1.3.0 Fusion Middleware
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Database
Oracle Demantra Demand Management, version 7.3.1.5.2 Oracle Supply Chain Products
Oracle E-Business Suite, versions 12.1.1 – 12.1.3, 12.2.3 – 12.2.8 E-Business Suite
Oracle Endeca Information Discovery Integrator, version 3.2.0 Fusion Middleware
Oracle Endeca Server, version 7.7.0 Fusion Middleware
Oracle Enterprise Manager Base Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0 Enterprise Manager
Oracle Enterprise Repository, version 12.1.3.0.0 Fusion Middleware
Oracle Financial Services – Regulatory Reporting for Reserve Bank of India – Lombard Risk Integration Pack, version 8.0.7 Oracle Financial Services – Regulatory Reporting for Reserve Bank of India
Oracle Financial Services – Regulatory Reporting for US Federal Reserve – Lombard Risk Integration Pack, versions 8.0.4 – 8.0.7 Oracle Financial Services Regulatory Reporting for US Federal Reserve
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3 – 7.3.5, 8.0.2 – 8.0.8 Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Analytical Applications Reconciliation Framework, versions 8.0.4 – 8.0.7 Oracle Financial Services Analytical Applications Reconciliation Framework
Oracle Financial Services Asset Liability Management, versions 8.0.4 – 8.0.7 Oracle Financial Services Asset Liability Management
Oracle Financial Services Basel Regulatory Capital Basic, versions 8.0.4 – 8.0.7 Oracle Financial Services Basel Regulatory Capital Basic
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, versions 8.0.4 – 8.0.7 Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach
Oracle Financial Services Data Foundation, versions 8.0.4 – 8.0.8 Oracle Financial Services Data Foundation
Oracle Financial Services Data Integration Hub, versions 8.0.5 – 8.0.7 Oracle Financial Services Data Integration Hub
Oracle Financial Services Funds Transfer Pricing, versions 8.0.4 – 8.0.7 Oracle Financial Services Funds Transfer Pricing
Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4 – 8.0.7 Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Institutional Performance Analytics, versions 8.0.4 – 8.0.7 Oracle Financial Services Institutional Performance Analytics
Oracle Financial Services Liquidity Risk Management, versions 8.0.1, 8.0.2, 8.0.4, 8.0.5, 8.0.6 Oracle Financial Services Liquidity Risk Management
Oracle Financial Services Liquidity Risk Measurement and Management, versions 8.0.7, 8.0.8 Oracle Financial Services Liquidity Risk Measurement and Management
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.2 – 8.0.7 Oracle Financial Services Loan Loss Forecasting and Provisioning
Oracle Financial Services Market Risk Measurement and Management, versions 8.0.5, 8.0.6, 8.0.8 Oracle Financial Services Market Risk Measurement and Management
Oracle Financial Services Price Creation and Discovery, versions 8.0.4 – 8.0.7 Oracle Financial Services Price Creation And Discovery
Oracle Financial Services Profitability Management, versions 8.0.4 – 8.0.7 Oracle Financial Services Profitability Management
Oracle Financial Services Regulatory Reporting for European Banking Authority, versions 8.0.6, 8.0.7 Oracle Financial Services Regulatory Reporting for European Banking Authority
Oracle Financial Services Regulatory Reporting for European Banking Authority – Integration Pack for Lombard Risk, versions 8.0.6, 8.0.7 Oracle Financial Services Regulatory Reporting for European Banking Authority
Oracle Financial Services Regulatory Reporting for US Federal Reserve, versions 8.0.4 – 8.0.7 Oracle Financial Services Regulatory Reporting for US Federal Reserve
Oracle Financial Services Retail Customer Analytics, versions 8.0.4 – 8.0.6 Oracle Financial Services Retail Customer Analytics
Oracle Financial Services Revenue Management and Billing, versions 2.4.0.0, 2.4.0.1 Oracle Financial Services Revenue Management and Billing
Oracle FLEXCUBE Core Banking, versions 5.2.0, 11.6.0, 11.7.0, 11.8.0 Oracle Financial Services Applications
Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.0, 12.1 Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, versions 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0 Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, versions 12.0.1, 12.0.3, 12.1.0 Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, versions 12.0.1 – 12.0.3, 12.1.0 – 12.4.0, 14.0.0 – 14.2.0 Oracle Financial Services Applications
Oracle Global Lifecycle Management OPatchAuto, versions prior to 12.2.0.1.14 Oracle Global Lifecycle Management OPatchAuto
Oracle GraalVM Enterprise Edition, version 19.0.0 Oracle GraalVM Enterprise Edition
Oracle Hospitality Gift and Loyalty, versions 9.0.0, 9.1.0 Oracle Hospitality Gift and Loyalty
Oracle Hospitality Guest Access, versions 4.2, 4.2.1 Oracle Hospitality Guest Access
Oracle Hospitality Simphony, version 18.2.1 Oracle Hospitality Simphony
Oracle Hospitality Suite8, versions 8.9.6, 8.10.2, 8.11 – 8.14 Oracle Hospitality Suite8
Oracle HTTP Server, versions 12.1.3.0.0, 12.2.1.3.0 Fusion Middleware
Oracle Hyperion Planning, version 11.1.2.4 Fusion Middleware
Oracle Hyperion Workspace, version 11.1.2.4 Fusion Middleware
Oracle Identity Manager, versions 11.1.2.3.0, 12.2.1.3.0 Fusion Middleware
Oracle Insurance Allocation Manager for Enterprise Profitability, version 8.0.8 Oracle Insurance Allocation Manager for Enterprise Profitability
Oracle Insurance Calculation Engine, versions 9.7, 10.0, 10.1, 10.2 Oracle Insurance Applications
Oracle Insurance Data Foundation, versions 8.0.4 – 8.0.7 Oracle Insurance Data Foundation
Oracle Insurance IFRS 17 Analyzer, versions 8.0.6, 8.0.7 Oracle Insurance IFRS 17 Analyzer
Oracle Insurance Performance Insight, version 8.0.7 Oracle Insurance Performance Insight
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.1, 10.2, 11.0 Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 10.0, 10.1, 10.2, 11.0 Oracle Insurance Applications
Oracle Java SE, versions 7u221, 8u212, 11.0.3, 12.0.1 Java SE
Oracle Java SE Embedded, version 8u211 Java SE
Oracle Outside In Technology, version 8.5.4 Fusion Middleware
Oracle Retail Advanced Inventory Planning, version 15.0 Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0 Retail Applications
Oracle Retail Financial Integration, versions 14.0, 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Integration Bus, versions 15.0, 16.0 Retail Applications
Oracle Retail Order Broker, versions 5.2, 15.0 Retail Applications
Oracle Retail Order Management System, version 5.0 Retail Applications
Oracle Retail Predictive Application Server, versions 14.0.3.26, 14.1.3.37, 15.0.3.100, 16.0 Retail Applications
Oracle Retail Service Backbone, version 16.0.1 Retail Applications
Oracle Retail Xstore Office, versions 7.0, 7.1 Retail Applications
Oracle Retail Xstore Point of Service, versions 7.0, 7.1, 15.0, 16.0, 17.0, 18.0 Retail Applications
Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 Fusion Middleware
Oracle SOA Suite, version 12.2.1.3.0 Fusion Middleware
Oracle Solaris, versions 10, 11.3, 11.4 Systems
Oracle Transportation Management, version 6.3.7 Oracle Supply Chain Products
Oracle Utilities Advanced Spatial and Operational Analytics, version 2.7.0.1 Oracle Utilities Applications
Oracle Utilities Framework, versions 4.3.0.2.0 – 4.3.0.6.0, 4.4.0.0.0 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 5.2.32, prior to 6.0.10 Virtualization
Oracle WebCenter Sites, version 12.2.1.3.0 Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 Fusion Middleware
PeopleSoft Enterprise FIN Project Costing, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57 PeopleSoft
PeopleSoft Enterprise PT PeopleTools, versions 8.55, 8.56, 8.57 PeopleSoft
Primavera Analytics, version 18.8 Oracle Construction and Engineering Suite
Primavera Gateway, versions 15.2, 16.2, 17.12, 18.8 Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.7 – 17.12, 18.8 Oracle Construction and Engineering Suite
Services Tools Bundle, version 19.2 Support Tools
Siebel Applications, versions 19.0 and prior Siebel
StorageTek Tape Analytics SW Tool, version 2.3.0 Systems
Sun ZFS Storage Appliance Kit (AK), version 8.8.3 Systems
System Utilities, version 19.1 Support Tools
Tape Virtual Storage Manager GUI, version 6.2 Systems

 

声 明

=============

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

 

关于绿盟科技

==============

北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。

基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。

北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市,股票简称:绿盟科技,股票代码:300369。

Spread the word. Share this post!

Meet The Author

Leave Comment