【威胁通告】Oracle全系产品2019年4月关键补丁更新

当地时间2019年4月16日,Oracle官方发布了2019年4月(第2季度)关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了297个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

完整信息请查看官方通告:

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

漏洞总结

产品漏洞个数未授权远程利用个数最高CVSS评分
Oracle Database server619.1
Oracle Berkeley DB103.3
Oracle Commerce336.5
Oracle Communications Applications26199.8
Oracle Construction and Engineering Suite879.8
Oracle E-Business Suite35338.2
Oracle Enterprise Manager Products Suite1179.8
Oracle Financial Services Applications14139.8
Oracle Food and Beverage Applications116.1
Oracle Fusion Middleware53429.8
Oracle Health Sciences Applications219.8
Oracle Hospitality Applications559.8
Oracle Java SE559.0
Oracle JD Edwards Products879.8
Oracle MySQL4546.5
Oracle PeopleSoft Products1288.7
Oracle Retail Applications24209.8
Oracle Siebel CRM869.8
Oracle Sun Systems Products Suite325.3
Oracle Supply Chain Products Suite559.8
Oracle Support Tools116.1
Oracle Utilities Applications659.8
Oracle Virtualization1539.8

受影响的产品及版本

受影响的产品及版本信息请参考文末附录。

关键补丁更新(cpu)

关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

附录

受影响产品(含版本)以及相关补丁情况如下表:

Affected Products and VersionsPatch Availability Document
Agile Recipe Management for Pharmaceuticals, versions 9.3.3, 9.3.4Oracle Supply Chain Products
Enterprise Manager Base Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0Enterprise Manager
Enterprise Manager Ops Center, version 12.3.3Enterprise Manager
FMW Platform, version 12.2.1.3.0Fusion Middleware
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Tools, version 9.2JD Edwards
JD Edwards World Technical Foundation, versions A9.2, A9.3.1, A9.4JD Edwards
MICROS Lucas, versions 2.9.5.6, 2.9.5.7Retail Applications
MICROS Relate CRM Software, version 11.4Retail Applications
MICROS Retail-J, version 12.1.2Retail Applications
MySQL Connectors, versions 5.3.12 and prior, 8.0.15 and priorMySQL
MySQL Enterprise Backup, versions 3.12.3 and prior, 4.1.2 and priorMySQL
MySQL Enterprise Monitor, versions 4.0.8 and prior, 8.0.14 and priorMySQL
MySQL Server, versions 5.6.43 and prior, 5.7.25 and prior, 8.0.15 and priorMySQL
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5Oracle Supply Chain Products
Oracle API Gateway, version 11.1.2.4.0Fusion Middleware
Oracle Application Testing Suite, version 13.3.0.1Enterprise Manager
Oracle AutoVue 3D Professional Advanced, versions 21.0.0, 21.0.1Oracle Supply Chain Products
Oracle Banking Platform, versions 2.4.0, 2.4.1, 2.5.0, 2.6.0Oracle Banking Platform
Oracle Berkeley DB, versions prior to 6.138, prior to 18.1.32Berkeley DB
Oracle BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle Business Transaction Management, version 12.1.0Enterprise Manager
Oracle Commerce Merchandising, version 11.2.0.3Oracle Commerce
Oracle Commerce Platform, versions 11.2.0.3, 11.3.1Oracle Commerce
Oracle Communications Application Session Controller, versions 3.7.1, 3.8.0Oracle Communications Application Session Controller
Oracle Communications EAGLE Application Processor, versions 16.1.0, 16.2.0Oracle Communications EAGLE Application Processor
Oracle Communications EAGLE LNP Application Processor, versions 10.0, 10.1, 10.2Oracle Communications EAGLE LNP Application Processor
Oracle Communications Instant Messaging Server, version 10.0.1Oracle Communications Instant Messaging Server
Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2Oracle Communications Interactive Session Recorder
Oracle Communications LSMS, versions 13.1, 13.2, 13.3Oracle Communications LSMS
Oracle Communications Messaging Server, versions 8.0, 8.1Oracle Communications Messaging Server
Oracle Communications Operations Monitor, versions 3.4, 4.0Oracle Communications Operations Monitor
Oracle Communications Policy Management, versions 12.1, 12.2, 12.3, 12.4Oracle Communications Policy Management
Oracle Communications Pricing Design Center, versions 11.1, 12.0Oracle Communications Pricing Design Center
Oracle Communications Service Broker, version 6.0Oracle Communications Service Broker
Oracle Communications Service Broker Engineered System Edition, version 6.0Oracle Communications Service Broker Engineered System Edition
Oracle Communications Session Border Controller, versions 8.0.0, 8.1.0, 8.2.0Oracle Communications Session Border Controller
Oracle Communications Unified Inventory Management, versions 7.3.2, 7.3.4, 7.3.5, 7.4.0Oracle Communications Unified Inventory Management
Oracle Configuration Manager, version 12.1.0Enterprise Manager
Oracle Configurator, versions 12.1, 12.2Oracle Supply Chain Products
Oracle Data Integrator, versions 11.1.1.9.0, 12.2.1.3.0Fusion Middleware
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19cDatabase
Oracle E-Business Suite, versions 0.9.8, 1.0.0, 1.0.1, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8E-Business Suite
Oracle Endeca Information Discovery Integrator, version 3.2.0Fusion Middleware
Oracle Enterprise Communications Broker, versions 3.0.0, 3.1.0Oracle Enterprise Communications Broker
Oracle Enterprise Operations Monitor, versions 3.4, 4.0Oracle Enterprise Operations Monitor
Oracle Enterprise Session Border Controller, versions 8.0.0, 8.1.0, 8.2.0Oracle Enterprise Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3 – 7.3.5, 8.0.0 – 8.0.7Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Asset Liability Management, versions 8.0.4 – 8.0.7Oracle Financial Services Asset Liability Management
Oracle Financial Services Data Integration Hub, versions 8.0.5 – 8.0.7Oracle Financial Services Data Integration Hub
Oracle Financial Services Funds Transfer Pricing, versions 8.0.4 – 8.0.7Oracle Financial Services Funds Transfer Pricing
Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4 – 8.0.7Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Liquidity Risk Management, versions 8.0.2 – 8.0.6Oracle Financial Services Liquidity Risk Management
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.2 – 8.0.7Oracle Financial Services Loan Loss Forecasting and Provisioning
Oracle Financial Services Market Risk Measurement and Management, versions 8.0.5, 8.0.6Oracle Financial Services Market Risk Measurement and Management
Oracle Financial Services Profitability Management, versions 8.0.4 – 8.0.6Oracle Financial Services Profitability Management
Oracle Financial Services Reconciliation Framework, versions 8.0.5, 8.0.6Oracle Financial Services Analytical Applications Reconciliation Framework
Oracle FLEXCUBE Private Banking, versions 2.0.0.0, 2.2.0.1, 12.0.1.0, 12.0.3.0, 12.1.0.0Oracle Financial Services Applications
Oracle Fusion Middleware MapViewer, version 12.2.1.3.0Fusion Middleware
Oracle Health Sciences Data Management Workbench, version 2.4.8Health Sciences
Oracle Healthcare Master Person Index, versions 3.0, 4.0Health Sciences
Oracle Hospitality Cruise Dining Room Management, version 8.0.80Oracle Hospitality Cruise Dining Room Management
Oracle Hospitality Cruise Fleet Management, version 9.0.11Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1Oracle Hospitality Guest Access
Oracle Hospitality Reporting and Analytics, version 9.1.0Oracle Hospitality Reporting and Analytics
Oracle HTTP Server, version 12.2.1.3.0Fusion Middleware
Oracle Identity Analytics, version 11.1.1.5.8Fusion Middleware
Oracle Java SE, versions 7u211, 8u202, 11.0.2, 12Java SE
Oracle Java SE Embedded, version 8u201Java SE
Oracle JDeveloper, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle Knowledge, versions 8.5.1.0 – 8.5.1.7, 8.6.0, 8.6.1Oracle Knowledge
Oracle Managed File Transfer, versions 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle Outside In Technology, versions 8.5.3, 8.5.4Fusion Middleware
Oracle Real-Time Scheduler, version 2.3.0Oracle Utilities Applications
Oracle Retail Allocation, version 15.0.2Retail Applications
Oracle Retail Convenience Store Back Office, version 3.6Retail Applications
Oracle Retail Customer Engagement, versions 16.0, 17.0Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0Retail Applications
Oracle Retail Invoice Matching, versions 12.0, 13.0, 13.1, 13.2, 14.0, 14.1, 15.0Retail Applications
Oracle Retail Merchandising System, versions 15.0, 16.0Retail Applications
Oracle Retail Order Broker, versions 5.1, 5.2, 15.0, 16.0Retail Applications
Oracle Retail Point-of-Service, versions 13.4, 14.0, 14.1Retail Applications
Oracle Retail Workforce Management Software, version 1.60.9.0.0Retail Applications
Oracle Retail Xstore Point of Service, versions 7.0, 7.1Retail Applications
Oracle Secure Global Desktop, version 5.4Virtualization
Oracle Service Bus, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle SOA Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle Solaris, versions 10, 11Systems
Oracle Traffic Director, version 11.1.1.9.0Fusion Middleware
Oracle Transportation Management, versions 6.3.7, 6.4.2, 6.4.3Oracle Supply Chain Products
Oracle Tuxedo, version 12.1.1.0.0Fusion Middleware
Oracle Utilities Framework, versions 2.2.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.2.0, 4.3.0.3.0, 4.3.0.4.0, 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0Oracle Utilities Applications
Oracle Utilities Mobile Workforce Management, version 2.3.0Oracle Utilities Applications
Oracle Utilities Network Management System, version 1.12.0.3Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 5.2.28, prior to 6.0.6Virtualization
Oracle WebCenter Portal, version 12.2.1.3.0Fusion Middleware
Oracle WebCenter Sites, version 12.2.1.3.0Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
OSS Support Tools, version 19.1Support Tools
PeopleSoft Enterprise ELM, version 9.2PeopleSoft
PeopleSoft Enterprise ELM Enterprise Learning Management, version 9.2PeopleSoft
PeopleSoft Enterprise HCM Talent Acquisition Manager, version 9.2PeopleSoft
PeopleSoft Enterprise HRMS, version 9.2PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57PeopleSoft
PeopleSoft Enterprise PT PeopleTools, versions 8.55, 8.56, 8.57PeopleSoft
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 – 17.12, 18.8Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.7 – 17.12, 18.8Oracle Construction and Engineering Suite
Siebel Applications, version 19.3Siebel

 

声 明

=============

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

 

关于绿盟科技

==============

北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。

基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。

北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市交易,股票简称:绿盟科技,股票代码:300369。

Spread the word. Share this post!

Meet The Author

Leave Comment