阅读: 1,867
当地时间2018年4月17日,Oracle官方发布了2018年4月关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了254个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。
关键补丁更新(cpu)
关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新修补程序通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。
解决方案
鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。
详情见如下链接:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Java SE
此重要补丁更新包含14个针对Oracle Java SE的新安全修复程序。 其中12个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#JAVA
Oracle JD Edwards产品
此重要补丁更新包含3个适用于Oracle JD Edwards产品的新安全修复程序。这三个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#JDE
Oracle MySQL
此重要补丁更新包含33个针对Oracle MySQL的新的安全修复程序。 其中2个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#MSQL
Oracle数据库服务器(Database Server)
此重要补丁更新包含2个针对Oracle数据库服务器的新安全修复程序。 其中1个漏洞可以在没有认证的情况下被远程利用,即可以在不需要用户凭证的情况下通过网络利用这些漏洞。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#DB
Oracle通信应用程序(Communications Applications)
此重要补丁更新包含9个适用于Oracle通信应用程序的新安全修复程序。 其中6个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#CGBU
Oracle构造和工程套件(Construction and Engineering Suite)
此重要补丁更新包含4个针对Oracle构建和工程套件的新安全修复程序。其中2个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#PVA
Oracle电子商务套件(E-Business Suite)
此重要补丁更新包含12个针对Oracle电子商务套件的新安全修复程序。 其中11个漏洞无需认证即可被远程利用。
Oracle电子商务套件产品包括受Oracle数据库和Oracle Fusion中间件部分中列出的漏洞影响的Oracle数据库和Oracle融合中间件组件。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#EBS
Oracle企业管理产品套件(Enterprise Manager Products Suite)
此重要补丁更新包含10个针对Oracle企业管理产品套件的新安全修复程序。 其中8个漏洞无需认证即可被远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#EM
Oracle金融服务应用(Financial Services Applications)
此重要补丁更新包含36个针对Oracle Financial Services应用程序的新的安全修复程序。 其中18个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#IFLX
Oracle Fusion中间件(Fusion Middleware)
此重要补丁更新包含39个适用于Oracle融合中间件的新安全修复程序。 其中30个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#FMW
Oracle招待应用(Hospitality Applications)
此重要补丁更新包含13个针对Oracle Hospitality应用程序的新安全修复程序。 其中4个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#HOSP
Oracle PeopleSoft产品
此重要补丁更新包含12个针对Oracle PeopleSoft产品的新安全修复程序。 其中8个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#PS
Oracle 零售应用(Retail Applications)
此重要补丁更新包含31个针对Oracle零售应用程序的新安全修复程序。 其中27个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#RAPP
Oracle Siebel CRM
此重要补丁更新包含2个针对Oracle Siebel CRM的新安全修复程序。其中1个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#SECR
Oracle Sun系统产品套件(Sun Systems Products Suite)
此重要补丁更新包含14个针对Oracle Sun系统产品套件的新的安全修复程序。 其中3个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#SUNS
Oracle供给链产品套件(Supply Chain Products Suite)
此重要补丁更新包含5个针对Oracle Supply Chain产品套件的新安全修复程序。 其中3个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#SCP
Oracle支持工具(Support Tools)
此重要补丁更新包含1个针对Oracle支持工具的新安全修复程序。未经身份验证时,此漏洞无法远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#TOOL
Oracle公用事业应用程序(Utilities Applications)
此重要补丁更新包含1个针对Oracle公用事业应用程序的新安全修复程序。该漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#UTIL
Oracle虚拟化产品(Virtualization)
此重要补丁更新包含13个针对Oracle虚拟化的新安全修复程序。 其中3个漏洞无需身份验证即可远程利用。
详情请参考:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#OVIR
附录
受影响产品(含版本)以及相关补丁情况如下表:
Affected Products and Versions |
Patch Availability Document |
Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0 |
Enterprise Manager |
Enterprise Manager for MySQL Database, version 12.1.0.4 |
Enterprise Manager |
Enterprise Manager for Virtualization, version 13.2 |
Enterprise Manager |
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 |
Enterprise Manager |
Hardware Management Pack, versions prior to 2.4.3 |
Systems |
Instantis EnterpriseTrack, versions 17.1, 17.2 |
Oracle Construction and Engineering Suite |
Integrated Lights Out Manager (ILOM), versions 3.x, 4.x |
Systems |
JD Edwards EnterpriseOne Tools, version 9.2.2 |
JD Edwards |
JD Edwards World Security, versions A9.2, A9.3, A9.4 |
JD Edwards |
Management Pack for Oracle GoldenGate, version 11.2.1.0.13 |
Fusion Middleware |
MICROS Handheld Terminal, versions Prior to Fusion 2.03.0.0.021R |
MICROS Handheld Terminal |
MICROS Lucas, version 2.9.5 |
Retail Applications |
MySQL Cluster, versions 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior, 7.5.5 and prior |
MySQL |
MySQL Enterprise Monitor, versions 3.3.7.3306 and prior, 3.4.5.4248 and prior, 4.0.2.5168 and prior |
MySQL |
MySQL Server, versions 5.5.59 and prior, 5.6.39 and prior, 5.7.21 and prior |
MySQL |
Oracle Access Manager, versions 10.1.4.3.0, 11.1.2.3.0, 12.2.1.3.0 |
Fusion Middleware |
Oracle Adaptive Access Manager, version 11.1.2.3.0 |
Fusion Middleware |
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1 |
Oracle Supply Chain Products |
Oracle Agile PLM Framework, version 9.3.6 |
Oracle Supply Chain Products |
Oracle Agile Product Lifecycle Management for Process, versions 6.1.1.6, 6.2.0.0, 6.2.1.0 |
Oracle Supply Chain Products |
Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1 |
Enterprise Manager |
Oracle Banking Corporate Lending, versions 12.3.0, 12.4.0, 12.5.0, 14.0.0 |
Oracle Financial Services Applications |
Oracle Banking Enterprise Collections, version 2.6 |
Oracle Banking Platform |
Oracle Banking Enterprise Originations, version 2.6 |
Oracle Banking Platform |
Oracle Banking Enterprise Product Manufacturing, version 2.6 |
Oracle Banking Platform |
Oracle Banking Payments, versions 12.3.0, 12.4.0, 12.5.0, 14.0.0 |
Oracle Financial Services Applications |
Oracle Banking Platform, versions 2.4, 2.5, 2.6 |
Oracle Banking Platform |
Oracle Big Data Discovery, version 1.6.0 |
Fusion Middleware |
Oracle Business Intelligence Data Warehouse Administration Console, version 11.1.1.6.4 |
Fusion Middleware |
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0 |
Fusion Middleware |
Oracle Communications Calendar Server, version 8.x |
Oracle Communications Calendar Server |
Oracle Communications Contacts Server, version 8.x |
Oracle Communications Contacts Server |
Oracle Communications EAGLE LNP Application Processor, versions 10.1.0.0.0 and prior |
Oracle Communications EAGLE LNP Application Processor |
Oracle Communications Messaging Server, version 8.x |
Oracle Communications Messaging Server |
Oracle Communications MetaSolv Solution, version 6.3.0 |
Oracle Communications MetaSolv Solution |
Oracle Communications Network Charging and Control, versions 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0 |
Oracle Communications Network Charging and Control |
Oracle Communications Network Intelligence, version 7.3.x |
Oracle Communications Network Intelligence |
Oracle Communications Order and Service Management, versions 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7, 7.3.5.0.x |
Oracle Communications Order and Service Management |
Oracle Communications Unified Inventory Management, version 7.x |
Oracle Communications Unified Inventory Management |
Oracle Data Visualization Desktop, version 12.2.4.1.1 |
Fusion Middleware |
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1.0.0 |
Database |
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 |
E-Business Suite |
Oracle Endeca Information Discovery Integrator, versions 3.1, 3.2 |
Fusion Middleware |
Oracle Endeca Information Discovery Studio, versions 7.6.1.0.0, 7.7.0.0.0 |
Fusion Middleware |
Oracle Endeca Server, version 7.7 |
Fusion Middleware |
Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0 |
Fusion Middleware |
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.x, 8.0.x |
Oracle Financial Services Analytical Applications Infrastructure |
Oracle Financial Services Basel Regulatory Capital Basic, version 8.0.x |
Oracle Financial Services Basel Regulatory Capital Basic |
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, version 8.0.x |
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach |
Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4, 8.0.5 |
Oracle Financial Services Hedge Management and IFRS Valuations |
Oracle Financial Services Market Risk Measurement and Management, version 8.0.5 |
Oracle Financial Services Market Risk Measurement and Management |
Oracle FLEXCUBE Core Banking, versions 11.5.0, 11.6.0, 11.7.0 |
Oracle Financial Services Applications |
Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.3.0, 14.0.0 |
Oracle Financial Services Applications |
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0 |
Oracle Financial Services Applications |
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0 |
Oracle Financial Services Applications |
Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 |
Oracle Financial Services Applications |
Oracle Fusion Applications , versions 11.1.2 through 11.1.9 |
Fusion Applications |
Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.3, 12.1.3.0, 12.2.1.2, 12.2.1.3 |
Fusion Middleware |
Oracle Fusion Middleware MapViewer, versions 11.1.1.7.0, 11.1.1.9.0 |
Fusion Middleware |
Oracle GoldenGate, version 12.2.0.1 |
Oracle GoldenGate |
Oracle GoldenGate Veridata, versions 11.2.0.1.2, 12.1.3.0.0 |
Fusion Middleware |
Oracle Hospitality Cruise Fleet Management System, version 9.x |
Oracle Hospitality Cruise Fleet Management |
Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1 |
Oracle Hospitality Guest Access |
Oracle Hospitality Reporting and Analytics, version 9.0 |
Oracle Hospitality Reporting and Analytics |
Oracle Hospitality Simphony, versions 2.7, 2.8, 2.9, 2.10 |
Oracle Hospitality Simphony |
Oracle Hospitality Simphony First Edition, versions 1.6, 1.7 |
Oracle Hospitality Simphony First Edition |
Oracle Hospitality Suite8, version 8.x |
Oracle Hospitality Suite8 |
Oracle HTTP Server, versions 12.1.3, 12.2.1.2 |
Fusion Middleware |
Oracle Java SE, versions 6u181, 7u161, 7u171, 8u152, 8u162, 10 |
Java SE |
Oracle Java SE Embedded, versions 8u152, 8u161 |
Java SE |
Oracle JRockit, version R28.3.17 |
Java SE |
Oracle Managed File Transfer, versions 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0 |
Fusion Middleware |
Oracle Mobile Security Suite, version 3.0.1 |
Fusion Middleware |
Oracle Outside In Technology, version 8.5.3 |
Fusion Middleware |
Oracle Retail Advanced Inventory Planning, versions 13.2, 13.4, 14.1, 15.0 |
Retail Applications |
Oracle Retail Back Office, versions 13.4.9, 14.0.4, 14.1.3 |
Retail Applications |
Oracle Retail Central Office, versions 13.4.9, 14.0.4, 14.1.3 |
Retail Applications |
Oracle Retail Customer Engagement, version 16.0 |
Retail Applications |
Oracle Retail EFTLink, versions 1.1.125, 15.0.2, 16.0.3 |
Retail Applications |
Oracle Retail Insights, versions 14.0, 14.1, 15.0, 16.0 |
Retail Applications |
Oracle Retail Integration Bus, version 13.2 |
Retail Applications |
Oracle Retail Invoice Matching, versions 12.0, 13.0, 13.1, 13.2, 14.0, 14.1, 15.0, 16.0 |
Retail Applications |
Oracle Retail Merchandising System, version 16.0 |
Retail Applications |
Oracle Retail Order Broker, versions 5.0, 5.1, 5.2, 15.0, 16.0 |
Retail Applications |
Oracle Retail Order Management System, versions 4.0, 4.5, 4.7, 5.0 |
Retail Applications |
Oracle Retail Point-of-Service, versions 13.3.8, 13.4.9, 14.0.4, 14.1.3 |
Retail Applications |
Oracle Retail Predictive Application Server, versions 13.4.3, 14.0.3, 14.1.3 |
Retail Applications |
Oracle Retail Price Management, versions 12.0, 13.0, 13.1, 13.2, 14.0, 14.1, 15.0, 16.0 |
Retail Applications |
Oracle Retail Returns Management, versions 2.3.8, 2.4.9, 14.0.4, 14.1.3 |
Retail Applications |
Oracle Retail Store Inventory Management, versions 12.0.12, 13.0.7, 13.1.9, 13.2.9, 14.0.4, 14.1.3, 15.0.2, 16.0.1 |
Retail Applications |
Oracle Retail Xstore Point of Service, versions 6.0, 6.0.12, 6.5, 6.5.12, 7.0, 7.0.7, 7.1, 7.1.7, 15.0, 15.0.2, 16.0, 16.0.3 |
Retail Applications |
Oracle Secure Global Desktop (SGD), version 5.3 |
Virtualization |
Oracle Security Service, versions 12.1.3.0.0, 12.2.1.2.0 |
Fusion Middleware |
Oracle Transportation Management, versions 6.2, 6.4.3 |
Oracle Supply Chain Products |
Oracle Tuxedo, version 12.1.1.0.0 |
Fusion Middleware |
Oracle Utilities Framework, versions 2.2.0, 4.2.0, 4.3.0 |
Oracle Utilities Applications |
Oracle VM VirtualBox, versions prior to 5.1.36, prior to 5.2.10 |
Virtualization |
Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0 |
Fusion Middleware |
Oracle WebCenter Portal, versions 12.2.1.2.0, 12.2.1.3.0 |
Fusion Middleware |
Oracle WebCenter Sites, versions 11.1.1.8.0, 12.2.1.2.0, 12.2.1.3.0 |
Fusion Middleware |
Oracle WebLogic Portal, version 10.3.6.0.0 |
Fusion Middleware |
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 |
Fusion Middleware |
OSS Support Tools, versions prior to 18.2 |
Support Tools |
PeopleSoft Enterprise HCM, version 9.2 |
PeopleSoft |
PeopleSoft Enterprise HCM Shared Components, version 9.2 |
PeopleSoft |
PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55, 8.56 |
PeopleSoft |
PeopleSoft Enterprise PRTL Interaction Hub, version 9.1 |
PeopleSoft |
PeopleSoft Enterprise PT PeopleTools, versions 8.54, 8.55, 8.56 |
PeopleSoft |
Primavera P6 Enterprise Project Portfolio Management, versions 16.2, 17.1 – 17.12 |
Oracle Construction and Engineering Suite |
Primavera Unifier, versions 16.x, 17.x |
Oracle Construction and Engineering Suite |
Real-Time Decisions (RTD) Solutions, version 3.2.0.0.0 |
Fusion Middleware |
Siebel Applications, version 17.0 |
Siebel |
Solaris, versions 10, 11.3 |
Systems |
Solaris Cluster, version 4.3 |
Systems |
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.7.17 |
Systems |
声 明
=============
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。
关于绿盟科技
==============
北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。
基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。
北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市交易,股票简称:绿盟科技,股票代码:300369。