【威胁通告】Oracle全系产品2018年4月关键补丁更新|共254个修复程序

, , , , , , , ,
阅读: 1,839

当地时间2018年4月17日,Oracle官方发布了2018年4月关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了254个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

关键补丁更新(cpu)

关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新修补程序通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

 

详情见如下链接:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Oracle Java SE

此重要补丁更新包含14个针对Oracle Java SE的新安全修复程序。 其中12个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#JAVA

Oracle JD Edwards产品

此重要补丁更新包含3个适用于Oracle JD Edwards产品的新安全修复程序。这三个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#JDE

Oracle MySQL

此重要补丁更新包含33个针对Oracle MySQL的新的安全修复程序。 其中2个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#MSQL

Oracle数据库服务器(Database Server)

此重要补丁更新包含2个针对Oracle数据库服务器的新安全修复程序。 其中1个漏洞可以在没有认证的情况下被远程利用,即可以在不需要用户凭证的情况下通过网络利用这些漏洞。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#DB

Oracle通信应用程序(Communications Applications)

此重要补丁更新包含9个适用于Oracle通信应用程序的新安全修复程序。 其中6个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#CGBU

Oracle构造和工程套件(Construction and Engineering Suite)

此重要补丁更新包含4个针对Oracle构建和工程套件的新安全修复程序。其中2个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#PVA

Oracle电子商务套件(E-Business Suite)

此重要补丁更新包含12个针对Oracle电子商务套件的新安全修复程序。 其中11个漏洞无需认证即可被远程利用。

Oracle电子商务套件产品包括受Oracle数据库和Oracle Fusion中间件部分中列出的漏洞影响的Oracle数据库和Oracle融合中间件组件。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#EBS

Oracle企业管理产品套件(Enterprise Manager Products Suite)

此重要补丁更新包含10个针对Oracle企业管理产品套件的新安全修复程序。 其中8个漏洞无需认证即可被远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#EM

 

Oracle金融服务应用(Financial Services Applications)

此重要补丁更新包含36个针对Oracle Financial Services应用程序的新的安全修复程序。 其中18个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#IFLX

Oracle Fusion中间件(Fusion Middleware)

此重要补丁更新包含39个适用于Oracle融合中间件的新安全修复程序。 其中30个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#FMW

Oracle招待应用(Hospitality Applications)

此重要补丁更新包含13个针对Oracle Hospitality应用程序的新安全修复程序。 其中4个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#HOSP

 

Oracle PeopleSoft产品

此重要补丁更新包含12个针对Oracle PeopleSoft产品的新安全修复程序。 其中8个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#PS

Oracle 零售应用(Retail Applications)

此重要补丁更新包含31个针对Oracle零售应用程序的新安全修复程序。 其中27个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#RAPP

Oracle Siebel CRM

此重要补丁更新包含2个针对Oracle Siebel CRM的新安全修复程序。其中1个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#SECR

Oracle Sun系统产品套件(Sun Systems Products Suite)

此重要补丁更新包含14个针对Oracle Sun系统产品套件的新的安全修复程序。 其中3个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#SUNS

Oracle供给链产品套件(Supply Chain Products Suite)

此重要补丁更新包含5个针对Oracle Supply Chain产品套件的新安全修复程序。 其中3个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#SCP

Oracle支持工具(Support Tools)

此重要补丁更新包含1个针对Oracle支持工具的新安全修复程序。未经身份验证时,此漏洞无法远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#TOOL

Oracle公用事业应用程序(Utilities Applications)

此重要补丁更新包含1个针对Oracle公用事业应用程序的新安全修复程序。该漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#UTIL

 

Oracle虚拟化产品(Virtualization)

此重要补丁更新包含13个针对Oracle虚拟化的新安全修复程序。 其中3个漏洞无需身份验证即可远程利用。

详情请参考:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#OVIR

 

 

附录

受影响产品(含版本)以及相关补丁情况如下表:

Affected Products and Versions Patch Availability Document
Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0 Enterprise Manager
Enterprise Manager for MySQL Database, version 12.1.0.4 Enterprise Manager
Enterprise Manager for Virtualization, version 13.2 Enterprise Manager
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 Enterprise Manager
Hardware Management Pack, versions prior to 2.4.3 Systems
Instantis EnterpriseTrack, versions 17.1, 17.2 Oracle Construction and Engineering Suite
Integrated Lights Out Manager (ILOM), versions 3.x, 4.x Systems
JD Edwards EnterpriseOne Tools, version 9.2.2 JD Edwards
JD Edwards World Security, versions A9.2, A9.3, A9.4 JD Edwards
Management Pack for Oracle GoldenGate, version 11.2.1.0.13 Fusion Middleware
MICROS Handheld Terminal, versions Prior to Fusion 2.03.0.0.021R MICROS Handheld Terminal
MICROS Lucas, version 2.9.5 Retail Applications
MySQL Cluster, versions 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior, 7.5.5 and prior MySQL
MySQL Enterprise Monitor, versions 3.3.7.3306 and prior, 3.4.5.4248 and prior, 4.0.2.5168 and prior MySQL
MySQL Server, versions 5.5.59 and prior, 5.6.39 and prior, 5.7.21 and prior MySQL
Oracle Access Manager, versions 10.1.4.3.0, 11.1.2.3.0, 12.2.1.3.0 Fusion Middleware
Oracle Adaptive Access Manager, version 11.1.2.3.0 Fusion Middleware
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1 Oracle Supply Chain Products
Oracle Agile PLM Framework, version 9.3.6 Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, versions 6.1.1.6, 6.2.0.0, 6.2.1.0 Oracle Supply Chain Products
Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1 Enterprise Manager
Oracle Banking Corporate Lending, versions 12.3.0, 12.4.0, 12.5.0, 14.0.0 Oracle Financial Services Applications
Oracle Banking Enterprise Collections, version 2.6 Oracle Banking Platform
Oracle Banking Enterprise Originations, version 2.6 Oracle Banking Platform
Oracle Banking Enterprise Product Manufacturing, version 2.6 Oracle Banking Platform
Oracle Banking Payments, versions 12.3.0, 12.4.0, 12.5.0, 14.0.0 Oracle Financial Services Applications
Oracle Banking Platform, versions 2.4, 2.5, 2.6 Oracle Banking Platform
Oracle Big Data Discovery, version 1.6.0 Fusion Middleware
Oracle Business Intelligence Data Warehouse Administration Console, version 11.1.1.6.4 Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle Communications Calendar Server, version 8.x Oracle Communications Calendar Server
Oracle Communications Contacts Server, version 8.x Oracle Communications Contacts Server
Oracle Communications EAGLE LNP Application Processor, versions 10.1.0.0.0 and prior Oracle Communications EAGLE LNP Application Processor
Oracle Communications Messaging Server, version 8.x Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, version 6.3.0 Oracle Communications MetaSolv Solution
Oracle Communications Network Charging and Control, versions 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0 Oracle Communications Network Charging and Control
Oracle Communications Network Intelligence, version 7.3.x Oracle Communications Network Intelligence
Oracle Communications Order and Service Management, versions 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7, 7.3.5.0.x Oracle Communications Order and Service Management
Oracle Communications Unified Inventory Management, version 7.x Oracle Communications Unified Inventory Management
Oracle Data Visualization Desktop, version 12.2.4.1.1 Fusion Middleware
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1.0.0 Database
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 E-Business Suite
Oracle Endeca Information Discovery Integrator, versions 3.1, 3.2 Fusion Middleware
Oracle Endeca Information Discovery Studio, versions 7.6.1.0.0, 7.7.0.0.0 Fusion Middleware
Oracle Endeca Server, version 7.7 Fusion Middleware
Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0 Fusion Middleware
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.x, 8.0.x Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Basel Regulatory Capital Basic, version 8.0.x Oracle Financial Services Basel Regulatory Capital Basic
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, version 8.0.x Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach
Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4, 8.0.5 Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Market Risk Measurement and Management, version 8.0.5 Oracle Financial Services Market Risk Measurement and Management
Oracle FLEXCUBE Core Banking, versions 11.5.0, 11.6.0, 11.7.0 Oracle Financial Services Applications
Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.3.0, 14.0.0 Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0 Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0 Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 Oracle Financial Services Applications
Oracle Fusion Applications , versions 11.1.2 through 11.1.9 Fusion Applications
Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.3, 12.1.3.0, 12.2.1.2, 12.2.1.3 Fusion Middleware
Oracle Fusion Middleware MapViewer, versions 11.1.1.7.0, 11.1.1.9.0 Fusion Middleware
Oracle GoldenGate, version 12.2.0.1 Oracle GoldenGate
Oracle GoldenGate Veridata, versions 11.2.0.1.2, 12.1.3.0.0 Fusion Middleware
Oracle Hospitality Cruise Fleet Management System, version 9.x Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1 Oracle Hospitality Guest Access
Oracle Hospitality Reporting and Analytics, version 9.0 Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, versions 2.7, 2.8, 2.9, 2.10 Oracle Hospitality Simphony
Oracle Hospitality Simphony First Edition, versions 1.6, 1.7 Oracle Hospitality Simphony First Edition
Oracle Hospitality Suite8, version 8.x Oracle Hospitality Suite8
Oracle HTTP Server, versions 12.1.3, 12.2.1.2 Fusion Middleware
Oracle Java SE, versions 6u181, 7u161, 7u171, 8u152, 8u162, 10 Java SE
Oracle Java SE Embedded, versions 8u152, 8u161 Java SE
Oracle JRockit, version R28.3.17 Java SE
Oracle Managed File Transfer, versions 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle Mobile Security Suite, version 3.0.1 Fusion Middleware
Oracle Outside In Technology, version 8.5.3 Fusion Middleware
Oracle Retail Advanced Inventory Planning, versions 13.2, 13.4, 14.1, 15.0 Retail Applications
Oracle Retail Back Office, versions 13.4.9, 14.0.4, 14.1.3 Retail Applications
Oracle Retail Central Office, versions 13.4.9, 14.0.4, 14.1.3 Retail Applications
Oracle Retail Customer Engagement, version 16.0 Retail Applications
Oracle Retail EFTLink, versions 1.1.125, 15.0.2, 16.0.3 Retail Applications
Oracle Retail Insights, versions 14.0, 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Integration Bus, version 13.2 Retail Applications
Oracle Retail Invoice Matching, versions 12.0, 13.0, 13.1, 13.2, 14.0, 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Merchandising System, version 16.0 Retail Applications
Oracle Retail Order Broker, versions 5.0, 5.1, 5.2, 15.0, 16.0 Retail Applications
Oracle Retail Order Management System, versions 4.0, 4.5, 4.7, 5.0 Retail Applications
Oracle Retail Point-of-Service, versions 13.3.8, 13.4.9, 14.0.4, 14.1.3 Retail Applications
Oracle Retail Predictive Application Server, versions 13.4.3, 14.0.3, 14.1.3 Retail Applications
Oracle Retail Price Management, versions 12.0, 13.0, 13.1, 13.2, 14.0, 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Returns Management, versions 2.3.8, 2.4.9, 14.0.4, 14.1.3 Retail Applications
Oracle Retail Store Inventory Management, versions 12.0.12, 13.0.7, 13.1.9, 13.2.9, 14.0.4, 14.1.3, 15.0.2, 16.0.1 Retail Applications
Oracle Retail Xstore Point of Service, versions 6.0, 6.0.12, 6.5, 6.5.12, 7.0, 7.0.7, 7.1, 7.1.7, 15.0, 15.0.2, 16.0, 16.0.3 Retail Applications
Oracle Secure Global Desktop (SGD), version 5.3 Virtualization
Oracle Security Service, versions 12.1.3.0.0, 12.2.1.2.0 Fusion Middleware
Oracle Transportation Management, versions 6.2, 6.4.3 Oracle Supply Chain Products
Oracle Tuxedo, version 12.1.1.0.0 Fusion Middleware
Oracle Utilities Framework, versions 2.2.0, 4.2.0, 4.3.0 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 5.1.36, prior to 5.2.10 Virtualization
Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle WebCenter Portal, versions 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle WebCenter Sites, versions 11.1.1.8.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle WebLogic Portal, version 10.3.6.0.0 Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 Fusion Middleware
OSS Support Tools, versions prior to 18.2 Support Tools
PeopleSoft Enterprise HCM, version 9.2 PeopleSoft
PeopleSoft Enterprise HCM Shared Components, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55, 8.56 PeopleSoft
PeopleSoft Enterprise PRTL Interaction Hub, version 9.1 PeopleSoft
PeopleSoft Enterprise PT PeopleTools, versions 8.54, 8.55, 8.56 PeopleSoft
Primavera P6 Enterprise Project Portfolio Management, versions 16.2, 17.1 – 17.12 Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.x, 17.x Oracle Construction and Engineering Suite
Real-Time Decisions (RTD) Solutions, version 3.2.0.0.0 Fusion Middleware
Siebel Applications, version 17.0 Siebel
Solaris, versions 10, 11.3 Systems
Solaris Cluster, version 4.3 Systems
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.7.17 Systems

 

声 明

=============

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

 

关于绿盟科技

==============

北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。

基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。

北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市交易,股票简称:绿盟科技,股票代码:300369。

Spread the word. Share this post!

Meet The Author

Leave Comment