Oracle全系产品2019年10月关键补丁更新

发布人: 发布时间:2019-10-30


发布时间:20191016

综述

当地时间20191015日,Oracle官方发布了201910月关键补丁更新公告CPUCritical Patch Update),安全通告以及第三方安全公告等公告内容,修复了240个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

完整信息请查看官方通告:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

漏洞总结

产品

漏洞个数

未授权远程利用个数

最高CVSS评分

Oracle Database server

10

2

6.8

Oracle NoSQL Database

1

1

10

Oracle Construction and   Engineering Suite

13

11

9.8

Oracle E-Business Suite

10

10

8.2

Oracle Enterprise manager   Products Suite

7

5

9.8

Oracle Financial Services   Applications

7

4

9.8

Oracle Food and Beverage   Applications

7

3

9.0

Oracle Fusion Middleware

37

31

9.8

Oracle Health Sciences   Applications

2

2

6.1

Oracle Hospitality   Applications

3

2

7.5

Oracle Hyperion

3

0

6.4

Oracle Java SE

20

20

6.8

Oracle GraalVM

3

2

7.7

Oracle JD Edwards Products

1

1

9.8

Oracle Knowledge

17

16

9.8

Oracle MySQL

34

9

9.8

Oracle PeopleSoft Products

13

10

9.8

Oracle Policy Automation

4

4

7.5

Oracle Retail Applications

12

9

9.8

Oracle Siebel CRM

4

4

7.5

Oracle Sun Systems   Products Suite

12

7

9.8

Oracle Supply Chain   Products

3

3

9.8

Oracle Support Tools

2

2

6.1

Oracle Virtualization

15

3

8.8

受影响的产品及版本

受影响的产品及版本信息请参考文末附录。

关键补丁更新(cpu

关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

附录

受影响产品(含版本)以及相关补丁情况如下表:

Affected    Products and Versions

Patch    Availability Document

Agile   Recipe Management for Pharmaceuticals, versions 9.3.3, 9.3.4

Oracle   Supply Chain Products

Diagnostic   Assistant, version 2.12.36

Support   Tools

Enterprise   Manager Base Platform, versions 13.2, 13.3

Enterprise   Manager

Enterprise   Manager for Exadata, versions 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0, 13.3.2.0.0

Enterprise   Manager

Enterprise   Manager Ops Center, versions 12.3.3, 12.4.0

Enterprise   Manager

Fujitsu   M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to   XCP2361, prior to XCP3071

Systems

Hyperion   Data Relationship Management, version 11.1.2.4

Fusion   Middleware

Hyperion   Enterprise Performance Management Architect, version 11.1.2.4

Fusion   Middleware

Hyperion   Financial Reporting, version 11.1.2.4

Fusion   Middleware

Instantis   EnterpriseTrack, versions 17.1, 17.2, 17.3

Oracle   Construction and Engineering Suite

JD   Edwards EnterpriseOne Tools, version 4.0.1.0

JD   Edwards

MICROS   Relate CRM Software, versions 7.1.0, 11.4, 15.0.0, 16.0.0, 17.0.0, 18.0.0

Retail   Applications

MICROS   Retail XBRi Loss Prevention, version 10.8.3

Retail   Applications

MySQL   Connectors, versions 5.3.13 and prior, 8.0.17 and prior

MySQL

MySQL   Enterprise Monitor, versions 8.0.17 and prior

MySQL

MySQL   Server, versions 5.6.45 and prior, 5.7.27 and prior, 8.17 and prior

MySQL

MySQL   Workbench, versions 8.0.17 and prior

MySQL

Oracle   Agile PLM, versions 9.3.3-9.3.6

Oracle   Supply Chain Products

Oracle   Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0,   6.2.2.0, 6.2.3.0

Oracle   Supply Chain Products

Oracle   API Gateway, version 11.1.2.4.0

Fusion   Middleware

Oracle   Application Testing Suite, versions 13.2, 13.3

Enterprise   Manager

Oracle   Banking Digital Experience, versions 18.1, 18.2, 18.3, 19.1

Oracle Financial Services Applications

Oracle   Banking Platform, versions 2.4.0, 2.4.1, 2.5.0, 2.6.0, 2.6.1, 2.7.0, 2.7.1

Oracle   Banking Platform

Oracle   BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Fusion   Middleware

Oracle   Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0,   12.2.1.4.0

Fusion   Middleware

Oracle   Clusterware, version 19.0.0.0.0

Support   Tools

Oracle   Data Integrator, version 12.2.1.3.0

Fusion   Middleware

Oracle   Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

Database

Oracle   E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9

E-Business   Suite

Oracle   Enterprise Repository, version 12.1.3.0.0

Fusion   Middleware

Oracle   Financial Services Analytical Applications Infrastructure, versions   8.0.2-8.0.8

Oracle   Financial Services Analytical Applications Infrastructure

Oracle   Financial Services Enterprise Financial Performance Analytics, versions   8.0.6, 8.0.7

Oracle   Financial Services Enterprise Financial Performance Analytics

Oracle   Financial Services Retail Performance Analytics, versions 8.0.6, 8.0.7

Oracle   Financial Services Retail Performance Analytics

Oracle   FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3

Oracle Financial Services Applications

Oracle   Forms, version 12.2.1.3.0

Fusion   Middleware

Oracle   GoldenGate Application Adapters, version 12.3.2.1.0

Fusion   Middleware

Oracle   GraalVM Enterprise Edition, version 19.2.0

Oracle   GraalVM Enterprise Edition

Oracle   Healthcare Foundation, versions 7.1.1, 7.2.2

Health   Sciences

Oracle Healthcare   Translational Research, versions 3.1.0, 3.2.1, 3.3.1

Health   Sciences

Oracle   Hospitality Cruise Dining Room Management, version 8.0.80

Oracle   Hospitality Cruise Dining Room Management

Oracle   Hospitality Guest Access, versions 4.2.0, 4.2.1

Oracle   Hospitality Guest Access

Oracle   Hospitality Materials Control, version 18.1

Oracle   Hospitality Materials Control

Oracle   Hospitality Reporting and Analytics, version 9.1.0

Oracle   Hospitality Reporting and Analytics

Oracle   Hospitality RES 3700, version 5.7

Oracle   Hospitality RES

Oracle   Java SE, versions 7u231, 8u221, 11.0.4, 13

Java SE

Oracle   Java SE Embedded, version 8u221

Java SE

Oracle   JDeveloper and ADF, versions 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.3.0

Fusion   Middleware

Oracle   NoSQL Database, versions prior to 19.3.12

NoSQL   Database

Oracle   Outside In Technology, version 8.5.4

Fusion   Middleware

Oracle   Policy Automation, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0-12.2.15

Oracle   Policy Automation

Oracle   Policy Automation Connector for Siebel, version 10.4.6

Oracle   Policy Automation

Oracle   Policy Automation for Mobile Devices, versions 12.2.0-12.2.15

Oracle   Policy Automation

Oracle   Retail Customer Insights, versions 15.0, 16.0

Retail   Applications

Oracle   Retail Customer Management and Segmentation Foundation, version 17.0

Retail   Applications

Oracle   Retail Integration Bus, versions 15.0, 16.0

Retail   Applications

Oracle   Retail Xstore Office, version 7.1

Retail   Applications

Oracle   Retail Xstore Point of Service, versions 7.1, 15.0, 16.0, 17.0, 17.0.3, 18.0,   18.0.1, 19.0.0

Retail   Applications

Oracle   Service Bus, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

Fusion   Middleware

Oracle   SOA Suite, version 12.2.1.3.0

Fusion   Middleware

Oracle   Solaris, versions 10, 11

Systems

Oracle   Virtual Directory, version 11.1.1.9.0

Fusion   Middleware

Oracle   VM VirtualBox, versions prior to 5.2.34, prior to 6.0.14

Virtualization

Oracle   Web Services, version 12.2.1.3.0

Fusion   Middleware

Oracle   WebCenter Portal, version 12.2.1.3.0

Fusion   Middleware

Oracle   WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

Fusion   Middleware

PeopleSoft   Enterprise HCM Human Resources, version 9.2

PeopleSoft

PeopleSoft   Enterprise PeopleTools, versions 8.56, 8.57

PeopleSoft

PeopleSoft   Enterprise SCM eProcurement, version 9.2

PeopleSoft

Primavera   Gateway, versions 15.2, 16.2, 17.12, 18.8

Oracle   Construction and Engineering Suite

Primavera   P6 Enterprise Project Portfolio Management, versions 15.1.0-15.2.18,   16.1.0-16.2.18, 17.1.0-17.12.14, 18.1.0-18.8.13

Oracle   Construction and Engineering Suite

Primavera   Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8

Oracle   Construction and Engineering Suite

Siebel   Applications, versions 19.8 and prior

Siebel

上一篇:VMware ESXi 远程代码执行漏洞(CVE-2019-5544)安全威胁通告

下一篇:关于 TeamViewer 客户端被远程控制的紧急通报