首頁 > 安全研究 > 安全通報 > 安全通告

Oracle全系產品2019年4月關鍵補丁更新安全通告

發布時間 2019-04-17

漏洞概述


2019年4月16日,Oracle官方發布2019年4月關鍵補丁更新公告(Critical Patch Update,簡稱CPU),此次更新修復了297個不同程度的安全漏洞,CVSS評分為9.8的漏洞49個。其中196個漏洞可被遠程未經身份認證的攻擊者利用。此次更新涉及Oracle Database Server、Oracle Weblogic Server、Oracle Java SE、Oracle MySQL等多個產品。Oracle強烈建議客戶盡快應用關鍵補丁更新修復程序,對漏洞進行修復。Oracle官方4月關鍵補丁更新漏洞總結如下:



產品

漏洞個數

未授權遠程利用個數

最高CVSS評分

Oracle   Communications Applications

26

19

9.8

Oracle   Construction and Engineering Suite

8

7

9.8

Oracle   Enterprise Manager Products Suite

11

7

9.8

Oracle Financial Services Applications

14

13

9.8

Oracle   Fusion Middleware

53

42

9.8

Oracle   Health Sciences Applications

2

1

9.8

Oracle   Hospitality Applications

5

5

9.8

Oracle   JD Edwards

8

7

9.8

Oracle   Retail Applications

23

19

9.8

Oracle   Siebel CRM

8

6

9.8

Oracle   Supply Chain Products Suite

5

5

9.8

Oracle   Utilities Applications

6

5

9.8

Oracle   Virtualization

15

3

9.8

Oracle   Database server

6

1

9.1

Oracle   Java SE

5

5

9

Oracle   PeopleSoft Products

13

8

8.7

Oracle   E-Business Suite

35

33

8.2

Oracle   Commerce

3

3

6.5

Oracle   MySQL

44

3

6.5

Oracle   Food and Beverage Applications

1

1

6.1

Oracle   Support Tools

1

1

6.1

Oracle   Sun Systems Products

3

2

5.3

Oracle   Berkeley DB

1

0

3.3


受影響產品及補丁信息:

受影響產品及版本號

可用補丁

Agile   Recipe Management for Pharmaceuticals, versions 9.3.3, 9.3.4

https://support.oracle.com/rs?type=doc&id=2522908.1

Enterprise Manager   Base Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Enterprise Manager   Ops Center, version 12.3.3

https://support.oracle.com/rs?type=doc&id=2498664.1

FMW Platform,   version 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Instantis   EnterpriseTrack, versions 17.1, 17.2, 17.3

https://support.oracle.com/rs?type=doc&id=2512516.1

JD Edwards   EnterpriseOne Tools, version 9.2

https://support.oracle.com/rs?type=doc&id=2522908.1

JD Edwards World   Technical Foundation, versions A9.2, A9.3.1, A9.4

https://support.oracle.com/rs?type=doc&id=2522908.1

MICROS Lucas,   versions 2.9.5.6, 2.9.5.7

https://support.oracle.com/rs?type=doc&id=2508906.1

MICROS Relate CRM   Software, version 11.4

https://support.oracle.com/rs?type=doc&id=2508906.1

MICROS Retail-J,   version 12.1.2

https://support.oracle.com/rs?type=doc&id=2508906.1

MySQL Connectors,   versions 5.3.12 and prior, 8.0.15 and prior

https://support.oracle.com/rs?type=doc&id=2522850.1

MySQL Enterprise   Backup, versions 3.12.3 and prior, 4.1.2 and prior

https://support.oracle.com/rs?type=doc&id=2522850.1

MySQL Enterprise   Monitor, versions 4.0.8 and prior, 8.0.14 and prior

https://support.oracle.com/rs?type=doc&id=2522850.1

MySQL Server,   versions 5.6.43 and prior, 5.7.25 and prior, 8.0.15 and prior

https://support.oracle.com/rs?type=doc&id=2522850.1

Oracle Agile PLM,   versions 9.3.3, 9.3.4, 9.3.5

https://support.oracle.com/rs?type=doc&id=2522908.1

Oracle API   Gateway, version 11.1.2.4.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Application   Testing Suite, version 13.3.0.1

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle AutoVue 3D   Professional Advanced, versions 21.0.0, 21.0.1

https://support.oracle.com/rs?type=doc&id=2522908.1

Oracle Banking Platform,   versions 2.4.0, 2.4.1, 2.5.0, 2.6.0

https://support.oracle.com/rs?type=doc&id=2517985.1

Oracle Berkeley   DB, versions prior to 6.138, prior to 18.1.32

https://support.oracle.com/rs?type=doc&id=2528185.1

Oracle BI   Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Business   Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Business   Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Business   Transaction Management, version 12.1.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Commerce   Merchandising, version 11.2.0.3

https://support.oracle.com/rs?type=doc&id=2494561.1

Oracle Commerce   Platform, versions 11.2.0.3, 11.3.1

https://support.oracle.com/rs?type=doc&id=2494561.1

Oracle   Communications Application Session Controller, versions 3.7.1, 3.8.0

https://support.oracle.com/rs?type=doc&id=2518758.1

Oracle   Communications EAGLE Application Processor, versions 16.1.0, 16.2.0

https://support.oracle.com/rs?type=doc&id=2518763.1

Oracle   Communications EAGLE LNP Application Processor, versions 10.0, 10.1, 10.2

https://support.oracle.com/rs?type=doc&id=2518763.1

Oracle   Communications Instant Messaging Server, version 10.0.1

https://support.oracle.com/rs?type=doc&id=2522151.1

Oracle   Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2

https://support.oracle.com/rs?type=doc&id=2519787.1

Oracle   Communications LSMS, versions 13.1, 13.2, 13.3

https://support.oracle.com/rs?type=doc&id=2518763.1

Oracle   Communications Messaging Server, versions 8.0, 8.1

https://support.oracle.com/rs?type=doc&id=2522151.1

Oracle   Communications Operations Monitor, versions 3.4, 4.0

https://support.oracle.com/rs?type=doc&id=2522126.1

Oracle Communications   Policy Management, versions 12.1, 12.2, 12.3, 12.4

https://support.oracle.com/rs?type=doc&id=2522123.1

Oracle   Communications Pricing Design Center, versions 11.1, 12.0

https://support.oracle.com/rs?type=doc&id=2518753.1

Oracle   Communications Service Broker, version 6.0

https://support.oracle.com/rs?type=doc&id=2522121.1

Oracle   Communications Service Broker Engineered System Edition, version 6.0

https://support.oracle.com/rs?type=doc&id=2522121.1

Oracle   Communications Session Border Controller, versions 8.0.0, 8.1.0, 8.2.0

https://support.oracle.com/rs?type=doc&id=2528862.1

Oracle   Communications Unified Inventory Management, versions 7.3.2, 7.3.4, 7.3.5,   7.4.0

https://support.oracle.com/rs?type=doc&id=2518754.1

Oracle   Configuration Manager, version 12.1.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle   Configurator, versions 12.1, 12.2

https://support.oracle.com/rs?type=doc&id=2522908.1

Oracle Data   Integrator, versions 11.1.1.9.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Database   Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle E-Business   Suite, versions 0.9.8, 1.0.0, 1.0.1, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,   12.2.5, 12.2.6, 12.2.7, 12.2.8

https://support.oracle.com/rs?type=doc&id=2514102.1

Oracle Endeca   Information Discovery Integrator, version 3.2.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Enterprise   Communications Broker, versions 3.0.0, 3.1.0

https://support.oracle.com/rs?type=doc&id=2528861.1

Oracle Enterprise   Operations Monitor, versions 3.4, 4.0

https://support.oracle.com/rs?type=doc&id=2522126.1

Oracle Enterprise   Session Border Controller, versions 8.0.0, 8.1.0, 8.2.0

https://support.oracle.com/rs?type=doc&id=2528853.1

Oracle Financial   Services Analytical Applications Infrastructure, versions 7.3.3 - 7.3.5,   8.0.0 - 8.0.7

https://support.oracle.com/rs?type=doc&id=2514428.1

Oracle Financial   Services Asset Liability Management, versions 8.0.4 - 8.0.7

https://support.oracle.com/rs?type=doc&id=2514489.1

Oracle Financial   Services Data Integration Hub, versions 8.0.5 - 8.0.7

https://support.oracle.com/rs?type=doc&id=2514971.1

Oracle Financial   Services Funds Transfer Pricing, versions 8.0.4 - 8.0.7

https://support.oracle.com/rs?type=doc&id=2514483.1

Oracle Financial   Services Hedge Management and IFRS Valuations, versions 8.0.4 - 8.0.7

https://support.oracle.com/rs?type=doc&id=2514970.1

Oracle Financial   Services Liquidity Risk Management, versions 8.0.2 - 8.0.6

https://support.oracle.com/rs?type=doc&id=2514431.1

Oracle Financial   Services Loan Loss Forecasting and Provisioning, versions 8.0.2 - 8.0.7

https://support.oracle.com/rs?type=doc&id=2514970.1

Oracle Financial   Services Market Risk Measurement and Management, versions 8.0.5, 8.0.6

https://support.oracle.com/rs?type=doc&id=2514461.1

Oracle Financial   Services Profitability Management, versions 8.0.4 - 8.0.6

https://support.oracle.com/rs?type=doc&id=2514483.1

Oracle Financial   Services Reconciliation Framework, versions 8.0.5, 8.0.6

https://support.oracle.com/rs?type=doc&id=2514514.1

Oracle FLEXCUBE   Private Banking, versions 2.0.0.0, 2.2.0.1, 12.0.1.0, 12.0.3.0, 12.1.0.0

http://support.oracle.com/

Oracle Fusion   Middleware MapViewer, version 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Health   Sciences Data Management Workbench, version 2.4.8

https://support.oracle.com/rs?type=doc&id=2518136.1

Oracle Healthcare   Master Person Index, versions 3.0, 4.0

https://support.oracle.com/rs?type=doc&id=2518136.1

Oracle Hospitality   Cruise Dining Room Management, version 8.0.80

https://support.oracle.com/rs?type=doc&id=2519249.1

Oracle Hospitality   Cruise Fleet Management, version 9.0.11

https://support.oracle.com/rs?type=doc&id=2514061.1

Oracle Hospitality   Guest Access, versions 4.2.0, 4.2.1

https://support.oracle.com/rs?type=doc&id=2513500.1

Oracle Hospitality   Reporting and Analytics, version 9.1.0

https://support.oracle.com/rs?type=doc&id=2511241.1

Oracle HTTP   Server, version 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Identity   Analytics, version 11.1.1.5.8

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Java SE,   versions 7u211, 8u202, 11.0.2, 12

https://support.oracle.com/rs?type=doc&id=2518941.1

Oracle Java SE   Embedded, version 8u201

https://support.oracle.com/rs?type=doc&id=2518941.1

Oracle JDeveloper,   versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Knowledge,   versions 8.5.1.0 - 8.5.1.7, 8.6.0, 8.6.1

https://support.oracle.com/rs?type=doc&id=2522908.1

Oracle Managed   File Transfer, versions 12.1.3.0.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Outside In   Technology, versions 8.5.3, 8.5.4

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Real-Time   Scheduler, version 2.3.0

https://support.oracle.com/rs?type=doc&id=2514157.1

Oracle Retail   Allocation, version 15.0.2

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Convenience Store Back Office, version 3.6

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Customer Engagement, versions 16.0, 17.0

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Invoice Matching, versions 12.0, 13.0, 13.1, 13.2, 14.0, 14.1, 15.0

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Merchandising System, versions 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Order Broker, versions 5.1, 5.2, 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Point-of-Service, versions 13.4, 14.0, 14.1

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Workforce Management Software, version 1.60.9.0.0

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Retail   Xstore Point of Service, versions 7.0, 7.1

https://support.oracle.com/rs?type=doc&id=2508906.1

Oracle Secure   Global Desktop, version 5.4

https://support.oracle.com/rs?type=doc&id=2525947.1

Oracle Service   Bus, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle SOA Suite,   versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Solaris,   versions 10, 11

https://support.oracle.com/rs?type=doc&id=2525967.1

Oracle Traffic   Director, version 11.1.1.9.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle   Transportation Management, versions 6.3.7, 6.4.2, 6.4.3

https://support.oracle.com/rs?type=doc&id=2522908.1

Oracle Tuxedo,   version 12.1.1.0.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Utilities   Framework, versions 2.2.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.2.0, 4.3.0.3.0,   4.3.0.4.0, 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0

https://support.oracle.com/rs?type=doc&id=2514157.1

Oracle Utilities   Mobile Workforce Management, version 2.3.0

https://support.oracle.com/rs?type=doc&id=2514157.1

Oracle Utilities   Network Management System, version 1.12.0.3

https://support.oracle.com/rs?type=doc&id=2514157.1

Oracle VM   VirtualBox, versions prior to 5.2.28, prior to 6.0.6

https://support.oracle.com/rs?type=doc&id=2525947.1

Oracle WebCenter   Portal, version 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle WebCenter   Sites, version 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle WebLogic   Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

OSS Support Tools,   version 19.1

https://support.oracle.com/rs?type=doc&id=2522999.1

Oracle Traffic   Director, version 11.1.1.9.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle   Transportation Management, versions 6.3.7, 6.4.2, 6.4.3

https://support.oracle.com/rs?type=doc&id=2522908.1

Oracle Tuxedo,   version 12.1.1.0.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Utilities   Framework, versions 2.2.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.2.0, 4.3.0.3.0,   4.3.0.4.0, 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0

https://support.oracle.com/rs?type=doc&id=2514157.1

Oracle Utilities   Mobile Workforce Management, version 2.3.0

https://support.oracle.com/rs?type=doc&id=2514157.1

Oracle Utilities   Network Management System, version 1.12.0.3

https://support.oracle.com/rs?type=doc&id=2514157.1

Oracle VM   VirtualBox, versions prior to 5.2.28, prior to 6.0.6

https://support.oracle.com/rs?type=doc&id=2525947.1

Oracle WebCenter   Portal, version 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle WebCenter   Sites, version 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle WebLogic   Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2498664.1

OSS Support Tools,   version 19.1

https://support.oracle.com/rs?type=doc&id=2522999.1


修復建議


請用戶參考上文“受影響產品及補丁信息”及時下載受影響產品更新補丁,并參照補丁安裝包中的readme文件進行安裝更新,以保證長期有效的防護。


注:Oracle官方補丁需要用戶持有正版軟件的許可賬號,使用該賬號登陸https://support.oracle.com后,可以下載最新補丁。


參考鏈接


https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

上一篇 下一篇