Oracle publikuje kwartalny biuletyn zabezpieczeń – 01/2018

utworzone przez | sty 17, 2018 | Aktualizacje

Firma Oracle wydała kwartalny biuletyn bezpieczeństwa, aktualizacja zawiera poprawki do 237 luk w 100 produktach.

Wśród poprawek jest m.in. łatka do serwerów Oracle X86 oraz Oracle VM VirtualBox, która naprawia lukę procesorów Intel (CVE-2017-5715, tzw. Spectre).

Najbardziej krytyczne są poprawki do podatności:

  • CVE-2018-2611 w Sun ZFS Storage Appliance Kit;
  • CVE-2017-10352 w Oracle WebLogic Server;
  • CVE-2017-5645 w Oracle Retail Convenience i Fuel POS Software;
  • CVE-2017-5461 w Oracle Directory Server Enterprise Edition;
  • CVE-2017-5645 w PeopleSoft Enterprise FIN Supply Chain Portal Pack Brazil.

Wszystkie powyższe podatności umożliwiają zdalne przejęcie kontroli nad instancjami w/w oprogramowania.

CERT PSE zachęca administratorów do zapoznania się z Critical Patch Update – January 2018 i zastosowania niezbędnych aktualizacji.

Produkty których dotyczy poprawka to:

Produkt i wersja Informacja o poprawce
Agile Material and Equipment Management for Pharmaceuticals, versions 9.3.3, 9.3.4 Oracle Supply Chain Products
Application Express, versions prior to 5.1.4.00.08 Database
Converged Commerce, version 16.0.1 Retail Applications
Hyperion BI+, version 11.1.2.4 Fusion Middleware
Hyperion Data Relationship Management, version 11.1.2.4.330 Fusion Middleware
Integrated Lights Out Manager (ILOM), versions 3.x, 4.x Systems
Java Advanced Management Console, version 2.8 Java SE
Java ME SDK, version 8.3 Java ME
JD Edwards EnterpriseOne Tools, version 9.2 JD Edwards
MICROS Handheld Terminal, versions Prior to BSP 02.13.0701 (070116) MICROS Handheld Terminal
MICROS Relate CRM Software, versions 10.8.x, 11.4.x, 15.0.x Retail Applications
MICROS Retail XBRi Loss Prevention, versions 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1 Retail Applications
MySQL Connectors, versions 5.3.9 and prior, 6.9.9 and prior, 6.10.4 and prior MySQL
MySQL Enterprise Monitor, versions 3.3.6.3293 and prior, 3.4.4.4226 and prior, 4.0.0.5135 and prior MySQL
MySQL Server, versions 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior MySQL
Oracle Access Manager, versions 10.1.4.3.0, 11.1.2.3.0 Fusion Middleware
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1 Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6 Oracle Supply Chain Products
Oracle Agile PLM MCAD Connector, versions 3.3, 3.4, 3.5, 3.6 Oracle Supply Chain Products
Oracle Argus Safety, versions 7.x, 8.0.x, 8.1 Health Sciences
Oracle Autovue for Agile Product Lifecycle Management, versions 21.0.0, 21.0.1 Oracle Supply Chain Products
Oracle Banking Corporate Lending, versions 12.3.0, 12.4.0 Oracle Financial Services Applications
Oracle Banking Payments, versions 12.3.0, 12.4.0 Oracle Financial Services Applications
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle Communications Application Session Controller, version 3.x Oracle Communications Application Session Controller
Oracle Communications BRM – Elastic Charging Engine, version 7.5 Oracle Communications BRM – Elastic Charging Engine
Oracle Communications Convergent Charging Controller, version 6.0 Oracle Communications Convergent Charging Controller
Oracle Communications Network Charging and Control, version 6.0 Oracle Communications Network Charging and Control
Oracle Communications Order and Service Management, versions 7.2.4.1.x, 7.2.4.2.x, 7.3.0.1.x, 7.3.0.x.x Oracle Communications Order and Service Management
Oracle Communications Services Gatekeeper, versions 5.1, 6.0 Oracle Communications Services Gatekeeper
Oracle Communications Unified Inventory Management, versions 7.2.4.2.x, 7.3 Oracle Communications Unified Inventory Management
Oracle Communications User Data Repository, versions 10.x, 12.x Oracle Communications User Data Repository
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1 Database
Oracle Directory Server Enterprise Edition, version 11.1.1.7.0 Fusion Middleware
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 E-Business Suite
Oracle Endeca Information Discovery Integrator, versions 3.1.0, 3.2.0 Fusion Middleware
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.5.x, 8.0.x Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Analytical Applications Reconciliation Framework, version 8.0.x Oracle Financial Services Analytical Applications Reconciliation Framework
Oracle Financial Services Asset Liability Management, versions 6.1.x, 8.0.x Oracle Financial Services Asset Liability Management
Oracle Financial Services Balance Sheet Planning, version 8.0.x Oracle Financial Services Balance Sheet Planning
Oracle Financial Services Funds Transfer Pricing, versions 6.1.x, 8.0.x Oracle Financial Services Funds Transfer Pricing
Oracle Financial Services Hedge Management and IFRS Valuations, version 8.0.x Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Liquidity Risk Management, version 8.0.x Oracle Financial Services Liquidity Risk Management
Oracle Financial Services Loan Loss Forecasting and Provisioning, version 8.0.x Oracle Financial Services Loan Loss Forecasting and Provisioning
Oracle Financial Services Market Risk, version 8.0.x Oracle Financial Services Market Risk
Oracle Financial Services Market Risk Measurement and Management, version 8.0.5 Oracle Financial Services Market Risk Mesurement and Management
Oracle Financial Services Price Creation and Discovery, version 8.0.5 Oracle Financial Services Price Creation And Discovery
Oracle Financial Services Profitability Management, versions 6.1.x, 8.0.x Oracle Financial Services Profitability Management
Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3 Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 11.5.0, 11.6.0, 11.7.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0 Oracle Financial Services Applications
Oracle Fusion Applications, versions 11.1.2 through 11.1.9 Fusion Applications
Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.3, 12.1.3.0, 12.2.1.2, 12.2.1.3 Fusion Middleware
Oracle Health Sciences Empirica Inspections, version 1.0.1.1 Health Sciences
Oracle Health Sciences Empirica Signal, version 8.0.1.0 Health Sciences
Oracle Hospitality Cruise Dining Room Management, version 8.0.78 Oracle Hospitality Cruise Dining Room Management
Oracle Hospitality Cruise Fleet Management, version 9.0.4.0 Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Cruise Shipboard Property Management System, version 7.3.874 Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1 Oracle Hospitality Guest Access
Oracle Hospitality Labor Management, versions 8.5.1, 9.0.0 Oracle Hospitality Labor Management
Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0 Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, versions 2.7, 2.8, 2.9 Oracle Hospitality Simphony
Oracle HTTP Server, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle Hyperion Planning, version 11.1.2.4.007 Fusion Middleware
Oracle Identity Manager, version 11.1.2.3.0 Fusion Middleware
Oracle Identity Manager Connector, versions 9.0.4.20.6, 9.0.4.21.0, 9.0.4.25.4 Fusion Middleware
Oracle Internet Directory, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0 Fusion Middleware
Oracle iPlanet Web Server, version 7.0 Fusion Middleware
Oracle Java SE, versions 6u171, 7u161, 8u152, 9.0.1 Java SE
Oracle Java SE Embedded, version 8u151 Java SE
Oracle JDeveloper, versions 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0 Fusion Middleware
Oracle JRockit, version R28.3.16 Java SE
Oracle Mobile Security Suite, version 3.0.1 Fusion Middleware
Oracle Retail Assortment Planning, versions 14.1.3, 15.0.3, 16.0.1 Retail Applications
Oracle Retail Convenience and Fuel POS Software, version 2.1.132 Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 10.8.x, 11.4.x, 15.0.x, 16.0.x Retail Applications
Oracle Retail Fiscal Management, version 14.1 Retail Applications
Oracle Retail Merchandising System, version 16.0 Retail Applications
Oracle Retail Workforce Management, versions 1.60.7, 1.64.0 Retail Applications
Oracle Secure Global Desktop (SGD), version 5.3 Virtualization
Oracle Transportation Management, versions 6.2.11, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.1, 6.4.2, 6.4.3 Oracle Supply Chain Products
Oracle Tuxedo System and Applications Monitor, version 12.1.3.0.0 Fusion Middleware
Oracle VM VirtualBox, versions prior to 5.1.32, prior to 5.2.6 Virtualization
Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle WebCenter Sites, version 11.1.1.8.0 Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0 Fusion Middleware
Oracle X86 Servers, versions SW 1.x, SW 2.x Systems
OSS Support Tools, versions prior to 2.11.33 Support Tools
PeopleSoft Enterprise FIN Supply Chain Portal Pack Argentina, version 9.1 PeopleSoft
PeopleSoft Enterprise FIN Supply Chain Portal Pack Brazil, version 9.1 PeopleSoft
PeopleSoft Enterprise FSCM, version 9.2 PeopleSoft
PeopleSoft Enterprise HCM Human Resources, versions 9.1, 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55, 8.56 PeopleSoft
PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.00 PeopleSoft
PeopleSoft Enterprise SCM eProcurement, versions 9.1, 9.2 PeopleSoft
PeopleSoft Enterprise SCM Purchasing, version 9.2 PeopleSoft
Primavera Unifier, versions 10.x, 15.x, 16.x, 17.x Oracle Construction and Engineering Suite
Siebel Applications, versions 16.0, 17.0 Siebel
Solaris, versions 10, 11.3 Systems
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.7.13 Systems