Oracle biztonsági hibajavítások – 2017. július

CH azonosító

Angol cím

Felfedezés dátuma

Súlyosság

Érintett rendszerek

Érintett verziók

Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1
Oracle REST Data Services, versions prior to 3.0.10.25.02.36
Oracle API Gateway, version 11.1.2.4.0
Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
Oracle Data Integrator, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0
Oracle Endeca Server, versions 7.3.0.0, 7.4.0.0, 7.5.0.0, 7.5.1.0, 7.6.0.0, 7.6.1.0, 7.7.0.0
Oracle Enterprise Data Quality, version 8.1.13.0.0
Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0
Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.1, 12.2.1.2
Oracle OpenSSO, version 3.0.0.8
Oracle Outside In Technology, version 8.5.3.0
Oracle Secure Enterprise Search, version 11.2.2.2.0
Oracle Service Bus, version 11.1.1.9.0
Oracle Traffic Director, versions 11.1.1.7.0, 11.1.1.9.0
Oracle Tuxedo, version 12.1.1
Oracle Tuxedo System and Applications Monitor, versions 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.2, 12.1.1.1.0, 12.1.3.0.0, 12.2.2.0.0
Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.1, 12.2.1.2
Hyperion Essbase, version 12.2.1.1
Enterprise Manager Base Platform, versions 12.1.0, 13.1.0, 13.2.0
Enterprise Manager Ops Center, versions 12.2.2, 12.3.2
Oracle Application Testing Suite, versions 12.5.0.2, 12.5.0.3
Oracle Business Transaction Management, versions 11.1.x, 12.1.x
Oracle Configuration Manager, versions prior to 12.1.2.0.4
Application Management Pack for Oracle E-Business Suite, versions AMP 12.1.0.4.0, AMP 13.1.1.1.0
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
Oracle Agile PLM, versions 9.3.5, 9.3.6
Oracle Transportation Management, versions 6.1, 6.2, 6.3.4.1, 6.3.5.1, 6.3.6.1, 6.3.7.1, 6.4.0, 6.4.1, 6.4.2
PeopleSoft Enterprise FSCM, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55
PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.0
Siebel Applications, versions 16.0, 17.0
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 6.1.4, 11.0, 11.1, 11.2
Oracle iLearning, version 6.2
Oracle Fusion Applications, versions 11.1.2 through 11.1.9
Oracle Communications BRM, versions 11.2.0.0.0, 11.3.0.0.0
Oracle Communications Convergence, versions 3.0, 3.0.1
Oracle Communications EAGLE LNP Application Processor, version 10.0
Oracle Communications Network Charging and Control, versions 4.4.1.5, 5.0.0.1, 5.0.0.2, 5.0.1.0, 5.0.2.0
Oracle Communications Policy Management, version 11.5
Oracle Communications Session Router, versions ECZ730, SCZ730, SCZ740
Oracle Enterprise Communications Broker, version PCZ210
Oracle Enterprise Session Border Controller, version ECZ7.3.0
Financial Services Behavior Detection Platform, versions 8.0.1, 8.0.2
Oracle Banking Platform, versions 2.3, 2.4, 2.4.1, 2.5
Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3
Oracle FLEXCUBE Private Banking, versions 2.0.0, 2.0.1, 2.2.0, 12.0.1
Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0
Hospitality Hotel Mobile, versions 1.01, 1.05, 1.1
Hospitality Property Interfaces, version 8.10.x
Hospitality Suite8, version 8.10.x
Hospitality WebSuite8 Cloud Service, versions 8.9.6, 8.10.x
MICROS BellaVita, version 2.7.x
MICROS PC Workstation 2015, versions Prior to O1302h
MICROS Workstation 650, versions Prior to E1500n
Oracle Hospitality 9700, version 4.0
Oracle Hospitality Cruise AffairWhere, version 2.2.05.062
Oracle Hospitality Cruise Dining Room Management, version 8.0.75
Oracle Hospitality Cruise Fleet Management, version 9.0
Oracle Hospitality Cruise Materials Management, version 7.30.562
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.0.0
Oracle Hospitality e7, version 4.2.1
Oracle Hospitality Guest Access, versions 4.2.0.0, 4.2.1.0
Oracle Hospitality Inventory Management, versions 8.5.1, 9.0.0
Oracle Hospitality Materials Control, versions 8.31.4, 8.32.0
Oracle Hospitality OPERA 5 Property Services, versions 5.4.0.x, 5.4.1.x, 5.4.3.x
Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0
Oracle Hospitality RES 3700, version 5.5
Oracle Hospitality Simphony, versions 2.8, 2.9
Oracle Hospitality Simphony First Edition, version 1.7.1
Oracle Hospitality Simphony First Edition Venue Management, version 3.9
Oracle Hospitality Suites Management, version 3.7
Oracle Payment Interface, version 6.1.1
Oracle Retail Allocation, versions 13.3.1, 14.0.4, 14.1.3, 15.0.1, 16.0.1
Oracle Retail Customer Insights, versions 15.0, 16.0
Oracle Retail Open Commerce Platform, versions 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0, 15.1
Oracle Retail Warehouse Management System, versions 14.0.4, 14.1.3, 15.0.1
Oracle Retail Workforce Management, versions 1.60.7, 1.64.0
Oracle Retail Xstore Point of Service, versions 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x, 16.0.0
Oracle Policy Automation, versions 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3
Primavera Gateway, versions 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2
Primavera P6 Enterprise Project Portfolio Management, versions 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
Primavera Unifier, versions 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1, 16.2
Java Advanced Management Console, version 2.6
Oracle Java SE, versions 6u151, 7u141, 8u131
Oracle Java SE Embedded, version 8u131
Oracle JRockit, version R28.3.14
Solaris, versions 10, 11
Solaris Cluster, version 4
Sun ZFS Storage Appliance Kit (AK), version AK 2013
Oracle VM VirtualBox, versions prior to 5.1.24
MySQL Cluster, versions 7.3.5 and prior
MySQL Connectors, versions 5.3.7 and prior, 6.1.10 and prior
MySQL Enterprise Monitor, versions 3.1.5.7958 and prior, 3.2.5.1141 and prior, 3.2.7.1204 and prior, 3.3.2.1162 and prior, 3.3.3.1199 and prior
MySQL Server, versions 5.5.56 and prior, 5.6.36 and prior, 5.7.18 and prior
Oracle Explorer, versions prior to 8.16

Összefoglaló

Az Oracle kritikus, magas és közepes kockázati besorolású sérülékenységei váltak ismertté, amelyeket kihasználva a támadó akár a rendszer feletti irányítást is átveheti. A hibajavítás érinti többek között a MySQL és a Java SE komponenseket is.

Leírás

A tervezett frissítések összesen 310 biztonsági hibát javítanak ki, amelyek közül több akár távolról, hitelesítés nélkül is kihasználható.

A hibajavítások az alábbi termékcsaládokat érintik:

• Oracle Database Server
• Oracle REST Data Services
• Oracle API Gateway
• Oracle BI Publisher
• Oracle Business Intelligence Enterprise Edition
• Oracle Data Integrator,
• Oracle Endeca Server
• Oracle Enterprise Data Quality
• Oracle Enterprise Repository
• Oracle Fusion Middleware
• Oracle OpenSSO
• Oracle Outside In Technology
• Oracle Secure Enterprise Search
• Oracle Service Bus
• Oracle Traffic Director
• Oracle Tuxedo
• Oracle Tuxedo System and Applications Monitor
• Oracle WebCenter Content
• Oracle WebLogic Server
• Hyperion Essbase
• Enterprise Manager Base Platform
• Enterprise Manager Ops Center
• Oracle Application Testing Suite
• Oracle Business Transaction Management
• Oracle Configuration Manager
• Application Management Pack for Oracle E-Business Suite
• Oracle E-Business Suite
• Oracle Agile PLM
• Oracle Transportation Management
• PeopleSoft Enterprise FSCM
• PeopleSoft Enterprise PeopleTools
• PeopleSoft Enterprise PRTL Interaction Hub
• Siebel Applications
• Oracle Commerce Guided Search / Oracle Commerce Experience Manager
• Oracle iLearning
• Oracle Fusion Applications
• Oracle Communications BRM
• Oracle Communications Convergence
• Oracle Communications EAGLE LNP Application Processor
• Oracle Communications Network Charging and Control
• Oracle Communications Policy Management
• Oracle Communications Session Router
• Oracle Enterprise Communications Broker
• Oracle Enterprise Session Border Controller
• Oracle Enterprise Session Border Controller
• Financial Services Behavior Detection Platform
• Oracle Banking Platform
• Oracle FLEXCUBE Direct Banking
• Oracle FLEXCUBE Private Banking
• Oracle FLEXCUBE Universal Banking
• Hospitality Hotel Mobile
• Hospitality Property Interfaces
• Hospitality Suite8
• Hospitality WebSuite8 Cloud Service
• MICROS BellaVita
• MICROS PC Workstation 2015
• MICROS Workstation 650
• Oracle Hospitality 9700
• Oracle Hospitality Cruise AffairWhere
• Oracle Hospitality Cruise Dining Room Management
• Oracle Hospitality Cruise Fleet Management
• Oracle Hospitality Cruise Materials Management
• Oracle Hospitality Cruise Shipboard Property Management System
• Oracle Hospitality e7
• Oracle Hospitality Guest Access
• Oracle Hospitality Inventory Management
• Oracle Hospitality Materials Control
• Oracle Hospitality OPERA 5 Property Services
• Oracle Hospitality Reporting and Analytics
• Oracle Hospitality RES 3700
• Oracle Hospitality Simphony
• Oracle Hospitality Simphony First Edition
• Oracle Hospitality Simphony First Edition Venue Management
• Oracle Hospitality Suites Management
• Oracle Payment Interface
• Oracle Retail Allocation
• Oracle Retail Customer Insights
• Oracle Retail Open Commerce Platform
• Oracle Retail Warehouse Management System
• Oracle Retail Workforce Management
• Oracle Retail Xstore Point of Service
• Oracle Policy Automation
• Primavera Gateway
• Primavera P6 Enterprise Project Portfolio Management
• Primavera Unifier
• Java Advanced Management Console
• Oracle Java SE, versions
• Oracle Java SE Embedded
• Oracle JRockit
• Solaris   
• Solaris Cluster
• Sun ZFS Storage Appliance Kit (AK)
• Oracle VM VirtualBox
• MySQL Cluster
• MySQL Connectors
• MySQL Enterprise Monitor
• MySQL Server
• Oracle Explorer

Megoldás

Támadás típusa

Hatás

Szükséges hozzáférés

Hivatkozások

Gyártói referencia: www.oracle.com