首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >Oracle全系产品2018年10月关键补丁更新(CPU)

Oracle全系产品2018年10月关键补丁更新(CPU)

作者头像
绿盟科技安全情报
发布2019-10-24 11:42:02
8720
发布2019-10-24 11:42:02
举报

预警编号:NS-2018-0031

2018-10-17

TAG:

Oracle、Weblogic、CVE-2018-2893、CVE-2018-2628

危害等级:

高,此次补丁更新修复了301个不同程度的漏洞,包括7月份CPU中未被完全修复的Weblogic反序列化远程代码执行漏洞(CVE-2018-2893)。

版本:

1.0

1

综述

2018年10月16日,Oracle官方发布了2018年10月(第三季度)关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了301个不同程度的漏洞。其中4、7月份CPU被绕过的Weblogic反序列化远程代码执行漏洞(CVE-2018-2628、CVE-2018-2893),也在此次更新中得到了修复,新修复的漏洞编号为CVE-2018-3245。

参考链接:https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

SEE MORE →

2CPU漏洞修复总结

此次关键补丁更新(CPU)修复了301个不同程度的漏洞,其中CVSS评分为9.8及以上的漏洞45个,影响Database Server、GoldenGate等产品。并且此次更新修复了之前未被完全修复的Weblogic反序列化远程代码执行漏洞,关于Weblogic反序列化远程代码执行漏洞(CVE-2018-2893、CVE-2018-2628)的详细信息可参考:http://blog.nsfocus.net/cve-2018-2628-weblogic/#weblogic。

Oracle官方10月关键补丁更新漏洞详情如下:

产品

漏洞个数

未授权远程利用个数

最高CVSS评分

Oracle Database server

7

6

9.8

Oracle Communications Applications

14

9

9.8

Oracle Constructions and Engineering Suite

10

9

9.8

Oracle E-Business Suite

16

14

8.2

Oracle Enterprise Manager Products Suite

4

3

9.8

Oracle Financial Services Applications

2

2

8.1

Oracle Food and Beverage Applications

4

1

8.1

Oracle Fusion Middleware

65

56

9.8

Oracle Health Sciences Applications

1

1

6.1

Oracle Hospitality Applications

9

2

8.8

Oracle Hyperion

9

6

7.7

Oracle iLearning

1

1

8.2

Oracle Insurance Applications

5

5

9.8

Oracle Java SE

12

11

9.0

Oracle JD Edwards

6

6

9.8

Oracle MySQL

38

3

9.8

Oracle PeopleSoft Products

24

21

7.5

Oracle Retail Applications

31

21

9.8

Oracle Siebel CRM

3

2

9.8

Oracle Sun Systems Products

19

9

9.8

Oracle Supply Chain Products Suite

6

1

8.8

Oracle Support Tools

1

1

6.5

Oracle Virtualization

14

1

9.0

受影响产品及版本号

可用补丁

Application Management Pack for Oracle E-Business Suite, versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7

https://support.oracle.com/rs?type=doc&id=2445688.1

Enterprise Manager Base Platform, versions 12.1.0.5, 13.2

https://support.oracle.com/rs?type=doc&id=2445688.1

Enterprise Manager for MySQL Database, version 13.2

https://support.oracle.com/rs?type=doc&id=2445688.1

Enterprise Manager Ops Center, versions 12.2.2, 12.3.3

https://support.oracle.com/rs?type=doc&id=2445688.1

Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions Prior to XCP2352 and Prior to XCP3050

https://support.oracle.com/rs?type=doc&id=2451130.1

Hyperion BI+, version 11.1.2.4

https://support.oracle.com/rs?type=doc&id=2433477.1

Hyperion Common Events, version 11.1.2.4

https://support.oracle.com/rs?type=doc&id=2433477.1

Hyperion Data Relationship Management, version 11.1.2.4.345

https://support.oracle.com/rs?type=doc&id=2433477.1

Hyperion Essbase Administration Services, version 11.1.2.4

https://support.oracle.com/rs?type=doc&id=2433477.1

Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3

https://support.oracle.com/rs?type=doc&id=2450272.1

JD Edwards EnterpriseOne Orchestrator, version 9.2

https://support.oracle.com/rs?type=doc&id=2453322.1

JD Edwards EnterpriseOne Tools, version 9.2

https://support.oracle.com/rs?type=doc&id=2453322.1

MICROS Lucas, version 2.9.5

https://support.oracle.com/rs?type=doc&id=2448662.1

MICROS PC Workstation 2015, versions Prior to BIOS 01.3.0.2i

https://support.oracle.com/rs?type=doc&id=2440534.1

MICROS Relate CRM Software, versions 10.8, 11.4

https://support.oracle.com/rs?type=doc&id=2448662.1

MICROS Retail-J, versions 12.1.2, 13.0.0

https://support.oracle.com/rs?type=doc&id=2448662.1

MICROS XBRi, versions 10.5.0, 10.6.0, 10.7.0, 10.8.1, 10.8.2, 10.8.3

https://support.oracle.com/rs?type=doc&id=2448662.1

MySQL Connectors, versions 8.0.12 and prior

https://support.oracle.com/rs?type=doc&id=2451036.1

MySQL Enterprise Monitor, versions 3.4.9.4237 and prior, 4.0.6.5281 and prior, 8.0.2.8191 and prior

https://support.oracle.com/rs?type=doc&id=2451036.1

MySQL Server, versions 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior

https://support.oracle.com/rs?type=doc&id=2451036.1

Oracle Adaptive Access Manager, versions 11.1.1.7.0, 11.1.2.3.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1

https://support.oracle.com/rs?type=doc&id=2453322.1

Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6

https://support.oracle.com/rs?type=doc&id=2453322.1

Oracle Agile Product Lifecycle Management for Process, version 6.2.0.0

https://support.oracle.com/rs?type=doc&id=2453322.1

Oracle API Gateway, version 11.1.2.4.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2

https://support.oracle.com/rs?type=doc&id=2450072.1

Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Big Data Discovery, version 1.6.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Business Intelligence Enterprise Edition, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Communications Application Session Controller, versions Prior to 3.7.1M0

https://support.oracle.com/rs?type=doc&id=2451363.1

Oracle Communications Instant Messaging Server, versions prior to 10.0.1

https://support.oracle.com/rs?type=doc&id=2450339.1

Oracle Communications Messaging Server, versions prior to 8.0.2

https://support.oracle.com/rs?type=doc&id=2450354.1

Oracle Communications MetaSolv Solution, version 6.3.0

https://support.oracle.com/rs?type=doc&id=2450340.1

Oracle Communications Performance Intelligence Center (PIC) Software, versions prior to 10.2.1

https://support.oracle.com/rs?type=doc&id=2452772.1

Oracle Communications User Data Repository, versions prior to 12.2.0

https://support.oracle.com/rs?type=doc&id=2451007.1

Oracle Configuration Manager, versions 12.1.2.0.2, 12.1.2.0.5

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Demantra Demand Management, versions 7.3.5, 12.2

https://support.oracle.com/rs?type=doc&id=2453322.1

Oracle Directory Server Enterprise Edition, version 11.1.1.7

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7

https://support.oracle.com/rs?type=doc&id=2445688.1

Oracle Endeca Information Discovery Integrator, versions 3.1.0, 3.2.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Endeca Information Discovery Studio, versions 3.1.0, 3.2.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Endeca Server, versions 7.6.1, 7.7.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Fusion Middleware MapViewer, versions 12.1.3.0, 12.2.1.3

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle GlassFish Server, version 3.1.2

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle GoldenGate, versions 12.1.2.1.0, 12.2.0.2.0, 12.3.0.1.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle GoldenGate for Big Data, versions 12.2.0.1, 12.3.1.1, 12.3.2.1

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Healthcare Translational Research, version 3.1.0

https://support.oracle.com/rs?type=doc&id=2451330.1

Oracle Hospitality Cruise Fleet Management, version 9.0

https://support.oracle.com/rs?type=doc&id=2442696.1

Oracle Hospitality Cruise Shipboard Property Management System, version 8.0

https://support.oracle.com/rs?type=doc&id=2442638.1

Oracle Hospitality Gift and Loyalty, version 9.0

https://support.oracle.com/rs?type=doc&id=2427283.1

Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1

https://support.oracle.com/rs?type=doc&id=2439115.1

Oracle Hospitality Materials Control, version 18.1

https://support.oracle.com/rs?type=doc&id=2439882.1

Oracle Hospitality Reporting and Analytics, version 9.0

https://support.oracle.com/rs?type=doc&id=2427283.1

Oracle HTTP Server, version 12.2.1.3

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Identity Analytics, version 11.1.1.5.8

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Identity Management Suite, versions 11.1.2.3.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Identity Manager, versions 11.1.2.3.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle iLearning, versions 6.1, 6.2

https://support.oracle.com/rs?type=doc&id=2453322.1

Oracle Insurance Calculation Engine, versions 10.1.1, 10.2.1

https://support.oracle.com/rs?type=doc&id=2450233.1

Oracle Insurance Rules Palette, versions 10.0, 10.1, 10.2, 11.0, 11.1

https://support.oracle.com/rs?type=doc&id=2450233.1

Oracle Java SE, versions 6u201, 7u191, 8u182, 11

https://support.oracle.com/rs?type=doc&id=2455624.1

Oracle Java SE Embedded, versions 8u18, 8u181

https://support.oracle.com/rs?type=doc&id=2455624.1

Oracle JRockit, version R28.3.19

https://support.oracle.com/rs?type=doc&id=2455624.1

Oracle Outside In Technology, version 8.5.3

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Real-Time Decision Server, version 3.2.1

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Retail Allocation, versions 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Assortment Planning, versions 14.1, 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Back Office, versions 13.3, 13.4, 14, 14.1

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Central Office, version 14.1

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Extract Transform and Load, versions 13.0, 13.1, 13.2

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Financial Integration, versions 13.2, 14.0, 14.1, 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Integration Bus, version 14.1.2

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Invoice Matching, versions 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Open Commerce Platform, versions 5.3, 6.0, 6.0.1

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Order Broker, versions 5.0, 5.1, 5.2, 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Point-of-Service, versions 13.4, 14.0, 14.1

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Predictive Application Server, versions 14.0, 14.1, 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Returns Management, version 14.1

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Sales Audit, versions 15.0, 16.0

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Retail Xstore Point of Service, versions 6.5.12, 7.0.7, 7.1.7, 15.0.2, 16.0.4, 17.0.2

https://support.oracle.com/rs?type=doc&id=2448662.1

Oracle Service Bus, versions 12.1.3.0.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Transportation Management, version 6.3.7

https://support.oracle.com/rs?type=doc&id=2453322.1

Oracle Tuxedo, version 12.1.1.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Virtual Directory, versions 11.1.1.7.0, 11.1.1.9.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle VM VirtualBox, versions prior to 5.2.20

https://support.oracle.com/rs?type=doc&id=2455529.1

Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle WebCenter Sites, versions 11.1.1.8.0, 12.2.1.3.0

https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3, prior to Docker 12.2.1.3.20180913

https://support.oracle.com/rs?type=doc&id=2433477.1

OSS Support Tools, versions prior to 18.4

https://support.oracle.com/rs?type=doc&id=2451131.1

PeopleSoft Enterprise Interaction Hub, version 9.1.0.0

https://support.oracle.com/rs?type=doc&id=2453322.1

PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57

https://support.oracle.com/rs?type=doc&id=2453322.1

Primavera Gateway, versions 15.2, 16.2, 17.12

https://support.oracle.com/rs?type=doc&id=2450272.1

Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 18.8, 17.7 - 17.12

https://support.oracle.com/rs?type=doc&id=2450272.1

Primavera Unifier, versions 15.1, 15.2, 16.1, 16.2, 17.1-17.12, 18.1-18.8

https://support.oracle.com/rs?type=doc&id=2450272.1

Siebel Applications, versions 18.7, 18.8, 18.9

https://support.oracle.com/rs?type=doc&id=2453322.1

Solaris, versions 10, 11.3, 11.4

https://support.oracle.com/rs?type=doc&id=2451130.1

SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, versions prior to XCP 1123

https://support.oracle.com/rs?type=doc&id=2451130.1

Spatial, versions 2.0, 2.1, 2.2

https://support.oracle.com/rs?type=doc&id=2433477.1

END

作者:绿盟科技安全服务部

声明

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。

绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

本文参与 腾讯云自媒体分享计划,分享自微信公众号。
原始发表:2018-10-17,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 绿盟科技CERT 微信公众号,前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体分享计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
相关产品与服务
数据库
云数据库为企业提供了完善的关系型数据库、非关系型数据库、分析型数据库和数据库生态工具。您可以通过产品选择和组合搭建,轻松实现高可靠、高可用性、高性能等数据库需求。云数据库服务也可大幅减少您的运维工作量,更专注于业务发展,让企业一站式享受数据上云及分布式架构的技术红利!
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档