2021년 1월 오라클(Oracle) CPU(Critical Patch Update) 보안 업데이트 권고(MySQL , VirtualBox 포함)

IT 소식/보안 뉴스

2021년 1월 오라클(Oracle) CPU(Critical Patch Update) 보안 업데이트 권고(MySQL , VirtualBox 포함)

씨실과 날실 2021. 1. 25. 13:00

오라클(Oracle)에서 자기네 제품의 보안 취약점 329개에 대한 패치를 아래 링크 웹문서를 통해 발표했습니다.

https://www.oracle.com/security-alerts/cpujan2021.html

이번에 발표하는 오라클 중요 보안 업데이트를 CPU(Critical Patch Update)라고 합니다.

이 오라클 중요 보안 업데이트(CPU - Critical Patch Update)는 1월, 4월, 7월 , 10월 이렇게 1년에 4번 정기적으로 공개됩니다. 보안 패치 내용이 없는 경우에는 건너뛰기도 합니다.

영향받는 버전의 오라클 제품 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트하시는 것을 권장합니다.

참고로 아래 목록을 보시면 아시겠지만 제 블로그에 연재된 오라클의 제품 버추얼박스(VirtualBox)도 업데이;트 대상에 포함되어 있습니다. 보안 업데이트 패치된 최신 버전은 버추얼박스 6.1.18입니다.

https://www.virtualbox.org/wiki/Changelog

Changelog – Oracle VM VirtualBox

This page lists all changes of the VirtualBox 6.1 Downloads. All branches: 6.1 · 6.0 · 5.2 · 5.1 · 5.0 · 4.3 · 4.2 · 4.1 · 4.0 VirtualBox 6.1.18 (released January 19 2021) This is a maintenance release. The following items were fixed and/or added:

www.virtualbox.org

자세한 변경 내역은 위 링크 참고하시기 바랍니다.

그리고 제 블로그는 LAMP가 주 연재 대상입니다. M은 사용되는 데이터베이스 제품의 두문자인데 저는 MariaDB를 주 데이터 베이스로 선택해 연재합니다. 그런데 이 MariaDB는 오라클의 MySQL를 포크해 호환 개발된 DBMS입니다.

근래는 많은 개인과 업체들이 MariaDB로 옮겨갔지만 아직 MySQL도 널리 사용되고 있습니다.

이 MySQL도 이번 업데이트 목록에 포함되어 있습니다.

https://www.mysql.com/

MySQL

Over 2000 ISVs, OEMs, and VARs rely on MySQL as their products' embedded database to make their applications, hardware and appliances more competitive, bring them to market faster, and lower their cost of goods sold. Learn More »

www.mysql.com

□ 영향받는 제품과 버전 목록

Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Enterprise Manager Base Platform, versions 13.2.1.0, 13.3.0.0, 13.4.0.0

Enterprise Manager for Fusion Applications, version 13.3.0.0

Enterprise Manager Ops Center, version 12.4.0.0

Hyperion Financial Reporting, version 11.1.2.4

Hyperion Infrastructure Technology, version 11.1.2.4

Instantis EnterpriseTrack, versions 17.1-17.3

JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.5.1

JD Edwards EnterpriseOne Tools, versions prior to 9.2.5.0

MySQL Client, versions 5.6.50 and prior, 5.7.32 and prior, 8.0.22 and prior

MySQL Enterprise Monitor, versions 8.0.22 and prior

MySQL Server, versions 5.6.50 and prior, 5.7.32 and prior, 8.0.22 and prior

MySQL Workbench, versions 8.0.22 and prior

Oracle Adaptive Access Manager, version 11.1.2.3.0

Oracle Agile Engineering Data Management, version 6.2.1.0

Oracle Agile PLM, versions 9.3.5, 9.3.6

Oracle Agile Product Lifecycle Management for Process, version 6.1

Oracle Application Express Opportunity Tracker, versions prior to 20.2

Oracle Application Express Survey Builder, versions prior to 20.2

Oracle Application Testing Suite, version 13.3.0.1

Oracle Argus Safety, version 8.2.2

Oracle BAM (Business Activity Monitoring), versions 11.1.1.9.0, 12.2.1.3.0

Oracle Banking Corporate Lending Process Management, versions 14.1.0, 14.3.0, 14.4.0

Oracle Banking Credit Facilities Process Management, versions 14.1.0, 14.3.0, 14.4.0

Oracle Banking Extensibility Workbench, versions 14.3.0, 14.4.0

Oracle Banking Liquidity Management, versions 14.0.0-14.4.0

Oracle Banking Payments, version 14.4.0

Oracle Banking Platform, versions 2.4.0, 2.4.1, 2.6.2, 2.7.0, 2.7.1, 2.8.0, 2.9.0

Oracle Banking Supply Chain Finance, versions 14.2.0-14.4.0

Oracle Banking Trade Finance Process Management, versions 14.1.0, 14.3.0, 14.4.0

Oracle Banking Virtual Account Management, versions 14.1.0, 14.3.0, 14.4.0

Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0

Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Oracle Communications Application Session Controller, version 3.9m0p2

Oracle Communications ASAP, version 7.3

Oracle Communications BRM - Elastic Charging Engine, versions 11.3.0.9, 12.0.0.3

Oracle Communications Calendar Server, version 8.0.0.4.0

Oracle Communications Contacts Server, version 8.0.0.5.0

Oracle Communications Diameter Signaling Router (DSR), versions 8.0.0-8.2.2

Oracle Communications Element Manager, versions 8.2.1.0-8.2.2.1

Oracle Communications MetaSolv Solution, versions 6.3.0-6.3.1

Oracle Communications Network Charging and Control, versions 6.0.1, 12.0.2

Oracle Communications Operations Monitor, versions 3.4, 4.1, 4.2, 4.3

Oracle Communications Performance Intelligence Center (PIC) Software, version 10.4.0.2

Oracle Communications Session Report Manager, versions 8.2.1.0-8.2.2.1

Oracle Complex Maintenance, Repair, and Overhaul, versions 11.5.10, 12.1, 12.2

Oracle Configurator, versions 12.1, 12.2

Oracle Data Integrator, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 18c, 19c

Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10

Oracle Endeca Information Discovery Integrator, version 3.2.0.0

Oracle Enterprise Communications Broker, versions 3.1, 3.2

Oracle Enterprise Data Quality, versions 11.1.1.9.0, 12.2.1.3.0

Oracle Enterprise Repository, version 11.1.1.7.0

Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0

Oracle Financial Services Asset Liability Management, versions 8.0.7, 8.1.0

Oracle Financial Services Data Integration Hub, versions 8.0.3, 8.0.6

Oracle Financial Services Funds Transfer Pricing, versions 8.0.6, 8.0.7, 8.1.0

Oracle Financial Services Market Risk Measurement and Management, version 8.0.6

Oracle Financial Services Profitability Management, versions 8.0.6, 8.0.7, 8.1.0

Oracle Financial Services Revenue Management and Billing, versions 2.9.0.0, 2.9.0.1

Oracle FLEXCUBE Core Banking, versions 11.5.0-11.9.0

Oracle FLEXCUBE Universal Banking, version 14.4.0

Oracle Fusion Middleware MapViewer, version 12.2.1.3.0

Oracle Global Lifecycle Management OPatch

Oracle Global Lifecycle Manager

Oracle GoldenGate Application Adapters, version 19.1.0.0.0

Oracle GraalVM Enterprise Edition, versions 19.3.4, 20.3.0

Oracle Health Sciences Information Manager, version 3.0.1

Oracle Healthcare Master Person Index, version 4.0.2.5

Oracle Hospitality Reporting and Analytics, version 9.1.0

Oracle Hospitality Simphony, versions 18.2.7.2, 19.1.3

Oracle Insurance Allocation Manager for Enterprise Profitability, version 8.1.0

Oracle Insurance Insbridge Rating and Underwriting, versions 5.0.0.20, 5.1.1.3

Oracle Insurance Policy Administration, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0

Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0

Oracle Java SE, versions 7u281, 8u271

Oracle Java SE Embedded, version 8u271

Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0

Oracle Outside In Technology, versions 8.5.4, 8.5.5

Oracle Real-Time Decision Server, version 3.2.1.0

Oracle Retail Assortment Planning, version 16.0.3

Oracle Retail Bulk Data Integration, versions 15.0.3, 16.0.3

Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0, 19.0

Oracle Retail Extract Transform and Load, versions 13.2.5, 13.2.8

Oracle Retail Financial Integration, versions 14.1.3, 15.0.3, 16.0.3

Oracle Retail Integration Bus, versions 14.1.3, 15.0.3, 16.0.3

Oracle Retail Invoice Matching, versions 13.2, 14.0, 14.1

Oracle Retail Merchandising System, version 15.0

Oracle Retail Order Broker, versions 15.0, 16.0

Oracle Retail Order Broker Cloud Service, version 15.0

Oracle Retail Sales Audit, version 14.1

Oracle Retail Service Backbone, versions 14.1.3, 15.0.3, 16.0.3

Oracle Retail Store Inventory Management, versions 14.0.4.0, 14.1.3.0, 14.1.3.9, 15.0.3.0, 16.0.3.0

Oracle SD-WAN Edge, version 9.0

Oracle Secure Backup

Oracle Transportation Management, version 1.4.3

Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0

Oracle VM VirtualBox, versions prior to 6.1.18

Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0

Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Oracle ZFS Storage Appliance Kit, version 8.8

PeopleSoft Enterprise FIN Payables, version 9.2

PeopleSoft Enterprise HCM Human Resources, version 9.2

PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58

Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.9, 18.8.0-18.8.10, 19.12.0-19.12.10

Primavera P6 Enterprise Project Portfolio Management, versions 16.1.0-16.2.20, 17.1.0-17.12.19, 18.1.0-18.8.21, 19.12.0-19.12.10

Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, 20.12

Siebel Applications, versions 20.12 and prior

StorageTek Tape Analytics SW Tool, version 2.3.1

□ 해결 방안
o "Oracle Critical Patch Update Advisory – January 2021“ 문서 및 패치 사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용

https://www.oracle.com/security-alerts/cpujan2021.html

o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드 받아 설치하거나,

https://www.oracle.com/java/technologies/javase-downloads.html

Java 업데이트 자동 알림 설정을 권고

https://www.java.com/ko/download/help/java_update.html

□ 기타 문의사항
o 한국인터넷진흥원 사이버민원센터: 국번없이 118

저작자표시

'IT 소식 > 보안 뉴스' 카테고리의 다른 글

[보안] 리눅스 유틸리티 sudo 루트 권한 획득 취약점 발견 (0)	2021.01.30
[보안] Mozilla 제품 보안 업데이트(MFSA 2021-02~05) 권고 (0)	2021.01.28
2021년 사이버 위협 전망 - KISA 인터넷 보호나라&KrCERT (0)	2021.01.28
[보안] Apple 제품군 보안 업데이트 권고 (0)	2021.01.27
[보안] 결제 주문서 사칭 악성 이메일 유포 주의 권고 (0)	2021.01.26
MS 1월 보안 위협에 따른 정기 보안 업데이트 권고 (0)	2021.01.14
모질라 파이어폭스(Mozilla Firefox) 보안 업데이트(MFSA 2021-01) 권고 (0)	2021.01.11
2020년 KISA에서 보안공지한 취약점 중 업데이트 적용에 대한 재확인이 필요한 주요 취약점 리스트 (0)	2021.01.07

현재글2021년 1월 오라클(Oracle) CPU(Critical Patch Update) 보안 업데이트 권고(MySQL , VirtualBox 포함)

가상머신, 리눅스(Linux), 서버(Server), 콘텐츠 관리 시스템(CMS) | 워드프레스(Wordpress) | 미디어위키(Mediawiki)

ubuntu, 워드프레스, 우분투 19.04, VirtualBox, 소도구, 구글 크롬, 우분투, 보안 취약점, 크롬 브라우저, phpmyadmin, 미디어위키 소도구, 미디어위키, 폴더 공유, 보안, AlmaLinux, 보안 업데이트, XAMPP, Nextcloud, gdebi, 버추얼박스,

11-30 21:03

Today :
Yesterday :

씨실과 날실 - IT