Actualizaciones de seguridad Oracle solucionan 284 vulnerabilidades

Oacle lanzó una de las mayores actualizaciones de seguridad con las correcciones para 284 vulnerabilidades de seguridad que afectaron a los productos de Oracle

Hay 93 productos diferentes y las versiones se ven afectadas con varios niveles de vulnerabilidades y lanzan una actualización para los usuarios.

Productos afectados que incluyen Enterprise Manager, Java SE, MySQL, JD Edwards, productos de la cadena de suministro de Oracle, base de datos, E-Business Suite, aplicaciones para minoristas, virtualización, plataforma bancaria de Oracle y más.

Oracle dijo que, por lo general, los parches de la Actualización de parches críticos son acumulativos, pero cada recomendación describe solo las correcciones de seguridad agregadas desde la anterior recomendación de la Actualización de parches críticos.

Hay algunos casos anteriores, los atacantes han explotado algunas de las vulnerabilidades de los productos de Oracle porque los clientes específicos no habían aplicado los parches de Oracle disponibles.

Todos los 284 son arreglados y lanzaron las actualizaciones, por lo que ahora Oracle recomienda encarecidamente que los clientes permanezcan en versiones con soporte activo y apliquen los arreglos de la Actualización de parches críticos sin demora.

Algunas de las vulnerabilidades son potencialmente explotadas en el sistema que permite a un atacante hacerse cargo del control completo del sistema vulnerable. aplicando asiparche Tan pronto como sea posible, se reducirá el riesgo de un ataque exitoso al bloquear los protocolos de red requeridos por un ataque.

En este caso, varias vulnerabilidades tratadas en esta actualización de parche crítico afectan a múltiples productos y se ha asignado el CVE para cada vulnerabilidad.

Según Oracle, "Oracle realiza un análisis de cada vulnerabilidad de seguridad tratada por una actualización de parche crítico. Oracle no divulga información detallada sobre este análisis de seguridad a los clientes, pero la Matriz de Riesgos resultante y la documentación asociada proporcionan información sobre el tipo de vulnerabilidad, las condiciones requeridas para explotarla y el impacto potencial de una explotación exitosa "

Lista de actualizaciones de seguridad de Oracle

Enterprise Manager Base Platform, versions 12.1.0.5, 13.2, 13.3Enterprise Manager
Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1Enterprise Manager
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3Enterprise Manager
Hyperion BI+, version 11.1.2.4Fusion Middleware
Java Advanced Management Console, version 2.12Java SE
JD Edwards EnterpriseOne Tools, version 9.2JD Edwards
JD Edwards World Security, versions A9.3, A9.3.1, A9.4JD Edwards
MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and priorMySQL
MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and priorMySQL
MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and priorMySQL
MySQL Workbench, versions 8.0.13 and priorMySQL
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0, 6.2.3.1Oracle Supply Chain Products
Oracle API Gateway, version 11.1.2.4.0Fusion Middleware
Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1Enterprise Manager
Oracle Argus Safety, versions 8.1, 8.2Health Sciences
Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2Oracle Banking Platform
Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0Oracle Communications Billing and Revenue Management
Oracle Communications Converged Application Server, versions prior to 7.0.0.1Oracle Communications Converged Application Server
Oracle Communications Converged Application Server – Service Controller, version 6.1Oracle Communications Converged Application Server – Service Controller
Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3Oracle Communications Diameter Signaling Router
Oracle Communications Online Mediation Controller, version 6.1Oracle Communications Online Mediation Controller
Oracle Communications Performance Intelligence Center (PIC) Software, versions prior to 10.2.1Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Policy Management, versions prior to 12.5Oracle Communications Policy Management
Oracle Communications Service Broker, version 6.0Oracle Communications Service Broker
Oracle Communications Services Gatekeeper, versions prior to 6.1.0.4.0Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions SCz7.4.0, SCz7.4.1, SCz8.0.0, SCz8.1.0Oracle Communications Session Border Controller
Oracle Communications Unified Inventory Management, versions prior to 7.4.0Oracle Communications Unified Inventory Management
Oracle Communications Unified Session Manager, version SCz7.3.5Oracle Communications Unified Session Manager
Oracle Communications WebRTC Session Controller, versions prior to 7.2Oracle Communications WebRTC Session Controller
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18cDatabase
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8E-Business Suite
Oracle Endeca Server, version 7.7.0Fusion Middleware
Oracle Enterprise Communications Broker, versions PCz2.1, PCz2.2, PCz3.0Oracle Enterprise Communications Broker
Oracle Enterprise Repository, version 12.1.3.0.0Fusion Middleware
Oracle Enterprise Session Border Controller, versions ECz7.4.0, ECz7.5.0, ECz8.0.0, ECz8.1.0Oracle Enterprise Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7Oracle Financial Services Analytical Applications Infrastructure
Oracle FLEXCUBE Direct Banking, version 12.0.2Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0Oracle Financial Services Applications
Oracle Fusion Middleware MapViewer, version 12.2.1.3.0Fusion Middleware
Oracle GoldenGate Application Adapters, version 12.3.2.1.1Fusion Middleware
Oracle Health Sciences Information Manager, version 3.0Health Sciences
Oracle Healthcare Foundation, versions 7.1, 7.2Health Sciences
Oracle Healthcare Master Person Index, versions 3.0, 4.0Health Sciences
Oracle Hospitality Cruise Fleet Management, version 9.0.10Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Reporting and Analytics, version 9.1.0Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, version 2.10Oracle Hospitality Simphony
Oracle HTTP Server, version 12.2.1.3Fusion Middleware
Oracle Insurance Calculation Engine, version 10.2Oracle Insurance Applications
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5Oracle Insurance Applications
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 10.0, 10.2Oracle Insurance Applications
Oracle Java SE, versions 7u201, 8u192, 11.0.1Java SE
Oracle Java SE Embedded, version 8u191Java SE
Oracle Managed File Transfer, versions 12.2.1.3.0, 19.1.0.0.0Fusion Middleware
Oracle Outside In Technology, versions 8.5.3, 8.5.4Fusion Middleware
Oracle Reports Developer, version 12.2.1.3Fusion Middleware
Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1Retail Applications
Oracle Retail Central Office, versions 13.3, 13.4, 14.0, 14.1Retail Applications
Oracle Retail Convenience and Fuel POS Software, version 2.8.1Retail Applications
Oracle Retail Customer Insights, versions 15.0, 16.0Retail Applications
Oracle Retail Integration Bus, version 17.0Retail Applications
Oracle Retail Merchandising System, version 14.1Retail Applications
Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1Retail Applications
Oracle Retail Sales Audit, version 15.0Retail Applications
Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0Retail Applications
Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0Retail Applications
Oracle Retail Xstore Payment, version 3.3Retail Applications
Oracle Secure Global Desktop (SGD), version 5.4Virtualization
Oracle Service Architecture Leveraging Tuxedo, versions 12.1.3.0.0, 12.2.2.0.0Fusion Middleware
Oracle SOA Suite, versions 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle Solaris, versions 10, 11Systems
Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3Oracle Supply Chain Products
Oracle Utilities Framework, version 4.3.0.1-4.3.0.4Oracle Utilities Applications
Oracle Utilities Network Management System, versions 1.12.0.3, 2.3.0.0, 2.3.0.1, 2.3.0.2Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2Virtualization
Oracle Web Cache, version 11.1.1.9.0Fusion Middleware
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0Fusion Middleware
Oracle WebCenter Sites, version 11.1.1.8.0Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3Fusion Middleware
OSS Support Tools, versions prior to 19.1Support Tools
PeopleSoft Enterprise CC Common Application Objects, version 9.2PeopleSoft
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2PeopleSoft
PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57PeopleSoft
PeopleSoft Enterprise SCM eProcurement, version 9.2PeopleSoft
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8Oracle Construction and Engineering Suite
Siebel Applications, versions 18.10, 18.11Siebel
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.2Systems
Tape Library ACSLS, version 8.4Systems
Fecha actualización el 2021-01-17. Fecha publicación el 2019-01-17. Categoría: oracle Autor: Oscar olg Mapa del sitio Fuente: gbhackers
oracle