Oracle 2024年4月关键补丁更新安全公告深度解析

本文详细解析Oracle 2024年4月关键补丁更新,涵盖441个安全漏洞修复,涉及数据库、中间件、Java等多个产品线,包含漏洞风险评估、受影响版本和修复建议等重要安全信息。

Oracle 2024年4月关键补丁更新安全公告

描述

关键补丁更新是针对多个安全漏洞的补丁集合。这些补丁修复了Oracle代码和Oracle产品中包含的第三方组件中的漏洞。这些补丁通常是累积性的,但每个公告仅描述自上一个关键补丁更新公告以来新增的安全补丁。

Oracle持续收到关于恶意利用已发布安全补丁漏洞的报告。在某些情况下,攻击之所以成功是因为目标客户未能应用可用的Oracle补丁。因此,Oracle强烈建议客户保持使用受支持的版本并无延迟地应用关键补丁更新安全补丁。

此关键补丁更新包含以下产品系列的441个新安全补丁。

受影响产品和补丁信息

此关键补丁更新解决的安全漏洞影响以下列出的产品。

受影响产品和版本

受影响产品和版本 补丁可用性文档
Autonomous Health Framework, versions prior to 23.11.1, prior to 24.2 Oracle Autonomous Health Framework
Management Cloud Engine, version 24.1.0.0.0 Management Cloud Engine
MySQL Cluster, versions 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior, 8.2.0 and prior, 8.3.0 and prior MySQL
MySQL Connectors, versions 8.3.0 and prior MySQL
MySQL Enterprise Backup, versions 8.0.36 and prior, 8.3.0 and prior MySQL
MySQL Enterprise Monitor, versions 8.0.37 and prior MySQL
MySQL Server, versions 8.0.36 and prior, 8.2.0 and prior, 8.3.0 and prior MySQL
OPatch, versions prior to 12.2.0.1.42 Global Lifecycle Management
OPatchAuto, versions prior to 12.2.0.1.42 Global Lifecycle Management
Oracle Access Manager, version 12.2.1.4.0 Fusion Middleware
Oracle Agile PLM, version 9.3.6 Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, version 6.2.4.2 Oracle Supply Chain Products
Oracle Application Testing Suite, version 13.3.0.1 Oracle Enterprise Manager
Oracle Banking APIs, versions 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0 Contact Support
Oracle Banking Branch, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Cash Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0.0.0 Oracle Banking Deposits and Lines of Credit Servicing
Oracle Banking Digital Experience, versions 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0 Contact Support
Oracle Banking Enterprise Default Management, versions 2.7.0.0.0, 2.12.0.0.0 Oracle Banking Platform
Oracle Banking Liquidity Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0, 14.7.0.3.0 Contact Support
Oracle Banking Loans Servicing, version 2.12.0.0.0 Oracle Banking Platform
Oracle Banking Origination, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Party Management, version 2.7.0.0.0 Oracle Banking Platform
Oracle Banking Platform, versions 2.7.0.0.0, 2.12.0.0.0 Oracle Banking Platform
Oracle Banking Virtual Account Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle BI Publisher, versions 7.0.0.0.0, 12.2.1.4.0 Oracle Analytics
Oracle Big Data Spatial and Graph, version 3.0.5 Database
Oracle Business Intelligence Enterprise Edition, versions 7.0.0.0.0, 12.2.1.4.0 Oracle Analytics
Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2 Oracle Commerce
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 Oracle Commerce
Oracle Communications Billing and Revenue Management, versions 12.0.0.4-12.0.0.8, 15.0.0.0 Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.4-12.0.0.8, 15.0.0.0 Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Cloud Native Core Binding Support Function, versions 23.4.0-23.4.1 Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, version 23.4.0 Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Data Analytics Function, version 24.1.0 Oracle Communications Cloud Native Core Network Data Analytics Function
Oracle Communications Cloud Native Core Network Exposure Function, version 23.4.1 Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 23.2.0, 23.3.1, 23.4.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, version 23.4.1 Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function, versions 23.2.0, 23.3.0 Oracle Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy, versions 23.4.0-23.4.2 Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 23.3.0, 23.4.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, versions 23.1.0, 23.2.2, 23.3.0, 23.4.0 Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 22.4.0, 23.1.0, 23.2.0, 23.3.2 Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Diameter Signaling Router, version 9.0.0.0 Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager, versions 9.0.0-9.0.2 Oracle Communications Element Manager
Oracle Communications Fraud Monitor, versions 5.0, 5.1, 5.2 Oracle Communications Fraud Monitor
Oracle Communications Network Integrity, version 7.3.6.4 Oracle Communications Network Integrity
Oracle Communications Offline Mediation Controller, versions 12.0.0.1-12.0.0.8 Oracle Communications Offline Mediation Controller
Oracle Communications Operations Monitor, versions 5.0, 5.1, 5.2 Oracle Communications Operations Monitor
Oracle Communications Service Catalog and Design, version 8.0.0.1.0 Oracle Communications Service Catalog and Design
Oracle Communications Session Report Manager, versions 9.0.0-9.0.2 Oracle Communications Session Report Manager
Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0, 7.5.1 Oracle Communications Unified Inventory Management
Oracle Communications User Data Repository, version 14.0.0.0.0 Oracle Communications User Data Repository
Oracle Communications WebRTC Session Controller, versions 7.2.0.0.0-7.2.1.0.0 Oracle Communications WebRTC Session Controller
Oracle Data Integrator, version 12.2.1.4.0 Fusion Middleware
Oracle Database Server, versions 19.3-19.22, 21.3-21.13 Database
Oracle Documaker, versions 12.6, 12.7 Oracle Insurance Applications
Oracle E-Business Suite, versions 12.2.3-12.2.13 Oracle E-Business Suite
Oracle Enterprise Data Quality, version 12.2.1.4.0 Fusion Middleware
Oracle Enterprise Manager Base Platform, version 13.5.0.0 Oracle Enterprise Manager
Oracle Enterprise Manager for Fusion Middleware, version 13.5.0.0 Oracle Enterprise Manager
Oracle Essbase, version 21.5.4.0.0 Database
Oracle Financial Services Revenue Management and Billing, versions 2.8.0.0.0, 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0, 3.1.0.0.0, 3.2.0.0.0, 4.0.0.0, 5.0.0.0 Oracle Financial Services Revenue Management and Billing
Oracle FLEXCUBE Private Banking, version 12.1.0.0.0 Contact Support
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0 Fusion Middleware
Oracle Global Lifecycle Management NextGen OUI Framework, version 12.2.1.4.0 Fusion Middleware
Oracle GoldenGate, versions 19.1.0.0.0-19.22.0.0.240124, 21.3-21.13 Database
Oracle GoldenGate Stream Analytics, versions 19.1.0.0.0-19.1.0.0.8 Database
Oracle GoldenGate Studio, version 12.2.0.4.0 Database
Oracle GoldenGate Veridata, versions 12.2.1.4.0-12.2.1.4.230922 Database
Oracle GraalVM Enterprise Edition, versions 20.3.13, 21.3.9 Java SE
Oracle GraalVM for JDK, versions 17.0.10, 21.0.2, 22 Java SE
Oracle Healthcare Data Repository, versions 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.3.0, 8.1.3.2, 8.1.3.4 HealthCare Applications
Oracle Hospitality Cruise Shipboard Property Management System, versions 20.3.3, 20.3.4, 23.1.0, 23.1.1 Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Simphony, versions 19.1.0-19.5.4 Oracle Hospitality Simphony
Oracle HTTP Server, version 12.2.1.4.0 Fusion Middleware
Oracle Hyperion Infrastructure Technology, version 11.2.16.0.0 Oracle Enterprise Performance Management
Oracle Identity Manager, version 12.2.1.4.0 Fusion Middleware
Oracle Identity Manager Connector, version 12.2.1.3.0 Fusion Middleware
Oracle Internet Directory, version 12.2.1.4.0 Fusion Middleware
Oracle Java SE, versions 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22 Java SE
Oracle Life Sciences Empirica Signal, versions 9.1.0.53, 9.2.0.53 Health Sciences
Oracle Managed File Transfer, version 12.2.1.4.0 Fusion Middleware
Oracle Middleware Common Libraries and Tools, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Outside In Technology, versions 8.5.6, 8.5.7 Fusion Middleware
Oracle Retail Assortment Planning, versions 15.0.3, 16.0.3 Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, version 19.0.0.9 Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Merchandising System, versions 14.1.3, 15.0.3, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Sales Audit, versions 14.1.3.1, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Xstore Point of Service, versions 19.0.5, 20.0.4, 21.0.3, 22.0.1, 23.0.1 Retail Applications
Oracle SD-WAN Edge, version 9.1.1.7.0 Oracle SD-WAN Edge
Oracle Smart View for Office, version 11.2.16.0.0 Oracle Enterprise Performance Management
Oracle SOA Suite, version 12.2.1.4.0 Fusion Middleware
Oracle Solaris, version 11 Systems
Oracle Solaris Cluster, version 4 Systems
Oracle StorageTek Tape Analytics (STA), version 2.5 Systems
Oracle TimesTen In-Memory Database, versions prior to 22.1, prior to 22.1.1.19.0, prior to 22.1.1.23.0 Database
Oracle Transportation Management, versions 6.5.2, 6.5.3 Oracle Supply Chain Products
Oracle Utilities Application Framework, versions 4.3.0.3.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.2 Oracle Utilities Applications
Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.1, 2.5.0.2, 2.6.0.0, 2.6.0.0.4, 2.6.0.1 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 7.0.16 Virtualization
Oracle Web Services Manager, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Content, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Enterprise Capture, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Portal, version 12.2.1.4.0 Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Weblogic Server Proxy Plug-in, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8 Systems
OSS Support Tools, versions 2.12.44, 2.12.45, 23.1.23.1.17, 24.1.24.1.16 Oracle Support Tools
PeopleSoft Enterprise CRM Client Management, version 9.2 PeopleSoft
PeopleSoft Enterprise HCM Benefits Administration, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.59, 8.60, 8.61 PeopleSoft
Primavera Gateway, versions 19.12.0-19.12.18, 20.12.0-20.12.13, 21.12.0-21.12.11 Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12, 23.12.0-23.12.2 Oracle Construction and Engineering Suite
Primavera Unifier, versions 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.12, 23.12.0-23.12.3 Oracle Construction and Engineering Suite
Siebel Applications, versions 24.2 and prior Siebel

风险矩阵内容

风险矩阵仅列出与此公告关联的补丁新解决的安全漏洞。先前安全补丁的风险矩阵可以在先前的关键补丁更新公告和警报中找到。

此关键补丁更新中解决的几个漏洞影响多个产品。每个漏洞由CVE ID标识。影响多个产品的漏洞将在所有风险矩阵中以相同的CVE ID出现。

安全漏洞使用CVSS 3.1版本进行评分。

变通方案

由于成功攻击构成的威胁,Oracle强烈建议客户尽快应用关键补丁更新安全补丁。在应用关键补丁更新补丁之前,可能可以通过阻止攻击所需的网络协议来降低成功攻击的风险。

关键补丁更新支持的产品和版本

通过关键补丁更新程序发布的补丁仅提供给在终身支持政策的Premier Support或Extended Support阶段覆盖的产品版本。

致谢

以下人员或组织向Oracle报告了此关键补丁更新解决的安全漏洞:(此处列出所有贡献者名单)

安全深度贡献者

Oracle感谢为我们的安全深度计划做出贡献的人员。

在线存在安全贡献者

Oracle感谢为我们的在线存在安全计划做出贡献的人员。

关键补丁更新时间表

关键补丁更新在1月、4月、7月和10月的第三个星期二发布。接下来的四个日期是:

  • 2024年7月16日
  • 2024年10月15日
  • 2025年1月21日
  • 2025年4月15日

修改历史

日期 备注
2024年9月18日 Rev 2. 更新Oracle Communication Cloud Native Core Binding Support Function和Siebel Apps产品的受影响版本
2024年4月16日 Rev 1. 初始发布

各产品风险矩阵详情

Oracle数据库产品风险矩阵

此关键补丁更新包含Oracle数据库产品的12个新安全补丁,分为以下几类:

  • 8个新的Oracle数据库产品安全补丁
  • 1个新的Oracle Autonomous Health Framework安全补丁
  • 1个新的Oracle Big Data Spatial and Graph安全补丁
  • Oracle Essbase没有新的安全补丁,但提供了第三方补丁
  • 1个新的Oracle Global Lifecycle Management安全补丁
  • 1个新的Oracle GoldenGate安全补丁
  • Oracle TimesTen In-Memory Database没有新的安全补丁,但提供了第三方补丁

(详细的风险矩阵表格包含CVE ID、组件、协议、CVSS评分、受影响版本等信息)

其他产品风险矩阵

文档还包含以下产品的详细风险矩阵:

  • Oracle Commerce
  • Oracle通信应用程序
  • Oracle通信产品
  • Oracle建筑与工程
  • Oracle电子商务套件
  • Oracle企业管理器
  • Oracle金融服务应用程序
  • Oracle食品和饮料应用程序
  • Oracle Fusion Middleware
  • Oracle Analytics
  • Oracle健康科学应用程序
  • Oracle医疗保健应用程序
  • Oracle酒店应用程序
  • Oracle Hyperion
  • Oracle保险应用程序
  • Oracle Java SE
  • Oracle MySQL
  • Oracle PeopleSoft
  • Oracle零售应用程序
  • Oracle Siebel CRM
  • Oracle供应链
  • Oracle支持工具
  • Oracle系统
  • Oracle公用事业应用程序
  • Oracle虚拟化

每个风险矩阵都提供了详细的安全漏洞信息,包括CVE ID、受影响组件、协议、CVSS评分和受影响版本等关键信息。

comments powered by Disqus
© 2020 - 2025 qife
使用 Hugo 构建
主题 StackJimmy 设计
本站总访问量 本站访客数人次