Oracle 2024年4月关键补丁更新安全公告深度解析

本文详细解析了Oracle在2024年4月发布的关键补丁更新,涵盖了441个安全漏洞修复,涉及数据库、中间件、Java SE等多个产品线,帮助用户及时了解安全风险并采取相应防护措施。

Oracle 关键补丁更新公告 - 2024年4月

描述

关键补丁更新是针对多个安全漏洞的补丁集合。这些补丁修复了Oracle代码和Oracle产品中包含的第三方组件中的漏洞。这些补丁通常是累积性的,但每个公告仅描述自上一个关键补丁更新公告以来新增的安全补丁。因此,应查阅之前的关键补丁更新公告以获取有关早期发布的安全补丁的信息。

Oracle持续收到关于恶意利用已发布安全补丁漏洞的报告。在某些情况下,攻击之所以成功是因为目标客户未能应用可用的Oracle补丁。因此,Oracle强烈建议客户保持使用受支持的版本并无延迟地应用关键补丁更新安全补丁。

此关键补丁更新包含以下产品系列的441个新安全补丁。

受影响产品和补丁信息

此关键补丁更新解决的安全漏洞影响以下列出的产品。

受影响产品和版本

受影响产品和版本 补丁可用性文档
Autonomous Health Framework, versions prior to 23.11.1, prior to 24.2 Oracle Autonomous Health Framework
Management Cloud Engine, version 24.1.0.0.0 Management Cloud Engine
MySQL Cluster, versions 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior, 8.2.0 and prior, 8.3.0 and prior MySQL
MySQL Connectors, versions 8.3.0 and prior MySQL
MySQL Enterprise Backup, versions 8.0.36 and prior, 8.3.0 and prior MySQL
MySQL Enterprise Monitor, versions 8.0.37 and prior MySQL
MySQL Server, versions 8.0.36 and prior, 8.2.0 and prior, 8.3.0 and prior MySQL
OPatch, versions prior to 12.2.0.1.42 Global Lifecycle Management
OPatchAuto, versions prior to 12.2.0.1.42 Global Lifecycle Management
Oracle Access Manager, version 12.2.1.4.0 Fusion Middleware
Oracle Agile PLM, version 9.3.6 Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, version 6.2.4.2 Oracle Supply Chain Products
Oracle Application Testing Suite, version 13.3.0.1 Oracle Enterprise Manager
Oracle Banking APIs, versions 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0 Contact Support
Oracle Banking Branch, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Cash Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0.0.0 Oracle Banking Deposits and Lines of Credit Servicing
Oracle Banking Digital Experience, versions 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0 Contact Support
Oracle Banking Enterprise Default Management, versions 2.7.0.0.0, 2.12.0.0.0 Oracle Banking Platform
Oracle Banking Liquidity Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0, 14.7.0.3.0 Contact Support
Oracle Banking Loans Servicing, version 2.12.0.0.0 Oracle Banking Platform
Oracle Banking Origination, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Party Management, version 2.7.0.0.0 Oracle Banking Platform
Oracle Banking Platform, versions 2.7.0.0.0, 2.12.0.0.0 Oracle Banking Platform
Oracle Banking Virtual Account Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle BI Publisher, versions 7.0.0.0.0, 12.2.1.4.0 Oracle Analytics
Oracle Big Data Spatial and Graph, version 3.0.5 Database
Oracle Business Intelligence Enterprise Edition, versions 7.0.0.0.0, 12.2.1.4.0 Oracle Analytics
Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2 Oracle Commerce
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 Oracle Commerce
Oracle Communications Billing and Revenue Management, versions 12.0.0.4-12.0.0.8, 15.0.0.0 Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.4-12.0.0.8, 15.0.0.0 Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Cloud Native Core Binding Support Function, versions 23.4.0-23.4.1 Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, version 23.4.0 Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Data Analytics Function, version 24.1.0 Oracle Communications Cloud Native Core Network Data Analytics Function
Oracle Communications Cloud Native Core Network Exposure Function, version 23.4.1 Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 23.2.0, 23.3.1, 23.4.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, version 23.4.1 Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function, versions 23.2.0, 23.3.0 Oracle Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy, versions 23.4.0-23.4.2 Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 23.3.0, 23.4.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, versions 23.1.0, 23.2.2, 23.3.0, 23.4.0 Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 22.4.0, 23.1.0, 23.2.0, 23.3.2 Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Diameter Signaling Router, version 9.0.0.0 Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager, versions 9.0.0-9.0.2 Oracle Communications Element Manager
Oracle Communications Fraud Monitor, versions 5.0, 5.1, 5.2 Oracle Communications Fraud Monitor
Oracle Communications Network Integrity, version 7.3.6.4 Oracle Communications Network Integrity
Oracle Communications Offline Mediation Controller, versions 12.0.0.1-12.0.0.8 Oracle Communications Offline Mediation Controller
Oracle Communications Operations Monitor, versions 5.0, 5.1, 5.2 Oracle Communications Operations Monitor
Oracle Communications Service Catalog and Design, version 8.0.0.1.0 Oracle Communications Service Catalog and Design
Oracle Communications Session Report Manager, versions 9.0.0-9.0.2 Oracle Communications Session Report Manager
Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0, 7.5.1 Oracle Communications Unified Inventory Management
Oracle Communications User Data Repository, version 14.0.0.0.0 Oracle Communications User Data Repository
Oracle Communications WebRTC Session Controller, versions 7.2.0.0.0-7.2.1.0.0 Oracle Communications WebRTC Session Controller
Oracle Data Integrator, version 12.2.1.4.0 Fusion Middleware
Oracle Database Server, versions 19.3-19.22, 21.3-21.13 Database
Oracle Documaker, versions 12.6, 12.7 Oracle Insurance Applications
Oracle E-Business Suite, versions 12.2.3-12.2.13 Oracle E-Business Suite
Oracle Enterprise Data Quality, version 12.2.1.4.0 Fusion Middleware
Oracle Enterprise Manager Base Platform, version 13.5.0.0 Oracle Enterprise Manager
Oracle Enterprise Manager for Fusion Middleware, version 13.5.0.0 Oracle Enterprise Manager
Oracle Essbase, version 21.5.4.0.0 Database
Oracle Financial Services Revenue Management and Billing, versions 2.8.0.0.0, 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0, 3.1.0.0.0, 3.2.0.0.0, 4.0.0.0, 5.0.0.0 Oracle Financial Services Revenue Management and Billing
Oracle FLEXCUBE Private Banking, version 12.1.0.0.0 Contact Support
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0 Fusion Middleware
Oracle Global Lifecycle Management NextGen OUI Framework, version 12.2.1.4.0 Fusion Middleware
Oracle GoldenGate, versions 19.1.0.0.0-19.22.0.0.240124, 21.3-21.13 Database
Oracle GoldenGate Stream Analytics, versions 19.1.0.0.0-19.1.0.0.8 Database
Oracle GoldenGate Studio, version 12.2.0.4.0 Database
Oracle GoldenGate Veridata, versions 12.2.1.4.0-12.2.1.4.230922 Database
Oracle GraalVM Enterprise Edition, versions 20.3.13, 21.3.9 Java SE
Oracle GraalVM for JDK, versions 17.0.10, 21.0.2, 22 Java SE
Oracle Healthcare Data Repository, versions 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.3.0, 8.1.3.2, 8.1.3.4 HealthCare Applications
Oracle Hospitality Cruise Shipboard Property Management System, versions 20.3.3, 20.3.4, 23.1.0, 23.1.1 Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Simphony, versions 19.1.0-19.5.4 Oracle Hospitality Simphony
Oracle HTTP Server, version 12.2.1.4.0 Fusion Middleware
Oracle Hyperion Infrastructure Technology, version 11.2.16.0.0 Oracle Enterprise Performance Management
Oracle Identity Manager, version 12.2.1.4.0 Fusion Middleware
Oracle Identity Manager Connector, version 12.2.1.3.0 Fusion Middleware
Oracle Internet Directory, version 12.2.1.4.0 Fusion Middleware
Oracle Java SE, versions 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22 Java SE
Oracle Life Sciences Empirica Signal, versions 9.1.0.53, 9.2.0.53 Health Sciences
Oracle Managed File Transfer, version 12.2.1.4.0 Fusion Middleware
Oracle Middleware Common Libraries and Tools, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Outside In Technology, versions 8.5.6, 8.5.7 Fusion Middleware
Oracle Retail Assortment Planning, versions 15.0.3, 16.0.3 Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, version 19.0.0.9 Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Merchandising System, versions 14.1.3, 15.0.3, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Sales Audit, versions 14.1.3.1, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Xstore Point of Service, versions 19.0.5, 20.0.4, 21.0.3, 22.0.1, 23.0.1 Retail Applications
Oracle SD-WAN Edge, version 9.1.1.7.0 Oracle SD-WAN Edge
Oracle Smart View for Office, version 11.2.16.0.0 Oracle Enterprise Performance Management
Oracle SOA Suite, version 12.2.1.4.0 Fusion Middleware
Oracle Solaris, version 11 Systems
Oracle Solaris Cluster, version 4 Systems
Oracle StorageTek Tape Analytics (STA), version 2.5 Systems
Oracle TimesTen In-Memory Database, versions prior to 22.1, prior to 22.1.1.19.0, prior to 22.1.1.23.0 Database
Oracle Transportation Management, versions 6.5.2, 6.5.3 Oracle Supply Chain Products
Oracle Utilities Application Framework, versions 4.3.0.3.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.2 Oracle Utilities Applications
Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.1, 2.5.0.2, 2.6.0.0, 2.6.0.0.4, 2.6.0.1 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 7.0.16 Virtualization
Oracle Web Services Manager, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Content, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Enterprise Capture, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Portal, version 12.2.1.4.0 Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Weblogic Server Proxy Plug-in, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8 Systems
OSS Support Tools, versions 2.12.44, 2.12.45, 23.1.23.1.17, 24.1.24.1.16 Oracle Support Tools
PeopleSoft Enterprise CRM Client Management, version 9.2 PeopleSoft
PeopleSoft Enterprise HCM Benefits Administration, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.59, 8.60, 8.61 PeopleSoft
Primavera Gateway, versions 19.12.0-19.12.18, 20.12.0-20.12.13, 21.12.0-21.12.11 Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12, 23.12.0-23.12.2 Oracle Construction and Engineering Suite
Primavera Unifier, versions 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.12, 23.12.0-23.12.3 Oracle Construction and Engineering Suite
Siebel Applications, versions 24.2 and prior Siebel

风险矩阵内容

风险矩阵仅列出此公告关联补丁新解决的安全漏洞。之前安全补丁的风险矩阵可在之前的关键补丁更新公告和警报中找到。

此关键补丁更新中解决的几个漏洞影响多个产品。每个漏洞由CVE ID标识。影响多个产品的漏洞将在所有风险矩阵中以相同的CVE ID出现。

安全漏洞使用CVSS 3.1版进行评分。Oracle对关键补丁更新解决的每个安全漏洞进行分析。Oracle不会向客户披露此安全分析的详细信息,但生成的风险矩阵和相关文档提供了有关利用漏洞所需条件和成功利用的潜在影响的信息。

变通方案

由于成功攻击构成的威胁,Oracle强烈建议客户尽快应用关键补丁更新安全补丁。在应用关键补丁更新补丁之前,可能可以通过阻止攻击所需的网络协议来降低成功攻击的风险。对于需要某些权限或访问某些包的攻击,从不需要这些权限的用户中删除权限或访问包的能力可能有助于降低成功攻击的风险。这两种方法都可能破坏应用程序功能,因此Oracle强烈建议客户在非生产系统上测试更改。这两种方法都不应被视为长期解决方案,因为它们都不能纠正根本问题。

关键补丁更新支持的产品和版本

通过关键补丁更新程序发布的补丁仅提供给在终身支持政策的Premier Support或Extended Support阶段涵盖的产品版本。Oracle建议客户计划产品升级,以确保通过关键补丁更新程序发布的补丁可用于他们当前运行的版本。

致谢声明

Oracle感谢以下人员或组织向Oracle报告了此关键补丁更新解决的安全漏洞:(此处省略了具体的致谢名单)

关键补丁更新计划

关键补丁更新在1月、4月、7月和10月的第三个星期二发布。接下来的四个日期是:

  • 2024年7月16日
  • 2024年10月15日
  • 2025年1月21日
  • 2025年4月15日

修改历史

  • 2024年9月18日:Rev 2。更新Oracle Communication Cloud Native Core Binding Support Function和Siebel Apps产品的受影响版本
  • 2024年4月16日:Rev 1。初始发布
comments powered by Disqus
© 2020 - 2025 qife
使用 Hugo 构建
主题 StackJimmy 设计
本站总访问量 本站访客数人次