|
APPLIES TO:
Oracle Database Exadata Express Cloud Service - Version N/A and
later
Oracle Database - Standard Edition - Version 12.1.0.2
and later
Gen 1 Exadata Cloud at Customer (Oracle Exadata
Database Cloud Machine) - Version N/A and later
Oracle Cloud Infrastructure - Database Service -
Version N/A and later
Oracle Fusion Middleware - Version 11.1.1.7.0 and
later
Information in this document applies to any platform.
This document
defines the patches and minimum releases for the Database Product Suite,
Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite
Critical Patch Updates and Patch Set Updates released on January 19, 2021.
The document
is for Database Administrators and/or others tasked with Quarterly Security
Patching.
Database, Fusion Middleware, and Enterprise Manager Critical
Patch Update January 2021 Patch Availability Document
My Oracle
Support Note 2725756.1
Released January 19, 2021
This document contains the
following sections:
Quick Links: Read Me First DB 19c EM Cloud Control FMW WLS
1 Overview
Oracle provides quarterly
cumulative patches to address security vulnerabilities. The patches may
include critical fixes in addition to the security fixes. The security
vulnerabilities addressed are announced in the Advisory for January 2021,
available at:
Oracle Technical Network Advisory
This document lists the Oracle
Database, Fusion Middleware and Enterprise Manager CPU program cumulative
patches for product releases under error correction. The January 2021
release supersedes earlier CPU program cumulative patches for the same
product releases. This document is subject to continual update after the
initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to
ensure you have the latest version.
This section contains the
following:
·
Section 1.1 "How To Use This Document"
·
Section 1.2 "Terminology in the Tables"
·
Section 1.3 "On-Request Patches"
·
Section 1.4 "CPU Program and My Oracle Support
Patch Recommendations"
·
Section 1.5 "My Oracle Support (MOS) Conflict
Checker Tool"
1.1 How To Use This Document
The following steps explain how to
use this document.
Step
1 Assess your Environments
Determine
the Oracle product suites and products and their release numbers for each
of your environments.
Step
2 Read Important Announcements
Review "What's New in January 2021," as it lists documentation and packaging changes along
with important announcements such as upcoming final CPUs.
Step
3 Determine Patches to be Applied
For each
environment, determine which patches need to be applied by using the tables
in "Patch Availability for Oracle Products." There is one availability table for each product suite
release, such as Oracle Database 12.2.0.1, Oracle Identity Access
Management 11.1.2.3, and Enterprise Manager Cloud Control 13.4.0.0.
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database,
FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software
Error Correction Support Policy. Patches are provided only for
these releases. If you do not see the release that you have installed, then
check "Final CPU History" and contact Oracle Support for further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly
releases, or the current one without any security fixes, the column
indicates "Released MMM YYYY"
·
When a
section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release
that is installed, and find the patches to apply in the table for that
Oracle Database release in "Oracle Database."
Step
4 Apply the Patches
Download
the patches, review the READMEs, and apply the patches according to the
instructions.
Step 5 Planning
for Future Critical Patch Updates
To help
you plan for future Critical Patch Updates, this document includes Final
CPU information based on Oracle's Lifetime Support Policy and error
correction policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in January 2021," documents product releases for which final Critical
Patch Updates are upcoming or are being announced. In each product section,
there is also an Error Correction Information Table that documents the
final CPU program patch for the product. Products that have reached the end
of error correction are documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used
in this patch availability document and in the subsequent tables.
·
Update - Release Update
·
Revision -Release Update Revision
·
BP - Bundle Patch
·
Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
·
NA Not Applicable.
·
OR On-Request. The patch is made available through the
On-Request program.
·
PSU - Patch Set Update
·
SPU - Security Patch Update. An iterative, cumulative patch
consisting of security fixes.
·
Overlay SPU patch provided as an overlay on top of a PSU
or BP instead of a base/patch set release.
1.3 On-Request Patches
Oracle does not proactively release
patches for historically inactive platforms. However, Oracle will deliver
these patches when requested.
The following guidelines describe
how to initiate an on-request (OR) patch.
A request may be made:
o At any time. However, a patch for a specific
quarterly release, such as CPUOct2012, cannot be requested. Depending on
when the request is received and processed, either the patch for the
current quarterly release or the next quarterly release will be provided.
Your Service Request (SR) will provide you the planned availability date
for the patch.
o As long as the version is in either Premier
Support or Extended Support and error correction support has not expired.
For example, if a product release is under Extended Support through the
release of CPUJan2013 on January 15, 2013, then you can file a request for
the product release through January 29, 2013. For more information, see Oracle Lifetime Support
Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database,
FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software
Error Correction Support Policy.
o For a platform-version combination when a
major release or patch set is released on a platform after a quarterly
release date. Oracle will provide the next patch for that platform-version
combination, however you may request the current patch by following the
on-request process. For example, if a patch is released for a platform on
August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform.
You may request a CPUOct2012 patch for the platform, and Oracle will review
the request and determine whether to provide CPUJul2012 or CPUOct2012.
A patch
that is marked as on-request (OR) may already have been requested by
another customer and be available on My Oracle Support. Before you file a
Service Request (SR), check on My Oracle Support to see if the patch is
already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch
recommendation features are available on the Patches & Update tab. The
patches announced in this document as part of the CPU program are
classified as "Security" patch recommendations in My Oracle
Support. If a new patch is being announced in this document, then the
classification on any earlier patch is changed to "General", causing
it to be removed from the My Oracle Support patch recommendations. If a
patch has a "Security" classification, and a subsequent bundle,
SPU, or PSU is released with a recommendation classification, then it will
be classified as a "Security" recommendation in My Oracle Support.
Once a product release is no longer
in error correction, its CPU patch information is removed from this
document, but the last patch recommendation continues to be available in My
Oracle Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle Support (MOS)
Conflict Checker tool is available as of July 21, 2014.
You can access MOS Conflict Checker
at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search
results screen ("Analyze with OPatch" button).
The MOS Conflict Checker Tool
allows you to upload an OPatch inventory to check for conflicts with
patches to apply to your environment. If no conflicts are found, you can
download the patches. If conflicts are found, the tool finds an existing
resolution to download. If no resolution is found, you can request a
solution, and monitor your request in the Plans region.
For more information and a
demonstration video, see Knowledge Document Note 1091294.1, How to Use
the My Oracle Support Conflict Checker Tool for Patches Installed with
OPatch [Video].
2 What's New in January 2021
This section describes important
changes in January 2021:
·
Section 2.1 "Final CPU Information (Error
Correction Policies)"
·
Section 2.2 "Post Release Patches"
2.1 Final CPU Information (Error Correction Policies)
The final CPU is the last quarter
that a product is supported in the CPU program as per the Premier Support
and Extended Support policies. Final CPUs for upcoming releases, as well as
newly scheduled final CPUs, are listed in the following sections.
Final CPUs
scheduled for Jan 2021
- Oracle API Gateway 11.1.2.4
- Oracle Endeca Server
- Oracle Endeca Information
Discovery Integrator
- Oracle Endeca Information
Discovery Studio
Final CPUs
scheduled for Apr 2021
- Oracle GoldenGate 18.1
- Oracle GoldenGate 12.3.0.1
- Oracle Real User Experience
Insight 13.3.1.0
- Oracle Hyperion Analytic
Provider Services 11.1.2.x
- Oracle Hyperion Enterprise
Performance Management Architect 11.1.2.x
- Oracle Hyperion Essbase
11.1.2.x
2.2 Post Release Patches
Oracle strives to complete
preparations and testing of each Quarterly Security Patch for each platform
by the quarterly release date. Occasionally, circumstances beyond our
control dictate that a particular patch be delayed and be released a few
days after the quarterly release date. The following table lists any
current patch delays and the estimated date of availability.
|
Patch
|
Patch Number
|
Platform
|
Availability
|
|
Oracle Data Integrator (ODI) Bundle
Patch 11.1.1.9.210115
|
Patch 32137794
|
All
|
ETA: 29-Jan-2021
|
|
Oracle Data Integrator (ODI) Bundle
Patch 12.2.1.3.210119
|
Patch 32040885
|
All
|
ETA: 29-Jan-2021
|
|
Oracle Enterprise Data Quality
11.1.1.9.0 SPU
|
Patch 32395356
|
All
|
ETA: 29-Jan-2021
|
|
Oracle Enterprise Data Quality
12.2.1.3 SPU
|
Patch 32395703
|
All
|
ETA: 29-Jan-2021
|
|
Oracle WebCenter Portal Bundle Patch 11.1.1.9.210115
|
Patch 32189083
|
All
|
ETA: 29-Jan-2021
|
|
Oracle WebCenter Portal Bundle Patch
12.2.1.3.201202
|
Patch 32225019
|
All
|
ETA: 29-Jan-2021
|
|
Oracle WebCenter Core Bundle Patch
12.2.1.3.201124
|
Patch 32224246
|
All
|
ETA: 29-Jan-2021
|
|
Oracle WebCenter Portal Bundle Patch
12.2.1.4.201126
|
Patch 32224021
|
All
|
ETA: 29-Jan-2021
|
|
Oracle WebCenter Core Bundle Patch
12.2.1.4.201202
|
Patch 32224147
|
All
|
ETA: 29-Jan-2021
|
|
Database Release Update
19.10.0.0.210119 (& associated COMBO)
GI Release Update 19.10.0.0.210119 (& associated COMBO)
|
Patch 32218454 (& Patch 32126828)
Patch 32226239 (& Patch 32126842)
|
Solaris Sparc64, Solaris x86-64
|
ETA: 26-Jan-2021
|
|
AIX, zLinux, HP-UX Itanium
|
ETA: 02-Feb-2021
|
|
Database Release Update Revision
19.9.1.0.210119
Database Release Update Revision 19.8.2.0.210119
GI Release Update Revision 19.9.1.0.210119
GI Release Update Revision 19.8.2.0.210119
|
Patch 32072711
Patch 32066676
Patch 32127230
Patch 32127175
|
Solaris Sparc64, Solaris x86-64
|
ETA: 26-Jan-2021
|
|
AIX, zLinux, HP-UX Itanium
|
ETA: 02-Feb-2021
|
|
Database Release Update 18.13.0.0.210119
(& associated COMBO)
GI Release Update 18.13.0.0.210119 (& associated COMBO)
|
Patch 32204699 (& Patch 32126855)
Patch 32226219 (& Patch 32126862)
|
AIX, HP-UX Itanium
|
ETA: 26-Jan-2021
|
|
Database Release Update Revision
18.12.1.0.210119
Database Release Update Revision 18.11.2.0.210119
GI Release Update Revision 18.12.1.0.210119
GI Release Update Revision 18.11.2.0.210119
|
Patch 32072459
Patch 32066686
Patch 32127237
Patch 32127180
|
Solaris Sparc64, Solaris x86-64
|
ETA: 26-Jan-2021
|
|
AIX, zLinux, HP-UX Itanium
|
ETA: 02-Feb-2021
|
|
Database Jan2021 Release Update 12.2.0.1.210119
(& associated COMBO)
GI Jan2021 Release Update 12.2.0.1.210119 (& associated COMBO)
|
Patch 32228578 (& Patch 32126871)
Patch 32226491 (& Patch 32126883)
|
Solaris Sparc64, Solaris x86-64
|
ETA: 26-Jan-2021
|
|
AIX, HP-UX Itanium
|
ETA: 02-Feb-2021
|
|
Database Proactive Bundle Patch
12.1.0.2.210119 (& associated COMBO)
|
Patch 32131231 (& Patch 32126908)
|
Solaris Sparc64, Solaris x86-64, AIX,
HP-UX Itanium
|
ETA: 26-Jan-2021
|
|
Microsoft Windows BP 19.10.0.0.210119
(& associated OJVM RU)
|
Patch 32062765 (& Patch 32067171)
|
Windows 32-Bit and 64-Bit
|
ETA: 02-Feb-2021
|
|
Microsoft Windows BP 18.13.0.0.210119
(& associated OJVM RU)
|
Patch 32062760 (& Patch 32119939)
|
Windows 32-Bit and 64-Bit
|
ETA: 26-Jan-2021
|
|
Quarterly Full Stack download for
Exadata (Jan2021) 19.10.0.0.200814
|
Patch 32126988
|
All
|
ETA: 20-Jan-2021
|
|
Quarterly Full Stack download for
Exadata (Jan2021) 18.13.0.0.200814
|
Patch 32126986
|
All
|
ETA: 20-Jan-2021
|
|
Quarterly Full Stack download for
Exadata (Jan2021) 12.2.0.1
|
Patch 32126981
|
All
|
ETA: 20-Jan-2021
|
|
Quarterly Full Stack download for
Exadata (Jan2021) BP 12.1.0.2
|
Patch 32126979
|
All
|
ETA: 20-Jan-2021
|
|
Quarterly Full Stack download for
SuperCluster (Q1.2021)
|
Patch 32126992
|
All
|
ETA: 23-Feb-2021
|
3 Patch Availability for Oracle Products
This section contains the
following:
·
Section 3.1 "Oracle Database"
·
Section 3.2 "Oracle Enterprise Manager"
·
Section 3.3 "Oracle Fusion Middleware"
·
Section 3.4 "Oracle Sun Middleware"
·
Section 3.5 "Tools"
3.1 Oracle Database
This section contains the
following:
·
Section 3.1.1 "Oracle REST Data Services
(formally called Oracle APEX Listener)"
·
Section 3.1.2 "Oracle Application Express"
·
Section 3.1.3 "Oracle Big Data Spatial and
Graph"
·
Section 3.1.4 "Oracle Database"
·
Section 3.1.5 "Oracle Database Mobile/Lite
Server"
·
Section 3.1.6 "Oracle GoldenGate"
·
Section 3.1.7 "Oracle GoldenGate for Big Data
(Formerly known as Oracle GoldenGate Application Adapters)"
·
Section 3.1.8 "Oracle GoldenGate Veridata"
·
Section 3.1.9 "Oracle Secure Backup"
·
Section 3.1.10 "Oracle Spatial Studio"
·
Section 3.1.11 "Oracle Stream Analytics"
·
Section 3.1.12 "Oracle TimesTen In-Memory
Database"
3.1.1 Oracle REST Data Services
(formally called Oracle APEX Listener)
Minimum
Product Requirements for Oracle REST Data Services
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle REST Data
Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
20.2.1
|
Released October 2020
|
|
3.1.2 Oracle
Application Express
Minimum
Product Requirements for Oracle Application Express
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Application
Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
3.1.3 Oracle Big Data Spatial and
Graph
Minimum
Product Requirements for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Big Data
Spatial and Graph downloads and installation instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Big Data Spatial and Graph
|
20.2
|
Released October 2020
|
|
3.1.4 Oracle
Database
This section contains the
following:
·
Section 3.1.4.1 "Patch Availability for Oracle
Database"
·
Section 3.1.4.2 "Oracle Database 19"
·
Section 3.1.4.3 "Oracle Database 18"
·
Section 3.1.4.4 "Oracle Database 12.2.0.1"
·
Section 3.1.4.5 "Oracle Database 12.1.0.2"
3.1.4.1 Patch Availability for Oracle
Database
For information regarding the
different types of patches for Database, refer to Oracle Database -
Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch
Delivery Methods for 12.2.0.1 and greater, Note 2337415.1
3.1.4.2 Oracle Database 19
|
Patch Information
|
19
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 19
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 19.10.0.0.210119 and
Database Release Update 19.10.0.0.210119 Patch 32126828 for UNIX, or
Combo OJVM Release Update 19.10.0.0.210119 and GI
Release Update 19.10.0.0.210119 Patch 32126842, or
Quarterly Full Stack download for Exadata (Jan2021)
19.10.0.0.200814 Patch 32126988 for Linux x86-64
|
CVE-2021-2035, CVE-2021-2000, CVE-2021-2054, CVE-2021-2045,
CVE-2021-1993
|
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
Database Release Update 19.10.0.0.210119 Patch 32218454 for UNIX, or
Database Release Update Revision 19.9.1.0.210119 Patch 32072711 for UNIX, or
Database Release Update Revision 19.8.2.0.210119 Patch 32066676 for UNIX, or
GI Release Update 19.10.0.0.210119 Patch 32226239, or
GI Release Update Revision 19.9.1.0.210119 Patch 32127230, or
GI Release Update Revision 19.8.2.0.210119 Patch 32127175, or
Microsoft Windows 32-Bit and x86-64 BP 19.10.0.0.210119 Patch 32062765, or
later;
Quarterly Full Stack download for Exadata (Jan2021)
19.10.0.0.200814 Patch 32126988 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster
(Q1.2021) Patch 32126992 for Solaris SPARC 64-Bit
|
CVE-2021-2035, CVE-2021-2000, CVE-2021-2054, CVE-2021-2045,
CVE-2021-2018 (Win Only)
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
OJVM Release Update 19.10.0.0.210119 Patch 32067171 for all platforms
|
CVE-2021-1993
|
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server and Client
home
|
JDK8u281Patch 32162391
|
CVE-2020-14803
|
JDK patches for 32 bit clients would
be build on demand basis.
|
|
Oracle Database Server home
|
Perl Patch 31732095
|
CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
|
|
|
Oracle Database Client home
|
Database Release Update 19.4.0.0.190716 Patch 29834717 for UNIX
|
Released July 2019
|
The Instant Client installation is
not the same as the client-only Installation. For additional information
about Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.3 Oracle Database 18
|
Patch Information
|
18
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 18
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 18.13.0.0.210119 and
Database Release Update 18.13.0.0.210119 Patch 32126855 for UNIX, or
Combo OJVM Release Update 18.13.0.0.210119 and GI
Release Update 18.13.0.0.210119 Patch 32126862, or
Quarterly Full Stack download for Exadata (Jan2021)
18.13.0.0.200814 Patch 32126986
|
CVE-2021-2035, CVE-2021-2000, CVE-2021-2054, CVE-2021-2045,
CVE-2021-1993
|
OJVM Update patches from 18.4 onwards are RAC Rolling
installable. Please see Note 2217053.1, RAC Rolling Install
Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM
PSU/RU) Patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
Database Release Update 18.13.0.0.210119 Patch 32204699, or
Database Release Update Revision 18.12.1.0.210119 Patch 32072459, or
Database Release Update Revision 18.11.2.0.210119 Patch 32066686, or
GI Release Update 18.13.0.0.210119 Patch 32226219, or
GI Release Update Revision 18.12.1.0.210119 Patch 32127237, or
GI Release Update Revision 18.11.2.0.210119 Patch 32127180, or
Microsoft Windows 32-Bit and x86-64 BP
18.13.0.0.210119 Patch 32062760, or
later;
Quarterly Full Stack download for Exadata (Jan2021)
18.13.0.0.200814 Patch 32126986, or
Quarterly Full Stack download for SuperCluster
(Q1.2021) Patch 32126992 for Solaris SPARC 64-Bit
|
CVE-2021-2035, CVE-2021-2000, CVE-2021-2054, CVE-2021-2045,
CVE-2021-2018 (Win Only)
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
OJVM Release Update 18.13.0.0.210119 Patch 32119939 for all platforms
|
CVE-2021-1993
|
OJVM Update patches from 18.4 onwards are RAC Rolling
installable. Please see Note 2217053.1, RAC Rolling Install
Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM
PSU/RU) Patches
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server and Client
home
|
JDK8u281 Patch 32162724
|
CVE-2020-14803
|
See Note 2584628.1, "JDK and PERL
Patches for Oracle Database Home and Grid Home" for information on
availability and prior patches.
JDK patches for 32 bit clients would be build on
demand basis
|
|
Oracle Database Server home
|
Perl Patch 31858032
|
CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
|
|
|
Oracle Database Client home
|
Database Release Update 18.7.0.0.190716 Patch 29757256, or
Database Release Update Revision 18.6.1.0.190716 Patch 29708235, or
Database Release Update Revision 18.5.2.0.190716 Patch 29708437 or
Microsoft Windows 32-Bit and x86-64 BP
18.7.0.0.190716 Patch 29859180
|
Released July 2019
|
The Instant Client installation is
not the same as the client-only Installation. For additional information
about Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.4 Oracle Database 12.2.0.1
|
Patch Information
|
12.2.0.1
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability
for Oracle Database 12.2.0.1
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 12.2.0.1.210119 and
Database Release Update 12.2.0.1.210119 Patch 32126871 for UNIX, or
Combo OJVM Release Update 12.2.0.1.210119 and GI
Release Update 12.2.0.1.210119 Patch 32226491, or
Quarterly Full Stack download for Exadata (Jan2021)
12.2.0.1 Patch 32126981, or
Quarterly Full Stack download for SuperCluster
(Q1.2021) Patch 32126992 for Solaris SPARC 64-Bit
|
CVE-2021-2035, CVE-2021-2000, CVE-2021-2054, CVE-2021-2045,
CVE-2021-1993
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific
situations where the OJVM PSU patchset can be postinstalled into each
database while the database remains in unrestricted "startup"
mode. Please refer to the NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended
Patches -- "Oracle JavaVM Component Database PSU and Update"
(OJVM PSU and OJVM Update) Patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
Database Jan2021 Release Update 12.2.0.1.210119 Patch 32228578 for UNIX, or
GI Jan2021 Release Update 12.2.0.1.210119 Patch 32226491, or
BS2000 Database BP 12.2.0.1.210119 Patch 32226825
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.210119 Patch 31987852, or
later;
Quarterly Full Stack download for Exadata (Jan2021)
12.2.0.1 Patch 32126981, or
Quarterly Full Stack download for SuperCluster
(Q1.2021) Patch 32126992 for Solaris SPARC 64-Bit
|
CVE-2021-2035, CVE-2021-2000, CVE-2021-2054, CVE-2021-2045
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
Please note that 12.2.0.1 entered Limited Error Correction as of December 01, 2020. Hence,
Oracle is only including Security and P1 fixes into the 12.2.0.1
quarterly patch bundles. Therefore as of 2021, there is no content
difference between a Release Update and a Release Update Revision, and
all 12.2.0.1 customers should use the 12.2.0.1 Release Update.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
OJVM Release Update 12.2.0.1.210119 Patch 32119931 for UNIX, or
OJVM Microsoft Windows Bundle Patch 12.2.0.1.210119 Patch 32142294
|
CVE-2021-1993
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific
situations where the OJVM PSU patchset can be postinstalled into each
database while the database remains in unrestricted "startup"
mode. Please refer to the NOTE for more details.
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server and Client
home
|
JDK8u281 Patch 32162748
|
CVE-2020-14803
|
See Note 2584628.1, "JDK and PERL
Patches for Oracle Database Home and Grid Home" for information on
availability and prior patches.
JDK patches for 32 bit clients would be build on
demand basis.
|
|
Oracle Database Server home
|
Perl Patch 31858212
|
CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
|
|
|
Oracle Database Client home
|
Database Oct2019 Release Update 12.2.0.1.190716 Patch 29757449 for UNIX, or
Database Jan2019 Release Update Revision 12.2.0.1.190716 Patch 29708478, or
Database Apr2019 Release Update Revision 12.2.0.1.190716 Patch 29708381, or
Microsoft Windows 32-Bit and x86-64 RU 12.2.0.1.190716 Patch 29832062, or
later
|
Released July 2019
|
The Instant Client installation is
not the same as the client-only Installation. For additional information
about Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.5 Oracle Database 12.1.0.2
Error
Correction information for Oracle Database 12.1.0.2
|
Patch Information
|
12.1.0.2
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 12.1.0.2
If the Combo patches that are
listed in the first row are applied, then the patches listed in Rows 2 and
3 do not need to be applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 12.1.0.2.210119 and Database PSU
12.1.0.2.210119 Patch 32126886 for UNIX, or
Combo OJVM PSU 12.1.0.2.210119 and GI PSU
12.1.0.2.210119 Patch 32126899, or
Combo OJVM PSU 12.1.0.2.210119 and Database Proactive
BP 12.1.0.2.210119 Patch 32126908 for UNIX, or
Quarterly Full Stack download for Exadata (Jan2021)
BP 12.1.0.2 Patch 32126979, or
Quarterly Full Stack download for SuperCluster
(Q1.2021) Patch 32126992 for Solaris SPARC 64-Bit
|
CVE-2021-2035, CVE-2021-2000, CVE-2021-2045,
CVE-2021-1993
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific
situations where the OJVM PSU patchset can be postinstalled into each
database while the database remains in unrestricted "startup"
mode. Please refer to the NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.
|
|
Oracle Database Server home
|
Database PSU 12.1.0.2.210119 Patch 31985579 for UNIX, or
GI PSU 12.1.0.2.210119 Patch 32131261, or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.210119 Patch 32000405, or
later;
Database Proactive Bundle Patch 12.1.0.2.210119 Patch 32131231 or
Quarterly Full Stack download for Exadata (Jan2021)
BP 12.1.0.2 Patch 32126979, or
Quarterly Full Stack download for SuperCluster
(Q1.2021) Patch 32126992 for Solaris SPARC 64-Bit
|
CVE-2021-2035, CVE-2021-2000, CVE-2021-2045
|
For JDK fixes a separate patch is available (see
below) and needs to be installed in addition to the Database and GI
patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU 12.1.0.2.210119 Patch 32119956 for UNIX, or
Oracle JavaVM Component Microsoft Windows Bundle
Patch 12.1.0.2.210119 Patch 32142066
|
CVE-2021-1993
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific
situations where the OJVM PSU patchset can be postinstalled into each
database while the database remains in unrestricted "startup"
mode. Please refer to the NOTE for more details.
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server and Client
home
|
JDK7u291 Patch 32162885
|
CVE-2020-14803
|
See Note 2584628.1, "JDK and PERL
Patches for Oracle Database Home and Grid Home" for information on
availability and prior patches.
JDK patches for 32 bit clients would be build on
demand basis.
|
|
Oracle Database Server home
|
Perl Patch 31858428
|
CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
|
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU
- Generic JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database PSU 12.1.0.2.190716 Patch 29494060 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.190716 Patch 29831650
|
Released July 2019
|
The Instant Client installation is
not the same as the client-only Installation. For additional information
about Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.5 Oracle
Database Mobile/Lite Server
Error
Correction Information for Oracle Database Mobile Server
|
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
|
Final CPU
|
-
|
October 2021
|
|
Patch
Availability for Oracle Database Mobile Server 12.1.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch
Availability for Oracle Database Mobile Server 11.3.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle
GoldenGate
Error
Correction information for Oracle GoldenGate
|
Component
|
19.1
|
18.1
|
12.3.0.1
|
12.2.0.2
|
12.1.2.1
|
Comments
|
|
Final CPU
|
July 2026
|
April 2021
|
April 2021
|
October 2023
|
October 2021
|
|
Patch
Availability for Oracle GoldenGate
3.1.7 Oracle
GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application
Adapters)
Error
Correction information for Oracle GoldenGate for Big Data
|
Component
|
19.1.0.0.x
|
12.3.2.1.0
|
Comments
|
|
Final CPU
|
July 2026
|
October 2021
|
|
Patch
Availability for Oracle GoldenGate for Big Data
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
19.1.0.0.0
|
Oracle GoldenGate for Big Data
19.1.0.0.7 Patch 31980180
|
CVE-2020-5421, CVE-2020-9488
|
|
|
12.3.2.1
|
Oracle GoldenGate for Big Data
12.3.2.1.9 Patch 31555782 or later
|
Released October 2020
|
|
3.1.8 Oracle
GoldenGate Veridata
Error
Correction information for Oracle GoldenGate Veridata
|
Component
|
12.2.1
|
12.1.3
|
11.2.1.0
|
Comments
|
|
Final CPU
|
July 2025
|
July 2022
|
October 2020
|
|
Patch
Availability for Oracle GoldenGate Veridata
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1
|
OGG Veridata Bundle Patch 12.2.1.4.200714
(PS4 BP2) (Server+Agent) Patch 31044508
|
Released July 2020
|
|
|
12.1.3
|
ORACLE GOLDENGATE VERIDATA
V12.1.3.0.180415 SERVER Patch 26424104
|
Released April, 2018
|
|
|
11.2.1.0
|
oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665
oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668
|
Released April 2018
|
Golden Gate Veridata Patch
|
3.1.9 Oracle
Secure Backup
Error
Correction information for Oracle Secure Backup
|
Patch Information
|
18.1
|
Comments
|
|
Final CPU
|
January 2024
|
|
Minimum
Product Requirements for Oracle Secure Backup
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Secure Backup
downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Secure Backup
|
18.1.0.1
|
CVE-2020-9490, CVE-2020-11984,
CVE-2020-11993, CVE-2020-7064
|
|
3.1.10 Oracle
Spatial Studio
Minimum
Product Requirements for Oracle Spatial Studio
Critical Patch Update security vulnerabilities
are fixed in the listed releases. The Oracle Spatial Studio downloads and
installation instructions can be found at
https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Spatial Studio
|
19.2.1
|
Released July 2020
|
|
3.1.11 Oracle
Stream Analytics
Minimum
Product Requirements for Oracle Stream Analytics
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Stream
Analytics downloads and installation instructions can be found at
https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html
|
Product
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Stream Analytics
|
19.1.0.0.1 Patch 30629903
|
Released July 2020
|
|
3.1.12 Oracle TimesTen In-Memory
Database
Error Correction information for Oracle TimesTen
In-Memory Database
Describes Error Correction
information for Oracle TimesTen In-Memory Database.
|
Patch Information
|
18.1
|
Comments
|
|
Final Patch
|
April 2026
|
|
Minimum
Product Requirements for Oracle TimesTen In-Memory Database
Describes the minimum product
requirements for Oracle TimesTen In-Memory Database. The CPU security
vulnerabilities are fixed in the listed release and later releases.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle TimesTen In-Memory Database
|
18.1.4.1.0 or later version
|
Released October 2020
|
|
3.2 Oracle Enterprise Manager
This section contains the
following:
·
Section 3.2.1 "Oracle Real User Experience
Insight"
·
Section 3.2.2 "Oracle Application Testing
Suite"
·
Section 3.2.3 "Oracle Business Transaction
Management"
·
Section 3.2.4 "Oracle Enterprise Manager Cloud
Control"
·
Section 3.2.5 "Oracle Enterprise Manager Ops
Center"
·
Section 3.2.6 "OSS Support Tools"
·
Section 3.2.7 "Oracle Configuration
Manager"
3.2.1 Oracle Real User Experience
Insight
Error
Correction information for Oracle Real User Experience Insight
|
Patch Information
|
13.4.1.0
|
13.3.1.0
|
Comments
|
|
Final CPU
|
October 2023
|
April 2021
|
|
|
On-Request platforms
|
-
|
-
|
|
Minimum
Product Requirements for Oracle Real User Experience Insight
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For more information on
Oracle Real User Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Real User Experience Insight 13.3.1.0
|
Patch 31595030
|
Released July 2020
|
|
3.2.2 Oracle
Application Testing Suite
Error
Correction information for Oracle Application Testing Suite
|
Patch Information
|
13.3.0.1
|
Comments
|
|
Final CPU
|
June 2025
|
|
Patch
Availability for Oracle Application Testing Suite
These patches contain Critical
Patch Update security vulnerabilities fixes for this release. All previous versions
will need to be upgraded to the minimum version. Then, apply the following
patches to fix the announced security vulnerabilities. For Oracle
Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
3.2.3 Oracle
Business Transaction Management
Error
Correction Information for Oracle Business Transaction Management
|
Component
|
12.1.0.7
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Business Transaction Management
|
Product Home
|
Patch
|
Advisory Number
|
Comment
|
|
BTM Home
|
BTM Patch 12.1.0.7.15 Patch 29135901
|
Released April 2019
|
|
3.2.4 Oracle
Enterprise Manager Cloud Control
If your plans include updating the
JDK version, please be sure that the JDK version that you choose is
certified with your OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM Cloud
Control Component.
Error
Correction information for Oracle Enterprise Manager Cloud Control
|
Patch Information
|
13.4.0.0
|
13.3.0.0
|
Comments
|
|
Final CPU
|
-
|
January 2021
|
|
|
On-Request platforms
|
-
|
-
|
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 4
(13.4.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
|
|
|
Oracle Java SE home
|
See Note 2653847.1 EM 13.4: How to Use the Latest
Certified JDK 8 Update with OMS 13.4
|
See Note 2653847.1 EM 13.4: How to Use the Latest
Certified JDK 8 Update with OMS 13.4
|
|
|
Base Platform Fusion Middleware home
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
CVE-2019-12402
|
Update OPatch 13.9.4.2.5 Patch 28186730 before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c.
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.2.1.3.0)
|
See "Oracle WebLogic Server" (Version 12.2.1.3.0)
|
|
|
Base Platform Fusion Middleware home
|
OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 or later
|
Released July 2020
|
Oracle Security Service (SSL/Network)
Patch for Oracle HTTP server (OHS)
|
|
Base Platform OMS home
|
Enterprise Manager for Peoplesoft
13.4.1.1.0 Patch for CPUOct2020 Patch 31795605
|
Released October 2020
|
|
|
Base Platform Agent home
|
Enterprise Manager for Beacon 13c
Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later
|
Released July 2020
|
|
|
Base Platform OMS home
|
Enterprise Manager 13c Release 4
Update 8 (13.4.0.8) for OMS Patch 32071974 or later
|
Released October 2020
|
|
|
Base Platform Fusion Middleware home
|
ADF BUNDLE PATCH 12.2.1.3.0
(ID:190924.2139.S) Patch 30347629 or later
|
Released October 2019
|
Apply to all Oracle homes installed
with an FMW Infrastructure
|
|
Base Platform Fusion Middleware home
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.3.0
(ID:191219.2319) Patch 30687404 or later
|
Released January 2020
|
Note 2568225.1Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Base Platform Fusion Middleware home
|
REMOVE APACHE STRUTS FROM BI INSTALL
12.2.1.3 (EM 13.4) Patch 31254677 or later
|
Released July 2020
|
|
|
Base Platform Fusion Middleware home
|
OBI BUNDLE PATCH 12.2.1.3.200114 Patch 30499022 or later
|
CVE-2016-1000031, CVE-2020-11973
|
|
|
EM Cloud Control Connectors
|
See Announcement on MOSC
|
CVE-2019-13990
|
Connector 13.2.1.0 is applicable to
EM 13.4
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 3
(13.3.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.1.3)
|
|
|
|
Base Platform Fusion Middleware home
|
Opatch SPU 13.8.0.0.0 Patch 31682991 or later
|
Released July 2020
|
|
|
Base Platform Fusion Middleware home
|
REMOVE APACHE STRUTS FROM BI INSTALL Patch 31076938 or later
|
Released July 2020
|
|
|
Base Platform Fusion Middleware home
|
OBI BUNDLE PATCH 12.2.1.3.200114 Patch 30499022 or later
|
CVE-2016-1000031, CVE-2020-11973
|
For CVE-2016-1000031, upgrade to
Enterprise Manager 13c Release 4 and then apply OBI BUNDLE PATCH
12.2.1.3.200114 Patch 30499022 or later
|
|
Base Platform OMS home
|
Base Release 13.3
|
Released April 2019
|
|
|
Base Platform OMS home
|
EM BP Patch Set Update
13.3.0.0.201020 Patch 31899771 or later
|
Released October 2020
|
|
|
Base Platform OMS home
|
OSS SECURITY PATCH UPDATE 12.1.3.0.0
(CPUJAN2020) Patch 30692958 or later
|
Released January 2020
|
Oracle Security Service (SSL/Network) Patch for
Oracle HTTP server (OHS)
|
|
Base Platform OMS home
|
OHS 12.1.3 for EM APR 2020 SPU Patch 31046788 or later
|
Released April 2020
|
Note 2572758.1 Cumulative README Post-Install
Steps for Oracle HTTP Server 12.1.3 Critical Patch Update
|
|
Base Platform Agent home
|
EM-AGENT Bundle Patch 13.3.0.0.191015 Patch 30206738 or later
|
Released October 2019
|
|
|
Base Platform Agent home
|
EM-BEACON Plug-in Agent Bundle Patch
13.3.0.0.200731 (Patch canceled)
|
Released July 2020
|
For CVE-2019-12415, upgrade to 13.4
and apply Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4
(13.4.0.4) for Agent Patch 31426056 or later.
|
|
EM Cloud Control Connectors
|
See Announcement on MOSC
|
CVE-2019-13990
|
Connector 13.2.1.0 is applicable to
EM 13.3
|
|
Base Platform OMS home
|
Enterprise Manager for OMS Plugins
13.3.2.0.200630 Patch 31521484 or later
|
Released July 2020
|
|
|
Base Platform OMS home
|
EM for OMS plugin 13.3.1.0.201031 Patch 32019093 or later
|
CVE-2018-15756
|
For CVE-2018-15756, upgrade
Enterprise Manager for Fusion Applications Plug-in to 13.4.1.0.0 version,
which is released as part of Enterprise Manager 13c Release 4
|
|
Base Platform OMS home
|
SPU Patch 25322055 or later
|
Released in January 2017
|
Oracle ADF Patch 12.1.3.0, This patch
is necessary for any co-located installations where ADF exists.
|
3.2.5 Oracle
Enterprise Manager Ops Center
Error
Correction information for Oracle Enterprise Manager Ops Center
|
Patch Information
|
12.4.0
|
Comments
|
|
Final CPU
|
April 2024
|
Premier Support ends
|
Patch
Availability for Oracle Enterprise Manager Ops Center
These patches contain Critical
Patch Update security vulnerabilities fixes for this release. All previous
versions will need to be upgraded to the minimum version. Then, apply the
following patches to fix the announced security vulnerabilities. For Oracle
Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
12.4.0
|
Ops Center UCE patches for Jan 2021 Patch 32168066 or later
|
CVE-2020-11984, CVE-2015-4000
|
|
|
12.4.0
|
Ops Center UI/Other patches for
October 2020 Patch 31955705 or later
|
Released October 2020
|
|
3.2.6 OSS
Support Tools
Error
Correction information for OSS Support Tools
|
Patch Information
|
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for OSS Support Tools
|
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
|
|
Patch 22783063
|
|
See My Oracle Support Note 1153444.1, Oracle
Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT
|
3.2.7 Oracle
Configuration Manager
Minimum
Product Requirements for Oracle Configuration Manager
Critical Patch Update security
vulnerabilities are fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS
(support.oracle.com). Customer can use collector tab to down the Oracle
Configuration Manager Collector.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Configuration Manager
|
OCM 12.1.2.0.7 Patch 5567658
|
Released July 2020
|
Upgrade to 12.1.2.0.7 Release
For patch availability, see section 2.2 Post Release Patches
|
3.3 Oracle Fusion Middleware
This section contains the
following:
·
Section 3.3.1 "Management Pack For Oracle
GoldenGate"
·
Section 3.3.2 "NetBeans IDE"
·
Section 3.3.3 "Oracle API Gateway"
·
Section 3.3.4 "Reserved for future use"
·
Section 3.3.5 "Oracle Business Intelligence
Enterprise Edition"
·
Section 3.3.6 "Oracle Business Intelligence
Publisher"
·
Section 3.3.7 "Oracle Complex Event
Processing"
·
Section 3.3.8 "Oracle Data Quality for Oracle
Data Integrator"
·
Section 3.3.9 "Oracle Data Visualization
Desktop"
·
Section 3.3.10 "Oracle Endeca Server"
·
Section 3.3.11 "Oracle Endeca Information
Discovery Integrator"
·
Section 3.3.12 "Oracle Endeca Information
Discovery Studio"
·
Section 3.3.13 "Oracle Enterprise Data
Quality"
·
Section 3.3.14 "Oracle Enterprise
Repository"
·
Section 3.3.15 "Oracle Exalogic Patch Set Update
(PSU)"
·
Section 3.3.16 "Oracle Fusion Middleware"
·
Section 3.3.17 "Oracle Hyperion Analytic
Provider Services"
·
Section 3.3.18 "Oracle Hyperion BI+"
·
Section 3.3.19 "Oracle Hyperion Data
Relationship Management"
·
Section 3.3.20 "Oracle Hyperion Enterprise
Performance Management Architect"
·
Section 3.3.21 "Oracle Hyperion Essbase"
·
Section 3.3.22 "Oracle Hyperion Financial Close
Management"
·
Section 3.3.23 "Oracle Hyperion Financial
Management"
·
Section 3.3.24 "Oracle Hyperion Financial
Reporting"
·
Section 3.3.25 "Oracle Hyperion Lifecycle
Management"
·
Section 3.3.26 "Oracle Hyperion Planning"
·
Section 3.3.27 "Oracle Hyperion Profitability
and Cost Management"
·
Section 3.3.28 "Oracle Hyperion Strategic
Finance"
·
Section 3.3.29 "Oracle Hyperion Workspace"
·
Section 3.3.30 "Oracle JDeveloper and Oracle
ADF"
·
Section 3.3.31 "Oracle Map Viewer"
·
Section 3.3.32 "Oracle Outside In
Technology"
·
Section 3.3.33 "Oracle Real Time Decisions
Platform"
·
Section 3.3.34 "Oracle Service Architecture
Leveraging Tuxedo (SALT)"
·
Section 3.3.35 "Oracle SOA Suite"
·
Section 3.3.36 "Oracle Traffic Director"
·
Section 3.3.37 "Oracle Tuxedo"
·
Section 3.3.38 "Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)"
·
Section 3.3.39 "Oracle Web-Tier 11g Utilities"
·
Section 3.3.40" Oracle WebCenter"
·
Section 3.3.41" Oracle WebCenter Content
(Formerly Oracle Universal Content Management)"
·
Section 3.3.42" Oracle WebCenter Portal"
·
Section 3.3.43 "Oracle WebCenter Sites (Formerly
FatWire Content Server)"
·
Section 3.3.44 "Oracle WebCenter Sites
Community"
·
Section 3.3.45 "Oracle WebCenter Suite"
·
Section 3.3.46 "Oracle WebLogic Portal"
·
Section 3.3.47 "Oracle WebLogic Server"
·
Section 3.3.48 "Oracle Coherence"
3.3.1 Oracle GoldenGate Monitor (aka
Management Pack for Oracle GoldenGate)
Error
Correction information for Oracle GoldenGate Monitor (aka Management Pack
for Oracle GoldenGate)
|
Patch Information
|
12.2.1
|
12.1.3.x
|
Comments
|
|
Final CPU
|
July 2025
|
July 2022
|
|
Patch
Availability for Management Pack For Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.2.0
|
Oracle GoldenGate Monitor
12.2.1.2.200930 (Server+Agent) Patch 31748559
|
Released October 2020
|
|
|
12.1.3
|
Monitor Server 12.1.3.0.160628 Patch 23340597
Monitor Agent 12.1.3.0.160628 Patch 23333295
|
Released June 2016
|
-
|
3.3.2
NetBeans IDE
Minimum
Product Requirements for NetBeans IDE
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For NetBeans IDE
downloads, see https://netbeans.org/downloads/
|
Product Home
|
Release
|
Advisory Number
|
Comments
|
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle API Gateway
Error
Correction information for Oracle API Gateway
|
Patch Information
|
11.1.2.4.0
|
Comments
|
|
Final CPU
|
March 2021
|
|
Patch
Availability for Oracle API Gateway
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4.0
|
OAG 11.1.2.4.0 SPU FOR APRCPU2020 Patch 30901960
|
Released April 2020
|
|
3.3.4 Reserved for future use
3.3.5 Oracle
Business Intelligence Enterprise Edition
Error
Correction information for Oracle Business Intelligence Enterprise Edition
|
Patch Information
|
5.5.0.0.0
|
12.2.1.4.0
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
-
|
|
|
11.1.1.9.0 End of Error Correction
for Extended Support Customer only beyond Dec 2018
|
Patch
Availability for Oracle Analytics Server 5.5 (Formerly known as Oracle
Business Intelligence)
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 1492980.1, How to
Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server" (version 12.2.1.4.0)
|
See "Oracle WebLogic Server" (version 12.2.1.4.0)
|
See Note 1306505.1, Patch Set
Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
|
|
Oracle Analytics Server (OAS)
5.5.0.0.0
|
See "Oracle Fusion Middleware 12c" (12.2.1.4.)
|
See "Oracle Fusion Middleware 12c" (12.2.1.4.)
|
Apply all 12.2.1.4 patches listed for
"Oracle Fusion Middleware Infrastructure (WebLogic Server for
FMW)"
|
|
Oracle Analytics Server (OAS)
5.5.0.0.0
|
OAS BUNDLE PATCH 5.5.0.0.201216 Patch 32294034
|
CVE-2019-14862, CVE-2021-2003,
CVE-2021-2013, CVE-2021-2025, CVE-2021-2049, CVE-2021-2050,
CVE-2021-2051, CVE-2021-2062
|
Oracle Business Intelligence is rebranded as Oracle
Analytics Server
Apply all 12.2.1.4 patches listed for "Oracle
Fusion Middleware Infrastructure (WebLogic Server for FMW)". See "Oracle Fusion Middleware 12.2.1.4"
|
|
Oracle Security Service
|
OSS BUNDLE PATCH 12.2.1.4.200616 Patch 31503472
|
Released July 2020
|
|
Patch
Availability for Oracle Business Intelligence Enterprise Edition 12c
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 1492980.1, How to
Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set
Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
|
|
12.2.1.4 Oracle Business Intelligence
Enterprise Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise Edition
|
See "Oracle Fusion Middleware 12c"
|
See "Oracle Fusion Middleware 12c"
|
Apply all 12.2.1.3 patches listed for
"Oracle Fusion Middleware Infrastructure (WebLogic Server for
FMW)"
|
|
12.2.1.4 Oracle Business Intelligence
Enterprise Edition
|
OBI Bundle Patch 12.2.1.4.201216 Patch 32294048
|
CVE-2021-2062, CVE-2021-2051,
CVE-2021-2049, CVE-2021-2050, CVE-2021-2013, CVE-2021-2005, CVE-2021-2003,
CVE-2021-2025, CVE-2021-2041
|
|
|
12.2.1.4 Oracle Business Intelligence Enterprise
Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise
Edition
|
OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139
|
Released July 2020
|
Oracle Security Service (SSL/Network) Patch
|
|
12.2.1.3 Oracle Business Intelligence
Enterprise Edition
|
OBI Bundle Patch 12.2.1.3.201216 Patch 32294042
|
CVE-2021-2062, CVE-2021-2051,
CVE-2021-2049, CVE-2021-2050, CVE-2021-2013, CVE-2021-2005, CVE-2021-2003,
CVE-2021-2025, CVE-2021-2041
|
|
Patch
Availability for Oracle Business Intelligence Enterprise Edition 11.1.1.9
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 1492980.1, How to
Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set
Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
|
|
11.1.1.9
|
BI SUITE BUNDLE PATCH 11.1.1.9.210119 Patch 32310890
|
CVE-2021-2062, CVE-2021-2051, CVE-2021-2049,
CVE-2021-2050, CVE-2021-2013, CVE-2021-2025, CVE-2021-2003
|
|
|
11.1.1.9
|
OSS BUNDLE PATCH 11.1.1.9.200714 Patch 31304503
|
Released July 2020
|
For patch availability, see section 2.2 Post Release Patches
Note 2572809.1 Steps to Evaluate and Update SSL
Wallet
|
|
11.1.1.9
|
OPMN Patch 23716938
|
Released October 2017
|
|
|
DAC 11.1.1.6.4 home
|
Patch 27825965-
DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU for apr2018cpu
|
Released April 2018
|
Patch can be installed in any home
|
3.3.6 Oracle
Business Intelligence Publisher
Error
Correction information for Oracle Business Intelligence Publisher
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
|
|
11.1.1.9.0 End of Error Correction
for Extended Support Customer only beyond Dec 2018
|
Patch
Availability for Oracle Business Intelligence Publisher
3.3.7 Oracle
Complex Event Processing
Error
Correction information for Oracle Complex Event Processing
|
Patch Information
|
CEP 12.1.3
|
Comments
|
|
Final CPU
|
October 2020
|
|
Patch
Availability for Oracle Complex Event Processing
See also the underlying product stack
tables (JRockit and WLS) for any applicable patches.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.3.0
|
SPU Patch 21071699
|
Released July 2015
|
|
3.3.8 Oracle
Data Quality for Oracle Data Integrator
Error
Correction information for Oracle Data Quality for Oracle Data Integrator
|
Patch Information
|
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Data Quality for Oracle Data Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.9 Oracle
Data Visualization Desktop
Error
Correction information for Oracle Data Visualization Desktop
|
Patch Information
|
12.2.4.1.1
|
Comments
|
|
Final CPU
|
-
|
|
Patch
availability for Oracle Data Visualization Desktop
3.3.10 Oracle
Endeca Server
Error Correction
information for Oracle Endeca Server
|
Patch Information
|
7.7
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch
availability for Oracle Endeca Server
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Server 7.7 home
|
ORACLE ENDECA SERVER 7.7 SPU APRIL
2020 Patch 30507959
|
Released April 2020
|
|
3.3.11 Oracle
Endeca Information Discovery Integrator
Error Correction
information for Oracle Endeca Information Discovery Studio Integrator
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch
availability for Oracle Endeca Information Discovery Studio Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Information Discovery
Integrator 3.2 home
|
ORACLE ENDECA INFORMATION DISCOVERY
INTEGRATOR 3.2 CPU JANUARY 2021 Patch 32302739 or later
|
CVE-2020-5421, CVE-2019-10086
|
|
|
Oracle Endeca Information Discovery
Integrator 3.2 home
|
ORACLE ENDECA INFORMATION DISCOVERY
INTEGRATOR AQUISITION SYSTEM 3.2 SPU JAN 2020 Patch 30472013 or later
|
Released in January 2020
|
|
3.3.12 Oracle
Endeca Information Discovery Studio
Error
Correction information for Oracle Endeca Information Discovery Studio
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch
availability for Oracle Endeca Information Discovery Studio
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Information Discovery
Studio 3.2 home
|
ORACLE ENDECA INFORMATION DISCOVERY
3.2 STUDIO CPU OCT2020 Patch 31992470
|
Released October 2020
|
|
3.3.13 Oracle
Enterprise Data Quality
Error
Correction information for Oracle Enterprise Data Quality
|
Patch Information
|
11.1.1.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Enterprise Data Quality
3.3.14 Oracle
Enterprise Repository
Error
Correction information for Oracle Enterprise Repository
|
Patch Information
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Enterprise Repository
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7.0
|
OER 11.1.1.7.0 CPU for January 2021Patch 32146895 or later
|
CVE-2020-11998, CVE-2020-11994, CVE-2020-11979,
CVE-2019-17566
|
"CVE-2018-1000180, CVE-2018-8013, CVE-2018-1275,
CVE-2017-5645" included in 11.1.1.7 patch are announced in previous
CPUs.
|
3.3.15 Oracle
Exalogic Patch Set Update (PSU)
Error
Correction information for Oracle Exalogic Patch Set Update (PSU)
|
Patch Information
|
2.x
|
1.x
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Set
Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.4.200714 Physical Linux (for all X3-2, X4-2,
X5-2, and X6-2) Patch 31347467
|
Released in July 2020
|
Note 1314535.1
|
|
2.x Virtual
|
2.0.6.4.200714 Virtual (for all X3-2, X4-2, X5-2, and
X6-2) Patch 31347468
|
Released in July 2020
|
Note 1314535.1
|
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013 (15931901)
|
See Patch 13795376 EECS 2.0 PHYSICAL INFRASTRUCTURE
UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 15931901 Oracle Exalogic 2.0.4.0.0
Upgrade Kit for Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing
Exalogic PSUs (Patch Set Updates)
|
3.3.16 Oracle
Fusion Middleware
For more information on how to
identify the components in an Oracle home, see Note 1591483.1, What is
Installed in My Middleware or Oracle home?.
This section contains the
following:
·
Section 3.3.16.1 "Oracle Fusion Middleware
12c"
o Section 3.3.16.1.1 "Oracle Fusion Middleware
12.2.1.4"
o Section 3.3.16.1.2 "Oracle Fusion Middleware
12.2.1.3"
·
Section 3.3.16.2 "Oracle Fusion Middleware
11.1.1.9"
·
Section 3.3.16.3 "Oracle Identity and Access
Management"
·
Section 3.3.16.4 "Oracle Identity Access
Management 11.1.2.3"
·
Section 3.3.16.5 "Oracle Identity Management
Connector"
3.3.16.1 Oracle
Fusion Middleware 12c
The sections below cover Oracle
Fusion Middleware version 12.2.x and 12.1.x
·
Section 3.3.16.1.1 "Oracle Fusion Middleware
12.2.1.4"
·
Section 3.3.16.1.2 "Oracle Fusion Middleware
12.2.1.3"
3.3.16.1.1 Oracle
Fusion Middleware 12.2.1.4
Error
Correction information for Oracle Fusion Middleware 12.2.1.4
|
Patch Information
|
12.2.1.4
|
Comments
|
|
Final CPU
|
|
See Note 1933372.1, Error Correction Support
Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
-
|
|
|
Determine Components in an Oracle
Home
|
-
|
See Note 1591483.1, What is Installed in My
Middleware or Oracle home?
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, understanding Fusion
Middleware Bundle Patch (BP) Release Versions
See Note 2565576.1, Understanding WebLogic
Server Patch Set Update (PSU) Release Versions
|
Patch
Availability for Oracle Fusion Middleware 12.2.1.4
|
Distribution
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 1492980.1, How to
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
All 12.2.1.4 & 12.2.1.3 Fusion
Middleware Distributions & WebLogic home
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
CVE-2019-12402
|
Update OPatch 13.9.4.2.5 Patch 28186730 before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c.
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
WLS PATCH SET UPDATE 12.2.1.4.201209 Patch 32253037 or later
|
CVE-2020-14750, CVE-2021-2047,
CVE-2019-10086, CVE-2021-2033, CVE-2021-2109, CVE-2021-2075,
CVE-2019-17195
|
See Note 2665794.1, How to Restrict T3/T3S
Protocol Traffic for WebLogic Server.
CVE-2020-14750 announced in an Alert is included in
Jan PSU
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020 Patch 31544353 or later
|
Released October 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
WEBLOGIC SAMPLES SPU 12.2.1.4.210119 Patch 32148640 or later
|
CVE-2020-5421, CVE-2020-11022
|
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
ADF BUNDLE PATCH 12.2.1.4.200817 Patch 31762739 or later
|
Released October 2020
|
|
|
Oracle HTTP Server
Oracle Forms and Reports
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.4.200826 Patch 31808404 or later
|
Released October 2020
|
Note 2743971.1 Cumulative README Post-Install
Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.4.210102 Patch 32337168 or later
|
CVE-2020-13935, CVE-2020-10683
|
|
|
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
OSS BUNDLE PATCH 12.2.1.4.200616 Patch 31503472 or later
|
Released July 2020
|
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
Coherence 12.2.1.4.7 Patch 32124456 or later
|
CVE-2020-14756
|
|
|
Oracle Unified Directory
|
OUD BUNDLE PATCH 12.2.1.4.200526 Patch 31400392 or later
|
Released July 2020
|
|
|
Oracle WebCenter Portal
|
WebCenter Portal Bundle Patch 12.2.1.4.201126 Patch 32224021 or later
Oracle WebCenter Core Bundle Patch 12.2.1.4.201202 Patch 32224147 or later
|
CVE-2019-10086
|
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Forms and Reports
|
Oracle Reports Developer 12.2.1.4.0
SPU Patch 30731161 or later
|
Released January 2020
|
|
|
Oracle Webcenter Sites
|
Webcenter Sites 12.2.1.4.210119 Patch 32315127 or later
|
CVE-2020-11022
|
|
|
Oracle Data Integrator
|
ODI Bundle Patch 12.2.1.4.210108 Patch 32359156 or later
|
CVE-2020-10683, CVE-2015-8965,
CVE-2018-9019, CVE-2019-17359, CVE-2020-9488, CVE-2019-10086, CVE-2019-10247
|
|
3.3.16.1.2 Oracle
Fusion Middleware 12.2.1.3
Error
Correction information for Oracle Fusion Middleware 12.2.1.3
|
Patch Information
|
12.2.1.3
|
Comments
|
|
Final CPU
|
|
See Note 1933372.1, Error Correction Support
Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
-
|
|
|
Determine Components in an Oracle
Home
|
-
|
See Note 1591483.1, What is Installed in My
Middleware or Oracle home?
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, understanding Fusion
Middleware Bundle Patch (BP) Release Versions
See Note 2565576.1, Understanding WebLogic
Server Patch Set Update (PSU) Release Versions
|
Patch
Availability for Oracle Fusion Middleware 12.2.1.3
|
Distribution
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 1492980.1, How to
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
All 12.2.1.3 Fusion Middleware
Distributions & WebLogic home
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
CVE-2019-12402
|
Update OPatch 13.9.4.2.5 Patch 28186730 before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c.
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
WLS PATCH SET UPDATE 12.2.1.3.201217 Patch 32300397 or later
|
CVE-2020-14750, CVE-2021-2047,
CVE-2019-10086, CVE-2021-2033, CVE-2021-2109, CVE-2021-2075,
CVE-2018-10237, CVE-2019-17195
|
CVE-2020-14750 is included in Jan PSU Patch.
See Note 2421487.1, Oracle Strongly
recommends applying minimum JDK version (JDK 8u181 or later) to make some
of Weblogic Server Deserialization vulnerability fixes effective.
Refer to Note 2437460.1 for Patch Conflict issue.
WLS PSU should also be applied to all homes with a
WLS full or standalone domain.
See Note 2395745.1, April 2018 Critical
Patch Update: Additional Information about the Oracle WebLogic Server
Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch
Update: Additional information about the Oracle WebLogic Server
Vulnerability CVE-2018-2933.
See Note 2076338.1, July 2018 Critical Patch
Update: Additional information about the Oracle WebLogic Server
Vulnerability CVE-2015-4852
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure WebLogic
Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0
JULY CPU 2020 Patch 31544340 or later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
Identity and Access Management
|
OAM BUNDLE PATCH
12.2.1.3.191201(ID:191201.0123.S) Patch 30609442 or later
|
Released April 2020
|
|
|
Identity and Access Management Oracle
Unified Directory
|
OUD BUNDLE PATCH 12.2.1.3.200623 Patch 31529239 or later
|
Released July 2020
|
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.3.201210 Patch 32260099 or later
|
CVE-2020-13935, CVE-2020-10683,
CVE-2019-10173
|
|
|
Oracle WebCenter Portal
|
WebCenter Portal Bundle Patch 12.2.1.3.201202 Patch 32225019 or later
Oracle WebCenter Core Bundle Patch 12.2.1.3.201124 Patch 32224246 or later
|
CVE-2019-10086
|
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Webcenter Sites
|
Webcenter Sites 12.2.1.3.210119 Patch 32292427 or later
|
CVE-2020-11022
|
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
WEBLOGIC SAMPLES SPU 12.2.1.3.210119 Patch 32148634 or later
|
CVE-2020-5421, CVE-2020-11022
|
This patch is a cumulative patch for all Struts 2
CVEs to date.
See Note 2255054.1, Oracle WebLogic Server
Requirements for Apache Struts 2 Vulnerabilities
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
Coherence 12.2.1.3.12 Patch 32124527 or later
|
CVE-2020-14756
|
|
|
Oracle HTTP Server
Oracle Forms and Reports
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.3.200911 Patch 31876370 or later
|
Released October 2020
|
Note 2568225.1Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle Forms and Reports
|
Oracle Reports Developer 12.2.1.3 SPU Patch 30731147 or later
|
Released January 2020
|
|
|
Identity and Access Management
|
OIM BUNDLE PATCH 12.2.1.3.0 (ID:200108.2108) Patch 30735905 or later
|
Released January 2020
|
|
|
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 or later
|
Released July 2020
|
|
|
Oracle WebCenter Sites
|
Support Tools 4.4.2 for Oracle
WebCenter Sites 12.2.1.3.0 Patch 30505173 or later
|
Released January 2020
|
Support Tools for Webcenter Sites
Patch
|
|
Oracle Data Integrator
|
ODI Bundle Patch 12.2.1.3.210119 Patch 32040885 or later
|
CVE-2015-8965, CVE-2018-9019,
CVE-2016-5725, CVE-2019-10247, CVE-2020-9488, CVE-2019-10086,
CVE-2020-10683
|
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Forms and Reports
|
Forms 12.2.1.3.0 SPU Patch 30410629 or later
|
Released October 2019
|
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629 or later
|
Released October 2019
|
Apply to all Oracle homes installed with an FMW
Infrastructure
|
|
Oracle Service Bus
|
OSB BUNDLE PATCH 12.2.1.3.190716
(ID:190716.1831) Patch 30059259 or later
|
Released October 2019
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
|
FMW Platform 12.2.1.3.0 SPU FOR
APRCPU2019 Patch 29650702 or later
|
Released April 2019
|
Apply to all Oracle Fusion Middleware homes
|
|
Oracle HTTP Server
Oracle Traffic Director
Oracle Forms and Reports
|
OAM Webgate Bundle Patch
12.2.1.3.180622 Patch 28243743 or later
|
Released July 2018
|
|
|
Oracle Enterprise Data Quality
|
EDQ 12.2.1.3.0 Jan 2021 SPU Patch 32395703 or later
|
CVE-2020-10683 , CVE-2019-17091,
CVE-2017-12626
|
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle HTTP Server
Oracle WebLogic Server Proxy Plug-In
(Apache, IIS, iPlanet)
|
ONS 12.2.1.3.0 SPU Patch Patch 27323998 or later
|
Released July 2018
|
|
|
Oracle WebCenter Content
|
WebCenter Content Bundle Patch
12.2.1.3.180417 Patch 27393392 or later
|
Released April 2018
|
|
|
Oracle Internet Directory
|
OID BUNDLE PATCH 12.2.1.3.0
(ID:180116.1256) Patch 27396651 or later
|
Released January 2018
|
Oracle Internet Directory (OID)
Version 12c Bundle Patch (BP) (Including Directory Integration Platform /
DIP) / Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA)
Customers Note 2355090.1
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
OHT SPU 12.2.1.3.0 Patch 31613012 or later
|
Released July 2020
|
Oracle Help Technologies
|
3.3.16.2 Oracle
Fusion Middleware 11.1.1.9
Error
Correction information for Oracle Fusion Middleware 11.1.1.9
|
Patch Information
|
11.1.1.9
|
Comments
|
|
Final CPU
|
October 2021
|
Note 1290894.1 Error Correction Support Dates
for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
11.1.1.9.0 End of Error Correction for Extended
Support Customer only beyond Dec 2018
|
|
On-Request platforms
|
AIX, HP-UX Itanium, and Windows are on request.
|
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, Understanding Fusion
Middleware Bundle Patch (BP) Release Versions.
|
Patch
Availability for Oracle Fusion Middleware 11.1.1.9
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 1492980.1, How to
Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set
Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebCenter 11.1.1.9 home
|
WebCenter Portal Bundle Patch 11.1.1.9.210115 Patch 32189083 or later
|
CVE-2019-10086 , CVE-2020-10683
|
Oracle WebCenter Portal 11.1.1.9 Patch
See Note 2029169.1, Changes to
Portlet standards request dispatching of Resource Requests
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
OHS 11.1.1.9.0 SPU FOR APRCPU2020 Patch 31047338 or later
|
Released April 2020
|
Oracle HTTP Server 11.1.1.9 Patch
Note 2626956.1 Cumulative README Post-Install
Steps for Oracle HTTP Server 11.1.1.9 Critical Patch Update
|
|
Oracle Identity Management 11.1.1.9 home (with OID)
Oracle Web Tier 11.1.1.9 home
|
OSS BUNDLE PATCH 11.1.1.9.200714 Patch 31304503 or later
|
Released July 2020
|
Note 2572809.1 Steps to Evaluate and Update SSL
Wallet
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663 or later
|
Released October 2019
|
|
|
OSB 11.1.1.9 home
|
OSB Bundle Patch 11.1.1.9.191015 Patch 30002341 or later
|
Released October 2019
|
OSB Patch
|
|
Oracle Identity Management 11.1.1.9
home
|
OVD 11.1.1.9.0 SPU for October 19 Patch 30281334 or later
|
Released October 2019
|
Oracle Virtual Directory (OVD) Patch
OVD 11g: Oracle Virtual Directory SPU (Security Patch
Update) Patches Note 2318003.1
|
|
ODI 11.1.1.9 Home
|
ODI Bundle Patch 11.1.1.9.210115 Patch 32137794 or later
|
CVE-2018-9019, CVE-2019-10086,
CVE-2016-5725
|
Oracle Data Integrator Patch
For patch availability, see section 2.2 Post Release Patches
|
|
SOA 11.1.1.9 home
|
SOA Bundle Patch 11.1.1.9.0 (ID:181218.1300) Patch 29123005 or later
|
Released January 2019
|
SOA Patch
|
|
Oracle Business Activity Monitoring
|
BAM Security Patch Update
11.1.1.9.210119 Patch 32015538 or later
|
CVE-2019-10173
|
|
|
Oracle Web Tier 11.1.1.9 home
|
Oracle Web Cache SPU 11.1.1.9.0 CPUJan2019 Patch 28855717 or later
|
Released January 2019
|
Web Cache Patch
See Note 2095166.1, Oracle Web
Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU
January 2016 and Note 2494468.1, How to
Disable ESI in Oracle Web Cache
|
|
Oracle WebCenter 11.1.1.9 home
|
WCC BP 11.1.1.9.180226 Patch 27393411 or later
|
Released April 2018
|
WebCenter Content Patch
|
|
Oracle Identity Management 11.1.1.9
home
|
OID bundle patch 11.1.1.9.171127 Patch 26850241, or
later
|
Released January 2018
|
Oracle Internet Directory Patch
See Note 2420947.1 for additional information about
Oracle Internet Directory Vulnerability CVE-2015-0204
Oracle Internet Directory (OID) Version 11g Bundle
Patch (BP) (Including Directory Integration Platform / DIP) / Bundle
Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers Note 1614114.1
|
|
Oracle Identity Management 11.1.1.9 home (with OID)
Oracle Web Tier 11.1.1.9 home
|
OPMN Patch 23716938 or later
|
Released October 2017
|
OPMN 11.1.1.9 required patch for
integration with OSS
Note 2566042.1 SSL Configuration Required to
Secure OPMN 11.1.1.9
|
|
OSB 11.1.1.9 home
|
Patch 24847885 or later
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
|
Patch 23243563
|
|
|
|
Oracle Identity Access Management 11.1.2.3.0 home
|
Patch 24580895 or later
|
Released October 2016
|
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
SPU Patch 22567790 or later
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for
11.1.1.9.0
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
DB PSU Patch 22290164 or later for Unix
DB BP Patch 22607089 or later for Windows 32-Bit
DB BP Patch 22607090 or later for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle Fusion Middleware 11.1.1.9.0
ORACLE_COMMON home
|
OHT SPU 11.1.1.9.0 Patch 28097644 or later
|
Released July 2020
|
Oracle Help Technologies
|
3.3.16.3 Oracle
Identity and Access Management
For the appropriate product
versions listed below, refer to the corresponding Oracle Fusion Middleware
patch availability sections that contain information on Error Correction,
and for the patches to apply. Not all homes that are listed in those
sections might be present in the Oracle Identity Access Management
installation. Only the relevant homes from those tables need to be patched.
Patch
Availability for Oracle Identity Access Management
3.3.16.4 Oracle
Identity Access Management 11.1.2.3
Error
Correction information for Oracle Identity Access Management 11.1.2.3
|
Patch Information
|
11.1.2.3
|
Comments
|
|
Final CPU
|
Oct 2021
|
Note 1290894.1 Error Correction Support Dates
for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
|
|
On-Request platforms
|
-
|
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, Understanding Fusion
Middleware Bundle Patch (BP) Release Versions.
|
Patch
Availability for Oracle Identity Access Management 11.1.2.3
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU)
Administration Guide for Oracle WebLogic Server (WLS)
|
|
Oracle Identity and Access Management
11.1.2.3 home
|
See "Oracle Fusion Middleware 11.1.1.9"
|
See "Oracle Fusion Middleware 11.1.1.9"
|
Apply Fusion Middleware patches with
Oracle Identity and Access Management 11.1.2.3 home
|
|
Oracle Identity Access Management
11.1.2.3.0 home
|
OUD BUNDLE PATCH 11.1.2.3.200625 Patch 31541461
|
Released July 2020
|
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663
|
Released October 2019
|
|
|
|
Patch 23243563
|
|
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for 11.1.1.9.0
|
|
Oracle Identity Management 11.1.2.3
home
|
OIM BUNDLE PATCH 11.1.2.3.0(ID:190922.2323) Patch 30338509 or later
OR
IDM SUITE BUNDLE PATCH 11.1.2.3.191015 Patch 30292098
|
Released January 2020
|
|
|
Oracle Identity Access Management 11.1.2.3 home
|
Patch 30292098 - IDM Suite Bundle Patch
11.1.2.3.191015
OR
Patch 30386537 - OAM BUNDLE PATCH
11.1.2.3.191004(ID:191004.0426)
|
Released April 2020
|
These CVE fixes announced in April CPU are part of
the patches released earlier.
|
|
Oracle Identity Access Management
11.1.2.3.0 home
|
OAAM SERVER 11.1.2.3.0 SPU FOR
JANUARY21 Patch 32384800 or later
|
CVE-2018-2587
|
Oracle Adaptive Access Manager Patch
|
|
Oracle WebGate 11.1.2.3 Home
|
Patch 31710235 - OAM WEBGATE BUNDLE PATCH
11.1.2.3.200804 or later
|
Released October 2020
|
|
3.3.16.5 Oracle
Identity Management Connector
Error Correction information for Oracle
Identity Management Connector
|
Patch Information
|
12c
|
11g
|
9.1.1.5
|
Comments
|
|
Final
CPU
|
refer to Note 2454684.1
|
|
Patch Availability for Oracle Identity
Management Connector
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Microsoft
AD connector 9.1.1.5
|
OIM Connector 9.1.1.5.15 Patch 25028999
|
Released October 2017
|
|
|
CA
Top Secret Connector 9.1.0.6
|
OIM Connector 9.1.0.6 Patch 31708407
|
Released October 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
|
RACF
adv connector 9.1.0.2
|
OIM Connector 9.1.0.2 Patch 31058957
|
Released April 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
|
acf2
connector 9.1.0.1
|
OIM Connector 9.1.0.1 Patch 31101274
|
Released April 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
3.3.17 Oracle Hyperion Analytic
Provider Services
Error Correction information for Oracle
Hyperion Analytic Provider Services
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion
Analytic Provider Services
3.3.18 Oracle
Hyperion BI+
Error Correction information for Oracle
Hyperion BI+
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion BI+
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2
Home
|
The issue has been addressed in the latest releases:
11.1.2.4.900 and 11.2.*.
Customers on the prior releases are recommended to
upgrade to the latest releases. An upgrade path for release 11.1.2.4 is
described in the Oracle Enterprise Performance Management System
Release 11.2.2.0.000 Readme
|
Released October 2020
|
IQR-Foundation service
|
3.3.19 Oracle
Hyperion Data Relationship Management
Error Correction information for Oracle Hyperion Data Relationship Management
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion Data Relationship Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
Hyperion Data Relationship Management
11.1.2.4.347 PSU; Patch 28818149
|
Released October 2019
|
|
3.3.20 Oracle
Hyperion Enterprise Performance Management Architect
Error Correction information for Oracle
Hyperion Enterprise Performance Management Architect
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion
Enterprise Performance Management Architect
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.3
|
SPU Patch 19466859
SPU Patch 20929659
|
Released July 2015
|
|
|
11.1.2.2
|
SPU On-Request
|
Released July 2015
|
|
3.3.21 Oracle
Hyperion Essbase
Error Correction information for Oracle
Hyperion Essbase
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion
Essbase
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
11.1.2.4.040 PSU Patch 31206851 (RTC)
11.1.2.4.040 PSU Patch 31206855 (Client)
11.1.2.4.040 PSU Patch 31206859 (Client MSI)
11.1.2.4.040 PSU Patch 31206864 (Server)
11.1.2.4.031 PSU Patch 29260139 (Studio Server)
11.1.2.4.031 PSU Patch 29260141 (Studio Console)
11.1.2.4.0.037 PSU Patch 30717472 (Essbase Administration Services
Server)
11.1.2.4.037 PSU Patch 30717462 (Essbase Administration Services
Console)
|
Released October 2020
|
Install prior to Java CPUApr2017
JDK/JRE or later version
|
|
11.1.2.3
|
11.1.2.3.508 PSU Patch 22347375 (RTC)
11.1.2.3.508 PSU Patch 22347367 (Client)
11.1.2.3.508 PSU Patch 22314799 (Server)
|
Released April 2017
|
|
|
11.1.2.2
|
Upgrade to Hyperion Essbase 11.1.2.3, then apply the
patches listed above
|
Released July 2015
|
|
3.3.22 Oracle
Hyperion Financial Close Management
Error Correction details for Oracle Hyperion
Financial Close Management
|
Patch Information
|
11.1.2..x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion
Financial Close Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
PSU 11.1.2.4.253 Patch 29060830
|
Released July 2019
|
|
|
11.1.2.4
|
JDev ADF Patch 31246831
|
Released July 2020
|
|
3.3.23 Oracle
Hyperion Financial Management
Error Correction information for Oracle
Hyperion Financial Management
|
Patch Information
|
11.1.2.0
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion
Financial Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.0
|
SPU Patch Patch 28314691
|
Released October 2018
|
Hyperion Shared Service Patch for
Common Events Service used by Hyperion Financial Management
|
|
11.1.2.4
|
PSU 11.1.2.4.209 Patch 29343616 + JDev ADF Patch 30378046
|
Released April 2020
|
|
3.3.24 Oracle
Hyperion Financial Reporting
Error Correction information for Oracle
Hyperion Financial Reporting
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion
Financial Reporting
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2
|
Jdev 11.1.1.7.1 SPU Patch 27457998
|
Released July 2018
|
Jdev ADF Patch needs to be applied to
Hyperion Financial Reporting Home. To download this patch please contact
support to get the password.
|
|
11.1.2.4
|
PSU 11.1.2.4.712 Patch 30670918
PSU 11.1.2.4.902 Patch 30670918
|
CVE-2020-11022
|
January Advisery CVE fixes are
available in 11.2.x release and customers are recommended to upgrade.
Hyperion downloads are available here
|
3.3.25 Oracle
Hyperion Lifecycle Management
Error Correction information for Oracle
Hyperion Lifecycle Management
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion
Lifecycle Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
The issue has been addressed in the latest releases: 11.1.2.4.900
and 11.2.*.
Customers on the prior releases are recommended to
upgrade to the latest releases. An upgrade path for release 11.1.2.4 is
described in the Oracle Enterprise Performance Management System
Release 11.2.2.0.000 Readme
|
Released October 2020
|
Shared Services
|
3.3.26 Oracle
Hyperion Planning
Error Correction information for Oracle
Hyperion Planning
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion
Planning
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
PSU 11.1.2.4.010 Patch 31365862
|
Released October 2020
|
This patch is cumulative and will
include the fixes/CVEs from patch 29889455
|
|
11.1.2.4
|
JDev 11.1.1.7.1 SPU Patch 30378046
|
Released October 2019
|
JDev ADF Patch needs to be applied to
Hyperion Planning. To download this patch please contact Support to get
the password.
|
3.3.27 Oracle
Hyperion Profitability and Cost Management
Error Correction information for Oracle
Hyperion Profitability and Cost Management
|
Patch Information
|
11.1.2.4
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion
Profitability and Cost Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
11.1.2.4.130 PSU; Patch 29461894
|
Released October 2019
|
|
3.3.28 Oracle
Hyperion Strategic Finance
Error Correction information for Oracle
Hyperion Strategic Finance
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion
Strategic Finance
3.3.29 Oracle
Hyperion Workspace
Error Correction information for Oracle Hyperion
Workspace
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion
Workspace
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4.900
|
Patch 31486872
|
CVE-2019-13990, CVE-2020-11984,
CVE-2019-17563, CVE-2019-12402, CVE-2020-5421, CVE-2019-12415
|
January Advisery CVE fixes are
available in 11.2.x release and customers are recommended to upgrade.
Hyperion downloads are available here.
|
|
11.1.2.4.700
|
11.1.2.4.825 SPU Patch 31124100
|
CVE-2019-13990, CVE-2020-11984,
CVE-2019-17563, CVE-2019-12402, CVE-2020-5421, CVE-2019-12415
|
January Advisery CVE fixes are
available in 11.2.x release and customers are recommended to upgrade.
Hyperion downloads are available here.
|
|
11.1.2
Home
|
11.1.2.4.009 SPU Patch 29115044
apply Weblogic 10.3.6 Latest PSU. See "Oracle WebLogic Server" Section
|
CVE-2019-13990, CVE-2020-11984, CVE-2019-17563,
CVE-2019-12402, CVE-2020-5421, CVE-2019-12415
|
R&A Framework Patch
January Advisery CVE fixes are available in 11.2.x
release and customers are recommended to upgrade. Hyperion downloads are
available here.
|
3.3.30 Oracle
JDeveloper and Oracle ADF
Error Correction information for Oracle
JDeveloper and Oracle ADF
Comments
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.2.4
|
11.1.1.9
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
October 2021
|
11.1.2.4 and 11.1.1.9.0: End of Error
Correction for Extended Support Customer only beyond Dec 2018
|
|
Understanding Patch Release Versions
|
See Note 1494151.1, Understanding Fusion
Middleware Bundle Patch (BP) Release Versions.
|
Critical
Patch Update Availability for Oracle JDeveloper and Oracle ADF
|
Release
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.4.0
|
ADF BUNDLE PATCH 12.2.1.4.200817 Patch 31762739 or later
|
Released October 2020
|
|
|
12.2.1.3.0
|
ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or later
|
Released October 2020
|
|
|
11.1.2.4.0
|
ADF SPU 11.1.2.4.0 for OctCPU2019 Patch 30380494 or later
|
Released October 2019
|
|
|
.0
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2020 Patch 31985571 or later
|
Released October 2020
|
|
3.3.31 Oracle
Map Viewer
Error
Correction information for Oracle Map Viewer
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
1.1.1.9.0 End of Error Correction for
Extended Support Customer only beyond Dec 2018
|
Patch
Availability for Oracle Map Viewer
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.3 AND 12.2.1.4
|
Mapviewer 12.2.1.4.0 SPU Patch 31026189
|
CVE-2019-10086
|
The same Patch applies to 12.2.1.3 and 12.2.1.4
CVE-2019-10086 is included in July 2020 Patch 31026189
|
|
11.1.1.9
|
SPU Patch 27534923
|
Released April 2018
|
|
3.3.32 Oracle
Outside In Technology
Error
Correction information for Oracle Outside In Technology
|
Patch Information
|
8.5.5
|
8.5.4
|
Comments
|
|
Final CPU
|
April 2022
|
December 2020
|
|
Patch
Availability for Oracle Outside In Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Outside In Technology 8.5.5
|
ORACLE OUTSIDE IN TECHNOLOGY (OIT)
JANUARY 2021 8.5.5 BUNDLE PATCH #3 Patch 32303325 or later
|
CVE-2021-2066, CVE-2021-2067, CVE-2021-2068,
CVE-2021-2069
|
|
|
Oracle Outside In Technology 8.5.4
|
ORACLE OUTSIDE IN TECHNOLOGY (OIT)
DECEMBER 2020 8.5.4 BUNDLE PATCH #11 Patch 32262009 or later
|
CVE-2021-2066, CVE-2021-2067,
CVE-2021-2068, CVE-2021-2069
|
|
3.3.33 Oracle
Real Time Decisions Platform
Error
Correction information for Oracle Real Time Decisions Platform
Describes the Error Correction
information for Oracle Real Time Decisions Platform.
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Real Time Decisions Platform
Describes the available patches for
Oracle Real Time Decisions Platform.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Real Time Decisions Platform
3.2 home
|
RTD PLATFORM 3.2 SPU FOR JAN CPU 202 Patch 32305018 or later
|
CVE-2020-1945, CVE-2019-0227,
CVE-2019-10086
|
|
3.3.34 Oracle
Service Architecture Leveraging Tuxedo (SALT)
Error
Correction information for Oracle Service Architecture Leveraging Tuxedo
(SALT)
|
Patch Information
|
12.2.2.0.x
|
12.1.3
|
Comments
|
|
Final CPU
|
Oct 2024
|
Oct 2020
|
|
Patch
Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Service Architecture
Leveraging Tuxedo (SALT) 12.2.2.0.x home
|
Oracle SALT 12.2.2.0.0 SPU FOR
CPUJan2019 Patch 29169314
|
Released January 2019
|
|
|
Oracle Service Architecture
Leveraging Tuxedo (SALT) 12.1.3.0.x home
|
Oracle SALT 12.1.3.0.0 SPU FOR
CPUJan2019 Patch 29169322
|
Released January 2019
|
|
3.3.35 Oracle
SOA Suite
For the appropriate product
versions listed below, refer to the corresponding Oracle Fusion Middleware
patch availability sections that contain information on Error Correction,
and for the patches to apply. Not all homes that are listed in those
sections might be present in the Oracle SOA Suite installation. Only the
relevant homes from those tables need to be patched.
Patch
Availability for Oracle SOA Suite
3.3.36 Oracle
Traffic Director
Error
Correction information for Oracle Traffic Director
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
|
Patch
Availability for Oracle Traffic Director
3.3.37 Oracle
Tuxedo
Error
Correction information for Oracle Tuxedo
|
Patch Information
|
12.2.2.0
|
12.1.3.0
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
|
Patch
Availability for Oracle Tuxedo
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
12.2.2.0
|
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 Linux Patch 28090531
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-64
with vs2015 Patch 28124771
rp029 oracle tuxedo 12.2.2 SPU for
JULCPU2018 win-32 with vs2015 Patch 28124779
|
Released July 2018
|
For CVE-2017-10269, see extra settings required with
these cumulative patches in Note 2326009.1
|
|
12.1.3.0
|
RP117 TUXEDO 12.1.3.0 SPU FOR CPUJAN2020 Patch 30596495
RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2013) FOR
CPUJAN2020 Patch 30601651
RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2012) FOR
CPUJAN2020 Patch 30601637
|
Released January 2020
|
For CVE-2017-10269, see extra settings required with
these cumulative patches in Note 2326009.1
|
3.3.38 Oracle
Tuxedo System and Applications Monitor Plus (TSAM Plus)
Error
Correction Information for Oracle Tuxedo System and Applications Monitor
Plus (TSAM Plus)
|
Patch Information
|
12.2.2
|
12.1.3
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
|
Patch
Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM
Plus)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
TSAM Plus 12.2.2
|
RP002 Patch 25389632
|
Released July 2017
|
|
|
TSAM Plus 12.1.3
|
RP019 FOR LINUX 64-BIT X86 Patch 27379436
|
Released January 2018
|
|
3.3.39 Oracle
Web-Tier 11g Utilities
For the appropriate product
versions listed below, refer to the corresponding Oracle Fusion Middleware
patch availability sections that contain information on Error Correction,
and for the patches to apply. Not all homes that are listed in those
sections might be present in the Oracle Web-Tier 11g Utilities installation. Only the
relevant homes from those tables need to be patched.
Patch
Availability for Oracle Web-Tier 11g Utilities
3.3.40 Oracle
WebCenter
For the appropriate product
versions listed below, refer to the corresponding Oracle Fusion Middleware
patch availability sections that contain information on Error Correction,
and for the patches to apply. Not all homes that are listed in those
sections might be present in the Oracle WebCenter installation. Only the
relevant homes from those tables need to be patched.
3.3.41 Oracle
WebCenter Content (Formerly Oracle Universal Content Management)
Patch
Availability for Oracle WebCenter Content
3.3.42 Oracle
WebCenter Portal
Error
Correction information for Oracle WebCenter Portal
|
Patch
Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
December 2021
|
|
Patch
Availability for Oracle WebCenter Portal
3.3.43 Oracle
WebCenter Sites (Formerly FatWire Content Server)
Error
Correction information for Oracle WebCenter Sites (formerly FatWire Content
Server)
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.8
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
|
Patch
Availability for Oracle WebCenter Sites
3.3.44 Oracle
WebCenter Sites Community
Error
Correction information for Oracle WebCenter Sites Community
|
Patch Information
|
11.1.1.8
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle WebCenter Sites Community
3.3.45 Oracle
WebCenter Suite
For the appropriate product
versions listed below, refer to the corresponding Oracle Fusion Middleware patch
availability sections that contain information on Error Correction, and for
the patches to apply. Not all homes that are listed in those sections might
be present in the Oracle WebCenter Suite installation. Only the relevant
homes from those tables need to be patched.
Patch
Availability for Oracle WebCenter Suite
3.3.46 Oracle
WebLogic Portal
Error
Correction information for Oracle WebLogic Portal
|
Patch Information
|
10.3.7.0
|
Comments
|
|
Final CPU
|
October 2021
|
Note 1308963.1 Error Correction Policy as it
applies to Oracle WebLogic Portal (WLP)
|
Critical
Patch Update Availability for WebLogic Portal
See also the underlying product
stack tables (JRockit and WLS) for any applicable patches.
WebLogic Portal patches are
cumulative to include all the prior published advisories. For more
information, see My Oracle Support Note 1355929.1, October 2011
Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL
Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled
with WebLogic Server 9.2.3.0, which is out of error correction. Contact
Oracle support for security patches needed for WebLogic Server 9.2.3.0
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
WebLogic Portal 10.3.7.0 home
|
There are no CPU patches to document
on 10.3.7.0
|
none
|
|
3.3.47 Oracle
WebLogic Server
Error
Correction information for Oracle WebLogic Server Patch Set Update
|
Patch Information
|
14.1.1.0.0
|
12.2.1.4.0
|
12.2.1.3.0
|
12.1.3.0
|
10.3.6.0
|
Comments
|
|
Final CPU
|
January 2028
|
July 2025
|
October 2021
|
January 2021
|
October 2021
|
Note 950131.1 Error Correction Support Dates
for Oracle WebLogic Server
12.1.3 and 10.3.6.0 End of Error Correction for
Extended Support Customer only beyond Dec 2018
|
|
Understanding Patch Release Versions
|
|
-
|
-
|
-
|
-
|
See Note 2565576.1, Understanding WebLogic
Server Patch Set Update (PSU) Release Versions
|
Patch Set
Update Availability for Oracle WebLogic Server
For more information, see
MyOracleSupport Note 1470197.1,
Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS).
See Note 1306505.1,
Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server
(WLS)
This section contains the
following:
·
Section 3.3.47.1 Oracle WebLogic Server 14.1.1.0
·
Section 3.3.47.2 Oracle WebLogic Server 12.2.1.4
·
Section 3.3.47.3 Oracle WebLogic Server 12.2.1.3
·
Section 3.3.47.4 Oracle WebLogic Server 12.1.3
·
Section 3.3.47.5 Oracle WebLogic Server 10.3.6
3.3.47.1 Oracle
WebLogic Server 14.1.1.0
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 14.1.1.0 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 14.1.1.0
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
CVE-2019-12402
|
Update OPatch 13.9.4.2.5 Patch 28186730 before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c
|
|
|
WLS PATCH SET UPDATE 14.1.1.0.201208 Patch 32247800 or later
|
CVE-2020-14750, CVE-2021-2047,
CVE-2021-2033, CVE-2021-2109, CVE-2021-2075
|
CVE-2020-14750 announced in an Alert
is included in Jan PSU
|
|
|
WEBLOGIC SAMPLES SPU 14.1.1.0.210119 Patch 32148641 or later
|
CVE-2020-5421, CVE-2020-11022
|
|
|
|
Coherence 14.1.1.0.3 Patch 32124447 or later
|
CVE-2020-14756
|
|
3.3.47.2 Oracle
WebLogic Server 12.2.1.4
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.4 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.2.1.4
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
CVE-2019-12402
|
Update OPatch 13.9.4.2.5 Patch 28186730 before applying WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c
|
|
|
WLS PATCH SET UPDATE 12.2.1.4.201209 Patch 32253037 or later
|
CVE-2020-14750, CVE-2021-2047,
CVE-2019-10086, CVE-2021-2033, CVE-2021-2109, CVE-2021-2075,
CVE-2019-17195
|
CVE-2020-14750 is included in Jan PSU Patch.
See Note 2665794.1, How to Restrict T3/T3S
Protocol Traffic for WebLogic Server.
|
|
|
WEBLOGIC SAMPLES SPU 12.2.1.4.210119 Patch 32148640 or later
|
CVE-2020-5421, CVE-2020-11022
|
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0
JULY CPU 2020 Patch 31544353
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
|
Coherence 12.2.1.4.7 Patch 32124456 or later
|
CVE-2020-14756
|
|
3.3.47.3 Oracle
WebLogic Server 12.2.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.2.1.3
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
CVE-2019-12402
|
Update OPatch 13.9.4.2.5 Patch 28186730 before applying WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c
|
|
|
WLS PATCH SET UPDATE 12.2.1.3.201217 Patch 32300397 or later
|
CVE-2020-14750, CVE-2021-2047,
CVE-2019-10086, CVE-2021-2033, CVE-2021-2109, CVE-2021-2075,
CVE-2018-10237, CVE-2019-17195
|
CVE-2020-14750 is included in Jan PSU Patch.
See Note 2421487.1, Oracle Strongly
recommends applying minimum JDK version (JDK 8u181 or later) to make some
of Weblogic Server Deserialization vulnerability fixes effective.
See Note 2665794.1, How to Restrict T3/T3S
Protocol Traffic for WebLogic Server
Refer to Note 2437460.1 for Patch Conflict issue.
CVE-2018-3213 Is addressed in Docker Images published
after September 13, 2018. Latest docker image at
https://container-registry.oracle.com.
See Note 2395745.1, April 2018 Critical
Patch Update: Additional Information about the Oracle WebLogic Server
Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch
Update: Additional information about the Oracle WebLogic Server
Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0
JULY CPU 2020 Patch 31544340
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
|
WEBLOGIC SAMPLES SPU 12.2.1.3.210119 Patch 32148634 or later
|
CVE-2020-5421, CVE-2020-11022
|
This patch is a cumulative patch for
all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server
Requirements for Apache Struts 2 Vulnerabilities.
|
|
|
Coherence 12.2.1.3.12 Patch 32124527 or later
|
CVE-2020-14756
|
|
3.3.47.4 Oracle
WebLogic Server 12.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.1.3
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
WLS PATCH SET UPDATE 12.1.3.0.210119 Patch 32052261 or later
|
CVE-2020-14750, CVE-2021-2047,
CVE-2019-10086, CVE-2021-2064, CVE-2021-1994, CVE-2021-1995,
CVE-2021-1996, CVE-2021-2033, CVE-2021-2109, CVE-2021-2108, CVE-2021-2075
|
CVE-2020-14750 is included in Jan PSU Patch.
See Note 2665794.1, How to Restrict T3/T3S
Protocol Traffic for WebLogic Server
Refer to Note 2566635.1 for Overlay Patch Conflict issue
See Note 2421487.1, Oracle Strongly
recommends applying minimum JDK version (JDK 7 u191 or later OR JDK 8u181
or later) to make some of the Weblogic Server Deserialization
vulnerability fixes effective.
See Note 2395745.1, April 2018 Critical
Patch Update: Additional Information about the Oracle WebLogic Server
Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch
Update: Additional information about the Oracle WebLogic Server
Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle
|
|
|
ADR FOR WEBLOGIC SERVER 12.1.3.0 JULY
CPU 2020 Patch 31544363
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
|
WEBLOGIC SAMPLES SPU 12.1.3.0.210119 Patch 32148638 or later
|
CVE-2020-5421, CVE-2020-11022
|
This patch is a cumulative patch for all Struts 2
CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server
Requirements for Apache Struts 2 Vulnerabilities.
|
|
|
Coherence 12.1.3.0.10 Patch 32124546 or later
|
CVE-2020-14756
|
|
|
|
WLS 12.1.3 JDBC Patch 20741228
|
Released January 2018
|
Please refer to Note 1970437.1 How To Update the JDBC and UCP
Drivers Bundled with WebLogic Server 10.3.6 and 12c
|
|
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS patch
|
|
|
See Note 1936300.1 How to Change SSL Protocols (to
Disable SSL 2.0/3.0) in Oracle Fusion Middleware Products (Doc ID
1936300.1)
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.47.5 Oracle
WebLogic Server 10.3.6
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 10.3.6 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 10.3.6
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
WLS PATCH SET UPDATE 10.3.6.0.210119 Patch 32052267 or later
|
CVE-2020-14750, CVE-2021-2047,
CVE-2019-10086, CVE-2021-1994, CVE-2021-1995, CVE-2021-1996,
CVE-2021-2109, CVE-2021-2075
|
CVE-2020-14750 is included in Jan PSU Patch.
See Note 2421487.1 - Oracle Strongly recommends
applying minimum JDK version (JDK 7 u191 or later) to make some of the
Weblogic Server Deserialization vulnerability fixes effective.
See Note 2665794.1, How to Restrict T3/T3S
Protocol Traffic for WebLogic Server
See Note 1607170.1, SSL Authentication
Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher
See Note 2395745.1, April 2018 Critical
Patch Update: Additional Information about the Oracle WebLogic Server
Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch
Update: Additional information about the Oracle WebLogic Server
Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
|
ADR FOR WEBLOGIC SERVER 10.3.6 JULY
CPU 2020 Patch 31241365
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
|
WLS 10.3.6 JDBC Patch 27541896
|
Released January 2018
|
Please refer to Note 1970437.1 How To Update the JDBC and UCP
Drivers Bundled with WebLogic Server 10.3.6 and 12c
|
|
|
WEBLOGIC SAMPLES SPU 10.3.6.0.210119 Patch 32134024 or later
|
CVE-2020-5421
|
This patch is a cumulative patch for
all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server
Requirements for Apache Struts 2 Vulnerabilities
|
|
|
Coherence 3.7.1.20 Patch 32124557 or later
|
CVE-2020-14756
|
|
|
|
See Note 1936300.1 How to Change SSL Protocols (to
Disable SSL 2.0/3.0) in Oracle Fusion Middleware Products (Doc ID
1936300.1)
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.48 Oracle
Coherence
Error
Correction information for Oracle Coherence
|
Patch Information
|
14.1.1.0
|
12.2.1.4
|
12.2.1.3
|
12.1.3.0
|
3.7.1
|
Comments
|
|
Final CPU
|
January 2028
|
July 2025
|
October 2021
|
January 2021
|
October 2021
|
The official dates are in the Lifetime Support document, which is updated when
any extension is approved.
|
Critical
Patch Update Availability for Oracle Coherence
Follow the guidance below to locate
the patches that should be applied to a Standalone Oracle Coherence
installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Applies to all
Oracle Coherence Versions
|
Java See Note 2736202.1, Oracle Critical Patch Update
(CPU) January 2021 for Oracle Java SE
|
See Note 2736202.1, Oracle Critical Patch
Update (CPU) January 2021 for Oracle Java SE
|
|
|
Oracle Coherence 14.1.1.0
|
OPatch 13.9.4.2.5 Patch 28186730 or later
Coherence 14.1.1.0.3 Patch 32124447 or later
|
CVE-2019-12402, CVE-2020-14756
|
If WLS is installed, see WLS 14.1.1.0 for a full list of patches
needed including Oracle Coherence
|
|
Oracle Coherence 12.2.1.4
|
OPatch 13.9.4.2.5 Patch 28186730 or later
Coherence 12.2.1.4.7 Patch 32124456 or later
|
CVE-2019-12402, CVE-2020-14756
|
If WLS is installed, see WLS 12.2.1.4 for a full list of patches
needed including Oracle Coherence
|
|
Oracle Coherence 12.2.1.3
|
OPatch 13.9.4.2.5 Patch 28186730 or later
Coherence 12.2.1.3.12 Patch 32124527 or later
|
CVE-2019-12402, CVE-2020-14756
|
If WLS is installed, see WLS 12.2.1.3 for a full list of patches
needed including Oracle Coherence
|
|
Oracle Coherence 12.1.3.0
|
Coherence 12.1.3.0.10 Patch 32124546 or later
|
CVE-2020-14756
|
If WLS is installed, see WLS 12.1.3 for a full list of patches
needed including Oracle Coherence
|
|
Oracle Coherence 3.7.1.x
|
Coherence 3.7.1.20 Patch 32124557 or later
|
CVE-2020-14756
|
If WLS is installed, see WLS 10.3.6 for a full list of patches
needed including Oracle Coherence
|
3.4 Oracle Sun Middleware
This section contains the
following:
·
Section 3.4.1 "Directory Server Enterprise
Edition"
3.4.1 Directory Server Enterprise
Edition
Error
Correction information for Directory Server Enterprise Edition
|
Patch Information
|
11.1.1.7.0
|
Comments
|
|
Final CPU (Premier Support)
|
October 2019
|
|
|
Final CPU (Extended Support)
|
October 2022
|
|
Patch
Availability for Directory Server Enterprise Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7.0
|
ODSEE BP 11.1.1.7.190716 Patch 29893742
|
Released July 2019
|
CVE-2018-18508 is not applicable to Windows Platform.
Please refer to 2.2 Post Release Patches for Windows Patch.
|
3.5 Tools
This section contains the
following:
·
Section 3.5.1 "Oracle OPatch"
3.5.1 Oracle OPatch
Minimum
Product Requirements for Oracle OPatch
The CPU security vulnerabilities
are fixed in the listed release and later releases. The Oracle OPatch
downloads can be found at Patch 6880880.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle OPatch
|
11.2.0.3.25, 12.2.0.1.21
|
Released July 2020
|
Download the latest versions
available to install Database Patches
|
4 Final CPU History
Final CPU
History
The Final CPU is the last quarter
that a product is supported in the CPU program as per the Premier Support
and Extended Support policies. For more information, see My Oracle Support Note 209768.1, Database,
FMW, EM Grid Control, and OCS Software Error Correction Support Policy.
|
Release
|
Final CPUs
|
Comments
|
|
October 2020
|
Oracle Enterprise Data Quality for
Product Data 11.1.1.6.0
Oracle Enterprise Manager Cloud Control 12.1.0.5
|
|
|
July 2020
|
Oracle Tuxedo 12.1.1.0
Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 12.1.1.1
|
|
|
April 2020
|
Management Pack For Oracle GoldenGate
11.2.1.0
Oracle Big Data Discovery
Oracle Enterprise Manager Cloud Control 13c Release 2 (13.2.0.0)
|
|
|
January 2020
|
Oracle Enterprise Manager Ops Center
12.3.3
Oracle Enterprise Repository 12.1.3
Oracle Fusion Middleware 12.1.3.0
Oracle GoldenGate 11.2.1.0
Oracle Map Viewer 12.1.3.0
|
|
|
October 2019
|
Oracle Application Testing Suite 13.2.0.1
Oracle Business Transaction Management 12.1.0.7
Oracle Enterprise Data Quality 9.0
Oracle GoldenGate for Big Data 12.3.1.1.0
Oracle GoldenGate Management Pack Plugin 12.1.0
Oracle Identity Analytics 11.1.1.5.0
Oracle JDeveloper and Oracle ADF 12.1.3.0
Oracle OpenSSO 8.0 u2 (8.0.2.0)
Oracle Waveset 8.1.1
|
|
|
July 2019
|
Oracle Application Testing Suite
13.1.0.1
Oracle Enterprise Manager Cloud Control 13.2
Oracle Enterprise Data Quality 8.1
Oracle Enterprise Data Quality 9.0
Oracle Real Time Decisions Applications 3.2
|
|
|
April 2019
|
Oracle Enterprise Manager Ops Center
12.2.x
Management Pack For Oracle GoldenGate 11.1.1
Oracle Outside In Technology 8.5.3
|
|
|
January 2019
|
Oracle Application Performance
Management 11.1.x
Oracle GlassFish Server 3.1.2
Oracle Mobile Security Suite 3.0
|
|
5 Sources of Additional Information
The following documents provide
additional information about Critical Patch Updates:
·
My
Oracle Support Note 888.1, Master Note for Database Proactive Patch Program
·
My
Oracle Support Note 822485.1, Master Note for Enterprise Manager Proactive Patch
Program
·
My
Oracle Support Note 1494151.1, Master Note on Fusion
Middleware Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches
(BPs)
- My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory
Database, and OCS Software Error Correction Support Policy
6 Modification History
Modification
History
|
Date
|
Modification
|
|
January 19, 2021
|
Released
Updated Oracle Secure Backup in section 3.1.9
Updated comment for PSU 11.1.2.4.712 in section 3.3.24, and for all 3
rows in section 3.3.29
Updated patch availability in section 2.2
Updated Advisory Numbers in section 3.3.29
Replaced references for Note 32142066 to Note 2736202.1 throughout the
document.
|
7 Documentation Accessibility
For information about Oracle's commitment
to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle
Support
Oracle customers that have
purchased support have access to electronic support through My Oracle
Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Critical Patch Update Availability
Document January 2021
Copyright © 2006, 2021, Oracle
and/or its affiliates.
This software and related
documentation are provided under a license agreement containing
restrictions on use and disclosure and are protected by intellectual
property laws. Except as expressly permitted in your license agreement or
allowed by law, you may not use, copy, reproduce, translate, broadcast,
modify, license, transmit, distribute, exhibit, perform, publish, or
display any part, in any form, or by any means. Reverse engineering,
disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is
subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related
documentation that is delivered to the U.S. Government or anyone licensing
it on behalf of the U.S. Government, then the following notice is
applicable:
U.S. GOVERNMENT END USERS: Oracle
programs, including any operating system, integrated software, any programs
installed on the hardware, and/or documentation, delivered to U.S.
Government end users are "commercial computer software" pursuant
to the applicable Federal Acquisition Regulation and agency-specific
supplemental regulations. As such, use, duplication, disclosure, modification,
and adaptation of the programs, including any operating system, integrated
software, any programs installed on the hardware, and/or documentation,
shall be subject to license terms and license restrictions applicable to
the programs. No other rights are granted to the U.S. Government.
This software or hardware is
developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently
dangerous applications, including applications that may create a risk of
personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate
fail-safe, backup, redundancy, and other measures to ensure its safe use.
Oracle Corporation and its affiliates disclaim any liability for any
damages caused by use of this software or hardware in dangerous
applications.
Oracle and Java are registered
trademarks of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners.
Intel and Intel Xeon are trademarks
or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC
International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a
registered trademark of The Open Group.
This software or hardware and
documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are
not responsible for and expressly disclaim all warranties of any kind with
respect to third-party content, products, and services unless otherwise set
forth in an applicable agreement between you and Oracle. Oracle Corporation
and its affiliates will not be responsible for any loss, costs, or damages
incurred due to your access to or use of third-party content, products, or
services, except as set forth in an applicable agreement between you and
Oracle.
|