|
APPLIES TO:
Oracle
Database Cloud Service - Version N/A and later
Oracle Cloud Infrastructure - Database Service -
Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and
later
Oracle WebLogic Server - Version 10.3.6 and later
Oracle Database Cloud Schema Service - Version N/A and
later
Information in this document applies to any platform.
This document
defines the patches and minimum releases for the Database Product Suite,
Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite
Critical Patch Updates and Patch Set Updates released on January 18, 2022.
The
document is for Database Administrators and/or others tasked with Quarterly
Security Patching.
Database, Fusion Middleware, and Enterprise Manager Critical
Patch Update January 2022 Patch Availability Document
My Oracle
Support Note 2817011.1
Released January 18, 2022
This document contains the following
sections:
Quick Links: Read Me First DB 19c EM Cloud Control FMW WLS
1 Overview
Oracle provides quarterly cumulative
patches to address security vulnerabilities. The patches may include critical
fixes in addition to the security fixes. The security vulnerabilities
addressed are announced in the Advisory for January 2022, available at:
Oracle Technical Network Advisory
This document lists the Oracle
Database, Fusion Middleware and Enterprise Manager CPU program cumulative
patches for product releases under error correction. The January 2022 release
supersedes earlier CPU program cumulative patches for the same product
releases. This document is subject to continual update after the initial
release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support
to ensure you have the latest version.
This section contains the following:
·
Section 1.1 "How To Use This Document"
·
Section 1.2 "Terminology in the Tables"
·
Section 1.3 "On-Request Patches"
·
Section 1.4 "CPU Program and My Oracle Support
Patch Recommendations"
·
Section 1.5 "My Oracle Support (MOS) Conflict Checker
Tool"
1.1 How To
Use This Document
The following steps explain how to
use this document.
Step
1 Assess your Environments
Determine
the Oracle product suites and products and their release numbers for each of
your environments.
Step
2 Read Important Announcements
Review "What's New in January 2022," as it lists documentation and packaging changes
along with important announcements such as upcoming final CPUs.
Step
3 Determine Patches to be Applied
For each
environment, determine which patches need to be applied by using the tables
in "Patch Availability for Oracle Products." There is one availability table for each product
suite release, such as Oracle Database 12.2.0.1, Oracle Identity Access
Management 11.1.2.3, and Enterprise Manager Cloud Control 13.4.0.0.
·
The table
lists the patches to be applied either to the product or to the appropriate
product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For some
patches, multiple Oracle homes are listed. Apply the patch to all of the
homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The table
lists only product releases that are under Premier Support or Extended
Support and are under error correction as defined in My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory
Database, and OCS Software Error Correction Support Policy.
Patches are provided only for these releases. If you do not see the release
that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's CPU
Advisory, list the vulnerability CVE numbers in the Advisory Number column.
If you are interested in the risk matrix for the vulnerabilities fixed in the
patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly
releases, or the current one without any security fixes, the column indicates
"Released MMM YYYY"
·
When a
section is referenced in a table, follow the link to determine which patches
to install. For example, when "Oracle Database" is referenced, determine the Oracle Database
release that is installed, and find the patches to apply in the table for
that Oracle Database release in "Oracle Database."
Step
4 Apply the Patches
Download
the patches, review the READMEs, and apply the patches according to the
instructions.
Step
5 Planning for Future Critical Patch Updates
To help
you plan for future Critical Patch Updates, this document includes Final CPU
information based on Oracle's Lifetime Support Policy and error correction
policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in January 2022," documents product releases for which final Critical
Patch Updates are upcoming or are being announced. In each product section,
there is also an Error Correction Information Table that documents the final
CPU program patch for the product. Products that have reached the end of
error correction are documented in "Final CPU History."
Oracle recommends that you subscribe to
this Patch Availability Document in order to stay informed of any emergent
problems.
1.2 Terminology in the
Tables
The following terminology is used in
this patch availability document and in the subsequent tables.
·
Update (RU) - Release Update
·
Revision (RUR) -Release Update Revision
·
BP -
Bundle Patch
·
Final CPU is the last quarter that a product is supported in
the CPU program as per the Premier Support and Extended Support
policies. http://www.oracle.com/us/support/lifetime-support/index.html.
·
NA Not
Applicable.
·
OR On-Request.
The patch is made available through the On-Request program.
·
PSU -
Patch Set Update
·
SPU -
Security Patch Update. An iterative, cumulative patch consisting of security
fixes.
·
Overlay SPU patch provided as an overlay on top of a PSU or BP
instead of a base/patch set release.
1.3 On-Request Patches
Oracle does not proactively release
patches for historically inactive platforms. However, Oracle will deliver
these patches when requested.
The following guidelines describe how
to initiate an on-request (OR) patch.
A request may be made:
o At any time. However, a patch for a specific
quarterly release, such as CPUOct2012, cannot be requested. Depending on when
the request is received and processed, either the patch for the current
quarterly release or the next quarterly release will be provided. Your
Service Request (SR) will provide you the planned availability date for the
patch.
o As long as the version is in either Premier
Support or Extended Support and error correction support has not expired. For
example, if a product release is under Extended Support through the release
of CPUJan2013 on January 15, 2013, then you can file a request for the
product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory
Database, and OCS Software Error Correction Support Policy.
o For a platform-version combination when a
major release or patch set is released on a platform after a quarterly
release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by
following the on-request process. For example, if a patch is released for a
platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that
platform. You may request a CPUOct2012 patch for the platform, and Oracle
will review the request and determine whether to provide CPUJul2012 or
CPUOct2012.
A patch
that is marked as on-request (OR) may already have been requested by another
customer and be available on My Oracle Support. Before you file a Service
Request (SR), check on My Oracle Support to see if the patch is already
available for your platform.
1.4 CPU Program and My
Oracle Support Patch Recommendations
My Oracle Support patch
recommendation features are available on the Patches & Update tab. The
patches announced in this document as part of the CPU program are classified
as "Security" patch recommendations in My Oracle Support. If a new
patch is being announced in this document, then the classification on any
earlier patch is changed to "General", causing it to be removed
from the My Oracle Support patch recommendations. If a patch has a
"Security" classification, and a subsequent bundle, SPU, or PSU is
released with a recommendation classification, then it will be classified as
a "Security" recommendation in My Oracle Support.
Once a product release is no longer
in error correction, its CPU patch information is removed from this document,
but the last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle Support (MOS) Conflict
Checker tool is available as of July 21, 2014.
You can access MOS Conflict Checker
at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search
results screen ("Analyze with OPatch" button).
The MOS Conflict Checker Tool allows
you to upload an OPatch inventory to check for conflicts with patches to
apply to your environment. If no conflicts are found, you can download the
patches. If conflicts are found, the tool finds an existing resolution to
download. If no resolution is found, you can request a solution, and monitor
your request in the Plans region.
For more information and a
demonstration video, see Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict Checker Tool for
Patches Installed with OPatch [Video].
2 What's New in January
2022
This section describes important
changes in January 2022:
·
Section 2.1 "Final CPU Information (Error
Correction Policies)"
·
Section 2.2 "Post Release Patches"
2.1
Final CPU Information (Error Correction Policies)
The final CPU is the last quarter
that a product is supported in the CPU program as per the Premier Support and
Extended Support policies. Final CPUs for upcoming releases, as well as newly
scheduled final CPUs, are listed in the following sections.
Final CPUs
scheduled for Jan 2022
- Oracle GoldenGate for Big Data
12.3.2.1.11
- Oracle Hyperion Essbase 11.1.2.x
Final CPUs
scheduled for Apr 2022
- Oracle Enterprise Manager Cloud
Control 13.4.0.0
- Oracle Outside In Technology
8.5.5
- Oracle Tuxedo 12.1.3.0
- Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus) 12.1.3
2.2 Post Release Patches
Oracle strives to complete
preparations and testing of each Quarterly Security Patch for each platform
by the quarterly release date. Occasionally, circumstances beyond our control
dictate that a particular patch be delayed and be released a few days after
the quarterly release date. The following table lists any current patch
delays and the estimated date of availability.
|
Patch
|
Patch Number
|
Platform
|
Availability
|
|
Enterprise Manager Agent 13.5.0.0.0
|
Patch 33565758
|
All
|
28-Jan-2022
|
|
Enterprise Manager Agent 13.4.0.0.0
|
Patch 33565758
|
All
|
28-Jan-2022
|
|
IDM Stack Patch Bundle 12.2.1.4.0
|
Patch 33762692
|
All
|
31-Jan-2022
|
|
IDM Stack Patch Bundle 12.2.1.3.0
|
Patch 33762787
|
All
|
31-Jan-2022
|
|
OAM Bundle Patch 12.2.1.4.220113
|
Patch 33751903
|
All
|
31-Jan-2022
|
|
OAM Bundle Patch 12.2.1.3.220113
|
Patch 33752617
|
All
|
31-Jan-2022
|
|
OAS Bundle Patch 5.9.0.0.211223
|
Patch 33702984
|
All
|
31-Jan-2022
|
|
OAS Bundle Patch 5.5.0.0.211223
|
Patch 33702981
|
All
|
31-Jan-2022
|
|
OAS Stack Patch Bundle 5.9.0.0.220110
|
Patch 33742401
|
All
|
31-Jan-2022
|
|
OAS Stack Patch Bundle 5.5.0.0.220110
|
Patch 33742402
|
All
|
31-Jan-2022
|
|
OBI Stack Patch Bundle 12.2.1.4.220102
|
Patch 33715784
|
All
|
31-Jan-2022
|
|
OBI Stack Patch Bundle 12.2.1.3.220112
|
Patch 33747991
|
All
|
31-Jan-2022
|
|
OIM Bundle Patch 12.2.1.4.220115
|
Patch 33757456
|
All
|
31-Jan-2022
|
|
OIM Bundle Patch 12.2.1.3.220115
|
Patch 33757401
|
All
|
31-Jan-2022
|
|
OWSM Bundle Patch 12.2.1.4.211129
|
Patch 33618954
|
All
|
31-Jan-2022
|
|
OWSM Bundle Patch 12.2.1.3.211129
|
Patch 33618953
|
All
|
31-Jan-2022
|
|
ODIMP Bundle Patch 12.2.1.4.22012
|
Patch 33747852
|
Generic
|
31-Jan-2022
|
|
OBI Bundle Patch 12.2.1.4.211207
|
Patch 33642477
|
All
|
31-Jan-2022
|
|
OBI Bundle Patch 12.2.1.3.211213
|
Patch 33666334
|
All
|
31-Jan-2022
|
|
21.5.0.0.220118 DB & GI RU
|
Patch 33516412 & Patch 33531909
|
HP-UX Itanium
|
30-Jan-2022
|
|
21.5.0.0.220118 WIN BP
|
Patch 33589769
|
MS-Windows
|
01-Feb-2022
|
|
19.14.0.0.220118 DB RU (&
associated COMBO)
|
Patch 33515361 (& Patch 33567270)
|
AIX
|
Available
|
|
19.14.0.0.220118 GI RU (&
associated COMBO)
|
Patch 33509923 (& Patch 33567274)
|
AIX
|
Available
|
|
19.14.0.0.220118 WIN BP
|
Patch 33575656
|
MS-Windows
|
30-Jan-2022
|
|
19.13.1.0.220118 DB RUR & GI RUR
|
Patch 33516456 & Patch 33513541
|
All
|
30-Jan-2022
|
|
19.12.2.0.220118 DB RUR & GI RUR
|
Patch 33494256 & Patch 33575673
|
Linux x86-64
|
25-Jan-2022
|
|
Solaris Sparc64, Solaris x86-64,
zLinux, HP-UX Itanium, AIX
|
30-Jan-2022
|
|
12.2.0.1.220118 DB RU (& associated
COMBOs)
|
Patch 33587128 (& Patch 33559893)
|
HP-UX Itanium, zLinux, AIX
|
25-Jan-2022
|
|
12.2.0.1.220118 GI RU (& associated
COMBOs)
|
Patch 33583921 (& Patch 33559966)
|
HP-UX Itanium, zLinux, AIX
|
25-Jan-2022
|
|
12.1.0.2.220118 Proactive DBBP (&
associated COMBO)
|
Patch 33575286 (& Patch 33560081)
|
HP-UX Itanium, AIX
|
25-Jan-2022
|
|
OJVM Release Update 19.14.0.0.220118
|
Patch 33561310
|
MS-Windows
|
30-Jan-2022
|
|
21.5 Quarterly Full Stack download for
Exadata
|
Patch 33567288
|
Linux x86-64
|
25-Jan-2022
|
|
19.14 Quarterly Full Stack download for
Exadata
|
Patch 33567286
|
Linux x86-64, Solaris x86-64
|
25-Jan-2022
|
|
12.2.0.1 Quarterly Full Stack download
for Exadata
|
Patch 33567282
|
Linux x86-64, Solaris x86-64
|
25-Jan-2022
|
|
12.1.0.2 Quarterly Full Stack download
for Exadata
|
Patch 33567280
|
Linux x86-64, Solaris x86-64
|
25-Jan-2022
|
|
Quarterly Full Stack download for
SuperCluster (Q1.2022)
|
Patch 33567289
|
Solaris SPARC (64-Bit)
|
03-Mar-2022
|
Oracle recommends that you subscribe to
this PAD NOTE in order to stay informed of any emergent updates.
3 Patch Availability for
Oracle Products
This section contains the following:
·
Section 3.1 "Oracle Database"
·
Section 3.2 "Oracle Enterprise Manager"
·
Section 3.3 "Oracle Fusion Middleware"
·
Section 3.4 "Oracle Sun Middleware"
·
Section 3.5 "Tools"
3.1 Oracle Database
This section contains the following:
·
Section 3.1.1 "Oracle REST Data Services (formally
called Oracle APEX Listener)"
·
Section 3.1.2 "Oracle Application Express"
·
Section 3.1.3 "Oracle Autonomous Health Framework
(TFA and ORACHK/EXACHK)"
·
Section 3.1.4 "Oracle Graph Server and
Client"
·
Section 3.1.5 "Oracle Big Data Spatial and
Graph"
·
Section 3.1.6 "Oracle Database"
·
Section 3.1.7 "Oracle Database Mobile/Lite
Server"
·
Section 3.1.8 "Oracle GoldenGate"
·
Section 3.1.9 "Oracle GoldenGate for Big Data
(Formerly known as Oracle GoldenGate Application Adapters)"
·
Section 3.1.10 "Oracle GoldenGate Monitor"
·
Section 3.1.11 "Oracle GoldenGate Veridata"
·
Section 3.1.12 "Oracle NoSQL Database"
·
Section 3.1.13 "Oracle Secure Backup"
·
Section 3.1.14 "Oracle Spatial Studio"
·
Section 3.1.15 "Oracle SQL Developer"
·
Section 3.1.16 "Oracle Stream Analytics"
·
Section 3.1.17 "Oracle TimesTen In-Memory
Database"
·
Section 3.1.18 "Oracle Essbase "
3.1.1 Oracle REST Data Services
(formally called Oracle APEX Listener)
Minimum
Product Requirements for Oracle REST Data Services
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle REST Data
Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
21.3
|
Released October 2021
|
|
3.1.2 Oracle
Application Express
Minimum
Product Requirements for Oracle Application Express
Critical Patch Update security vulnerabilities
are fixed in the listed releases. For Oracle Application Express downloads
and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Application Express
|
21.1.0 Bundle Patch Patch 32598392 or
later
|
CVE-2021-37695, CVE-2021-32723,
CVE-2021-32808, CVE-2021-32809
|
|
3.1.3 Oracle Autonomous
Health Framework (TFA and ORACHK/EXACHK)
Minimum
Product Requirements for Autonomous Health Framework
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Autonomous Health
Framework downloads and installation instructions, see Note 2550798.1,
"Autonomous Health Framework (AHF) - Including TFA and
ORAchk/EXAchk"
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Autonomous Health Framework
|
AHF 21.4.1 Release. See MOS Note 2550798.1 to download patch
|
CVE-2021-45105
|
If you have previously downloaded AHF 21.3.4 release on
MOS as patch 30166242, then please re-download Patch 30166242 so
that you obtain AHF 21.4, which addresses CVE-2021-44228, CVE-2021-45046
and CVE-2021-45105. See Note 2828415.1 for additional details
on the listed CVEs with respect to AHF.
Autonomous Health Framework (AHF) - Including TFA and
ORAchk/EXAchk Note 2550798.1
For more information on Log4j Vulnerabilities,
see Note 2827611.1
|
3.1.4 Oracle Graph Server and Client
Minimum
Product Requirements for Oracle Graph Server and Client
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Graph Server and
Client downloads and installation instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Graph Server and Client
|
21.4.2.0.0
|
CVE-2021-2351, CVE-2021-33037
|
For more information on Log4j Vulnerabilities,
see Note 2827611.1
For more information on CVE-2021-44228, see Note 2828603.1
|
3.1.5 Oracle Big Data Spatial and Graph
Minimum
Product Requirements for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities for the graph feature of Oracle Big Data Spatial and Graph
are fixed in the listed releases. For downloads and installation
instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Big Data Spatial and Graph
|
Oracle Graph Server and Client 21.4.2
(released December 2021) should replace all installations of graph feature
of Oracle Big Data Spatial and Graph.
|
CVE-2021-44228, CVE-2021-45046,
CVE-2021-25122, CVE-2021-25329, CVE-2020-8908, CVE-2021-23337,
CVE-2020-28500, CVE-2020-25649
|
Steps to replace BDSG 3.0 and all prior installations
with Oracle Graph Server and Client 21.4.2:
(1) Apply Patch 33695304 to
remove all BDSG bits.
(2) If using Graph feature of Big Data Spatial and
Graph, download and use Graph Server and Client 21.4.2 by downloading
from https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html or
Oracle Software Delivery Cloud. The Oracle Graph HDFS Connector component
contains the libraries to connect Oracle Graph with Apache Hadoop
Distributed Filesystem (HDFS).
|
3.1.6 Oracle Database
This section contains the following:
·
Section 3.1.6.1 "Patch Availability for Oracle
Database"
·
Section 3.1.6.2 "Oracle Database 21"
·
Section 3.1.6.3 "Oracle Database 19"
·
Section 3.1.6.4 "Oracle Database 12.2.0.1"
·
Section 3.1.6.5 "Oracle Database 12.1.0.2"
3.1.6.1 Patch Availability for
Oracle Database
For information regarding the
different types of patches for Database, refer to Oracle Database - Overview
of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and
Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1
and greater, Note 2337415.1
3.1.6.2 Oracle Database 21
|
Patch
Information
|
21
|
Comments
|
|
Final
CPU
|
See Note 742060.1
|
|
|
On-Request
platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 21
|
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle
Database Server home
|
Database Release Update 21.5.0.0.220118 Patch 33516412 for
UNIX, or
GI Release Update 21.5.0.0.220118 Patch 33531909, or
Microsoft Windows 32-Bit and x86-64 BP
21.5.0.0.220118 Patch 33589769 or
later, or
Quarterly Full Stack download for Exadata (Jan2022)
21.5 Patch 33567288 for
Linux x86-64, or
|
CVE-2021-45105, CVE-2022-21393
|
21c does not have COMBO nor OJVM patches.
Instead, the OJVM fixes are contained within the DB RU and the GU RU
patches.
The Database and GI Update and Revision patches include
the JDK fixes released in the prior cycle. For the most recent JDK fixes a
separate patch is available (see below) and needs to be installed in
addition to the Database and GI patches.
|
|
Oracle
Database Server, Gateway, Client and Global Data Services Home
|
JDK8u321 Patch 33497132
|
CVE-2022-21349, CVE-2022-21291,
CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282,
CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283,
CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341,
CVE-2022-21248
|
JDK patches for 32 bit clients would be
build on demand basis.
|
|
Oracle
Database Client, Gateway, and Global Data Services Home
|
Database Release Update 21.5.0.0.220118 Patch 33516412 for
UNIX
|
Released January 2022
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.6.2 Oracle Database 19
|
Patch
Information
|
19
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 19
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 19.14.0.0.220118 and Database
Release Update 19.14.0.0.220118 Patch 33567270 for
UNIX, or
Combo OJVM Release Update 19.14.0.0.220118 and GI
Release Update 19.14.0.0.220118 Patch 33567274, or
Quarterly Full Stack download for Exadata (Jan2022)
19.14 Patch 33567286 for
Linux x86-64
|
CVE-2022-21247, CVE-2021-45105,
CVE-2022-21393
|
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
Database Release Update 19.14.0.0.220118 Patch 33515361 for
UNIX, or
GI Release Update 19.14.0.0.220118 Patch 33509923, or
Microsoft Windows 32-Bit and x86-64 BP
19.14.0.0.220118 Patch 33575656 or
later, or
Database Release Update Revision 19.13.1.0.220118 Patch 33516456 for
UNIX, or
GI Release Update Revision 19.13.1.0.220118 Patch 33513541, or
Database Release Update Revision 19.12.2.0.220118 Patch 33494256 for
UNIX, or
GI Release Update Revision 19.12.2.0.220118 Patch 33575673, or
Quarterly Full Stack download for Exadata (Jan2022)
19.14 Patch 33567286 for
Linux x86-64, or
Quarterly Full Stack download for SuperCluster
(Q1.2022) Patch 33567289 for
Solaris SPARC 64-Bit
|
CVE-2022-21247, CVE-2021-45105
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For the
most recent JDK fixes a separate patch is available (see below) and needs
to be installed in addition to the Database and GI patches.
From Jan2021 onwards the Database and GI Update and
Revision patches include updates to the Crypto libraries. See "MES
v4.1.6 to v4.5 update 18c / 19c databases (Note 2746801.1)" for more details.
From July 2021 onwards the Database and GI Update and
Revision patches introduce a number of Native Network Encryption changes to
deal with vulnerability CVE-2021-2351 and prevent the use of weaker
ciphers. Customers should review: “Changes in Native Network Encryption
with the July 2021 Critical Patch Update” Note 2791571.1
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
OJVM Release Update 19.14.0.0.220118 Patch 33561310 for
all platforms
|
CVE-2022-21393
|
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server, Gateway, Client
and Global Data Services Home
|
JDK8u311Patch 33497160
|
CVE-2022-21349, CVE-2022-21291,
CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282,
CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283,
CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341,
CVE-2022-21248
|
JDK patches for 32 bit clients would be
build on demand basis.
|
|
Oracle Database Server, Client, and
Global Data Services Home
|
Perl Patch 31732095
|
Released January 2021
|
|
|
Oracle Database Client, Gateway, and
Global Data Services Home
|
Database Release Update 19.14.0.0.220118 Patch 33515361 for
UNIX, or
Database Release Update Revision 19.13.1.0.220118 Patch 33516456 for
UNIX, or
Database Release Update Revision 19.12.2.0.220118 Patch 33494256 for
UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 19.14.0.0.220118 Patch 33575656
|
Released January 2022
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.6.3 Oracle Database 12.2.0.1
|
Patch Information
|
12.2.0.1
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability
for Oracle Database 12.2.0.1
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 12.2.0.1.220118 and Database
Release Update 12.2.0.1.220118 Patch 33559893 for
UNIX, or
Combo OJVM Release Update 12.2.0.1.220118 and GI
Release Update 12.2.0.1.220118 Patch 33559966, or
Quarterly Full Stack download for Exadata (Jan2022)
12.2.0.1 Patch 33567282, or
Quarterly Full Stack download for SuperCluster
(Q1.2022) Patch 33567289 for
Solaris SPARC 64-Bit
|
CVE-2022-21247, CVE-2021-45105,
CVE-2022-21393
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific
situations where the OJVM PSU patchset can be postinstalled into each
database while the database remains in unrestricted "startup" mode.
Please refer to the NOTE for more details.
Combos are for environments that take a single downtime
to apply all patches
See Note 1929745.1, Oracle Recommended Patches
-- "Oracle JavaVM Component Database PSU and Update" (OJVM PSU
and OJVM Update) Patches.
From July 2021 onwards the Database and GI Update and
Revision patches include updates to the Native Network Encryption. See
"Improving Native Network
Encryption Security" for more details.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
Database Jan2022 Release Update 12.2.0.1.220118 Patch 33587128 for
UNIX, or
GI Jan2022 Release Update 12.2.0.1.220118 Patch 33583921, or
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.220118 Patch 33488333 or
later, or
BS2000 Database BP 12.2.0.1.220118 Patch 33554848, or
Quarterly Full Stack download for Exadata (Jan2022)
12.2.0.1 Patch 33567282, or
Quarterly Full Stack download for SuperCluster
(Q1.2022) Patch 33567289 for
Solaris SPARC 64-Bit
|
CVE-2022-21247, CVE-2021-45105
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For the
most recent JDK fixes a separate patch is available (see below) and needs
to be installed in addition to the Database and GI patches.
From July 2021 onwards the Database and GI Update and
Revision patches introduce a number of Native Network Encryption changes to
deal with vulnerability CVE-2021-2351 and prevent the use of weaker
ciphers. Customers should review: “Changes in Native Network Encryption
with the July 2021 Critical Patch Update” Note 2791571.1
From January 2022 onward the Database and GI Bundles
include Security fixes to the DELL MES Security libraries used by the
Database Product. Customers on AIX 6.1 should review My Oracle
Support Note 2832618.1 - MES 4.6 support for
IBM AIX platform.
Please note that 12.2.0.1 entered Limited Error Correction as of
December 01, 2020. Hence, Oracle is only including Security and P1 fixes
into the 12.2.0.1 quarterly patch bundles. Therefore as of 2021, there is
no content difference between a Release Update and a Release Update
Revision, and all 12.2.0.1 customers should use the 12.2.0.1 Release
Update.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
OJVM Release Update 12.2.0.1.220118 Patch 33561275 for
UNIX, or
OJVM Microsoft Windows Bundle Patch
12.2.0.1.220118 Patch 33577550
|
CVE-2022-21393
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific
situations where the OJVM PSU patchset can be postinstalled into each database
while the database remains in unrestricted "startup" mode. Please
refer to the NOTE for more details.
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server, Gateway, and
Client home
|
JDK8u321 Patch 33497187
|
CVE-2022-21349, CVE-2022-21291,
CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282,
CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283,
CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341,
CVE-2022-21248
|
See Note 2584628.1, "JDK and PERL Patches
for Oracle Database Home and Grid Home" for information on availability
and prior patches.
JDK patches for 32 bit clients would be build on demand
basis.
|
|
Oracle Database Server home
|
Perl Patch 31858212
|
Released January 2021
|
|
|
Oracle Database Client, Gateway, and
Global Data Services Home
|
Database Jan2022 Release Update 12.2.0.1.220118 Patch 33587128 for
UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.220118 Patch 33488333
|
Released January 2022
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.6.4 Oracle Database 12.1.0.2
Error
Correction information for Oracle Database 12.1.0.2
|
Patch Information
|
12.1.0.2
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed
in the first row are applied, then the patches listed in Rows 2 and 3 do not
need to be applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 12.1.0.2.220118 and Database Proactive
BP 12.1.0.2.220118 Patch 33560081 for
UNIX, or
Combo OJVM PSU 12.1.0.2.220118 and Database PSU
12.1.0.2.220118 Patch 33559997 for
UNIX, or
Combo OJVM PSU 12.1.0.2.220118 and GI PSU
12.1.0.2.220118 Patch 33560011, or
Quarterly Full Stack download for Exadata (Jan2022)
12.1.0.2 Patch 33567280, or
Quarterly Full Stack download for SuperCluster
(Q1.2022) Patch 33567289 for
Solaris SPARC 64-Bit
|
CVE-2022-21393
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific
situations where the OJVM PSU patchset can be postinstalled into each
database while the database remains in unrestricted "startup"
mode. Please refer to the NOTE for more details.
Combos are for environments that take a single downtime
to apply all patches
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
Database Proactive Bundle Patch 12.1.0.2.220118 Patch 33575286, or
Database PSU 12.1.0.2.220118 Patch 33477199 for
UNIX, or
GI PSU 12.1.0.2.220118 Patch 33575274, or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.220118 Patch 33492893 or
later, or
Quarterly Full Stack download for Exadata (Jan2022)
12.1.0.2 Patch 33567280, or
Quarterly Full Stack download for SuperCluster
(Q1.2022) Patch 33567289 for
Solaris SPARC 64-Bit
|
none
|
For JDK fixes a separate patch is available (see below)
and needs to be installed in addition to the Database and GI patches.
From July 2021 onwards the Database and GI Update and
Revision patches introduce a number of Native Network Encryption changes to
deal with vulnerability CVE-2021-2351 and prevent the use of weaker
ciphers. Customers should review: “Changes in Native Network Encryption
with the July 2021 Critical Patch Update” Note 2791571.1
From January 2022 onward the Database and GI Bundles
include Security fixes to the DELL MES Security libraries used by the
Database Product. Customers on AIX 6.1 should review My Oracle
Support Note 2832618.1 - MES 4.6 support for
IBM AIX platform.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU
12.1.0.2.220118 Patch 33561268 for
UNIX, or
Oracle JavaVM Component Microsoft Windows Bundle Patch
12.1.0.2.220118 Patch 33577533
|
CVE-2022-21393
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific
situations where the OJVM PSU patchset can be postinstalled into each
database while the database remains in unrestricted "startup"
mode. Please refer to the NOTE for more details.
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Database Server, Gateway and
Client Home
|
JDK7u331Patch 33497195
|
CVE-2022-21349,
CVE-2022-21291,CVE-2022-21305, CVE-2022-21360, CVE-2022-21365,
CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271,
CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341,
CVE-2022-21248
|
See Note 2584628.1, "JDK and PERL Patches
for Oracle Database Home and Grid Home" for information on
availability and prior patches.
JDK patches for 32 bit clients would be build on demand
basis.
|
|
Oracle Database Server home
|
Perl Patch 31858428
|
Released January 2021
|
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU -
Generic JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
|
Oracle Database Client, Gateway, and
Global Data Services Home
|
Database PSU 12.1.0.2.220118 Patch 33477199 for
UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.220118 Patch 33492893
|
Released January 2022
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.7 Oracle
Database Mobile/Lite Server
Error
Correction Information for Oracle Database Mobile Server
|
Patch Information
|
12.1 (Mobile Server)
|
Comments
|
|
Final CPU
|
April 2023
|
|
Patch
Availability for Oracle Database Mobile Server 12.1.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
3.1.8 Oracle GoldenGate
Error
Correction information for Oracle GoldenGate
|
Component
|
21.3.0.0.0
|
19.1
|
12.2.0.2
|
Comments
|
|
Final CPU
|
-
|
July 2026
|
October 2023
|
|
Patch
Availability for Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
21.3.0.0.0
|
Oracle GoldenGate 21.5.0.0.0 for Oracle Patch 33673511 or
later
Oracle GoldenGate 21.5.0.0.0 Microservices for
Oracle Patch 33673524 or
later
|
CVE-2021-23017 (MarketPlace release
only), CVE-2018-1311, CVE-2021-2351
|
|
|
19.1
|
Oracle GoldenGate 19.1.0.0.220118 for Oracle 11g Patch 33742655 or
later
Oracle GoldenGate 19.1.0.0.220118 for Oracle 12c Patch 33742660 or
later
Oracle GoldenGate 19.1.0.0.220118 for Oracle 18c Patch 33742664 or
later
Oracle GoldenGate 19.1.0.0.220118 for Oracle 19c Patch 33742666 or
later
|
CVE-2021-23017, CVE-2018-1311,
CVE-2021-2351
|
Refer to Note 1645495.1 for the latest release
and additional platforms.
|
|
12.2.0.2
|
On-Request
|
Released October 2021
|
Refer to Note 1645495.1 for the latest release
and additional platforms.
|
3.1.9 Oracle
GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application
Adapters)
Error
Correction information for Oracle GoldenGate for Big Data
|
Component
|
21.3.0.0.0
|
19.1.0.0.x
|
12.3.0.0.0
|
Comments
|
|
Final CPU
|
-
|
July 2026
|
January 2022
|
|
Patch
Availability for Oracle GoldenGate for Big Data
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
21.3.0.0.0
|
Oracle GoldenGate for Big Data 21.4.0.0.3
Microservices Patch 33730810
Oracle GoldenGate for Big Data 21.4.0.0.3
Patch 33730732
|
CVE-2021-44228, CVE-2021-45046,
CVE-2021-45105
|
|
|
19.1.0.0.0
|
Oracle GoldenGate for Big Data
19.1.0.0.12
Patch 33676474
|
CVE-2021-44228, CVE-2021-45046
|
|
|
12.3.0.0.0
|
Oracle GoldenGate for Big Data
12.3.2.1.11 Patch 33676479
|
CVE-2021-44228, CVE-2021-45046
|
|
3.1.10 Oracle GoldenGate Monitor
(aka Management Pack for Oracle GoldenGate)
Error
Correction information for Oracle GoldenGate Monitor (aka Management Pack for
Oracle GoldenGate)
|
Patch Information
|
12.2.1
|
12.1.3.x
|
Comments
|
|
Final CPU
|
July 2025
|
July 2022
|
|
Patch
Availability for Management Pack For Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.2.0
|
Oracle GoldenGate Monitor
12.2.1.2.200930 (Server+Agent) Patch 31748559
|
Released October 2020
|
|
|
12.1.3
|
Monitor Server 12.1.3.0.160628 Patch 23340597
Monitor Agent 12.1.3.0.160628 Patch 23333295
|
Released June 2016
|
-
|
3.1.11 Oracle
GoldenGate Veridata
Error
Correction information for Oracle GoldenGate Veridata
|
Component
|
12.2.1
|
12.1.3
|
Comments
|
|
Final CPU
|
July 2025
|
July 2022
|
|
Patch
Availability for Oracle GoldenGate Veridata
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1
|
OGG Veridata Bundle Patch
12.2.1.4.200714 (PS4 BP2) (Server+Agent) Patch 31044508
|
Released July 2020
|
|
|
12.1.3
|
ORACLE GOLDENGATE VERIDATA
V12.1.3.0.180415 SERVER Patch 26424104
|
Released April, 2018
|
|
3.1.12 Oracle NoSQL
Database
Minimum
Product Requirements for Oracle NoSQL Database
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle NoSQL Database
downloads and installation instructions can be found at https://www.oracle.com/database/technologies/nosql-database-server-downloads.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle NoSQL Database
|
21.1.12
|
CVE-2021-21409
|
|
3.1.13 Oracle
Secure Backup
Error Correction
information for Oracle Secure Backup
|
Patch Information
|
18.1
|
Comments
|
|
Final CPU
|
January 2024
|
|
Minimum
Product Requirements for Oracle Secure Backup
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Secure Backup
downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Secure Backup
|
18.1.0.1
|
CVE-2021-26691, CVE-2021-33193,
CVE-2021-42013, CVE-2021-3712
|
|
3.1.14 Oracle
Spatial Studio
Minimum
Product Requirements for Oracle Spatial Studio
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Spatial Studio
downloads and installation instructions can be found at
https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Spatial Studio
|
21.2.1
|
CVE-2021-2351
|
|
3.1.15 Oracle SQL
Developer
Minimum
Product Requirements for Oracle SQL Developer
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle SQL Developer
downloads and installation instructions can be found at
https://www.oracle.com/tools/downloads/sqldev-downloads.html
3.1.16 Oracle
Stream Analytics
Minimum
Product Requirements for Oracle Stream Analytics
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Stream Analytics
downloads and installation instructions can be found at
https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html
|
Product
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Stream Analytics
|
19.1.0.0.6 MLR Patch 33750861
|
CVE-2021-44228, CVE-2021-45046,
CVE-2021-45105, CVE-2021-44832
|
|
3.1.17 Oracle TimesTen In-Memory
Database
Error
Correction information for Oracle TimesTen In-Memory Database
Describes Error Correction
information for Oracle TimesTen In-Memory Database. The Oracle TimesTen
In-Memory Database downloads and installation instructions can be found
at https://www.oracle.com/in/database/technologies/timesten-downloads.html
|
Patch Information
|
18.1
|
Comments
|
|
Final Patch
|
April 2026
|
|
Minimum Product
Requirements for Oracle TimesTen In-Memory Database
Describes the minimum product
requirements for Oracle TimesTen In-Memory Database. The CPU security
vulnerabilities are fixed in the listed release and later releases.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle TimesTen In-Memory Database
|
22.1.1.1.0 or later version
|
CVE-2021-29923, CVE-2021-2351,
CVE-2020-7712, CVE-2020-11979, CVE-2020-1945, CVE-2021-36373 and
CVE-2021-36374, CVE-2021-34558 and CVE-2021-36221
|
|
3.1.18 Oracle Essbase
Error
Correction information for Oracle Essbase
Describes Error Correction
information for Oracle Essbase.
|
Patch Information
|
21.c
|
Comments
|
|
Final Patch
|
July 2025
|
|
Minimum
Product Requirements for Oracle Essbase
Describes the minimum product requirements
for Oracle Essbase. The CPU security vulnerabilities are fixed in the listed
release and later releases.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
21.x
|
21.3.0.0.0 ORACLE ESSBASE RELEASE
UPDATE Patch 32646479
|
CVE-2021-3711, CVE-2021-22901,
CVE-2021-20718
|
|
3.2 Oracle Enterprise
Manager
This section contains the following:
·
Section 3.2.1 "Oracle Real User Experience
Insight"
·
Section 3.2.2 "Oracle Application Testing
Suite"
·
Section 3.2.3 "Oracle Business Transaction
Management"
·
Section 3.2.4 "Oracle Enterprise Manager Cloud
Control"
·
Section 3.2.5 "Oracle Enterprise Manager Ops
Center"
·
Section 3.2.6 "OSS Support Tools"
·
Section 3.2.7 "Oracle Configuration Manager"
3.2.1 Oracle Real User Experience
Insight
Error
Correction information for Oracle Real User Experience Insight
|
Patch Information
|
13.5.1.0
|
13.4.1.0
|
Comments
|
|
Final CPU
|
-
|
July 2022
|
|
|
On-Request platforms
|
|
|
|
Minimum Product
Requirements for Oracle Real User Experience Insight
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For more information on
Oracle Real User Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Real User Experience Insight 13.4.1.0
|
Oracle Real User Experience Insight
Patch release 13.4.1.0.2 Patch 33507469 or
later
|
CVE-2021-2351
|
|
|
Real User Experience Insight 13.5.1.0
|
Oracle Real User Experience Insight
Patch release 13.5.1.0.1 Patch 33509103 or
later
|
CVE-2021-2351
|
|
3.2.2 Oracle
Application Testing Suite
Error
Correction information for Oracle Application Testing Suite
|
Patch Information
|
13.3.0.1
|
Comments
|
|
Final CPU
|
June 2025
|
|
Patch
Availability for Oracle Application Testing Suite
These patches contain Critical Patch
Update security vulnerabilities fixes for this release. All previous versions
will need to be upgraded to the minimum version. Then, apply the following
patches to fix the announced security vulnerabilities. For Oracle Application
Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
3.2.3 Oracle Business
Transaction Management
Error
Correction Information for Oracle Business Transaction Management
|
Component
|
12.1.0.7
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Business Transaction Management
|
Product Home
|
Patch
|
Advisory Number
|
Comment
|
|
BTM Home
|
BTM Patch 12.1.0.7.15 Patch 29135901
|
Released April 2019
|
|
3.2.4 Oracle
Enterprise Manager Cloud Control
Error Correction information for
Oracle Enterprise Manager Cloud Control
|
Patch Information
|
13.5.0.0
|
13.4.0.0
|
Comments
|
|
Final CPU
|
October 2026
|
April 2022
|
Note 1595197.1 Lifetime Support and
Support Policies for Oracle Enterprise Manager
|
|
On-Request platforms
|
-
|
-
|
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 5
(13.5.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch Repository Database of Oracle
Enterprise Manager
|
|
Oracle Java SE home
|
Oracle JDK 8 Update 321 Patch 33518551 or
later for Linux, Windows and Solaris
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 2776765.1 EM 13.5: How to Use
the Latest Certified JDK 8 Update with OMS 13.5
If your plans include updating the JDK version, please be sure that the JDK
version that you choose is certified with your Oracle Enterprise Manager
Cloud Control Component.
|
|
Base Platform OMS home
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
Update OPatch 13.9.4.2.6 Patch 28186730 or
later before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen
OPatch 13 for Oracle Fusion Middleware 12c.
|
|
Base Platform OMS home
|
Enterprise Manager 13c Release 5 Update
1 (13.5.0.1) for OMS Patch 32835392 or
later
|
Released October 2021
|
|
|
Base Platform Agent home
|
Enterprise Manager 13c Release 5 Update
1 (13.5.0.1) for Agent Patch 32924765 or
later
|
Released October 2021
|
|
|
Base Platform Agent home
|
Enterprise Manager Agent
13.5.0.0.0 Patch 33565758
|
CVE-2022-21392
|
|
|
Base Platform OMS home
|
WLS PATCH SET UPDATE 12.2.1.4.210930 Patch 33416868 or
later
|
Released October 2021
|
See Note 2764668.1 Security Advice and
Post-Install Information for Oracle WebLogic Server PSUs
|
|
Base Platform OMS home
|
Coherence 12.2.1.4.0 Cumulative Patch
11 Patch 33286160 or
later
|
|
|
|
Base Platform OMS home
|
FMW PLATFORM 12.2.1.4.0 SPU FOR
APRCPU2021 Patch 33093748 or
later
|
Released April 2021
|
|
|
Base Platform OMS home
|
FMW COMMON THIRDPARTY SPU 12.2.1.4.0
FOR APRIL2021CPU Patch 32880070 or
later
|
Released April 2021
|
See Note 2768441.1 Details for Oracle
Fusion Middleware Third-Party Component Updates
|
|
Base Platform OMS home
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY
CPU 2020 Patch 31544353 or
later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
Base Platform OMS home
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.4.210826 Patch 33283762 or
later
|
Released October 2021
|
Note 2743971.1 Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Base Platform OMS home
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or
later
|
Released April 2021
|
Oracle Security Service (SSL/Network)
Patch for Oracle HTTP server (OHS)
|
|
Base Platform OMS home
|
OPSS BUNDLE PATCH 12.2.1.4.210418 Patch 32784652 or
later
|
Released April 2021
|
|
|
Base Platform OMS home
|
ADF BUNDLE PATCH 12.2.1.4.210706 Patch 33084721 or
later
|
Released July 2021
|
|
|
Base Platform OMS home
|
WebCenter Core Bundle Patch
12.2.1.4.200526 Patch 31403376 or
later
|
Released July 2020
|
|
|
Base Platform OMS home
|
FMW JDBC Java Patch 32720458 or
later
|
CVE-2021-2351
|
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 4
(13.4.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch Repository Database of Oracle
Enterprise Manager
|
|
Oracle Java SE home
|
Oracle JDK 8 Update 321 Patch 33518551 or
later for Linux, Windows and Solaris
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 2653847.1 EM 13.4: How to Use
the Latest Certified JDK 8 Update with OMS 13.4
If your plans include updating the JDK version, please be sure that the JDK
version that you choose is certified with your Oracle Enterprise Manager
Cloud Control Component.
|
|
Base Platform OMS home
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
Update OPatch 13.9.4.2.6 Patch 28186730 or
later before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen
OPatch 13 for Oracle Fusion Middleware 12c.
|
|
Base Platform OMS home
|
WLS PATCH SET UPDATE
12.2.1.3.211222 Patch 33699205 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669,
CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195,
CVE-2020-2934
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
For CVE-2021-44832 fix, an overlay patch on top of
Jan'22 WLS PSU will be made available by 20th Jan'22. See Note 2827793.1 for details.
For CVE-2021-4104 fix, an overlay patch on top of
Jan'22 WLS PSU will be made available by 31st Jan'22.
|
|
Base Platform OMS home
|
Coherence 12.2.1.3 Cumulative Patch
16 Patch 33286132 or
later
|
|
CVE-2021-35617 - Resolution of this CVE
requires installation of both the WebLogic Server PSU and the Coherence
patch.
|
|
Base Platform OMS home
|
FMW Platform 12.2.1.3.0 SPU FOR
AprCPU2021 Patch 32982708 or
later
|
Released April 2021
|
|
|
Base Platform OMS home
|
FMW COMMON THIRD PARTY SPU 12.2.1.3.0
FOR APRIL2021CPU Patch 32910589 or
later
|
Released April 2021
|
See Note 2768441.1 Details for Oracle
Fusion Middleware Third-Party Component Updates
|
|
Base Platform OMS home
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY
CPU 2020 Patch 31544340 or
later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
Base Platform OMS home
|
Oracle WebLogic Server 12.2.1.3.0 Patch 33235201 or
later
|
Released July 2021
|
Patch 33235201 replaces
Patch 29738020. See Note 2568304.1 for more details.
|
|
Base Platform OMS home
|
Enterprise Manager for Peoplesoft
13.4.1.1.0 Patch for CPUOct2020 Patch 31795605
|
Released October 2020
|
|
|
Base Platform Agent home
|
Enterprise Manager 13c Release 4
Platform Update 13 (13.4.0.13) for Agent Patch 33179516 or
later
|
Released October 2021
|
For CVE-2020-10878, upgrade to
Enterprise Manager 13c Release 5
|
|
Base Platform Agent home
|
Enterprise Manager Agent
13.4.0.0.0 Patch 33565758
|
CVE-2022-21392
|
|
|
Base Platform Agent home
|
Enterprise Manager for Beacon 13c
Release 4 Plug-in Update 12 (13.4.0.12) for Agent Patch 33072895 or
later
|
Released July 2021
|
|
|
Base Platform Agent home
|
Enterprise Manager for Virtualization
13c Release 4 Plug-in Update 10 (13.4.1.10) for Agent (Discovery) Patch 32352393 or
later
|
Released April 2021
|
|
|
Base Platform OMS home
|
Enterprise Manager 13c Release 4 Update
13 (13.4.0.13) for OMS Patch 33177978 or
later
|
Released October 2021
|
For CVE-2020-10878, upgrade to
Enterprise Manager 13c Release 5
|
|
Base Platform OMS home
|
Latest Oracle Cluster Verification
Utility Release Patch 16766985 or
later
|
Released October 2021
|
Follow the steps provided in Note 2628009.1 How to Update the CVU
for EM Cloud Control 13c
|
|
Base Platform OMS home
|
ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or
later
|
Released October 2020
|
|
|
Base Platform OMS home
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.3.211130 Patch 33619405 or
later
|
CVE-2021-40438
|
Note 2568225.1Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Base Platform OMS home
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or
later
|
Released April 2021
|
Oracle Security Service (SSL/Network)
Patch for Oracle HTTP server (OHS)
|
|
Base Platform OMS home
|
ONS 12.2.1.3.0 SPU Patch Patch 27323998 or
later
|
Released July 2018
|
For the WLS Plug-In installed with OHS
|
|
Base Platform OMS home
|
OBI BUNDLE PATCH 12.2.1.3.210915 Patch 33358811 or
later
|
Released October 2021
|
|
|
Base Platform OMS home
|
OHT SPU 12.2.1.3.0 Patch 31613012 or
later
|
Released July 2020
|
|
|
Base Platform OMS home
|
WebCenter Core Bundle Patch
12.2.1.3.200519 Patch 31403333 or
later
|
Released July 2020
|
|
|
Base Platform OMS home
|
FMW JDBC Java Patch 33621861 or
later
|
CVE-2021-2351
|
|
|
EM Cloud Control Connectors
|
Upgrade to Enterprise Manager
Connectors 13.2.2.0.0 or later
|
Released January 2021
|
See Announcement on MOSC
Connector 13.2.1.0 is applicable to EM 13.4
|
3.2.5 Oracle
Enterprise Manager Ops Center
Error
Correction information for Oracle Enterprise Manager Ops Center
|
Patch Information
|
12.4.0
|
Comments
|
|
Final CPU
|
April 2024
|
Premier Support ends
|
Patch Availability
for Oracle Enterprise Manager Ops Center
These patches contain Critical Patch
Update security vulnerabilities fixes for this release. All previous versions
will need to be upgraded to the minimum version. Then, apply the following
patches to fix the announced security vulnerabilities. For Oracle Enterprise
Manager Ops Center downloads and installation instructions,
see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
12.4.0
|
Ops Center UCE patches for Jan
2022 Patch 33701477 or
later
|
CVE-2021-3177
|
|
|
12.4.0
|
Ops Center UI/Other patches for Jan
2022 Patch 33701457 or
later
|
CVE-2021-2351, CVE-2021-3177
|
|
3.2.6 OSS Support
Tools
Error
Correction information for OSS Support Tools
|
Patch Information
|
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for OSS Support Tools
|
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
|
|
Patch 22783063
|
|
See My Oracle Support Note 1153444.1, Oracle
Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT
|
3.2.7 Oracle
Configuration Manager
Minimum
Product Requirements for Oracle Configuration Manager
Critical Patch Update security
vulnerabilities are fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com).
Customer can use collector tab to down the Oracle Configuration Manager
Collector.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Configuration Manager
|
OCM 12.1.2.0.8 Patch 5567658 or
later
|
Released July 2021
|
Upgrade to 12.1.2.0.8 Release
|
3.3 Oracle Fusion
Middleware
This section contains the following:
·
Section 3.3.1 "Reserved for Future Use"
·
Section 3.3.2 "NetBeans IDE"
·
Section 3.3.3 "Oracle Business Intelligence
Enterprise Edition"
·
Section 3.3.4 "Oracle Business Intelligence
Publisher"
·
Section 3.3.5 "Oracle Data Integrator"
·
Section 3.3.6 "Reserved for Future Use"
·
Section 3.3.7 "Oracle Data Visualization
Desktop"
·
Section 3.3.8 "Oracle Enterprise Data
Quality"
·
Section 3.3.9 "Reserved for Future Use"
·
Section 3.3.10 "Oracle Exalogic Patch Set Update
(PSU)"
·
Section 3.3.11 "Oracle FMW Infrastructure"
·
Section 3.3.12 "Oracle Forms and Reports"
·
Section 3.3.13 "Oracle HTTP Server /
Web-Tier"
·
Section 3.3.14 "Oracle Hyperion Analytic Provider
Services"
·
Section 3.3.15 "Reserved for Future Use"
·
Section 3.3.16 "Reserved for Future Use"
·
Section 3.3.17 "Reserved for Future Use"
·
Section 3.3.18 "Oracle Hyperion Essbase"
·
Section 3.3.19 "Reserved for Future Use"
·
Section 3.3.20 "Oracle Hyperion Financial
Management"
·
Section 3.3.21 "Reserved for Future Use"
·
Section 3.3.22 "Oracle Hyperion Infrastructure
Technology"
·
Section 3.3.23 "Reserved for Future Use"
·
Section 3.3.24 "Oracle Hyperion Planning"
·
Section 3.3.25 "Reserved for Future Use"
·
Section 3.3.26 "Reserved for Future Use"
·
Section 3.3.27 "Oracle Hyperion Workspace"
·
Section 3.3.28 "Oracle Identity and Access
Management"
·
Section 3.3.29 "Oracle JDeveloper and Oracle
ADF"
·
Section 3.3.30 "Oracle Map Viewer"
·
Section 3.3.31 "Oracle Outside In Technology"
·
Section 3.3.32 "Oracle Real Time Decisions
Applications"
·
Section 3.3.33 "Oracle Real Time Decisions
Platform"
·
Section 3.3.34 "Oracle Service Architecture Leveraging
Tuxedo (SALT)"
·
Section 3.3.35 "Oracle SOA Suite"
·
Section 3.3.36 "Oracle Traffic Director"
·
Section 3.3.37 "Oracle Tuxedo"
·
Section 3.3.38 "Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)"
·
Section 3.3.39 "Oracle WebCenter"
·
Section 3.3.40 "Oracle WebCenter Sites (Formerly
FatWire Content Server)"
·
Section 3.3.41 "Reserved for Future Use"
·
Section 3.3.42 "Reserved for Future Use"
·
Section 3.3.43 "Oracle WebLogic Server"
·
Section 3.3.44 "Oracle Coherence"
3.3.1 Reserved for Future Use
3.3.2 NetBeans IDE
Minimum
Product Requirements for NetBeans IDE
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads,
see https://netbeans.org/downloads/
|
Product Home
|
Release
|
Advisory Number
|
Comments
|
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle Business Intelligence
Enterprise Edition
Error
Correction information for Oracle Business Intelligence Enterprise Edition
|
Patch
Information
|
5.9.0.0.0
|
5.5.0.0.0
|
12.2.1.4.0
|
12.2.1.3
|
Comments
|
|
Final CPU
|
-
|
-
|
-
|
October 2022
|
|
NOTE: If Oracle Analytics or Business
Intelligence customer’s enable Native Network
Encryption (NNE), they may see services fail. To learn more, see Note 2834587.1
Patch Availability
for Oracle Analytics Server 5.9
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle Analytics Server (OAS) 5.9.0.0.0
|
Download and apply the SPB patch:
OAS STACK PATCH BUNDLE 5.9.0.0.0 Patch 33742401 or
later
OR download and apply the individual patches below:
|
CVE-2022-21346, CVE-2019-17566,
CVE-2021-45105, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668,
CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682,
CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934,
CVE-2022-21361, CVE-2020-5258, CVE-2020-13956, CVE-2022-21257,
CVE-2022-21385, CVE-2022-21259, CVE-2022-21260, CVE-2022-21261,
CVE-2022-21262, CVE-2020-11023, CVE-2022-21252, CVE-2022-21292,
CVE-2022-21306
|
For patch availability, see section 2.2 Post Release Patches
|
|
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
|
OAS BUNDLE PATCH 5.9.0.0
<Patch 33702984> or later
|
CVE-2022-21346, CVE-2019-17566,
CVE-2021-45105
|
Fix for CVE-2021-45105 will also fix the CVE-45046 and
CVE-2021-44228.
For patch availability, see section 2.2 Post Release Patches
|
|
|
WLS PATCH SET UPDATE
12.2.1.4.220105 Patch 33727616 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682,
CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934,
CVE-2022-21306
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
|
|
|
Coherence 12.2.1.4 Cumulative Patch
10 Patch 32973297 or
later
|
Released July 2021
|
If WLS is installed, see WLS 12.2.1.4 for a full list of
patches needed including Oracle Coherence
|
|
|
WEBLOGIC SAMPLES SPU 12.2.1.4 Patch 33539252 or
later
|
CVE-2022-21361, CVE-2020-5258,
CVE-2020-13956, CVE-2022-21257, CVE-2022-21385, CVE-2022-21259,
CVE-2022-21260, CVE-2022-21261, CVE-2022-21262, CVE-2020-11023,
CVE-2022-21252, CVE-2022-21292
|
See Note 2255054.1, Details for Oracle
WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY
CPU 2020 Patch 31544353 or
later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
Patch
Availability for Oracle Analytics Server 5.5
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle Analytics Server (OAS) 5.5.0.0.0
|
Download and apply the SPB patch:
OAS STACK PATCH BUNDLE 5.5.0.0.0 Patch 33742402 or
later
OR download and apply the individual patches below:
|
CVE-2022-21346, CVE-2019-17566,
CVE-2021-45105, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668,
CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682,
CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934,
CVE-2022-21306
|
For patch availability, see section 2.2 Post Release Patches
|
|
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
|
OAS BUNDLE PATCH 5.5.0.0.210922 Patch 33327488 or
later
+
OAS 5.5.0.0.210922 One off Patch Patch 33545334
|
CVE-2022-21346
|
For patch availability of OAS BUNDLE PATCH
5.5.0.0 Patch 33702981, see
section 2.2 Post Release Patches
|
|
|
WLS PATCH SET UPDATE
12.2.1.4.220105 Patch 33727616 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669,
CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195,
CVE-2020-2934, CVE-2022-21306
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
|
|
|
Coherence 12.2.1.4 Cumulative Patch
10 Patch 32973297 or
later
|
Released July 2021
|
If WLS is installed, see WLS 12.2.1.4 for a full list of
patches needed including Oracle Coherence
|
|
|
WEBLOGIC SAMPLES SPU
12.2.1.4.220118 Patch 33539252 or
later
|
CVE-2022-21361, CVE-2020-5258,
CVE-2020-13956, CVE-2022-21257, CVE-2022-21385, CVE-2022-21259,
CVE-2022-21260, CVE-2022-21261, CVE-2022-21262, CVE-2020-11023,
CVE-2022-21252, CVE-2022-21292
|
See Note 2255054.1, Details for Oracle
WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY
CPU 2020 Patch 31544353
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
Patch
Availability for Oracle Business Intelligence Enterprise Edition 12.2.1.4
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle Business Intelligence Enterprise
Edition
|
Download and apply the SPB patch:
OBI STACK PATCH BUNDLE 12.2.1.4 Patch 33715784 or
later
OR download and apply the individual patches below:
|
CVE-2022-21346, CVE-2019-17566,
CVE-2021-45105, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668,
CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682,
CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934,
CVE-2022-21306
|
For patch availability, see
section 2.2 Post Release Patches
|
|
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
|
OBI BUNDLE PATCH 12.2.1.4.210915 Patch 33358815
+
OBI 12.2.1.4.210915 One off Patch 33545271
|
CVE-2022-21346
|
For patch availability of BUNDLE PATCH 12.2.1.4 Patch 33642477, see
section 2.2 Post Release Patches
|
|
|
WLS PATCH SET UPDATE
12.2.1.3.211222 Patch 33699205 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669,
CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195,
CVE-2020-2934, CVE-2022-21306
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
|
|
|
Coherence 12.2.1.3 Cumulative Patch
15 Patch 32973279 or
later
|
Released July 2021
|
If WLS is installed, see WLS 12.2.1.3 for a full list of
patches needed including Oracle Coherence
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY
CPU 2020 Patch 31544340 or
later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
Patch
Availability for Oracle Business Intelligence Enterprise Edition 12.2.1.3
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle Business Intelligence Enterprise
Edition
|
Download and apply the SPB patch:
OBI STACK PATCH BUNDLE 12.2.1.3 Patch 33747991 or
later
OR download and apply the individual patches below:
|
CVE-2022-21346, CVE-2019-17566,
CVE-2021-45105, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668,
CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682,
CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934,
CVE-2022-21306
|
For patch availability, see
section 2.2 Post Release Patches
|
|
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
|
OBI BUNDLE PATCH 12.2.1.3.210915 Patch 33358811
+
OBI 12.2.1.3.210915 One off
<Patch 33560997>
|
CVE-2022-21346
|
For patch availability of OBI BUNDLE
PATCH 12.2.1.3 Patch 33666334, see
section 2.2 Post Release Patches
|
|
|
WLS PATCH SET UPDATE
12.2.1.3.211222 Patch 33699205 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669,
CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195,
CVE-2020-2934, CVE-2022-21306
|
See Note 2764668.1 Security Advice and
Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
Coherence 12.2.1.3 Cumulative Patch
15 Patch 32973279 or
later
|
Released July 2021
|
If WLS is installed, see WLS 12.2.1.3 for a full list of
patches needed including Oracle Coherence
|
|
|
FMW Platform 12.2.1.3.0 SPU FOR
AprCPU2021 Patch 32982708 or
later
|
Released April 2021
|
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY
CPU 2020 Patch 31544340 or
later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
3.3.4 Oracle Business
Intelligence Publisher
Error
Correction information for Oracle Business Intelligence Publisher
|
Patch Information
|
12.2.1.4
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Business Intelligence Publisher
3.3.5 Oracle Data Integrator
Error
Correction information for Oracle Data Integrator
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
|
October 2022
|
Note 1933372.1 Error Correction
Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
Patch Availability for Oracle Data
Integrator 12.2.1.4
Patch Availability for Oracle Data
Integrator 12.2.1.3
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle Data Integrator
|
ODI Bundle Patch 12.2.1.3 Patch 33510887 or
later
|
CVE-2021-45105
|
|
3.3.6 Reserved for
Future Use
3.3.7 Oracle Data
Visualization Desktop
Error
Correction information for Oracle Data Visualization Desktop
|
Patch Information
|
12.2.4.1.1
|
Comments
|
|
Final CPU
|
-
|
|
Patch
availability for Oracle Data Visualization Desktop
3.3.8 Oracle Enterprise
Data Quality
Error
Correction information for Oracle Enterprise Data Quality
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
July 2025
|
October 2022
|
|
Patch
Availability for Oracle Enterprise Data Quality
|
Distribution / Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure"
|
|
Apply FMW infrastructure patches if you
have installed EDQ with WebLogic Server
|
|
Oracle Enterprise Data Quality 12.2.1.4
|
EDQ 12.2.1.4.0 CPU Jan 2022 Patch 33764554 or
later
|
CVE-2021-2351
|
|
|
Oracle Enterprise Data Quality 12.2.1.3
|
EDQ 12.2.1.3.0 CPU Jan 2022 Patch 33764671 or
later
|
CVE-2021-2351
|
|
3.3.9 Reserved for
Future Use
3.3.10 Oracle Exalogic
Patch Set Update (PSU)
Error
Correction information for Oracle Exalogic Patch Set Update (PSU)
|
Patch Information
|
2.x
|
1.x
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Set
Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.4.211019 Physical Linux (for all X2-2, X3-2,
X4-2, X5-2, and X6-2) Patch 33217537 or
later
2.0.6.3.211019 Physical Solaris (for all X2-2, X3-2,
X4-2, and X5-2) Patch 33217537 or
later
|
Released July 2021
|
See Note 1314535.1, Announcing Exalogic PSUs
(Patch Set Updates)
|
|
2.x Virtual
|
2.0.6.3.211019 Virtual (for all X2-2, X3-2, X4-2, X5-2,
and X6-2) Patch 33217538 or
later
|
Released July 2021
|
See Note 1314535.1, Announcing Exalogic PSUs
(Patch Set Updates)
|
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013 (15931901)
|
See Patch 13795376 EECS
2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 15931901 Oracle
Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing
Exalogic PSUs (Patch Set Updates)
|
3.3.11 Oracle FMW
Infrastructure
This section contains the following:
·
Section 3.3.11.1 "Error Correction information for
Oracle Fusion Middleware Infrastructure"
·
Section 3.3.11.2 "Patch Availability for Oracle
Fusion Middleware Infrastructure 12.2.1.4"
·
Section 3.3.11.3 "Patch Availability for Oracle
Fusion Middleware Infrastructure 12.2.1.3"
3.3.11.1 Error Correction
Information for Oracle Fusion Middleware Infrastructure
Error
Correction information for Oracle Fusion Middleware Infrastructure
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
|
October 2022
|
See Note 1933372.1, Error Correction Support
Dates for Oracle Fusion Middleware 12c - FMW/WLS
See Note 1290894.1, Error Correction Support
Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
|
|
On-Request platforms
|
-
|
|
Note: 11.1.1.9.0 patches provided
beyond Dec 2018 are for Extended Support Customers only
|
3.3.11.2 Patch
Availability for Oracle Fusion Middleware Infrastructure 12.2.1.4
Note: The patches and guidance below
are common to all Oracle Fusion Middleware (FMW) products installed
(colocated) with an FMW 12.2.1.4 Infrastructure. Ensure to also follow the
tables within this document for all FMW products you have installed with the
FMW 12.2.1.4 Infrastructure.
|
Product / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
Java home
|
Java SE 8 Update 321 Patch 18143322 or
later for Linux, Windows, and Solaris.
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How
to Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server
|
Download and apply the SPB or individual patches listed
within the section, "Oracle WebLogic Server 12.2.1.4"
Then, apply the patches below for the remaining FMW
Infrastructure components:
|
See "Oracle WebLogic Server 12.2.1.4"
|
If using Identity and Access Management, refer to Oracle Identity and Access Management 12.2.1.4.
The IDM Stack Patch Bundle includes all FMW Infrastructure and WLS patches.
|
|
Application Development Framework (ADF)
|
ADF Bundle Patch 12.2.1.4 Patch 33697227 or
later
|
CVE-2021-45105
|
See Note 2834384.1 Details for applying
Jan 2022 ADF 12.2.1.4 patch with 12.2.1.4 FMW COMMON THIRD PARTY SPU
|
|
FMW Third-Party Jars
|
FMW COMMON THIRD PARTY SPU 12.2.1.4.0
FOR Jan2022 CPU Patch 33723124 or
later
|
Released Jan 2022
|
See Note 2768441.1 Details for Oracle
Fusion Middleware Third-Party Component Updates
|
|
Oracle Platform Security Services
(OPSS)
|
OPSS BUNDLE PATCH 12.2.1.4.210418 Patch 32784652 or
later
|
Released April 2021
|
|
|
FMW Control
|
FMW Control SPU Patch Patch 30613424 or
later
|
Released April 2021
|
|
|
WebCenter Core
|
WebCenter Core Bundle Patch
12.2.1.4.200526 Patch 31403376 or
later
|
Released July 2020
|
|
3.3.11.3 Patch
Availability for Oracle Fusion Middleware Infrastructure 12.2.1.3
Note: The patches and guidance below
are common to all Oracle Fusion Middleware (FMW) products installed
(colocated) with an FMW 12.2.1.3 Infrastructure. Ensure to also follow the
tables within this document for all FMW products you have installed with the
FMW 12.2.1.3 Infrastructure.
|
Product / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
Java home
|
Java SE 8 Update 321 Patch 18143322 or
later for Linux, Windows, and Solaris.
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How
to Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server
|
Download and apply the SPB or individual patches listed
within the section, "Oracle WebLogic Server 12.2.1.3"
Then, apply the patches below for the remaining FMW
Infrastructure components:
|
See "Oracle WebLogic Server 12.2.1.3"
|
If using Identity and Access Management, refer to Oracle Identity and Access Management 12.2.1.3.
The IDM Stack Patch Bundle includes all FMW Infrastructure and WLS patches.
|
|
FMW Third-Party Jars
|
FMW COMMON THIRD PARTY SPU 12.2.1.3.0
FOR APRIL2021CPU Patch 32910589 or
later
|
Released April 2021
|
See Note 2768441.1 Details for Oracle
Fusion Middleware Third-Party Component Updates
|
|
Oracle Platform Security Services
(OPSS)
|
OPSS Bundle Patch 12.2.1.3.210420 Patch 32397127 or
later
|
Released April 2021
|
|
|
Application Development Framework (ADF)
|
ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or
later
|
Released October 2020
|
Apply to all Oracle homes installed
with an FMW Infrastructure
|
|
Oracle Help Technologies (OHT)
|
OHT SPU 12.2.1.3.0 Patch 31613012 or
later
|
Released July 2020
|
|
|
WebCenter Core
|
WebCenter Core Bundle Patch
12.2.1.3.200519 Patch 31403333 or
later
|
Released July 2020
|
|
3.3.12 Oracle Forms and
Reports
Error
Correction information for Oracle Forms and Reports
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
|
October 2022
|
Note 1933372.1 Error Correction
Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
Patch Availability for Oracle Forms and Reports 12.2.1.4
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle Reports
|
Oracle Reports Developer 12.2.1.4.0
SPU Patch 30731161 or
later
|
Released January 2020
|
|
|
Oracle HTTP server (OHS)
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.4.211130 Patch 33619347 or
later
|
CVE-2021-40438
|
Note 2743971.1 Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or
later
|
Released April 2021
|
|
Patch Availability for Oracle Forms
and Reports 12.2.1.3
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle Forms
|
Forms 12.2.1.3.0 SPU Patch 30410629 or
later
|
Released October 2019
|
|
|
Oracle Reports
|
Reports Developer 12.2.1.3 SPU Patch 30731147 or
later
|
Released January 2020
|
|
|
Oracle HTTP Server (OHS)
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.3.211130 Patch 33619405 or
later
|
CVE-2021-40438
|
Note 2568225.1 Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or
later
|
Released April 2021
|
|
|
Oracle Access Manager (OAM) WebGate
|
OAM WebGate Bundle Patch
12.2.1.3.200813 Patch 31750289 or
later
|
Released October 2020
|
|
|
Oracle Notification Server (ONS)
|
ONS 12.2.1.3.0 SPU Patch Patch 27323998 or
later
|
Released July 2018
|
For the WLS Plug-In installed with OHS
|
3.3.13 Oracle HTTP Server
/ Web-Tier
This section contains the following:
·
Section 3.3.13.1 "Error Correction information for
Oracle HTTP Server"
·
Section 3.3.13.2 "Patch Availability for Oracle
HTTP Server 12.2.1.4 (Colocated with FMW Infrastructure)"
·
Section 3.3.13.3 "Patch Availability for Oracle
HTTP Server 12.2.1.4 (Standalone)"
·
Section 3.3.13.4 "Patch Availability for Oracle
HTTP server 12.2.1.3 (Colocated with FMW Infrastructure)"
·
Section 3.3.13.5 "Patch Availability for Oracle
HTTP Server 12.2.1.3 (Standalone)"
3.3.13.1 Error Correction
Information for Oracle HTTP Server / Web-Tier
Error
Correction information for Oracle HTTP Server / Web-Tier
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
July 2025
|
October 2022
|
Note 1933372.1 Error Correction
Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
|
|
|
3.3.13.2 Patch Availability
for Oracle HTTP Server 12.2.1.4 (Colocated with FMW Infrastructure)
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.4.211130 Patch 33619347 or
later
|
CVE-2021-40438
|
Note 2743971.1 Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or
later
|
Released April 2021
|
|
3.3.13.3 Patch Availability
for Oracle HTTP Server 12.2.1.4 (Standalone)
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
Java home
|
Java SE 8 Update 321 Patch 18143322 for
Linux, Windows, and Solaris.
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1 How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
OPatch home
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
Upgrade OPatch before installing
patches
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.4.211130 Patch 33619347 or
later
|
CVE-2021-40438
|
Note 2743971.1 Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
FMW JDBC
|
FMW JDBC Java Patch 32720458 or
later
|
CVE-2021-2351
|
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or
later
|
Released April 2021
|
|
|
Node Manager and WLST
|
WLS PATCH SET UPDATE
12.2.1.4.220105 Patch 33727616 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669,
CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195,
CVE-2020-2934
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
|
|
|
RDAOFM (OPatch) 20.4.07.01.22 for FMW
12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or
later
|
CVE-2021-2351
|
|
|
FMW Platform
|
FMW PLATFORM 12.2.1.4.0 SPU FOR
APRCPU2021 Patch 33093748 or
later
|
Released April 2021
|
|
|
FMW Third-Party Jars
|
FMW COMMON THIRD PARTY SPU 12.2.1.4.0
FOR Jan 2022 CPU Patch 33723124 or
later
|
Released January 2022
|
See Note 2768441.1 Details for Oracle
Fusion Middleware Third-Party Component Updates
|
3.3.13.4 Patch Availability
for Oracle HTTP Server 12.2.1.3 (Colocated with FMW Infrastructure)
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.3.211130 Patch 33619405 or
later
|
CVE-2021-40438
|
See Note 2568225.1 Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or
later
|
Released April 2021
|
|
|
Oracle Access Manager (OAM) WebGate
|
OAM WebGate Bundle Patch
12.2.1.3.200813 Patch 31750289 or
later
|
Released October 2020
|
|
|
Oracle Notification Server (ONS)
|
ONS 12.2.1.3.0 SPU Patch Patch 27323998 or
later
|
Released July 2018
|
For the WLS Plug-In installed with OHS
|
3.3.13.5 Patch Availability
for Oracle HTTP Server 12.2.1.3 (Standalone)
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
Java home
|
Java SE 8 Update 311 Patch 18143322 or
later for Linux, Windows, and Solaris.
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1 How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
OPatch home
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
Upgrade OPatch before installing
patches
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.3.211130 Patch 33619405 or
later
|
CVE-2021-40438
|
See Note 2568225.1 Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
|
RDAOFM (OPatch) 20.4.07.01.22 for FMW
12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or
later
|
CVE-2021-2351
|
|
|
FMW JDBC
|
FMW JDBC Java Patch 33290784 or
later
|
CVE-2021-2351
|
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or
later
|
Released April 2021
|
|
|
Node Manager and WLST
|
WLS PATCH SET UPDATE
12.2.1.3.211222 Patch 33699205 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682,
CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
|
|
FMW Platform
|
FMW Platform 12.2.1.3.0 SPU FOR
AprCPU2021 Patch 32982708 or
later
|
Released April 2021
|
|
|
FMW Third-Party Jars
|
FMW COMMON THIRD PARTY SPU 12.2.1.3.0
FOR APRIL2021CPU Patch 32910589 or
later
|
Released April 2021
|
See Note 2768441.1 Details for Oracle
Fusion Middleware Third-Party Component Updates
|
|
Oracle Access Manager (OAM) WebGate
|
OAM WebGate Bundle Patch
12.2.1.3.200813 Patch 31750289 or
later
|
Released October 2020
|
|
|
Oracle Notification Server (ONS)
|
ONS 12.2.1.3.0 SPU Patch Patch 27323998 or
later
|
Released July 2018
|
For the WLS Plug-In installed with OHS
|
3.3.14 Oracle Hyperion Analytic Provider
Services
Error
Correction information for Oracle Hyperion Analytic Provider Services
|
Patch Information
|
12.2.1.4
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Hyperion Analytic Provider Services
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.4
|
See Note 2769474.1 How To Remove Analytic
Provider Services from Oracle Business Intelligence / Fusion Middleware
12.2.1.4
|
Released April 2021
|
|
3.3.15 Reserved for
Future Use
3.3.16 Reserved for
Future Use
3.3.17 Reserved for
Future Use
3.3.18 Oracle Hyperion
Essbase
Error
Correction information for Oracle Hyperion Essbase
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
January 2022
|
|
Patch
Availability for Oracle Hyperion Essbase
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
11.1.2.4.047 PSU Patch 33485383 (Essbase
Server)
11.1.2.4.047 PSU Patch 33485376 (Essbase
Client)
11.1.2.4.047 PSU Patch 33485381 (Essbase
MSI Client)
11.1.2.4.047 PSU Patch 33485386 (Essbase
Runtime Client)
11.1.2.4.047 PSU Patch 33485394 (Analytic
Provider Services)
11.1.2.4.047 PSU Patch 33485370 (Essbase
Administration Services Server)
11.1.2.4.047 PSU Patch 33485372 (Essbase
Administration Services MSI Client)
|
Released January 2022
|
|
|
11.1.2.3
|
11.1.2.3.508 PSU Patch 22347375 (RTC)
11.1.2.3.508 PSU Patch 22347367 (Client)
11.1.2.3.508 PSU Patch 22314799 (Server)
|
Released April 2017
|
|
|
11.1.2.2
|
Upgrade to Hyperion Essbase 11.1.2.3, then apply the
patches listed above
|
Released July 2015
|
|
3.3.19 Reserved for
Future Use
3.3.20 Oracle Hyperion
Financial Management
Error
Correction information for Oracle Hyperion Financial Management
|
Patch Information
|
11.1.2.4
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Hyperion Financial Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
The issue has been addressed in the
latest releases: 11.2.*.
Customers on the prior releases are recommended to upgrade to the latest
releases. An upgrade path for release 11.1.2.4 is described in the Oracle
Enterprise Performance Management System Release 11.2.2.0.000 Readme
|
Released April 2021
|
|
|
11.1.2.4 & 11.2
|
The issue has been addressed in the
latest release: 11.2.7.0.000
Customers on the prior releases are recommended to upgrade to the latest
release.
|
Released October 2021
|
|
3.3.21 Reserved for
Future Use
3.3.22 Oracle Hyperion
Infrastructure Technology
Error
Correction information for Oracle Hyperion Infrastructure Technology
|
Patch Information
|
11.2
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Hyperion Infrastructure Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2
|
The issue has been addressed in the
latest release: 11.2.7.0.000
Customers on the prior releases are recommended to upgrade to the latest
release.
|
CVE-2021-2351
|
|
|
11.2
|
For 11.2.4, 11.2.5, 11.2.6 & 11.2.7
Apply FMW JDBC Java Patch 32720458 or
later
|
CVE-2021-2351
|
|
3.3.23 Reserved for
Future Use
3.3.24 Oracle Hyperion
Planning
Error
Correction information for Oracle Hyperion Planning
|
Patch Information
|
11.2
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Hyperion Planning
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2
|
The issue has been addressed in the
latest releases: 11.2.7.0.000
Customers on the prior releases are recommended to upgrade to the latest
release.
|
Released October 2021
|
|
3.3.25 Reserved for
Future Use
3.3.26 Reserved for
Future Use
3.3.27 Oracle Hyperion
Workspace
Error
Correction information for Oracle Hyperion Workspace
|
Patch Information
|
11.2
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Hyperion Workspace
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2
|
The issue has been addressed in the
latest release: 11.2.6
|
Released July 2021
|
|
3.3.28 Oracle Identity
and Access Management
This section contains the following:
·
Section 3.3.28.1 "Error Correction Information for
Oracle Identity & Access Management"
·
Section 3.3.28.2 "Patch Availability for Oracle
Identity & Access Management 12.2.1.4"
·
Section 3.3.28.3 "Patch Availability for Oracle Identity & Access Management 12.2.1.3"
·
Section 3.3.28.5 "Oracle Identity Management Connector"
3.3.28.1 Error
Correction Information for Oracle Identity & Access Management
Error Correction Information for Oracle
Identity & Access Management
|
Patch
Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final
CPU
|
July 2025
|
October 2022
|
See Note 1933372.1, Error Correction Support
Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
|
On-Request
platforms
|
-
|
-
|
|
3.3.28.2 Patch
Availability for Oracle Identity & Access Management 12.2.1.4.0
|
Product
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
Java
SE
|
Java SE 8 Update 311 Patch 18143322 or
later for Linux, Windows, and Solaris
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
Download locations and installation instructions are in
the above document.
|
See Note 1492980.1 How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle Access
Manager (OAM)
Oracle Identity
Manager (OIM)
Oracle Unified
Directory (OUD) -Collocated
Oracle Internet
Directory (OID)- Collocated
|
Download and apply the SPB patch:
IDM Stack Patch Bundle 12.2.1.4 Patch 33762692 or
later
OR download and apply the individual patches below:
|
CVE-2021-35587, CVE-2020-9546,
CVE-2021-29505, CVE-2021-36090, CVE-2021-45105, CVE-2021-2351
|
See Note 2657920.1 Stack Patch Bundle for
Oracle Identity Management Products
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Access
Manager (OAM)
Oracle Identity
Manager (OIM)
Oracle Unified
Directory (OUD) -Collocated
Oracle Internet
Directory (OID)- Collocated
|
See Section "Oracle Fusion Middleware Infrastructure
12.2.1.4"
|
See Section "Oracle Fusion Middleware Infrastructure
12.2.1.4"
|
Oracle Fusion Middleware Infrastructure
patches
|
|
Oracle
Access Manager (OAM)
|
OAM Bundle Patch 12.2.1.4 Patch 33751903 or
later
|
CVE-2021-35587
|
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Identity Manager (OIM)
|
OIM Bundle Patch 12.2.1.4.210708 Patch 33092785 or
later
|
Released July 2021
|
|
|
Oracle
Identity Manager (OIM)
|
SOA BUNDLE PATCH 12.2.1.4.211221Patch 33696548 or
later
|
CVE-2021-29505, CVE-2021-36090,
CVE-2021-45105
|
|
|
Oracle
Internet Directory (OID) - Standalone with NodeManager
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
Oracle
Internet Directory (OID) - Standalone with NodeManager
|
FMW JDBC Java Patch 32720458 or
later
|
CVE-2021-2351
|
|
|
Oracle
Identity Manager (OIM)
|
Oracle WebCenter Core Bundle Patch
12.2.1.4.210303 Patch 32582592 or
later
|
Released April 2021
|
|
|
Oracle
Unified Directory (OUD) - Standalone and Collocated
|
OUD BUNDLE PATCH 12.2.1.4.200526 Patch 31400392 or
later
|
Released July 2020
|
|
|
Oracle
Internet Directory (OID) - Standalone and Standalone with Nodemanger
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
Oracle
Internet Directory (OID) - Standalone and Standalone with Nodemanger
|
OSS Bundle Patch 12.2.1.4.210302 Patch 32575741 or
later
|
Released April 2021
|
Oracle Security Services (OSS) patch for SSL used by Oracle Internet Directory (OID)
Standalone and Standalone with NodeManager installs.
|
|
Oracle
Internet Directory (OID) - Standalone with NodeManager
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JAN
CPU 2022 Patch 33639718 or
later
|
CVE-2021-2351
|
ADR Patch
See Note 2703429.1 for details on ADR and
the Applicability of this patch.
|
3.3.28.3 Patch
Availability for Oracle Identity & Access Management 12.2.1.3.0
|
Product
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
Java SE
|
Java SE 8 Update 311 Patch 18143322 or
later for Linux, Windows, and Solaris
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
Download locations and installation instructions are in
the above document.
|
See Note 1492980.1 How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle Access Manager (OAM)
Oracle Identity Manager (OIM)
Oracle Unified Directory (OUD) -Collocated
Oracle Internet Directory (OID)- Collocated
|
Download
and apply the SPB patch:
IDM Stack Patch Bundle 12.2.1.3 Patch 33762787 or
later
OR download and apply the individual
patches below:
|
CVE-2021-35587, CVE-2021-36090,
CVE-2021-45105, CVE-2021-2351
|
See Note 2657920.1 Stack Patch Bundle for
Oracle Identity Management Products
The IDM SPB includes CPU and functional fixes from IDM and lower stack
products. Oracle recommends that you apply this single patch for Identity
& Access Management Oracle homes.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Access Manager (OAM)
Oracle Identity Manager (OIM)
Oracle Unified Directory (OUD) -Collocated
Oracle Internet Directory (OID)- Collocated
|
See Section "Oracle Fusion Middleware Infrastructure
12.2.1.3"
|
See Section "Oracle Fusion Middleware Infrastructure
12.2.1.3"
|
Apply all of the patches recommended
for "Oracle Fusion Middleware Infrastructure (WebLogic Server for
FMW)" Distribution.
|
|
Oracle Access Manager (OAM)
|
OAM Bundle Patch 12.2.1.3 Patch 33752617 or
later
|
CVE-2021-35587
|
For patch availability, see
section 2.2 Post Release Patches
|
|
Oracle Identity Manager (OIM)
|
SOA Bundle Patch 12.2.1.3.211119 Patch 33697220 or
later
|
CVE-2021-36090, CVE-2021-45105
|
|
|
Oracle Internet Directory (OID) -
Standalone with NodeManager
|
FMW JDBC Java Patch 33290784 or
later
|
CVE-2021-2351
|
|
|
Oracle Identity Manager (OIM)
|
OIM Bundle Patch 12.2.1.3.210713 Patch 33112283 or
later
|
Released July 2021
|
|
|
WebGates for Oracle Access Manager
|
OAM WebGate Bundle Patch
12.2.1.3.200813 Patch 31750289 or
later
|
Released October 2020
|
Apply this patch where OHS 12.2.1.3 is installed.
See "Oracle HTTP Server 12.2.1.3"
|
|
Oracle Internet Directory (OID) -
Standalone and Standalone with NodeManager
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
Upgrade OPatch before installing
patches on OUD/OID standalone installations
|
|
Oracle Unified Directory (OUD) -
Standalone and Collocated
|
OUD BUNDLE PATCH 12.2.1.3.200623 Patch 31529239 or
later
|
Released July 2020
|
|
|
Oracle Internet Directory (OID)
-Standalone, Standalone with NodeManager and Collocated
|
OID Bundle Patch 12.2.1.3.180116
Patch 27396651> or later
|
Released January 2018
|
Oracle Internet Directory (OID) patch
See Note 2355090.1 Oracle Internet
Directory (OID) Version 12c Bundle Patch (BP) (Including Directory
Integration Platform / DIP) / Bundle Patches For Non-Fusion Applications
(NonFA / NonP4FA) Customers
|
|
Oracle Internet Directory (OID) -
Standalone and Standalone with NodeManager
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or
later
|
Released April 2021
|
Oracle Security Services (OSS) patch
for SSL used by Oracle Internet Directory (OID)
|
3.3.28.5 Oracle Identity
Management Connector
Error Correction information for Oracle
Identity Management Connector
|
Patch
Information
|
12c
|
11g
|
9.1.1.5
|
Comments
|
|
Final
CPU
|
refer to Note 2454684.1
|
|
Patch Availability for Oracle Identity
Management Connector
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Microsoft
AD connector 9.1.1.5
|
OIM Connector 9.1.1.5.15 Patch 25028999
|
Released October 2017
|
|
|
CA
Top Secret Connector 9.1.0.6
|
OIM Connector 9.1.0.6 Patch 31708407
|
Released October 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
|
RACF
adv connector 9.1.0.2
|
OIM Connector 9.1.0.2 Patch 31058957
|
Released April 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
|
acf2
connector 9.1.0.1
|
OIM Connector 9.1.0.1 Patch 31101274
|
Released April 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
|
Generic
Rest 11.1.1.5.0
|
OIM Connector 11.1.1.5.0 Patch 32352803
|
Released April 2021
|
|
3.3.29 Oracle
JDeveloper and Oracle ADF
Error Correction information for Oracle
JDeveloper and Oracle ADF
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
July 2025
|
October 2022
|
|
|
Understanding Patch Release Versions
|
See Note 1494151.1, Understanding Fusion
Middleware Bundle Patch (BP) Release Versions.
|
Critical
Patch Update Availability for Oracle JDeveloper and Oracle ADF
|
Release
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
12.2.1.4.0
|
ADF Bundle Patch 12.2.1.4.211221 Patch 33697227 or
later
|
CVE-2021-45105
|
See Note 2834384.1 Details for applying
Jan 2022 ADF 12.2.1.4 patch with 12.2.1.4 FMW COMMON THIRD PARTY SPU
It is recommended to apply FMW JDBC 12.2.1.4 to fix CVE-2021-2351
|
|
FMW Home 12.2.1.4 JDBC
|
FMW JDBC Java Patch 32720458 or
later
|
CVE-2021-2351
|
|
|
12.2.1.3.0
|
ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or
later
|
Released October 2020
|
It is recommended to apply FMW Home 12.2.1.3
JDBC patch to fix CVE-2021-2351
|
|
FMW Home 12.2.1.3 JDBC
|
FMW JDBC Java Patch 33290784 or
later
|
CVE-2021-2351
|
|
|
|
RDAOFM (OPatch) 20.4.07.01.22 for FMW
12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or
later
|
CVE-2021-2351
|
|
3.3.30 Oracle Map Viewer
Error
Correction information for Oracle Map Viewer
|
Patch Information
|
12.2.1.4
|
Comments
|
|
Final CPU
|
July 2025
|
|
Patch
Availability for Oracle Map Viewer
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
12.2.1.4
|
MapViewer 12.2.1.4 Patch 33493864 or
later
|
CVE-2021-29425
|
|
|
FMW JDBC
|
FMW JDBC Java Patch 32720458 or
later
|
CVE-2021-2351
|
|
|
|
RDAOFM (OPatch) 20.4.07.01.22 for FMW
12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or
later
|
CVE-2021-2351
|
|
3.3.31 Oracle Outside In
Technology
Error
Correction information for Oracle Outside In Technology
|
Patch Information
|
8.5.5
|
Comments
|
|
Final CPU
|
April 2022
|
|
Patch
Availability for Oracle Outside In Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Outside In Technology 8.5.5
|
ORACLE OUTSIDE IN TECHNOLOGY (OIT)
OCTOBER 2021 8.5.5 BUNDLE PATCH Patch 33394086
|
Released October 2021
|
|
|
|
Oracle Outside in Clean Content 855
July Bundle Patch Release Patch 33091862
|
Released July 2021
|
|
3.3.32 Oracle Real Time
Decisions Applications
Error
Correction information for Oracle Real Time Decisions Applications
Describes the Error Correction
information for Oracle Real Time Decisions Applications.
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
Jul 2022
|
|
Patch
Availability for Oracle Real Time Decisions Applications
Describes the available patches for
Oracle Real Time Decisions Applications.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Real Time Decisions Applications
3.2 home
|
RTD APPLICATIONS 3.2 SPU FOR JUL CPU
2021
Patch 33107342 or
later
|
Released July 2021
|
|
3.3.33 Oracle Real Time
Decisions Platform
Error
Correction information for Oracle Real Time Decisions Platform
Describes the Error Correction
information for Oracle Real Time Decisions Platform.
|
Patch
Information
|
3.2
|
Comments
|
|
Final CPU
|
July 2022
|
|
Patch
Availability for Oracle Real Time Decisions Platform
Describes the available patches for Oracle
Real Time Decisions Platform.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Real Time Decisions Platform 3.2
home
|
RTD PLATFORM 3.2 SPU FOR OCT CPU
2021 Patch 33373472 or
later
|
Released October 2021
|
|
3.3.34 Oracle Service
Architecture Leveraging Tuxedo (SALT)
Error
Correction information for Oracle Service Architecture Leveraging Tuxedo
(SALT)
|
Patch Information
|
12.2.2.0.x
|
Comments
|
|
Final CPU
|
October 2024
|
|
Patch
Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Service Architecture Leveraging
Tuxedo (SALT) 12.2.2.0.x home
|
Oracle SALT 12.2.2.0.0 SPU FOR
CPUJan2019 Patch 29169314
|
Released January 2019
|
|
3.3.35 Oracle SOA Suite
Error Correction
information for Oracle SOA Suite
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
|
October 2022
|
Note 1933372.1 Error Correction
Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
|
|
|
Patch Availability for Oracle SOA
Suite 12.2.1.4
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle SOA Suite and Business Process
|
SOA STACK PATCH BUNDLE 12.2.1.4.220113Patch 33751658 or
later
|
CVE-2021-29505, CVE-2021-36090,
CVE-2021-45105, CVE-2021-2351
|
|
|
Oracle SOA Suite and Business Process
|
SOA BUNDLE PATCH 12.2.1.4.211221 Patch 33696548 or
later
|
CVE-2021-29505, CVE-2021-36090,
CVE-2021-45105
|
|
Patch Availability for Oracle SOA
Suite 12.2.1.3
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle SOA Suite and Business Process
|
SOA STACK PATCH BUNDLE 12.2.1.3 Patch 33751657 or
later
|
CVE-2021-29505, CVE-2021-36090,
CVE-2021-45105, CVE-2021-2351
|
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.3.221221 Patch 33697220 or
later
|
CVE-2021-29505, CVE-2021-36090,
CVE-2021-45105
|
|
3.3.36 Oracle Traffic
Director
Error
Correction information for Oracle Traffic Director
|
Patch Information
|
12.2.1.4
|
Comments
|
|
Final CPU
|
July 2025
|
|
Patch
Availability for Oracle Traffic Director
3.3.37 Oracle Tuxedo
Error Correction
information for Oracle Tuxedo
|
Patch Information
|
12.2.2.0
|
12.1.3.0
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
|
Patch
Availability for Oracle Tuxedo
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
12.2.2.0
|
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018
Linux Patch 28090531
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-64
with vs2015 Patch 28124771
rp029 oracle tuxedo 12.2.2 SPU for
JULCPU2018 win-32 with vs2015 Patch 28124779
|
Released July 2018
|
For CVE-2017-10269, see extra settings required with
these cumulative patches in Note 2326009.1
|
|
12.1.3.0
|
RP117 TUXEDO 12.1.3.0 SPU FOR CPUJAN2020 Patch 30596495
RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2013) FOR
CPUJAN2020 Patch 30601651
RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2012) FOR
CPUJAN2020 Patch 30601637
|
Released January 2020
|
For CVE-2017-10269, see extra settings required with
these cumulative patches in Note 2326009.1
|
3.3.38 Oracle Tuxedo
System and Applications Monitor Plus (TSAM Plus)
Error
Correction Information for Oracle Tuxedo System and Applications Monitor Plus
(TSAM Plus)
|
Patch Information
|
12.2.2
|
12.1.3
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
|
Patch
Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM
Plus)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
TSAM Plus 12.2.2
|
RP002 Patch 25389632
|
Released July 2017
|
|
|
TSAM Plus 12.1.3
|
RP019 FOR LINUX 64-BIT X86 Patch 27379436
|
Released January 2018
|
|
|
FMW JDBC
|
FMW JDBC Java Patch 32720458 or
later
|
CVE-2021-2351
|
|
|
|
RDAOFM (OPatch) 20.4.07.01.22 for FMW
12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or
later
|
CVE-2021-2351
|
|
3.3.39 Oracle WebCenter
Error
Correction information for Oracle WebCenter
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
|
October 2022
|
Note 1933372.1 Error Correction
Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
|
|
|
Patch Availability for Oracle
WebCenter 12.2.1.4
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle WebCenter Portal
|
Oracle Webcenter Portal Bundle Patch 12.2.1.4 Patch 33696812 or
later
|
CVE-2021-45105
|
|
|
Oracle WebCenter Sites
|
Oracle WebCenter Sites
12.2.1.4.211019 Patch 33381673 or
later
|
Released October 2021
|
|
Patch Availability for Oracle
WebCenter 12.2.1.3
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
See "Oracle Fusion Middleware Infrastructure
12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle WebCenter Portal
|
Oracle Webcenter Portal Bundle Patch 12.2.1.3 Patch 33695730 or
later
|
CVE-2021-45105
|
|
|
Oracle WebCenter Sites
|
Oracle WebCenter Sites
12.2.1.3.211019 Patch 33386937 or
later
|
Released October 2021
|
|
|
Oracle WebCenter Sites
|
Support Tools 4.4.2 for Oracle
WebCenter Sites 12.2.1.3.0 Patch 30505173
|
Released January 2020
|
Support Tools for Webcenter Sites Patch
|
|
Oracle WebCenter Content
|
WebCenter Content Bundle Patch
12.2.1.3.180417 Patch 27393392 or
later
|
Released April 2018
|
|
3.3.40 Oracle WebCenter
Sites (Formerly FatWire Content Server)
Error
Correction information for Oracle WebCenter Sites (formerly FatWire Content
Server)
|
Patch Information
|
12.2.1.4
|
Comments
|
|
Final CPU
|
July 2025
|
|
Patch
Availability for Oracle WebCenter Sites
3.3.41 Reserved for
Future Use
3.3.42 Reserved for
Future Use
3.3.43 Oracle WebLogic
Server
Error
Correction information for Oracle WebLogic Server
|
Patch Information
|
14.1.1.0.0
|
12.2.1.4.0
|
12.2.1.3
|
12.1.3
|
Comments
|
|
Final CPU
|
January 2028
|
July 2025
|
October 2022
|
January 2022
|
Note 950131.1 Error Correction
Support Dates for Oracle WebLogic Server
|
|
Understanding Patch Release Versions
|
|
-
|
|
|
See Note 2565576.1, Understanding WebLogic
Server Patch Set Update (PSU) Release Versions
|
Patch Set
Update Availability for Oracle WebLogic Server
For more information, see
MyOracleSupport Note 1470197.1,
Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS).
See Note 1306505.1,
Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
This section contains the following:
·
Section 3.3.43.1 Oracle WebLogic Server 14.1.1.0
·
Section 3.3.43.2 Oracle WebLogic Server 12.2.1.4
·
Section 3.3.43.3 Oracle WebLogic Server 12.2.1.3
·
Section 3.3.43.4 Oracle WebLogic Server 12.1.3
·
Section 3.3.43.5 Oracle WebLogic Server Proxy Plug-Ins
for Third-Party Webservers
For more information on obtaining
WebLogic Server container images with WebLogic Server Patch Set Updates, see
the following document on MyOracle Support “WebLogic Server Container Images
Updated with the Patch Set Update (PSU) and Other Security
Patches," Note 2771055.1
Apache Log4j version 2 is not used in
default Oracle WebLogic Server installations or configurations. However, the
Oracle WebLogic Server and Fusion Middleware homes contain vulnerable Log4j
version 2 jars.
3.3.43.1 Oracle WebLogic
Server 14.1.1.0
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 14.1.1.0 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
|
Java SE 8 Update 321 Patch 18143322 or
later for Linux, Windows, and Solaris.
or
Java SE 11.0.14 Patch 27838191 or
later for Linux, Windows, and Solaris.
|
See Note 2828114.1, Oracle Critical Patch Update
(CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server 14.1.1.0
|
Download
and apply the SPB patch:
WLS STACK PATCH BUNDLE 14.1.1.0.220112 Patch 33751244 or
later
OR download and apply the individual
patches below:
|
CVE-2021-35674, CVE-2021-35674,
CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680,
CVE-2021-29425, CVE-2020-2934, CVE-2022-21361, CVE-2020-5258, CVE-2020-13956,
CVE-2022-21257, CVE-2022-21385, CVE-2022-21259, CVE-2022-21260,
CVE-2022-21261, CVE-2022-21262, CVE-2022-21252, CVE-2022-21292,
CVE-2022-21258, CVE-2021-2351, CVE-2022-21306
|
See Note 2764636.1, Introducing the Stack
Patch Bundle (SPB) with SPBAT Utility for Oracle WebLogic Server
|
|
|
WLS PATCH SET UPDATE
14.1.1.0.220105 Patch 33727619 or
later
|
CVE-2021-35674, CVE-2021-35674,
CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680,
CVE-2021-29425, CVE-2020-2934, CVE-2022-21306
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
For CVE-2021-4104 fix, an overlay patch on top of
Jan'22 WLS PSU will be made available by 31st Jan'22.
|
|
|
Log4J 2.17.1 Overlay for WLS PSU
14.1.1.0.220105 Patch 33735326 or
later
|
CVE-2021-44832
|
|
|
|
WEBLOGIC SAMPLES SPU
14.1.1.0.220118 Patch 33537696 or
later
|
CVE-2022-21361, CVE-2020-5258,
CVE-2020-13956, CVE-2022-21257, CVE-2022-21385, CVE-2022-21259,
CVE-2022-21260, CVE-2022-21261, CVE-2022-21262, CVE-2022-21252,
CVE-2022-21292, CVE-2022-21258
|
See Note 2255054.1 Details for Oracle
WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
JDBC 19.3.0.0 FOR CPUJAN2022 (WLS
12.2.1.4, WLS 14.1.1) Patch 32720458 or
later
|
CVE-2021-2351
|
|
|
|
RDAOFM (OPatch) 20.4.07.01.22 for FMW
12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or
later
|
CVE-2021-2351
|
|
|
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
|
Coherence 14.1.1.0 Cumulative Patch
7 Patch 33286174 or
later
|
|
|
3.3.43.2 Oracle WebLogic
Server 12.2.1.4
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.4 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
|
Java SE 8 Update 321 Patch 18143322 or
later for Linux, Windows, and Solaris.
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server 12.2.1.4
|
Download and apply the SPB patch:
WLS STACK PATCH BUNDLE 12.2.1.4.220112 Patch 33751264 or
later
OR download and apply the individual patches below:
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669,
CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195,
CVE-2020-2934, CVE-2022-21361, CVE-2020-5258, CVE-2020-13956,
CVE-2022-21257, CVE-2022-21385, CVE-2022-21259, CVE-2022-21260,
CVE-2022-21261, CVE-2022-21262, CVE-2020-11023, CVE-2022-21252,
CVE-2022-21292, CVE-2021-2351, CVE-2022-21306
|
See Note 2764636.1, Introducing the Stack
Patch Bundle (SPB) with SPBAT Utility for Oracle WebLogic Server
If using the WLS Proxy Plugin for Apache or IIS, refer
to Oracle WebLogic Server Proxy Plug-Ins for Third-Party
Webservers
|
|
|
WLS PATCH SET UPDATE
12.2.1.4.220105 Patch 33727616 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669,
CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195,
CVE-2020-2934, CVE-2022-21306
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
For CVE-2021-4104 fix, an overlay patch on top of Jan'22 WLS PSU will be
made available by 31st Jan'22.
|
|
|
Log4J 2.17.1 Overlay for WLS PSU
12.2.1.4.220105 Patch 33735326 or
later
|
CVE-2021-44832
|
|
|
|
WEBLOGIC SAMPLES SPU
12.2.1.4.220118 Patch 33539252 or
later
|
CVE-2022-21361, CVE-2020-5258,
CVE-2020-13956, CVE-2022-21257, CVE-2022-21385, CVE-2022-21259,
CVE-2022-21260, CVE-2022-21261, CVE-2022-21262, CVE-2020-11023,
CVE-2022-21252, CVE-2022-21292
|
See Note 2255054.1, Details for Oracle
WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
JDBC 19.3.0.0 FOR CPUJAN2022 (WLS
12.2.1.4, WLS 14.1.1) Patch 32720458 or
later
|
CVE-2021-2351
|
|
|
|
RDAOFM (OPatch) 20.4.07.01.22 for FMW
12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or
later
|
CVE-2021-2351
|
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY
CPU 2020 Patch 31544353 or
later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
|
FMW PLATFORM 12.2.1.4.0 SPU FOR
APRCPU2021 Patch 33093748 or
later
|
Released April 2021
|
|
|
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
|
Coherence 12.2.1.4.0 Cumulative Patch
11 Patch 33286160 or
later
|
|
|
3.3.43.3 Oracle WebLogic
Server 12.2.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database SERVER with July 2021 DB PSU or
later associated with a Fusion Middleware installation. If any CLIENT side
patching is required in the FMW home, there will be a separate row below.
See Note 2791571.1 for more details
|
|
|
Java SE 8 Update 321 Patch 18143322 or
later for Linux, Windows, and Solaris.
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server 12.2.1.3
|
Download
and apply the SPB patch:
WLS STACK PATCH BUNDLE 12.2.1.3.220112 Patch 33751288 or
later
OR download and apply the individual
patches below:
|
CVE-2021-27568, CVE-2019-10219, CVE-2021-35668,
CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682,
CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934,
CVE-2021-2351, CVE-2022-21306
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
WLS PATCH SET UPDATE 12.2.1.3.211222 Patch 33699205 or
later
|
CVE-2021-27568, CVE-2019-10219,
CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669,
CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195,
CVE-2020-2934, CVE-2022-21306
|
See Note 2764668.1 Security Advice and Post-Install Information for
Oracle WebLogic Server PSUs.
For CVE-2021-4104 fix, an overlay patch on top of Jan'22 WLS PSU will be
made available by 31st Jan'22.
|
|
|
Log4J 2.17.1 Overlay for WLS PSU
12.2.1.3.211222 Patch 33735326 or
later
|
CVE-2021-44832
|
|
|
|
RDAOFM (OPatch) 20.4.07.01.22 for FMW
12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or
later
|
CVE-2021-2351
|
|
|
|
JDBC 12.2.0.1 FOR CPUJAN2022 (WLS
12.2.1.3) Patch 33290784 or
later
|
CVE-2021-2351
|
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY
CPU 2020 Patch 31544340
|
Released July 2020
|
|
|
|
FMW Platform 12.2.1.3.0 SPU FOR
AprCPU2021 Patch 32982708 or
later
|
Released April 2021
|
|
|
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
|
Released January 2022
|
|
|
|
Coherence 12.2.1.3 Cumulative Patch
16 Patch 33286132 or
later
|
|
CVE-2021-35617 - Resolution of this CVE
requires installation of both the WebLogic Server PSU and the Coherence
patch
|
3.3.43.4 Oracle WebLogic
Server 12.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.1.3
|
Java SE 8 Update 321 Patch 18143322 or
later for Linux, Windows, and Solaris.
|
See Note 2810386.1, Oracle Critical Patch
Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1, How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
WLS PATCH SET UPDATE
12.1.3.0.220118 Patch 33494824 or
later
|
CVE-2022-21306,CVE-2022-21347,
CVE-2022-21350, CVE-2022-21386, CVE-2022-21371, CVE-2021-29425,
CVE-2020-2934
|
See Note 2764668.1 Security Advice and
Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
WLS 12.1.3 JDBC Patch 32720458 or
later
|
CVE-2021-2351
|
Please refer to Note 1970437.1 How To Update the JDBC
and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c
|
|
|
See Note 1936300.1 How to Change SSL
Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion Middleware Products
(Doc ID 1936300.1)
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
|
|
TopLink SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS patch
|
|
|
ADR FOR WEBLOGIC SERVER 12.1.3.0 JULY
CPU 2020 Patch 31544363 or
later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and
Applicability of this patch.
|
|
|
WEBLOGIC SAMPLES SPU
12.1.3.0.210119 Patch 32148638 or
later
|
Released January 2021
|
This is the final SPU for Samples, see Note 2255054.1, Details for Oracle
WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
Coherence 12.1.3.0 Cumulative Patch
12 Patch 32973268 or
later
|
Released July 2021
|
|
3.3.43.5 Oracle WebLogic
Server Proxy Plug-Ins for Third-Party Webservers
Critical
Patch Update Availability for Oracle WebLogic Server Proxy Plug-Ins
The available patches for Oracle
WebLogic Server Plug-ins (Apache/IIS).
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
WebLogic Server Proxy Plug-In
|
IIS PLUGIN BUNDLE PATCH
12.2.1.4.210420 Patch 32500025 or
later
APACHE PLUGIN BUNDLE PATCH 12.2.1.4.210420 Patch 32499990 or
later
|
Released April 2021
|
These are full replacements for
WebLogic Server Proxy Plug-In. Versions 11.1.1.9.0 and 12.2.1.3 should
update to the latest 12.2.1.4 Proxy Plug-In. See Note 1111903.1, WebLogic Server Proxy
Plug-In Support.
|
3.3.44 Oracle Coherence
Error
Correction information for Oracle Coherence
|
Patch Information
|
14.1.1.0
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
January 2028
|
July 2025
|
October 2022
|
The official dates are in the Lifetime Support document, which is
updated when any extension is approved.
|
Critical
Patch Update Availability for Oracle Coherence
Follow the guidance below to locate
the patches that should be applied to a Standalone Oracle Coherence
installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Applies to all
Oracle Coherence Versions
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
See Note 2828114.1, Oracle Critical Patch
Update (CPU) January 2022 for Oracle Java SE
|
|
|
Oracle Coherence 14.1.1.0
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
Coherence 14.1.1.0 Cumulative Patch 6 Patch 32973306 or
later
|
Released January 2022
|
If WLS is installed, see WLS 14.1.1.0 for a full list of
patches needed including Oracle Coherence
|
|
Oracle Coherence 12.2.1.4
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
Coherence 12.2.1.4 Cumulative Patch 10 Patch 32973297 or
later
|
Released January 2022
|
If WLS is installed, see WLS 12.2.1.4 for a full list of
patches needed including Oracle Coherence
|
|
Oracle Coherence 12.2.1.3
|
OPatch 13.9.4.2.8 Patch 28186730 or
later
Coherence 12.2.1.3 Cumulative Patch 15 Patch 32973279 or
later
|
Released January 2022
|
If WLS is installed, see WLS 12.2.1.3 for a full list of
patches needed including Oracle Coherence
|
3.4 Oracle Sun Middleware
This section contains the following:
·
Section 3.4.1 "Directory Server Enterprise Edition"
3.4.1 Directory Server Enterprise
Edition
Error
Correction information for Directory Server Enterprise Edition
|
Patch Information
|
11.1.1.7.0
|
Comments
|
|
Final CPU (Premier Support)
|
October 2019
|
|
|
Final CPU (Extended Support)
|
October 2022
|
|
Patch Availability
for Directory Server Enterprise Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7.0
|
ODSEE BP 11.1.1.7.190716 Patch 29893742
|
Released July 2019
|
CVE-2018-18508 is not applicable to Windows Platform.
Please refer to 2.2 Post Release Patches for Windows
Patch.
|
3.5 Tools
This section contains the following:
·
Section 3.5.1 "Oracle OPatch"
3.5.1 Oracle OPatch
Minimum
Product Requirements for Oracle OPatch
The CPU security vulnerabilities are
fixed in the listed release and later releases. The Oracle OPatch downloads
can be found at Patch 6880880.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle OPatch
|
11.2.0.3.32, 12.2.0.1.28
|
Released January 2022
|
Download the latest versions available
to install Database Patches
|
4 Final CPU History
Final CPU
History
The Final CPU is the last quarter that
a product is supported in the CPU program as per the Premier Support and
Extended Support policies. For more information, see My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error
Correction Support Policy.
|
Release
|
Final CPUs
|
Comments
|
|
October 2021
|
Oracle Business Intelligence Enterprise Edition
11.1.1.9
Oracle Business Intelligence Publisher 12.2.1.3
Oracle Business Intelligence Publisher 11.1.1.9
Oracle Data Integrator 11.1.1.9
Oracle Data Quality for Oracle Data Integrator 11.1.1.3.0
Oracle Database Mobile Server 11.3.x
Oracle Enterprise Data Quality 11.1.1.9
Oracle Enterprise Manager FMW Control 12.2.1.3
Oracle Enterprise Manager FMW Control 11.1.1.9
Oracle Enterprise Repository 11.1.1.7.0
Oracle Fusion Middleware Infrastructure 11.1.1.9
Oracle GoldenGate 12.1.2.1
Oracle GoldenGate 12.3.0.1
Oracle GoldenGate 18.1
Oracle GoldenGate for Big Data 12.3.2.1.0
Oracle HTTP Server / Web-Tier 11.1.1.9
Oracle Hyperion Analytic Provider Services 11.1.2.x
Oracle Hyperion BI+ 11.1.2.x
Oracle Hyperion Data Relationship Management 11.1.2.x
Oracle Hyperion Enterprise Performance Management Architect 11.1.2.x
Oracle Hyperion Financial Close Management 11.1.2.x
Oracle Hyperion Financial Management 11.1.2.0
Oracle Hyperion Financial Reporting 11.1.2.x
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Hyperion Lifecycle Management 11.1.2.x
Oracle Hyperion Planning 11.1.2.x
Oracle Hyperion Profitability and Cost Management 11.1.2.4
Oracle Hyperion Strategic Finance 11.1.2.x
Oracle Hyperion Workspace 11.1.2.x
Oracle Identity & Access Management 11.1.2.3 / 11.1.1.9
Oracle JDeveloper and Oracle ADF 11.1.2.4
Oracle JDeveloper and Oracle ADF 11.1.1.9
Oracle Map Viewer 12.2.1.3
Oracle Map Viewer 11.1.1.9
Oracle Real Time Decisions Platform 11.1.1.9
Oracle SOA Suite 11.1.1.9
Oracle Traffic Director 12.2.1.3
Oracle Traffic Director 11.1.1.9
Oracle WebCenter 11.1.1.8
Oracle WebCenter 11.1.1.9
Oracle WebCenter Portal 12.2.1.3
Oracle WebCenter Sites 12.2.1.3
Oracle WebCenter Sites 11.1.1.8
Oracle WebCenter Sites Community 11.1.1.8
Oracle WebLogic Portal 10.3.7.0
Oracle WebLogic Server 12.1.3 & 10.3.6.0
|
|
|
April 2021
|
Oracle API Gateway 11.1.2.4
Oracle Database 18
Oracle Endeca Information Discovery Studio 3.2
|
|
|
January 2021
|
Oracle Complex Event Processing
Oracle Endeca Server
Oracle Endeca Information Discovery Integrator
Oracle Endeca Information Discovery Studio
Oracle Enterprise Manager Cloud Control 13.3.0.0
Oracle Outside In Technology 8.5.4
|
|
|
October 2020
|
Oracle Enterprise Data Quality for
Product Data 11.1.1.6.0
Oracle Enterprise Manager Cloud Control 12.1.0.5
Oracle GoldenGate Veridata 11.2.1.0
Oracle Service Architecture Leveraging Tuxedo (SALT) 12.1.3
|
|
|
July 2020
|
Oracle Tuxedo 12.1.1.0
Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 12.1.1.1
Oracle Real User Experience Insight 13.3.1.0
|
|
|
April 2020
|
Management Pack For Oracle GoldenGate
11.2.1.0
Oracle Big Data Discovery
Oracle Enterprise Manager Cloud Control 13c Release 2 (13.2.0.0)
|
|
|
January 2020
|
Oracle Enterprise Manager Ops Center
12.3.3
Oracle Enterprise Repository 12.1.3
Oracle Fusion Middleware 12.1.3.0
Oracle GoldenGate 11.2.1.0
Oracle Map Viewer 12.1.3.0
|
|
|
October 2019
|
Oracle Application Testing Suite
13.2.0.1
Oracle Business Transaction Management 12.1.0.7
Oracle Enterprise Data Quality 9.0
Oracle GoldenGate for Big Data 12.3.1.1.0
Oracle GoldenGate Management Pack Plugin 12.1.0
Oracle Identity Analytics 11.1.1.5.0
Oracle JDeveloper and Oracle ADF 12.1.3.0
Oracle OpenSSO 8.0 u2 (8.0.2.0)
Oracle Waveset 8.1.1
|
|
|
July 2019
|
Oracle Application Testing Suite
13.1.0.1
Oracle Enterprise Manager Cloud Control 13.2
Oracle Enterprise Data Quality 8.1
Oracle Enterprise Data Quality 9.0
|
|
|
April 2019
|
Oracle Enterprise Manager Ops Center
12.2.x
Management Pack For Oracle GoldenGate 11.1.1
Oracle Outside In Technology 8.5.3
|
|
5 Sources of Additional
Information
The following documents provide additional
information about Critical Patch Updates:
·
My Oracle
Support Note 888.1, Primary Note for Database
Proactive Patch Program
·
My Oracle
Support Note 822485.1, Primary Note for Enterprise
Manager Proactive Patch Program
·
My Oracle
Support Note 1494151.1, Primary
Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and
Bundle Patches (BPs)
- My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager,
TimesTen In-Memory Database, and OCS Software Error Correction Support
Policy
6 Modification History
Modification
History
|
Date
|
Modification
|
|
January 18, 2022
|
Released
Updated patch availability in section 2.2
Updated Advisory Number in section 3.1.18 Updated Release details in
section 3.1.2
Updated the OPatch row in the 13.5.0.0 & 13.4.0.0 tables in section
3.2.4
Updated the Comments for Patch 33699205 in the 13.4.0.0 table in section
3.2.4
Updated the Comments for Patch 33702984 & Patch 33727616 in the 5.9
table of section 3.3.3
Updated the Comments for "OAS BUNDLE PATCH 5.5.0.0" in the 5.5
table of section 3.3.3
Updated the Comments for Patch 33742402 & Patch 33727616 in the 5.5
table of section 3.3.3
Updated the row for Patch 33715784 in the 12.2.1.4 table of section 3.3.3
Updated the Comments for Patch 33699205 in the 12.2.1.4 table of section
3.3.3
Removing 11.1.1.9 from section 3.3.33, as the Final CPU was October 2021
Updated the Comments for Patch 33727616 in section 3.3.13.3
Updated the Comments for Patch 33699205 in section 3.3.13.5
Updated Advisory Number for Patch 33092785 in section 3.3.28.2
Updated the Comments for Patch 33727619 in section 3.3.43.1
Updated the Comments for Patch 33727616 in section 3.3.43.2
Updated the Comments for Patch 33699205 in section 3.3.43.3
|
|
January 19, 2022
|
Added new row to the end of the Patch
Availability table in section 3.3.22
Updated the row for OAS BUNDLE PATCH 5.5.0.0 in the 5.5 table of section
3.3.3
Updated the row for OBI BUNDLE PATCH 12.2.1.4 in the 12.2.1.4 table of
section 3.3.3
Added a table for 12.2.1.3 to section 3.3.3
Updated the patch number for EDQ 12.2.1.4.0 CPU Jan 2022 in section 3.3.8
Updated the patch number for EDQ 12.2.1.3.0 CPU Jan 2022 in section 3.3.8
Updated the Comments for Patch 33697227 in section 3.3.11.2, 3.3.29, and
3.3.35
Updated patch availability in section 2.2
For Comments about CVE-2021-4104, removed the associated "Note"
link and reference throughout the document
Added note to the top of section 3.3.3
|
|
January 20, 2022
|
Updated Comments for Patch 33727619 in
section 3.3.43.1
Added row for Patch 33735326 in sections 3.3.43.1, 3.3.43.2, and 3.3.43.3
Updated Comments for Patch 33727616 in section 3.3.43.2
Updated Comments for Patch 33699205 in section 3.3.43.3
Removed row for Patch 32720458 from section 3.3.13.2
Updated 'Distribution /Component' for Patch 32720458 in section 3.3.13.3
Removed the row for Patch 32720458 from the 12.2.1.4 table in section
3.3.35
Removed the row for Patch 33697227 from the 12.2.1.4 table in section
3.3.35
Removed the row for Patch 33290784 from the 12.2.1.3 table in section
3.3.35
Updated the comments for Oracle Database home in section 3.3.11.2,
3.3.11.3, 3.3.28.2, & 3.3.28.3
Added row for Oracle Database home to section 3.3.43.1, 3.3.43.2, &
3.3.43.3
Added CVE-2022-21306 for Patch 33751244 & Patch 33727619 in section
3.3.43.1
Added CVE-2022-21306 for Patch 33751264 & Patch 33727616 in section
3.3.43.2
Added CVE-2022-21306 for Patch 33751288 & Patch 33699205 in section
3.3.43.3
Added CVE-2022-21306 for Patch 33742401 & Patch 33727616 in the 5.9
table of section 3.3.3
Added CVE-2022-21306 for Patch 33742402 & Patch 33727616 in the 5.5
table of section 3.3.3
Added CVE-2022-21306 for Patch 33715784 & Patch 33699205 in the
12.2.1.4 table of section 3.3.3
Added CVE-2022-21306 for Patch 33747991 & Patch 33699205 in the
12.2.1.3 table of section 3.3.3
Relocated the row for Patch 28186730 & Patch 33286174 within section
3.3.43.1
Relocated the row for Patch 28186730, Patch 33286160, Patch 33093748, &
Patch 31544353 within section 3.3.43.2
Relocated the row for Patch 28186730, Patch 31544340, Patch 33286132, &
Patch 32982708 within section 3.3.43.3
Relocated the row for Patch 24327938, Patch 31544363, Patch 32148638, &
Patch 32973268 within section 3.3.43.4
Updated Comments for Patch 33702984 & Patch 33727616 in the 5.9 table
of section 3.3.3
Updated Comments for Patch 33727616 in the 5.5 table of section 3.3.3
Updated Comments for Patch 33699205 in the 12.2.1.4 table of section 3.3.3
Updated Comments for Patch 33747991, Patch 33358811, & Patch 33699205
in the 12.2.1.3 table of section 3.3.3
Removed the rows for 'FMW JDBC' from both tables of section 3.3.5
Removed the row for 'FMW JDBC' from section 3.3.11.3
Added row for Oracle Database home to section 3.3.13.3, 3.3.13.5, 3.3.29,
3.3.30, 3.3.38
Updated Comments for Patch 33727616 in section 3.3.13.3
Updated Comments for Patch 33699205 in section 3.3.13.5
Inserted new row for Patch 33678607 in section 3.3.13.3, 3.3.13.5, 3.3.29,
3.3.30, 3.3.38
Updated the 'Product' for Patch 32720458 in section 3.3.28.2
Updated the 'Product' for Patch 33290784 in section 3.3.28.3
Removed the row for 'FMW JDBC' in section 3.3.13.4
Removed the row for 'FMW JDBC' from both tables of sections 3.3.39 &
3.3.12
|
|
January 21, 2022
|
Updated patch availability in section
2.2
|
|
January 24, 2022
|
Corrected the Patch number for GI
Release Update 21.5.0.0.220118 in section 3.1.6.2
Updated the 'Advisory Number' column for Patch 33494824 in section 3.3.43.4
|
7 Documentation
Accessibility
For information about Oracle's
commitment to accessibility, visit the Oracle Accessibility Program website
at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle
Support
Oracle customers that have purchased
support have access to electronic support through My Oracle Support. For
information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Critical Patch Update Availability
Document January 2022
Copyright © 2006, 2022, Oracle and/or
its affiliates.
This software and related
documentation are provided under a license agreement containing restrictions
on use and disclosure and are protected by intellectual property laws. Except
as expressly permitted in your license agreement or allowed by law, you may
not use, copy, reproduce, translate, broadcast, modify, license, transmit,
distribute, exhibit, perform, publish, or display any part, in any form, or
by any means. Reverse engineering, disassembly, or decompilation of this
software, unless required by law for interoperability, is prohibited.
The information contained herein is
subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related
documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle
programs, including any operating system, integrated software, any programs
installed on the hardware, and/or documentation, delivered to U.S. Government
end users are "commercial computer software" pursuant to the
applicable Federal Acquisition Regulation and agency-specific supplemental
regulations. As such, use, duplication, disclosure, modification, and
adaptation of the programs, including any operating system, integrated
software, any programs installed on the hardware, and/or documentation, shall
be subject to license terms and license restrictions applicable to the
programs. No other rights are granted to the U.S. Government.
This software or hardware is
developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently
dangerous applications, including applications that may create a risk of
personal injury. If you use this software or hardware in dangerous applications,
then you shall be responsible to take all appropriate fail-safe, backup,
redundancy, and other measures to ensure its safe use. Oracle Corporation and
its affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.
Oracle and Java are registered
trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks
or registered trademarks of Intel Corporation. All SPARC trademarks are used
under license and are trademarks or registered trademarks of SPARC
International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a
registered trademark of The Open Group.
This software or hardware and
documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are
not responsible for and expressly disclaim all warranties of any kind with
respect to third-party content, products, and services unless otherwise set
forth in an applicable agreement between you and Oracle. Oracle Corporation
and its affiliates will not be responsible for any loss, costs, or damages
incurred due to your access to or use of third-party content, products, or
services, except as set forth in an applicable agreement between you and
Oracle.
|
|
|