|
Oracle Database Exadata
Express Cloud Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Oracle Database - Standard Edition - Version 11.2.0.4 and later
Oracle Database Cloud Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version
N/A and later
Information in this document applies to any platform.
This document defines the patches and minimum
releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch
Updates and Patch Set Updates released on January 15, 2019.
The document is for Database Administrators
and/or others tasked with Quarterly Security Patching.
Database,
Fusion Middleware, and Enterprise Manager Critical Patch Update January
2019 Patch Availability Document
My Oracle Support Note 2466391.1
Released January 15, 2019
This document contains the following sections:
1 Overview
Oracle provides quarterly cumulative patches to
address security vulnerabilities. The patches may include critical fixes in
addition to the security fixes. The security vulnerabilities addressed are
announced in the Advisory for January 2019, available at:
Oracle Technical Network Advisory
This document lists the Oracle Database, Fusion
Middleware and Enterprise Manager CPU program cumulative patches for
product releases under error correction. The January 2019 release
supersedes earlier CPU program cumulative patches for the same product
releases. This document is subject to continual update after the initial
release, and the changes are listed in "Modification History." If you print this document,
check My Oracle Support to ensure you have the latest version.
This section contains the following:
1.1 How To Use This Document
The following steps explain how to use this document.
Step 1 Assess your
Environments
Determine the Oracle product suites
and products and their release numbers for each of your environments.
Step 2 Read Important
Announcements
Review "What's New in January 2019," as it lists documentation and
packaging changes along with important announcements such as upcoming final
CPUs.
Step 3 Determine
Patches to be Applied
For each environment, determine which
patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table
for each product suite release, such as Oracle Database 12.2.0.1, Oracle
Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control
12.1.0.5.
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error
Correction Support Policy. Patches are provided only for these
releases. If you do not see the release that you have installed, then
check "Final CPU History" and contact Oracle Support for
further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from
previous quarterly releases, or the current one without any security fixes,
the column indicates "Released MMM YYYY"
·
When
a section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is referenced, determine the
Oracle Database release that is installed, and find the patches to apply in
the table for that Oracle Database release in "Oracle Database."
Step 4 Apply the
Patches
Download the patches, review the
READMEs, and apply the patches according to the instructions.
Step 5 Planning for
Future Critical Patch Updates
To help you plan for future Critical
Patch Updates, this document includes Final CPU information based on
Oracle's Lifetime Support Policy and error correction policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in January 2019," documents product releases for
which final Critical Patch Updates are upcoming or are being announced. In
each product section, there is also an Error Correction Information Table
that documents the final CPU program patch for the product. Products that
have reached the end of error correction are documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used in this patch
availability document and in the subsequent tables.
- Update - Release Update
- Revision -Release Update Revision
- BP - Bundle Patch
- Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
- NA Not Applicable.
- OR On-Request. The patch is made available
through the On-Request program.
- PSU - Patch Set Update
- SPU - Security Patch Update. An iterative,
cumulative patch consisting of security fixes.
- Overlay
SPU patch provided
as an overlay on top of a PSU or BP instead of a base/patch set
release.
1.3 On-Request Patches
Oracle does not proactively release patches for
historically inactive platforms. However, Oracle will deliver these patches
when requested.
The following guidelines describe how to initiate an
on-request (OR) patch.
A request may be made:
- At any
time. However, a patch for a specific quarterly release, such as
CPUOct2012, cannot be requested. Depending on when the request is
received and processed, either the patch for the current quarterly
release or the next quarterly release will be provided. Your Service
Request (SR) will provide you the planned availability date for the
patch.
- As long
as the version is in either Premier Support or Extended Support and
error correction support has not expired. For example, if a product
release is under Extended Support through the release of CPUJan2013 on
January 15, 2013, then you can file a request for the product release
through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software
Error Correction Support Policy.
- For a
platform-version combination when a major release or patch set is
released on a platform after a quarterly release date. Oracle will
provide the next patch for that platform-version combination,
however you may request the current patch by following the on-request
process. For example, if a patch is released for a platform on August
1, 2012, Oracle will provide the CPUOct2012 patch for that platform.
You may request a CPUOct2012 patch for the platform, and Oracle will
review the request and determine whether to provide CPUJul2012 or
CPUOct2012.
A patch that is marked as on-request (OR) may already have
been requested by another customer and be available on My Oracle Support.
Before you file a Service Request (SR), check on My Oracle Support to see
if the patch is already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch recommendation features are
available on the Patches & Update tab. The patches announced in this
document as part of the CPU program are classified as "Security"
patch recommendations in My Oracle Support. If a new patch is being
announced in this document, then the classification on any earlier patch is
changed to "General", causing it to be removed from the My Oracle
Support patch recommendations. If a patch has a "Security"
classification, and a subsequent bundle, SPU, or PSU is released with a
recommendation classification, then it will be classified as a
"Security" recommendation in My Oracle Support.
Once a product release is no longer in error
correction, its CPU patch information is removed from this document, but
the last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle Support (MOS) Conflict Checker tool is
available as of July 21, 2014.
You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from
the Patch Search results screen ("Analyze with OPatch"
button).
The MOS Conflict Checker Tool allows you to upload an
OPatch inventory to check for conflicts with
patches to apply to your environment. If no conflicts are found, you can
download the patches. If conflicts are found, the tool finds an existing
resolution to download. If no resolution is found, you can request a
solution, and monitor your request in the Plans region.
For more information and a demonstration video, see
Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict
Checker Tool for Patches Installed with OPatch
[Video].
2 What's New in January 2019
This section describes important changes in January
2019:
2.1 Final CPU Information (Error
Correction Policies)
The final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. Final CPUs for upcoming releases, as well as newly
scheduled final CPUs, are listed in the following sections.
Final CPUs scheduled for April 2019
- Oracle
Business Intelligence Enterprise Edition 12.2.1.3.0
- Oracle GoldenGate Management Pack 11.1.1
- Oracle
Outside In Technology 8.5.3
Final CPUs scheduled for January 2019
- Oracle
Application Performance Management 11.1.x
- Oracle GlassFish Server 3.1.2
- Oracle
Mobile Security Suite 3.0
2.2 Post Release Patches
Oracle strives to complete preparations and testing
of each Quarterly Security Patch for each platform by the quarterly release
date. Occasionally, circumstances beyond our control dictate that a
particular patch be delayed and be released a few days after the quarterly
release date. The following table lists any current patch delays and the
estimated date of availability.
|
Patch
|
Patch Number
|
Platform
|
Availability
|
|
OpsCenter UI and other patches for CPUJan2019
|
Patch 29215902
|
All Platforms
|
Available
|
|
OpsCenter UCE patches for CPU Jan 2019
|
Patch 29215911
|
All Platforms
|
Available
|
|
Oracle Hyperion BI+ 11.1.2.4.009 SPU
|
Patch 29115044
|
All Platforms
|
Available
|
|
GI RU 18.5
|
Patch 28828717
|
Solaris SPARC (64-Bit), AIX (64-Bit), Solaris
x86-64
|
Available
|
|
Proactive DBBP 12.1.0.2.190115
|
Patch 28833531
|
All Platforms
|
Available
|
|
Combo OJVM + Proactive DBBP 12.1.0.2.190115
|
Patch 28980123
|
All Platforms
|
Available
|
|
OJVM PSU 11.2.0.4.190115
|
Patch 28790660
|
All Platforms available except HP-UX PA-RISC,
and ZLinux
|
ETA: 23-Apr-2019
|
|
Combo OJVM + DBPSU 11.2.0.4.190115
|
Patch 28980129
|
All Platforms available except HP-UX PA-RISC,
and ZLinux
|
ETA: 23-Apr-2019
|
|
Combo OJVM + GIPSU 11.2.0.4.190115
|
Patch 28980134
|
All Platforms available except HP-UX PA-RISC,
and ZLinux
|
ETA: 23-Apr-2019
|
|
Combo OJVM + DBSPU 11.2.0.4.190115
|
Patch 28980145
|
All Platforms available except HP-UX PA-RISC,
and ZLinux
|
ETA: 23-Apr-2019
|
|
Combo OJVM + Exadata
BP 11.2.0.4.190115
|
Patch 28980141
|
Al Platforms
|
Available
|
|
DB PSU 11.2.0.4.190115
|
Patch 28729262
|
All Platforms
|
Available
|
|
GI PSU 11.2.0.4.190115
|
Patch 28813878
|
All Platforms
|
Available
|
|
DB SPU 11.2.0.4.190115
|
Patch 28790634
|
All Platforms
|
Available
|
|
Windows BP 11.2.0.4.190115
|
Patch 28761877
|
Microsoft Windows (32-Bit) and x64 (64-Bit)
|
Available
|
|
DB Patch for Exadata
BP 11.2.0.4.190115
|
Patch 28833571
|
All Platforms
|
Available
|
|
Windows OJVM PSU 11.2.0.4.190115
|
Patch 28994059
|
Microsoft Windows x64 (64-Bit)
|
Available
|
|
Windows OJVM PSU 11.2.0.4.190115
|
Patch 28994059
|
Microsoft Windows (32-Bit)
|
ETA: 23-Apr-2019
|
|
QFSDP for Exadata
(Jan2019) 18.5.0
|
Patch 28980183
|
All Platforms
|
Available
|
|
QFSDP for Exadata
(Jan2019) 12.2.0.1
|
Patch 28980179
|
All Platforms
|
Available
|
|
QFSDP for Exadata
(Jan2019) 12.1.0.2
|
Patch 28980174
|
All Platforms
|
Available
|
|
QFSDP for Exadata
(Jan2019) 11.2.0.4
|
Patch 28980168
|
All Platforms
|
Available
|
|
QFSDP for SuperCluster
(Q1.2019)
|
Patch 28980195
|
Solaris SPARC (64-Bit)
|
Available
|
3 Patch Availability for Oracle Products
This section contains the following:
3.1 Oracle Database
This section contains the following:
3.1.1 Oracle
REST Data Services (formally called Oracle APEX Listener)
Error Correction information for Oracle REST
Data Services 3.0
|
Patch Information
|
3.0
|
Comments
|
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle REST
Data Services
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle REST Data Services downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
3.0.10.25.02.36
|
Released July 2017
|
|
3.1.2 Oracle Application Express
Minimum Product Requirements for Oracle Application
Express
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Application Express downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Application Express
|
5.1.4.00.08
|
Released January 2018
|
|
3.1.3 Oracle Big Data Spatial and Graph
Error Correction information
for Oracle Big Data Spatial and Graph
|
Patch Information
|
2.0
|
1.2
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch
Availability for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Big Data
Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.
|
Product
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Big Data Spatial and Graph 2.0
|
Patch 28774674
|
Released October 2018
|
|
|
Oracle Big Data Spatial and Graph 2.1
|
Patch 28774701
|
Released October 2018
|
|
|
Oracle Big Data Spatial and Graph 2.1
|
Patch 28774764
|
Released October 2018
|
|
3.1.4 Oracle Database
This section contains the following:
3.1.4.1 Patch
Availability for Oracle Database
For information regarding the different types of
patches for Database, refer to Oracle Database - Overview of Database Patch
Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database
Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1
3.1.4.2 Oracle
Database 18
|
Patch Information
|
18
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 18
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Update 18.5.0 and Database Update
18.5.0 Patch 28980087 for UNIX, or
Combo OJVM Update 18.5.0 and GI Update 18.5.0 Patch 28980105, or
Quarterly Full Stack download for Exadata (Jan2019) 18.5.0 Patch 28980183 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster (Q1.2019) Patch 28980195 for Solaris SPARC 64-Bit
|
CVE-2019-2444, CVE-2019-2406, CVE-2019-2547
|
OJVM Update patches from 18.4 onwards are RAC
Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the
"Oracle JavaVM Component Database
PSU/RU" (OJVM PSU/RU) Patches
|
|
Oracle Database Server home
|
Database Update 18.5.0 Patch 28822489, or
Database Update Revision 18.4.1 Patch 28822587, or
Database Update Revision 18.3.2 Patch 28790643, or
GI Update 18.5.0 Patch 28828717, or
GI Update Revision 18.4.1 Patch 28833172, or
GI Update Revision 18.3.2 Patch 28833251, or
Microsoft Windows 32-Bit and x86-64 BP
18.5.0.0.190115 Patch 29124511 , or later;
Quarterly Full Stack download for Exadata (Jan2019) 18.5.0 Patch 28980183 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster (Q1.2019) Patch 28980195 for Solaris SPARC 64-Bit
|
CVE-2019-2444, CVE-2019-2406
|
|
|
Oracle Database Server home
|
OJVM Update 18.5.0 Patch 28790647 for UNIX
|
CVE-2019-2547
|
OJVM Update patches from 18.4 onwards are RAC
Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the
"Oracle JavaVM Component Database
PSU/RU" (OJVM PSU/RU) Patches
|
|
Oracle Database Client home
|
none for January 2019
|
|
no security-related content
|
3.1.4.3 Oracle
Database 12.2.0.1
|
Patch Information
|
12.2.0.1
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.2.0.1
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Update 12.2.0.1.190115 and Database
Update 12.2.0.1.190115 Patch 28980102 for UNIX, or
Combo OJVM Update 12.2.0.1.190115 and GI Update
12.2.0.1.190115 Patch 28980109, or
Quarterly Full Stack download for Exadata (Jan2019) 12.2.0.1 Patch 28980179 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Q1.2019) Patch 28980195 for Solaris SPARC 64-Bit
|
CVE-2019-2444, CVE-2019-2406, CVE-2019-2547
|
OJVM Update Patches are not RAC Rolling
installable. However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the
NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM
PSU and OJVM Update) Patches
|
|
Oracle Database Server home
|
Database Jan 2019 Update 12.2.0.1.190115 Patch 28822515 for UNIX, or
Database Jul 2018 Revision 12.2.0.1.190115 Patch 28790640, or
Database Oct 2018 Revision 12.2.0.1.190115 Patch 28822638, or
GI Update 12.2.0.1.190115 Patch 28828733, or
GI Jul 2018 Revision 12.2.0.1.190115 Patch 28833258, or
GI Oct 2018 Revision 12.2.0.1.190115 Patch 28833185, or
Microsoft Windows 32-Bit and x86-64 RU
12.2.0.1.190115 Patch 28810696, or later;
Quarterly Full Stack download for Exadata (Jan2019) 12.2.0.1 Patch 28980179 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Q1.2019) Patch 28980195 for Solaris SPARC 64-Bit
|
CVE-2019-2444, CVE-2019-2406
|
|
|
Oracle Database Server home
|
OJVM Update 12.2.0.1.190115 Patch 28790651 for UNIX, or
OJVM Microsoft Windows Bundle Patch
12.2.0.1.190115 Patch 28994068
|
CVE-2019-2547
|
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
Database Update 12.2.0.1.170718 Patch 26123830
|
Released July 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.4 Oracle
Database 12.1.0.2
Error Correction information for Oracle Database
12.1.0.2
|
Patch Information
|
12.1.0.2
|
Comments
|
|
Final CPU
|
July 2021
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 12.1.0.2.190115 and Database PSU 12.1.0.2.190115 Patch 28980115 for UNIX, or
Combo OJVM PSU 12.1.0.2.190115 and GI PSU
12.1.0.2.190115 Patch 28980120, or
Combo OJVM PSU 12.1.0.2.190115 and Database
Proactive BP 12.1.0.2.190115 Patch 28980123 for UNIX, or
Quarterly Full Stack download for Exadata (Jan2019) BP 12.1.0.2 Patch 28980174 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Q1.2019) Patch 28980195 for Solaris SPARC 64-Bit
|
CVE-2019-2406, CVE-2019-2547
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the
NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 12.1.0.2.190115 Patch 28729169 for UNIX, or
GI PSU 12.1.0.2.190115 Patch 28813884, or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.190115 Patch 28810679, or later;
Database Proactive Bundle Patch
12.1.0.2.190115 Patch 28833531 or
Quarterly Full Stack download for Exadata (Jan2019) BP 12.1.0.2 Patch 28980174 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Q1.2019) Patch 28980195 for Solaris SPARC 64-Bit
|
CVE-2019-2406
|
|
|
Oracle Database Server home
|
Oracle JavaVM Component
Database PSU 12.1.0.2.190115 Patch 28790654 for UNIX, or
Oracle JavaVM Component
Microsoft Windows Bundle Patch 12.1.0.2.190115 Patch 28994063
|
CVE-2019-2547
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the
NOTE for more details.
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Oracle JavaVM
Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database Patch Set Update 12.1.0.2.170418 Patch 25171037
|
Released April 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.5 Oracle Database 11.2.0.4
Error Correction information for Oracle Database
11.2.0.4
|
Patch Information
|
11.2.0.4
|
Comments
|
|
Final CPU
|
October 2020
|
|
|
On-Request platforms
|
HP-UX PA RISC
IBM: Linux on System Z
32-bit client-only platforms except Linux x86
|
|
|
On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Patch Availability for Oracle Database 11.2.0.4
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 11.2.0.4.190115 and Database SPU 11.2.0.4.190115 Patch 28980145 for UNIX, or
Combo OJVM PSU 11.2.0.4.190115 and Database PSU
11.2.0.4.190115 Patch 28980129 for UNIX, or
Combo OJVM PSU 11.2.0.4.190115 and GI PSU
11.2.0.4.190115 Patch 28980134, or
Combo OJVM PSU 11.2.0.4.190115 and Exadata BP 11.2.0.4.190115 Patch 28980141
|
CVE-2019-2547
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the
NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 11.2.0.4.190115 Patch 28729262 for UNIX, or
GI PSU 11.2.0.4.190115 Patch 28813878 for UNIX, or
Database SPU 11.2.0.4.190115 Patch 28790634 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP
11.2.0.4.190115 Patch 28761877, or later;
Quarterly Database Patch for Exadata
BP 11.2.0.4.190115 Patch 28833571 for UNIX, or
Quarterly Full Stack download for Exadata (Jan2019) BP 11.2.0.4 Patch 28980168, or
Quarterly Full Stack download for SuperCluster (Q1.2019) Patch 28980195 for Solaris SPARC 64-Bit
|
Released Jan2019
|
|
|
Oracle Database Server home
|
Oracle JavaVM (OJVM) Component
Database PSU 11.2.0.4.190115 Patch 28790660 for UNIX, or
Oracle JavaVM (OJVM)
Component Database PSU 11.2.0.4.190115 Patch 28994059 for Microsoft Windows
|
CVE-2019-2547
|
OJVM PSU 11.2.0.4.161018 and greater includes
Generic JDBC Patch 23727132
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Oracle JavaVM Component
Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied
to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
Database Patch Set Update 11.2.0.4.170418 Patch 24732075
|
Released April 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.5 Oracle Database Mobile/Lite
Server
Error Correction Information for Oracle Database
Mobile Server
|
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
|
Final CPU
|
-
|
October 2021
|
|
Patch Availability for Oracle Database Mobile Server
12.1.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch Availability for Oracle Database Mobile Server
11.3.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle GoldenGate
Error Correction information for Oracle GoldenGate
|
Component
|
12.3.0.1
|
12.2.0.2
|
12.1.2.1
|
11.2.1.0
|
Comments
|
|
Final CPU
|
July 2025
|
October 2023
|
October 2021
|
January 2020
|
|
Patch Availability for Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.3.0.1
|
Install 12.3.0.1.4 Path Set (Available on edelivery/OTN)
|
Released October 2018
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
|
12.2.0.2
|
Oracle GoldenGate
12.2.0.2.181009 for Oracle 12c, Patch 28651610
Oracle GoldenGate 12.2.0.2.181009 for Oracle
11g, Patch 28651607
|
Released October 2018
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
|
12.1.2.1
|
Oracle GoldenGate
12.1.2.1.181016 for Oracle 12c, Patch 28696813
Oracle GoldenGate 12.1.2.1.181016 for Oracle
11g, Patch 28696808
|
Released October 2018
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
|
11.2.1.0
|
Upgrade to OGG 12.1.2.1 or later and apply the
applicable Security patches listed above
|
-
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
3.1.7 Oracle GoldenGate
for Big Data (Formerly known as Oracle GoldenGate
Application Adapters)
Error Correction information for Oracle GoldenGate for Big Data
|
Component
|
12.3.1.1.0
|
12.3.0.1.0
|
12.2.0.1.0
|
Comments
|
|
Final CPU
|
December 2019
|
December 2019
|
December 2018
|
|
Patch Availability for Oracle GoldenGate
for Big Data
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.3.1.1
|
Oracle GoldenGate for Big
Data 12.3.1.1.6 Patch 28577949
|
Released October 2018
|
Refer to Note 1645495.1 for the latest release and additional
platforms
|
|
12.3.2.1
|
Oracle GoldenGate for
Big Data 12.3.2.1.0 Release
|
CVE-2017-5645
|
Download the release from OTN
|
|
12.2.0.1
|
Oracle GoldenGate Application
Adapters Patch 28330342
|
Released October 2018
|
Refer to Note 1645495.1 for the latest release and additional
platforms
|
3.1.8 Oracle GoldenGate
Veridata
Error Correction information for Oracle GoldenGate Veridata
|
Component
|
11.2.1.0
|
Comments
|
|
Final CPU
|
October 2020
|
|
Patch Availability for Oracle GoldenGate
Veridata
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2.1.0
|
oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665
oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668
|
Released April 2018
|
Golden Gate Veridata
Patch
|
3.1.9 Oracle Secure Backup
Error Correction information for Oracle Secure Backup
|
Patch Information
|
12.1.x
|
Comments
|
|
Final CPU
|
January 2020
|
|
Minimum Product Requirements for Oracle Secure
Backup
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Secure Backup downloads and
installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Secure Backup
|
12.1.0.3
|
Released April 2017
|
|
3.2 Oracle Enterprise Manager
This section contains the following:
3.2.1 Oracle
Application Performance Management
Error Correction information for Oracle Application
Performance Management
|
Patch Information
|
12.1.0.7
|
11.1.x
|
Comments
|
|
Final CPU
|
-
|
January 2019
|
|
|
On-Request platforms
|
-
|
|
|
Minimum Product Requirements for Oracle Application
Performance Management
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For more information on Oracle Application
Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.0.7
|
12.1.0.7.11 Release Patch 25244272
|
Released July 2017
|
|
|
11.1.x
|
11.1.0.5.7 Release Patch 26290928
|
Released July 2017
|
|
3.2.2 Oracle Application Testing
Suite
Error Correction information for Oracle Application
Testing Suite
|
Patch Information
|
13.3.0.1
|
13.2.0.1
|
13.1.0.1
|
12.5.0.3
|
Comments
|
|
Final CPU
|
-
|
-
|
-
|
April 2020
|
|
Patch Availability for Oracle Application Testing
Suite
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Application Testing
Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic
Server" (Version 12.1.3.0)
|
CVE-2018-1258
|
See "Oracle WebLogic
Server" (Version 12.1.3.0.0)
|
|
13.3.0.1
|
BP Patch 29172225
|
CVE-2018-3304, CVE-2018-3305
|
|
|
13.2.0.1
|
BP Patch 29172233
|
CVE-2018-3304, CVE-2018-3305
|
|
|
13.1.0.1
|
BP Patch 29172239
|
CVE-2018-3304, CVE-2018-3305
|
|
|
12.5.0.3
|
Please upgrade to 13.x version of OATS
|
CVE-2018-3304, CVE-2018-3305
|
|
3.2.3 Oracle Enterprise Manager
Cloud Control
If your plans include updating the JDK version,
please be sure that the JDK version that you choose is certified with your
OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM
Cloud Control Component.
Error Correction information for Oracle Enterprise Manager
Cloud Control
|
Patch Information
|
13.3.0.0
|
13.2.0.0
|
12.1.0.5
|
Comments
|
|
Final CPU
|
-
|
July 2019
|
October 2019
|
|
|
On-Request platforms
|
-
|
-
|
-
|
|
Availability for Oracle Enterprise Manager Cloud
Control 13c Release 2 (13.3.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.1.3.0)
|
|
|
|
Base Platform OMS home
|
PSU 13.3.0.0.190115 Patch 28970523
|
CVE-2016-4000, CVE-2018-0732,CVE-2018-3303
|
|
|
Base Platform Agent home
|
EM VT Plugin Bundle Patch 13.3.1.0.181231 (Agent
Monitoring) Patch 29046797
|
CVE-2018-12023, CVE-2018-14718
|
|
Patch Availability for Oracle Enterprise Manager
Cloud Control 13c Release 1 (13.2.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.1.3.0)
|
See "Oracle WebLogic Server" (Version 12.1.3.0.0)
|
|
|
Base Platform OMS home
|
PSU 13.2.0.0.190115 Patch 28970534
|
CVE-2016-4000, CVE-2018-0732,CVE-2018-3303
|
|
|
Base Platform OMS home
|
EM for OMS Plugins 13.2.3.0.180630 Patch 28170938 or later
EM for OMS Plugins 13.2.2.0.180630
Patch 28170918 or later
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM VT Plugin Bundle Patch 13.2.3.0.181231 (Agent
Monitoring) Patch 29047624Patch 28195767
|
CVE-2018-12023, CVE-2018-14718
|
|
|
Base Platform Agent Home
|
EM for OMS Plugins 13.2.3.0.180731 Patch 28347358 or later
EM for OMS Plugins 13.2.2.0.180731
Patch 28347355 or later
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM VT Plugin Bundle Patch 13.2.2.0.181231 (Agent
Monitoring) Patch 29048312
|
CVE-2018-12023, CVE-2018-14718
|
|
|
Base Platform Agent home
|
EM for PeopleSoft 13.2.1.1.0 Patch 28243206 or EM for PeopleSoft 13.1.1.1.0 Patch 28243212
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM for MYSQL Database 13.2.4.0.0 Patch 28788540
|
Released October 2018
|
|
|
Base Platform OMS home
|
OHS SPU for Jan2018CPU Patch 27244723
|
Released July 2018
|
OHS 12.1.3 patch
|
|
Base Platform OMS home
|
SPU Patch 25322055
|
Released in January 2017
|
Oracle ADF Patch 12.1.3.0
This patch is necessary for any co-located installations where ADF
exists.
|
Patch Availability for Oracle Enterprise Manager
Cloud Control 12c Release 5 (12.1.0.5)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
|
|
Base Platform Fusion Middleware home
|
CPU Patch 23703041
|
Released July 2016
|
Oracle Business Intelligence Publisher BP
11.1.1.7.160719 patch for BIP home in Enterprise Manager
|
|
Base Platform OMS home
|
PSU 12.1.0.5.190115 Patch 28970508
|
CVE-2016-4000, CVE-2018-0732
|
|
|
Base Platform Fusion Middleware home
|
JSP 11.1.1.7.0 SPU for EM 12.1.0.5
(CPUAPR2018) Patch 27872862
|
Released April 2018
|
JSP 11.1.1.7.0 SPU patch
|
|
Base Platform Agent home
|
BP Patch 22317311
|
Released January 2016
|
Apply to Agent core Oracle Home, after applying
agent patch 25456449, 22342358
|
|
Base Platform Agent home
|
BP Patch 22342358
|
Released January 2016
|
Apply 22342358 to Agent sbin
Oracle Home after applying agent Patch 28193486. Then apply Patch
22317311.
If patches 22342358 and 22317311 were applied earlier, no need to
reapply.
|
|
Base Platform Fusion Middleware home
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
Apply to Oracle_WT
Post installation steps are not applicable for
Enterprise Manager
|
|
Plugin home
|
BP Patch 28347732
|
Released July 2018
|
|
|
Base Platform Agent home
|
BP Patch 28193486
|
Released July 2018
|
|
|
Base Platform Fusion Middleware home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
Released January 2018
|
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates
See Note 2400141.1 before applying this patch
Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH
|
|
Base Platform Fusion Middleware home
|
CPU Patch 19345576
|
Released January 2015
|
Oracle Process Management and Notification (OPMN)
Patch for Oracle_WT OH
See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle
Fusion Middleware 11g OPMN/ONS
|
|
Base Platform Fusion Middleware home
|
SPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch for Oracle_WT OH
|
3.2.4 Oracle
Enterprise Manager Ops Center
Error Correction information for Oracle Enterprise
Manager Ops Center
|
Patch Information
|
12.3.x
|
12.2.x
|
Comments
|
|
Final CPU
|
Jun 2020
|
Feb 2019
|
|
Patch Availability for Oracle Enterprise Manager Ops
Center
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Enterprise Manager
Ops Center downloads and installation instructions,
see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
12.3.3 & 12.2.2
|
OpsCenter UI and other patches for CPUJan2019 Patch 29215902
|
CVE-2015-9251, CVE-2018-0732, CVE-2018-1000300
|
Please see "Section 2.2 Post Release
Patches" for Availability
|
|
12.3.3 & 12.2.2
|
OpsCenter UCE patches for CPU Jan 2019 Patch 29215911
|
CVE-2015-9251, CVE-2018-0732, CVE-2018-1000300
|
Please see "Section 2.2 Post Release
Patches" for Availability
|
3.2.5 OSS Support Tools
Error Correction information for OSS Support Tools
|
Patch Information
|
8.11.x
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for OSS Support Tools
|
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
|
8.11.16.3.8
|
BP Patch 22783063
|
March 2016
|
See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) -
RDA/Explorer, SNEEP, ACT
|
3.2.6 Oracle Configuration
Manager
Minimum Product Requirements for Oracle Configuration
Manager
Critical Patch Update security vulnerabilities are
fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS
(support.oracle.com). Customer can use collector tab to down the Oracle
Configuration Manager Collector.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Configuration Manager
|
12.1.2.0.6
|
Released October 2018
|
|
3.3 Oracle Fusion Middleware
This section contains the following:
3.3.1 Management
Pack For Oracle GoldenGate
Error Correction information for Management Pack For
Oracle GoldenGate
|
Patch Information
|
12.1.3.x
|
Comments
|
|
Final CPU
|
July 2022
|
|
Patch Availability for Management Pack For Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2.1.0
|
Oracle Goldengate Monitor
v11.2.1.0.13 or later Patch 27221310
|
Released April 2018
|
Oracle GoldenGate Monitor
patch
|
3.3.2 NetBeans IDE
Minimum Product Requirements for NetBeans
IDE
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For NetBeans IDE
downloads, see https://netbeans.org/downloads/
|
Product Home
|
Release
|
Advisory Number
|
Comments
|
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle API Gateway
Error Correction information for Oracle API
Gateway
|
Patch Information
|
11.1.2.4.0
|
Comments
|
|
Final CPU
|
March 2021
|
|
Patch Availability for Oracle API Gateway
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4.0
|
OAG 11.1.2.4.0 SPU FOR CPUJan2019 Patch 29115942
|
CVE-2018-0732
|
|
3.3.4 Oracle Big Data Discovery
Minimum Product Requirements for
Oracle Big Data Discovery
Critical Patch Update security
vulnerabilities are fixed in the listed release only and installations with
any prior versions will need to move to the listed version. For Oracle
Big Data Discovery downloads, see https://edelivery.oracle.com and
search for "Oracle Big Data Discovery".
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Big Data Discovery
|
Big Data Discovery 1.6 SPU for October Patch 28780089
|
Released October 2018
|
|
3.3.5 Oracle Business
Intelligence Enterprise Edition
Error Correction information for Oracle Business
Intelligence Enterprise Edition
|
Patch Information
|
12.2.1.4.0
|
12.2.1.3.0
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
April 2019
|
October 2021
|
11.1.1.9.0 End of Error Correction for Extended
Support Customer only beyond Dec 2018
|
Patch Availability for Oracle Business Intelligence
Enterprise Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2485170.1, Critical Patch Update January 2019 Patch
Availability Document for Oracle Java SE
|
See Note 2485170.1, Critical Patch Update January 2019 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
FMW 12c home
|
See "Oracle Fusion Middleware
12c"
|
See "Oracle Fusion Middleware
12c"
|
For Fusion Middleware patches applicable to OBI
home
|
|
12.2.1.3 Oracle Business Intelligence Enterprise
Edition
|
OBI Bundle Patch 12.2.1.3.181016 Patch 28291838 or later
|
Released October 2018
|
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.181016 Patch 28632479 or higher
|
Released October 2018
|
|
|
11.1.1.9
|
Oracle Business Intelligence Enterprise Edition Third
Party BP 11.1.1.9.1 Patch 21235195 or higher
|
Released July 2015
|
BIEE Third Party Bundle Patch
|
|
DAC 11.1.1.6.4 home
|
Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU
for apr2018cpu
|
Released April 2018
|
Patch can be installed in any home
|
3.3.6 Oracle Business
Intelligence Publisher
Error Correction information for Oracle Business
Intelligence Publisher
|
Patch Information
|
11.1.1.9
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Business Intelligence
Publisher
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.181016 Patch 28632479 or higher
|
Released October 2018
|
|
|
11.1.1.9
|
BP Patch 24580895
|
Released October 2016
|
Webservice BP
|
|
11.1.1.9
|
11.1.1.9 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
|
11.1.1.9
|
WLS 10.3.6.0.181016 Patch 28343311 SU Patch [GENM] or Later
|
Released October 2018
|
WLS 10.3.6 Interim Patch or WLS PSU
|
3.3.7 Oracle Complex Event
Processing
Error Correction information for Oracle Complex Event
Processing
|
Patch Information
|
CEP 12.1.3
|
Comments
|
|
Final CPU
|
December 2019
|
|
Patch Availability for Oracle Complex Event
Processing
See also the underlying product stack tables (JRockit and WLS) for any applicable patches.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.3.0
|
SPU Patch 21071699
|
Released July 2015
|
|
3.3.8 Oracle Data Quality for
Oracle Data Integrator
Error Correction information for Oracle Data Quality
for Oracle Data Integrator
|
Patch Information
|
ODIDQ 11.1.x
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle Data Quality for Oracle
Data Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.9 Oracle Data Visualization
Desktop
Error Correction information for Oracle Data
Visualization Desktop
|
Patch Information
|
12.2.4.1.1
|
Comments
|
|
Final CPU
|
-
|
|
Patch availability for Oracle Data Visualization
Desktop
3.3.10 Oracle Endeca
Server
Error Correction information for Oracle Endeca Server
|
Patch Information
|
7.7
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch availability for Oracle Endeca
Server
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Server
7.7 home
|
Oracle Endeca Server
7.7 SPU January 2019 CPU Patch 28964244
|
CVE-2018-0732
|
|
3.3.11 Oracle Endeca
Information Discovery Integrator
Error Correction information for Oracle Endeca Information Discovery Studio Integrator
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch availability for Oracle Endeca
Information Discovery Studio Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca
Information Discovery Integrator 3.2 home
|
Oracle Endeca
Information Discovery Integrator 3.2 SPU October 2018 CPU Patch 28698429
|
Released October 2018
|
All Patches are cumulative of prior fixes
|
3.3.12 Oracle Endeca
Information Discovery Studio
Error Correction information for Oracle Endeca Information Discovery Studio
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch availability for Oracle Endeca
Information Discovery Studio
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca
Information Discovery Studio 3.2 home
|
Endeca Information Discovery Studio 3.2 SPU for
OctCPU2018 Patch 28771368
|
Released October 2018
|
|
3.3.13 Oracle Enterprise Data
Quality
Error Correction information for Oracle Enterprise
Data Quality
|
Patch Information
|
11.1.1.x
|
9.0
|
8.1
|
Comments
|
|
Final CPU
|
October 2021
|
October 2019
|
July 2019
|
|
Patch Availability for Oracle Enterprise Data Quality
3.3.14 Oracle Enterprise
Repository
Error Correction information for Oracle Enterprise
Repository
|
Patch Information
|
12.1.3
|
Comments
|
|
Final CPU
|
October 2019
|
|
Patch Availability for Oracle Enterprise Repository
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.3.0.0
|
Security Patch for OER 12.1.3 Patch 28890137
|
CVE-2018-1000180, CVE-2018-11775
|
Patch Released in July CPU Patch. CVE announced in
Oct CPU.
|
3.3.15 Oracle Exalogic
Patch Set Update (PSU)
Error Correction information for Oracle Exalogic Patch Set Update (PSU)
|
Patch Information
|
2.x
|
1.x
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Set Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.3.181016 Physical (for all X2-2, X3-2, X4-2,
X5-2) PSU Patch 28428820
|
Released in Oct 2018
|
See Note 1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
|
2.x Virtual
|
2.0.6.3.181016 virtual (for all X2-2, X3-2, X4-2,
X5-2) PSU Patch 28428820
|
Released in Oct 2018
|
See Note 1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013
(15931901)
|
See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE
KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 14834860 Oracle Exalogic
2.0.4.0.0 Upgrade Kit for Exalogic Solaris
x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
3.3.16 Oracle Fusion Middleware
For more information on how to identify the
components in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or
Oracle home?.
This section contains the following:
3.3.16.1 Oracle Fusion Middleware
12c
The sections below cover Oracle Fusion Middleware
version 12.2.x and 12.1.x
3.3.16.1.1 Oracle Fusion
Middleware 12.2.1.3
Error Correction information for Oracle Fusion
Middleware 12.2.1.3
|
Patch Information
|
12.2.1.3
|
Comments
|
|
Final CPU
|
-
|
See Note 1933372.1, Error Correction Support Dates for Oracle
Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
-
|
|
|
Determine Components in an Oracle Home
|
-
|
See Note 1591483.1, What is Installed in My Middleware or Oracle
home?
|
Patch Availability for Oracle Fusion Middleware
12.2.1.3
|
Distribution
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2485170.1, Critical Patch Update January 2019 Patch
Availability Document for Oracle Java SE
|
See Note 2485170.1, Critical Patch Update January 2019 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
|
12.2.1.3 Fusion Middleware distributions
|
OPATCH 13.9.4.2 FOR FMW/WLS 12.2.1.3.x Patch 28186730
|
Opatch Patch Released in Jan 2019
|
Apply Opatch 13.9.4.2
before applying WLS PSU. (Re download the patch if used older patch
before Feb 8 2019)
|
|
Oracle WebLogic Server
and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
WLS PATCH SET UPDATE 12.2.1.3.190115 Patch 28710939
|
CVE-2019-2418, CVE-2019-2398, CVE-2015-1832,
CVE-2019-2452, CVE-2018-1000180, CVE-2019-2441
|
WLS PSU should also be applied to all homes with a
WLS full or standalone domain
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server
Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server
Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server
Vulnerability CVE-2015-4852
|
|
Oracle WebLogic Server
and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
WEBLOGIC SAMPLES SPU 12.2.1.3.190115 Patch 28927298
|
CVE-2015-9251
|
This patch is a cumulative patch for all Struts 2
CVEs to date.
See Note 2255054.1, Oracle WebLogic
Server Requirements for Apache Struts 2 Vulnerabilities
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server
Vulnerability CVE-2018-2933.
See Note 2076338.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server
Vulnerability CVE-2015-4852
|
|
Oracle HTTP Server
Oracle Traffic Director
Oracle Forms and Reports
|
OAM Webgate Bundle
Patch 12.2.1.3.180622 Patch 28243743 or later
|
Released July 2018
|
|
|
Identity and Access Management
|
Oracle Access Manager Bundle Patch
12.2.1.3.180622 Patch 28305164 or later
|
Released July 2018
|
See Note 2386496.1, OAM CVE-2018-2879
|
|
Oracle HTTP Server
Oracle Forms and Reports
|
Oracle HTTP Server Bundle Patch 12.2.1.3.181217
(Patch 29058843 or later
|
CVE-2019-2414
|
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates
|
|
Identity and Access Management
Oracle Unified Directory
|
Oracle Identity Manager Bundle Patch
12.2.1.3.180920 Patch 28682376 or later
or
IDM Suite Bundle Patch 12.2.1.3.181016 Patch 28492345 or later
|
CVE-2017-15095, CVE-2017-5645, CVE-2018-3179
|
|
|
Oracle Service Bus
|
OSB BUNDLE PATCH 12.2.1.3.181006 Patch 28757972
|
CVE-2015-9251
|
|
|
Oracle WebLogic Server
and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for
FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
OSS security patch update 12.2.1.3.0 Patch 27210544 or later
|
Released April 2018
|
|
|
Oracle WebCenter
Portal
|
WebCenter Portal Bundle Patch 12.2.1.3.190114 Patch 28953192 or later
AND
WebCenter Core Bundle Patch 12.2.1.3.180910 Patch 28633811 or later
|
CVE-2018-14718, CVE-2018-12023, CVE-2019-2427,
CVE-2018-1000180
|
|
|
Oracle WebCenter Sites
|
Oracle WebCenter Sites
Bundle Patch 12.2.1.3.181015 Patch 28600538 or later
|
Released October 2018
|
|
|
Oracle WebCenter
Content
|
WebCenter Content Bundle Patch 12.2.1.3.180417 Patch 27393392 or later
|
Released April 2018
|
|
|
Oracle Internet Directory
|
Oracle Internet Directory Bundle Patch
12.2.1.3.180116 Patch 27396651 or later
|
Released January 2018
|
|
|
Oracle SOA Suite and Business Process
|
SOA BUNDLE PATCH 12.2.1.3.181223 Patch 29142661 or later
|
CVE-2017-5645, CVE-2019-2538, CVE-2018-1000180,
CVE-2015-9251
|
|
|
Oracle MapViewer
|
MAPVIEWER 12.2.1.3.0 DEC 2018 SPU Patch 29000402
|
CVE-2016-1000031
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
ADF Bundle Patch 12.2.1.3.180607 Patch 28151020 or later
|
Released July 2018
|
Apply to all Oracle homes installed with an FMW
Infrastructure
|
|
Oracle Enterprise Data Quality
|
EDQ 12.2.1.3.0 SPU Patch 28263628
|
Released July 2018
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
|
FMW Platform 12.2.1.3.0 SPU Patch 26937035
|
Released July 2018
|
Apply to all Oracle Fusion Middleware homes
|
|
Oracle HTTP Server
Oracle WebLogic Server
Proxy Plug-In
(Apache, IIS, iPlanet)
Oracle Forms and Reports
|
ONS 12.2.1.3.0 SPU Patch Patch 27323998
|
Released July 2018
|
|
3.3.16.1.2 Oracle Fusion Middleware 12.1.3.0
Error Correction information for Oracle Fusion Middleware 12.1.3.0
Patch Availability for Oracle Fusion Middleware 12.1.3.0
3.3.16.2 Oracle
Fusion Middleware 11.1.1.9
Error Correction
information for Oracle Fusion Middleware 11.1.1.9
Patch
Availability for Oracle Fusion Middleware 11.1.1.9
3.3.16.3 Oracle Identity Access Management 11.1.2.3
Error Correction information for Oracle Identity Access Management
11.1.2.3
Patch Availability for Oracle Identity Access Management 11.1.2.3
3.3.17 Oracle Hyperion
Analytic Provider Services
Error Correction information for Oracle Hyperion Analytic Provider
Services
Patch Availability for Oracle Hyperion Analytic Provider Services
3.3.18 Oracle Hyperion BI+
Error Correction information for Oracle Hyperion BI+
Patch Availability for Oracle Hyperion BI+
3.3.19 Oracle Hyperion Common Security
Error Correction information for Oracle Hyperion Common Security
Patch Availability for Oracle Hyperion Common Security
3.3.20 Oracle Hyperion Data Relationship Management
Error Correction information for Oracle Hyperion Data
Relationship Management
Patch Availability for Oracle Hyperion Data Relationship
Management
3.3.21 Oracle Hyperion Enterprise Performance Management
Architect
Error Correction information for Oracle Hyperion Enterprise
Performance Management Architect
Patch Availability for Oracle Hyperion Enterprise Performance
Management Architect
3.3.22 Oracle Hyperion Essbase
Error Correction information for Oracle Hyperion Essbase
Patch Availability for Oracle Hyperion Essbase
3.3.23 Oracle Hyperion Financial Management
Error Correction information for Oracle Hyperion Financial Management
Patch Availability for Oracle Hyperion Financial Management
3.3.24 Oracle Hyperion Financial Reporting
Error Correction information for Oracle Hyperion Financial Reporting
Patch Availability for Oracle Hyperion Financial Reporting
3.3.25 Oracle Hyperion Planning
Error Correction information for Oracle Hyperion Planning
Patch Availability for Oracle Hyperion Planning
3.3.26 Oracle Hyperion Strategic Finance
Error Correction information for Oracle Hyperion Strategic Finance
Patch Availability for Oracle Hyperion Strategic Finance
3.3.27 Oracle Identity Access Management
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Identity Access Management installation. Only the relevant homes from those
tables need to be patched.
Patch Availability for Oracle Identity Access Management
3.3.28 Oracle
Identity Analytics
Error
Correction Information for Oracle Identity Analytics
Patch
Availability for Oracle Identity Analytics
3.3.29 Oracle Identity Management
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Identity Management installation. Only the relevant homes from those tables
need to be patched.
Patch Availability for Oracle Identity Management
3.3.30 Oracle Identity
Management Connector
Error Correction information for Oracle
Identity Management Connector
Patch Availability for Oracle
Identity Management Connector
3.3.31 Oracle
JDeveloper and Oracle ADF
Error
Correction information for Oracle JDeveloper and
Oracle ADF
Critical Patch Update Availability for Oracle JDeveloper
and Oracle ADF
3.3.32 Oracle Map Viewer
Error Correction information for Oracle Map Viewer
Patch Availability for Oracle Map Viewer
3.3.33 Oracle Mobile Security Suite
Error Correction information for Oracle Mobile Security Suite
Patch Availability for Oracle Mobile Security Suite
3.3.34 Oracle Outside In Technology
Error Correction information for Oracle Outside In Technology
Patch Availability for Oracle Outside In Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Outside In Technology 8.5.4
|
OIT BP 8.5.4 Jan 2019 Patch 28847552
|
CVE-2019-2465, CVE-2019-2462, CVE-2019-2467,
CVE-2019-2468, CVE-2019-2469, CVE-2019-2463, CVE-2019-2473,
CVE-2019-2472, CVE-2019-2478, CVE-2019-2480, CVE-2019-2477,
CVE-2019-2461, CVE-2019-2459, CVE-2019-2458, CVE-2019-2464,
CVE-2019-2457, CVE-2019-2475, CVE-2019-2456, CVE-2018-3147,
CVE-2019-2429, CVE-2019-2476, CVE-2019-2474, CVE-2019-2479, CVE-2019-2466
|
|
|
Oracle Outside In Technology 8.5.3
|
OIT BP 8.5.3 Dec 2018 Patch 28847532
|
CVE-2019-2465, CVE-2019-2462, CVE-2019-2467,
CVE-2019-2468, CVE-2019-2469, CVE-2019-2463, CVE-2019-2473,
CVE-2019-2472, CVE-2019-2478, CVE-2019-2480, CVE-2016-9389,
CVE-2016-9392, CVE-2016-9389, CVE-2019-2477, CVE-2019-2461,
CVE-2019-2459, CVE-2016-9392, CVE-2019-2458, CVE-2019-2464, CVE-2019-2457,
CVE-2019-2475, CVE-2019-2456, CVE-2019-2460, CVE-2017-14229,
CVE-2018-3147, CVE-2019-2429, CVE-2019-2476, CVE-2016-9389,
CVE-2019-2474, CVE-2019-2479, CVE-2016-9583, CVE-2016-9389,
CVE-2016-9389, CVE-2016-9389, CVE-2017-13745, CVE-2019-2466
|
|
3.3.35 Oracle Real Time Decisions Applications
Error Correction information for Oracle Real Time Decisions
Applications
Patch Availability for Oracle Real Time Decisions Applications
3.3.36 Oracle Real Time Decisions Platform
Error Correction information for Oracle Real Time Decisions Platform
Describes the Error Correction information for Oracle Real Time
Decisions Platform.
Patch Availability for Oracle Real Time Decisions Platform
Describes the available patches for Oracle Real Time Decisions
Platform.
3.3.37 Oracle Service Architecture Leveraging Tuxedo (SALT)
Error Correction information for Oracle Service Architecture
Leveraging Tuxedo (SALT)
Patch Availability for Oracle Service Architecture Leveraging Tuxedo
(SALT)
3.3.38 Oracle SOA Suite
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
SOA Suite installation. Only the relevant homes from those tables need to
be patched.
Patch Availability for Oracle SOA Suite
3.3.39 Oracle
Traffic Director
Error
Correction information for Oracle Traffic Director
Patch
Availability for Oracle Traffic Director
3.3.40 Oracle Tuxedo
Error Correction information for Oracle Tuxedo
Patch Availability for Oracle Tuxedo
3.3.41 Oracle Tuxedo System and Applications Monitor Plus (TSAM
Plus)
Error Correction Information for Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)
Patch Availability for Oracle Tuxedo System and Applications Monitor
Plus (TSAM Plus)
3.3.42 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Web-Tier 11g Utilities installation. Only the relevant homes
from those tables need to be patched.
Patch Availability for Oracle Web-Tier 11g Utilities
3.3.43 Oracle
WebCenter
For the
appropriate product versions listed below, refer to the corresponding Oracle
Fusion Middleware patch availability sections that contain information on
Error Correction, and for the patches to apply. Not all homes that are
listed in those sections might be present in the Oracle WebCenter
installation. Only the relevant homes from those tables need to be patched.
Patch
Availability for Oracle WebCenter
3.3.44 Oracle
WebCenter Content (Formerly Oracle Universal
Content Management)
Patch
Availability for Oracle WebCenter Content
3.3.45 Oracle
WebCenter Portal
Error
Correction information for Oracle WebCenter
Portal
Patch
Availability for Oracle WebCenter Portal
3.3.46 Oracle
WebCenter Sites (Formerly FatWire
Content Server)
Error
Correction information for Oracle WebCenter Sites
(formerly FatWire Content Server)
Patch
Availability for Oracle WebCenter Sites
3.3.47 Oracle WebCenter Sites
Community
Error Correction information for Oracle WebCenter
Sites Community
Patch Availability for Oracle WebCenter
Sites Community
3.3.48 Oracle
WebCenter Suite
For the
appropriate product versions listed below, refer to the corresponding
Oracle Fusion Middleware patch availability sections that contain
information on Error Correction, and for the patches to apply. Not all
homes that are listed in those sections might be present in the Oracle WebCenter Suite installation. Only the relevant homes
from those tables need to be patched.
Patch
Availability for Oracle WebCenter Suite
3.3.49 Oracle
WebGate
Error
Correction information for Oracle WebGate
Patch
Availability for Oracle WebGate
See
also the underlying product stack tables for any applicable
patches. Refer to comments section and apply the patch to the
respective product home.
3.3.50 Oracle WebLogic Portal
Error Correction information for Oracle WebLogic
Portal
Critical Patch Update Availability for WebLogic
Portal
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
WebLogic Portal patches are cumulative to
include all the prior published advisories. For more information, see My
Oracle Support Note
1355929.1, October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL
Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled with WebLogic
Server 9.2.3.0, which is out of error correction. Contact Oracle support
for security patches needed for WebLogic Server
9.2.3.0
3.3.51 Oracle WebLogic Server
Error Correction information for Oracle WebLogic
Server Patch Set Update
Patch Set Update Availability for Oracle WebLogic
Server
For more information, see MyOracleSupport Note
1470197.1, Patch Set Update (PSU) Release Listing
for Oracle WebLogic Server (WLS). See Note
1306505.1, Patch Set Update (PSU) Administration Guide for
Oracle WebLogic Server (WLS)
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Java SE home
Oracle JRockit 28.x home
|
See Note 2485170.1,
Critical Patch Update January 2019 Patch Availability Document for Oracle
Java SE
|
See Note 2485170.1,
Critical Patch Update January 2019 Patch Availability Document for Oracle
Java SE
|
See Note 1492980.1, How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
12.2.1.3
Fusion Middleware distributions
|
OPATCH
13.9.4.2 FOR FMW/WLS 12.2.1.3.x Patch 28186730
|
Opatch Patch
Released in Jan 2019
|
Apply Opatch 13.9.4.2
before applying WLS PSU. (Re download the patch if used older patch
before Feb 8 2019)
|
|
Oracle WebLogic Server and
Coherence
|
WLS PATCH SET UPDATE 12.2.1.3.190115 Patch 28710939
|
CVE-2019-2418, CVE-2019-2398, CVE-2015-1832,
CVE-2019-2452, CVE-2018-1000180, CVE-2019-2441
|
CVE-2018-3213 Is addressed in Docker
Images published after September 13, 2018. Latest docker
image at https://container-registry.oracle.com.
See Note 2395745.1, April
2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
|
WLS
PATCH SET UPDATE 12.1.3.0.190115 Patch 28710923
|
CVE-2019-2418, CVE-2019-2398,CVE-2019-2452
|
See Note 2395745.1, April
2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 10.3.6.0 home
|
WLS
PATCH SET UPDATE 10.3.6.0.190115 Patch 28710912
|
CVE-2019-2418, CVE-2019-2398, CVE-2019-2452,
CVE-2019-2395
|
See Note 1607170.1, SSL
Authentication Problem Using WebLogic 10.3.6
and 12.1.1 With JDK1.7.0_40 or Higher
See Note 2395745.1, April
2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
See Note 1274906.1, How
to Disable the UDDI and UDDI Explorer Functionality in WebLogic Server
|
|
WebLogic Server 12.1.3.0 home
WebLogic Server 10.3.6.0 home
|
WLS
12.1.3 JDBC Patch 20741228
WLS 10.3.6 JDBC Patch 27541896
|
Released in Jan 2018
|
Please refer to Note 1970437.1 How
To Update the JDBC and UCP Drivers Bundled with WebLogic
Server 10.3.6 and 12c
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.2.1.3.0 home
WebLogic Server 12.1.3.0.0 home
WebLogic Server 10.3.6.0.0 home
|
WEBLOGIC
SAMPLES SPU 12.2.1.3.190115 Patch 28927298
WEBLOGIC SAMPLES SPU 12.1.3.0.190115 Patch 28927303
Weblogic
Samples SPU 10.3.6.0.181016 Patch 28483404
|
CVE-2015-9251
|
Oracle WebLogic Server
Requirements for Apache Struts 2 and CVE-2017-5638 / CVE-2017-9805
This patch is a cumulative patch for all Struts 2
CVEs to date. For more information, see: Note 2255054.1 Oracle
WebLogic Server Requirements for Apache Struts
2 Vulnerabilities
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS
patch
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
WebLogic Server 10.3.6.0 home
|
See Note 1936300.1
|
Released
October 2014
|
SSL
V3.0 "Poodle" Advisory
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
3.4 Oracle
Sun Middleware
This section
contains the following:
3.4.1 Directory
Server Enterprise Edition
Error
Correction information for Directory Server Enterprise Edition
Patch
Availability for Directory Server Enterprise Edition
3.4.2 Reserved for Future Use
Error Correction information for Reserved for Future Use
Patch Availability for Reserved for Future Use
3.4.3 Oracle GlassFish Server
Error Correction information for Oracle GlassFish
Server
Patch Availability for Oracle GlassFish
Server
3.5 Tools
This section contains the following:
3.5.1 Oracle
OPatch
Minimum
Product Requirements for Oracle OPatch
The CPU
security vulnerabilities are fixed in the listed release and later
releases. The Oracle OPatch downloads can be
found at Patch
6880880.
4 Final CPU History
Final CPU History
The Final CPU is the last quarter that a product is supported in the
CPU program as per the Premier Support and Extended Support policies. For
more information, see My Oracle Support Note
209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy.
5 Sources
of Additional Information
The following
documents provide additional information about Critical Patch Updates:
6 Modification
History
Modification
History
|
Date
|
Modification
|
|
January
15, 2019
|
Released
Updated section 2.2 with additional Post Release Patches
Updated copyright
Corrected the patch number for Combo OJVM Update 12.2.0.1.190115 and
Database Update 12.2.0.1.190115 in section 3.1.4.3
Corrected the patch number for Database Jan 2019 Update 12.2.0.1.190115
in section 3.1.4.3
|
|
January
16, 2019
|
Moved
the following to Section 4 for Final CPU History:
- Oracle Business Intelligence App Mobile Designer
- Oracle Business Intelligence Mobile
- Oracle JDeveloper and Oracle ADF 11.1.1.7
- Oracle Map Viewer 11.1.1.7
- Oracle Web-Tier 11g Utilities 11.1.1.7
- Oracle WebCenter Suite 11.1.1.7
Updated patch availability in section 2.2
Added 11.2.0.4 COMBO patches in section 2.2
Moved the need for the NGINST Patch from 'Oracle WebLogic
Server and Coherence' row to 'All Middleware homes' row in section
3.3.18.1.1
Updated Oracle Hyperion BI+ section
|
|
January
17, 2019
|
Updated
patch availability in section 2.2
Added Patch 28980123 to section 2.2
|
|
January
22, 2019
|
Updated
comments for WLS PATCH SET UPDATE 12.2.1.3.190115 in section 3.3.16.1.1
Updated OPATCH 13.9.4.0.0 FOR FMW/WLS 12.2.1.3 in section 3.3.16.1.1
Added new row for Patch 27210544 in section 3.3.16.1.1
Updated patch availability in section 2.2
|
|
January
23, 2019
|
Updated
'Product Home' and 'Comments' details for OPATCH 13.9.4.0.0 FOR FMW/WLS
12.2.1.3 in sections 3.3.16.1.1 and 3.3.51.
Corrected sub-section mis-numbering within
section 3.3.16.1 Oracle Fusion Middleware 12c
Updated patch availability in section 2.2
|
|
January
24, 2019
|
Updated
patch availability in section 2.2
|
|
January
28, 2019
|
Updated
comments in sections 3.3.16.1.1 and 3.3.51
Corrected the advisory number for Patch 28757972 in section 3.3.16.1.1
Updated comments in section 3.3.18
Updated availibility for several patches in
section 2.2
|
|
January
31, 2019
|
Updated
patch availability in section 2.2
Updated Final CPU date and comments for Oracle Hyperion BI+ in section
3.3.18
|
|
February
04, 2019
|
Updated
patch availability in section 2.2
|
|
February
12, 2019
|
Updated
patch availability in section 2.2
|
|
February
15, 2019
|
Updated
the row for Patch 28186730 in section 3.3.16.1.1
Updated the row for Patch 28186730 in section 3.3.51
|
|
February
19, 2019
|
Updated
the row for Patch 28186730 in section 3.3.16.1.1
Updated the row for Patch 28186730 in section 3.3.51
Updated patch availability in section 2.2
|
|
February
20, 2019
|
Updated
patch availability in section 2.2
|
|
February
26, 2019
|
Updated
patch availability in section 2.2
|
|
March
05, 2019
|
Updated
patch availability in section 2.2
|
|
March
14, 2019
|
Updated
patch availability in section 2.2
|
|
March
26, 2019
|
Updated
patch availability in section 2.2
Updated the Distribution column for patch 28186730 in section 3.3.16.1.1
Updated the Product Home column for patch 28186730 in section 3.3.51
|
|
March
27, 2019
|
Updated
patch availability in section 2.2
|
|
March
28, 2019
|
Updated
patch 28980134 availability in section 2.2
|
|
April
03, 2019
|
Updated
patch 28980134 availability in section 2.2
Updated notes for Patch 28710912 in section 3.3.51
|
|
April
08, 2019
|
Updated
patch availability in section 2.2
|
|
April
09, 2019
|
Updated
patch availability in section 2.2
|
|
April
15, 2019
|
Updated
patch availability in section 2.2
|
7 Documentation
Accessibility
For
information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to
Oracle Support
Oracle
customers have access to electronic support through My Oracle Support. For
information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or
visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you
are hearing impaired.
Critical Patch
Update Availability Document January 2019
Copyright @
2019, Oracle and/or its affiliates. All rights reserved.
This software
and related documentation are provided under a license agreement containing
restrictions on use and disclosure and are protected by intellectual
property laws. Except as expressly permitted in your license agreement or
allowed by law, you may not use, copy, reproduce, translate, broadcast,
modify, license, transmit, distribute, exhibit, perform, publish, or
display any part, in any form, or by any means. Reverse engineering,
disassembly, or decompilation of this software,
unless required by law for interoperability, is prohibited.
The
information contained herein is subject to change without notice and is not
warranted to be error-free. If you find any errors, please report them to
us in writing.
If this is
software or related documentation that is delivered to the U.S. Government
or anyone licensing it on behalf of the U.S. Government, the following
notice is applicable:
U.S.
GOVERNMENT RIGHTS Programs, software, databases, and related documentation
and technical data delivered to U.S. Government customers are
"commercial computer software" or "commercial technical
data" pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, the use, duplication,
disclosure, modification, and adaptation shall be subject to the
restrictions and license terms set forth in the applicable Government
contract, and, to the extent applicable by the terms of the Government
contract, the additional rights set forth in FAR 52.227-19, Commercial
Computer Software License (December 2007). Oracle America, Inc., 500 Oracle
Parkway, Redwood City, CA 94065.
This software
or hardware is developed for general use in a variety of information
management applications. It is not developed or intended for use in any
inherently dangerous applications, including applications that may create a
risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate
fail-safe, backup, redundancy, and other measures to ensure its safe use.
Oracle Corporation and its affiliates disclaim any liability for any
damages caused by use of this software or hardware in dangerous
applications.
Oracle and
Java are registered trademarks of Oracle and/or its affiliates. Other names
may be trademarks of their respective owners.
Intel and
Intel Xeon are trademarks or registered trademarks of Intel Corporation.
All SPARC trademarks are used under license and are trademarks or
registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD
logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced
Micro Devices. UNIX is a registered trademark of The Open Group.
This software
or hardware and documentation may provide access to or information on
content, products, and services from third parties. Oracle Corporation and
its affiliates are not responsible for and expressly disclaim all
warranties of any kind with respect to third-party content, products, and
services. Oracle Corporation and its affiliates will not be responsible for
any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services.
|