|
Oracle Fusion Middleware - Version
11.1.1.7.0 and later
Oracle Database Cloud Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version
N/A and later
Oracle Database - Enterprise Edition - Version 11.2.0.4 and later
Oracle Database Exadata Express Cloud Service -
Version N/A and later
Information in this document applies to any platform.
This document defines the patches and minimum
releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch
Updates and Patch Set Updates released on October 16, 2018.
The document is for Database Administrators
and/or others tasked with Quarterly Security Patching.
Database,
Fusion Middleware, and Enterprise Manager Critical Patch Update October
2018 Patch Availability Document
My Oracle Support Note 2433477.1
Released October 16, 2018
This document contains the following sections:
1 Overview
Oracle provides quarterly cumulative patches to
address security vulnerabilities. The patches may include critical fixes in
addition to the security fixes. The security vulnerabilities addressed are
announced in the Advisory for October 2018, available at:
Oracle Technical Network Advisory
This document lists the Oracle Database, Fusion
Middleware and Enterprise Manager CPU program cumulative patches for
product releases under error correction. The October 2018 release
supersedes earlier CPU program cumulative patches for the same product
releases. This document is subject to continual update after the initial
release, and the changes are listed in "Modification History." If you print this document,
check My Oracle Support to ensure you have the latest version.
This section contains the following:
1.1 How To Use This Document
The following steps explain how to use this document.
Step 1 Assess your
Environments
Determine the Oracle product suites
and products and their release numbers for each of your environments.
Step 2 Read Important
Announcements
Review "What's New in October 2018," as it lists documentation and
packaging changes along with important announcements such as upcoming final
CPUs.
Step 3 Determine
Patches to be Applied
For each environment, determine which
patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table
for each product suite release, such as Oracle Database 12.2.0.1, Oracle
Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control
12.1.0.5.
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error
Correction Support Policy. Patches are provided only for these
releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for
further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from
previous quarterly releases, or the current one without any security fixes,
the column indicates "Released MMM YYYY"
·
When
a section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is referenced, determine the
Oracle Database release that is installed, and find the patches to apply in
the table for that Oracle Database release in "Oracle Database."
Step 4 Apply the
Patches
Download the patches, review the
READMEs, and apply the patches according to the instructions.
Step 5 Planning for
Future Critical Patch Updates
To help you plan for future Critical
Patch Updates, this document includes Final CPU information based on Oracle's
Lifetime Support Policy and error correction policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in October 2018," documents product releases for
which final Critical Patch Updates are upcoming or are being announced. In
each product section, there is also an Error Correction Information Table
that documents the final CPU program patch for the product. Products that
have reached the end of error correction are documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used in this patch
availability document and in the subsequent tables.
- Update - Release Update
- Revision -Release Update Revision
- BP - Bundle Patch
- Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
- NA Not Applicable.
- OR On-Request. The patch is made available
through the On-Request program.
- PSU - Patch Set Update
- SPU - Security Patch Update. An iterative,
cumulative patch consisting of security fixes.
- Overlay
SPU patch provided
as an overlay on top of a PSU or BP instead of a base/patch set
release.
1.3 On-Request Patches
Oracle does not proactively release patches for
historically inactive platforms. However, Oracle will deliver these patches
when requested.
The following guidelines describe how to initiate an
on-request (OR) patch.
A request may be made:
- At any
time. However, a patch for a specific quarterly release, such as
CPUOct2012, cannot be requested. Depending on when the request is
received and processed, either the patch for the current quarterly
release or the next quarterly release will be provided. Your Service
Request (SR) will provide you the planned availability date for the
patch.
- As long
as the version is in either Premier Support or Extended Support and
error correction support has not expired. For example, if a product
release is under Extended Support through the release of CPUJan2013 on
January 15, 2013, then you can file a request for the product release
through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software
Error Correction Support Policy.
- For a
platform-version combination when a major release or patch set is
released on a platform after a quarterly release date. Oracle will
provide the next patch for that platform-version combination,
however you may request the current patch by following the on-request
process. For example, if a patch is released for a platform on August
1, 2012, Oracle will provide the CPUOct2012 patch for that platform.
You may request a CPUOct2012 patch for the platform, and Oracle will
review the request and determine whether to provide CPUJul2012 or
CPUOct2012.
A patch that is marked as on-request (OR) may already have
been requested by another customer and be available on My Oracle Support.
Before you file a Service Request (SR), check on My Oracle Support to see
if the patch is already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch recommendation features are
available on the Patches & Update tab. The patches announced in this
document as part of the CPU program are classified as "Security"
patch recommendations in My Oracle Support. If a new patch is being
announced in this document, then the classification on any earlier patch is
changed to "General", causing it to be removed from the My Oracle
Support patch recommendations. If a patch has a "Security"
classification, and a subsequent bundle, SPU, or PSU is released with a
recommendation classification, then it will be classified as a
"Security" recommendation in My Oracle Support.
Once a product release is no longer in error
correction, its CPU patch information is removed from this document, but
the last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle Support (MOS) Conflict Checker tool is
available as of July 21, 2014.
You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from
the Patch Search results screen ("Analyze with OPatch"
button).
The MOS Conflict Checker Tool allows you to upload an
OPatch inventory to check for conflicts with
patches to apply to your environment. If no conflicts are found, you can
download the patches. If conflicts are found, the tool finds an existing
resolution to download. If no resolution is found, you can request a solution,
and monitor your request in the Plans region.
For more information and a demonstration video, see
Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict
Checker Tool for Patches Installed with OPatch
[Video].
2 What's New in October 2018
This section describes important changes in October
2018:
2.1 Final CPU Information (Error
Correction Policies)
The final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. Final CPUs for upcoming releases, as well as newly
scheduled final CPUs, are listed in the following sections.
Final CPUs scheduled for January 2019
- Oracle
Application Performance Management 11.1.x
- Oracle GlassFish Server 3.1.2
Final CPUs scheduled for October 2018
- Oracle
Business Intelligence Enterprise Edition 11.1.1.7
- Oracle
Business Intelligence Publisher 11.1.1.7
- Oracle
Communications Converged Application Server 5.x
- Oracle
Complex Event Processing 11.1.7
- Oracle
Data Integrator 11.1.1.7.0
- Oracle Endeca Server 7.6
- Oracle Endeca Server 7.6.1
- Oracle Endeca Information Discovery Studio 3.1
- Oracle
Enterprise Repository 12.1.3 and 11.1.1.7
- Oracle
Forms and Reports 11.1.2.2
- Oracle
Fusion Middleware 11.1.1.7
- Oracle
Hyperion BI+ 11.1.2.x
- Oracle JDeveloper and Oracle ADF 11.1.1.7
- Oracle Mapviewer 11.1.1.7.0
- Oracle
Real Time Decisions Server 11.1.1.7
- Oracle
Service Bus 11.1.1.7.0
- Oracle
SOA Suite 11.1.1.7.0
- Oracle
Traffic Director 11.1.1.7
- Oracle WebGate 10.1.4.3
2.2 Post Release Patches
Oracle strives to complete preparations and testing
of each Quarterly Security Patch for each platform by the quarterly release
date. Occasionally, circumstances beyond our control dictate that a
particular patch be delayed and be released a few days after the quarterly
release date. The following table lists any current patch delays and the
estimated date of availability.
|
Patch
|
Patch Number
|
Platform
|
Availability
|
|
rp098 Oracle Tuxedo 12.1.1 SPU for CPUOct2018
|
Patch 28870431
|
Windows
|
Available
|
|
Webcenter Sites 12.2.1.3.0 Patch 2
|
Patch 28600538
|
All
|
Available
|
|
DB Oct 2018 18.4.0 Update
|
Patch 28655784
|
All
|
Available
|
|
GI Oct 2018 18.4.0 Update
|
Patch 28659165
|
All
|
Available
|
|
Combo OJVM Update 18.4.0 and GI Update 18.4.0
|
Patch 28689122
|
Linux.x86-64
|
Available
|
|
GI Oct 2018 12.2.0.1.181016 Update
|
Patch 28714316
|
All
|
Available
|
|
GI Apr 2018 12.2.0.1.181016 Revision
|
Patch 28507711
|
AIX (64-Bit), HP-UX Itanium (64-Bit)
|
Available
|
|
GI Jul 2018 12.2.0.1.181016 Revision
|
Patch 28507693
|
All
|
Available
|
|
DB Proactive BP 12.1.0.2.181016
|
Patch 28349951
|
HP-UX Itanium (64-Bit)
|
Available
|
|
DB PSU 11.2.0.4.181016
|
Patch 28204707
|
All
|
Available
|
|
GI PSU 11.2.0.4.181016
|
Patch 28429134
|
All
|
Available
|
|
DB SPU 11.2.0.4.181016
|
Patch 28364007
|
All
|
Available
|
|
Combo OJVM PSU 11.2.0.4.181016 & DB SPU
11.2.0.4.181016
|
Patch 28689160
|
All
|
Available
|
|
Exadata DB BP 11.2.0.4.181016
|
Patch 28462975
|
All
|
Available
|
|
QFSDP for Exadata
(Oct2018) 18.4
|
Patch 28689211
|
Linux.x86-64
|
Available
|
|
QFSDP for Exadata
(Oct2018) 18.4
|
Patch 28689211
|
Solaris.x86-64
|
Available
|
|
QFSDP for Exadata
(Oct2018) 12.2.0.1
|
Patch 28689205
|
Linux.x86-64
|
Available
|
|
QFSDP for Exadata
(Oct2018) 12.2.0.1
|
Patch 28689205
|
Solaris.x86-64
|
Available
|
|
QFSDP for Exadata
(Oct2018) 12.1.0.2
|
Patch 28689198
|
Linux.x86-64, Solaris.x86-64
|
Available
|
|
QFSDP for Exadata
(Oct2018) 11.2.0.4
|
Patch 28689181
|
Linux.x86-64, Solaris.x86-64
|
Available
|
|
QFSDP for Supercluster
(Q4.2018)
|
Patch 28689213
|
Solaris SPARC (64-Bit)
|
Available
|
3 Patch Availability for Oracle Products
This section contains the following:
3.1 Oracle Database
This section contains the following:
3.1.1 Oracle
REST Data Services (formally called Oracle APEX Listener)
Error Correction information for Oracle REST
Data Services 3.0
|
Patch Information
|
3.0
|
Comments
|
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle REST
Data Services
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle REST Data Services downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
3.0.10.25.02.36
|
Released July 2017
|
|
3.1.2 Oracle Application Express
Minimum Product Requirements for Oracle Application
Express
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Application Express downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Application Express
|
5.1.4.00.08
|
Released January 2018
|
|
3.1.3 Oracle Big Data Spatial and Graph
Error Correction information
for Oracle Big Data Spatial and Graph
|
Patch Information
|
2.0
|
1.2
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch
Availability for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Big Data
Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.
|
Product
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Big Data Spatial and Graph 2.0
|
Patch 28774674
|
CVE-2016-6814
|
|
|
Oracle Big Data Spatial and Graph 2.1
|
Patch 28774701
|
CVE-2016-6814
|
|
|
Oracle Big Data Spatial and Graph 2.1
|
Patch 28774764
|
CVE-2016-6814
|
|
3.1.4 Oracle Database
This section contains the following:
3.1.4.1 Patch
Availability for Oracle Database
For information regarding the different types of
patches for Database, refer to Oracle Database - Overview of Database Patch
Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database
Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1
3.1.4.2 Oracle
Database 18
|
Patch Information
|
18
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 18
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Update 18.4.0 and Database Update
18.4.0 Patch 28689117 for UNIX, or
Combo OJVM Update 18.4.0 and GI Update 18.4.0 Patch 28689122, or
Quarterly Full Stack download for Exadata (Oct2018) 18.4.0 Patch 28689211 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster (Q4.2018) Patch 28689213 for Solaris SPARC 64-Bit
|
CVE-2018-7489 (GI Specific) , CVE-2018-3259
|
OJVM Update patches from 18.4 onwards are RAC
Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the
"Oracle JavaVM Component Database
PSU/RU" (OJVM PSU/RU) Patches
|
|
Oracle Database Server home
|
Database Update 18.4.0 Patch 28655784, or
Database Update Revision 18.3.1 Patch 28507480, or
Database Update Revision 18.2.2 Patch 28601267, or
GI Update 18.4.0 Patch 28659165, or
GI Update Revision 18.3.1 Patch 28660077, or
GI Update Revision 18.2.2 Patch 28702032, or
Microsoft Windows 32-Bit and x86-64 BP
18.4.0.0.181016 Patch 28736070 , or later;
Quarterly Full Stack download for Exadata (Oct2018) 18.4.0 Patch 28689211 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster (Q4.2018) Patch 28689213 for Solaris SPARC 64-Bit
|
CVE-2018-7489 (GI Specific)
|
See Section 2.2 Post Release Patches
|
|
Oracle Database Server home
|
OJVM Update 18.4.0 Patch 28502229 for UNIX
|
CVE-2018-3259
|
OJVM Update patches from 18.4 onwards are RAC
Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the
"Oracle JavaVM Component Database
PSU/RU" (OJVM PSU/RU) Patches
|
|
Oracle Database Client home
|
none for October 2018
|
|
no security-related content
|
3.1.4.3 Oracle
Database 12.2.0.1
|
Patch Information
|
12.2.0.1
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.2.0.1
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Update 12.2.0.1.181016 and Database
Update 12.2.0.1.181016 Patch 28689128 for UNIX, or
Combo OJVM Update 12.2.0.1.181016 and GI Update
12.2.0.1.181016 Patch 28689130, or
Quarterly Full Stack download for Exadata (Oct2018) 12.2.0.1 Patch 28689205 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Q4.2018) Patch 28689213 for Solaris SPARC 64-Bit
|
CVE-2018-3299, CVE-2018-3259
|
OJVM Update Patches are not RAC Rolling
installable. However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the
NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM
PSU and OJVM Update) Patches
|
|
Oracle Database Server home
|
Database Oct 2018 Update 12.2.0.1.181016 Patch 28662603 for UNIX, or
Database Apr 2018 Revision 12.2.0.1.181016 Patch 28507749, or
Database Jul 2018 Revision 12.2.0.1.181016 Patch 28507553, or
GI Update 12.2.0.1.181016 Patch 28714316, or
GI Apr 2018 Revision 12.2.0.1.181016 Patch 28507711, or
GI Jul 2018 Revision 12.2.0.1.181016 Patch 28507693, or
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.181016 Patch 28574555, or later;
Quarterly Full Stack download for Exadata (Oct2018) 12.2.0.1 Patch 28689205 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Q4.2018) Patch 28689213 for Solaris SPARC 64-Bit
|
CVE-2018-3299
|
|
|
Oracle Database Server home
|
OJVM Update 12.2.0.1.181016 Patch 28440725 for UNIX, or
OJVM Microsoft Windows Bundle Patch 12.2.0.1.181016 Patch 28412312
|
CVE-2018-3259
|
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
Database Update 12.2.0.1.170718 Patch 26123830
|
Released July 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.4 Oracle
Database 12.1.0.2
Error Correction information for Oracle Database
12.1.0.2
|
Patch Information
|
12.1.0.2
|
Comments
|
|
Final CPU
|
July 2021
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 12.1.0.2.181016 and Database PSU
12.1.0.2.181016 Patch 28689146 for UNIX, or
Combo OJVM PSU 12.1.0.2.181016 and GI PSU
12.1.0.2.181016 Patch 28689148, or
Combo OJVM PSU 12.1.0.2.181016 and Database
Proactive BP 12.1.0.2.181016 Patch 28689151 for UNIX, or
Quarterly Full Stack download for Exadata (Oct2018) BP 12.1.0.2 Patch 28689198 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Q4.2018) Patch 28689213 for Solaris SPARC 64-Bit
|
CVE-2018-3299, CVE-2018-3259
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the
NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 12.1.0.2.181016 Patch 28259833 for UNIX, or
GI PSU 12.1.0.2.181016 Patch 28349311, or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.181016 Patch 28563501, or later;
Database Proactive Bundle Patch
12.1.0.2.181016 Patch 28349951 or
Quarterly Full Stack download for Exadata (Oct2018) BP 12.1.0.2 Patch 28689198 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Q4.2018) Patch 28689213 for Solaris SPARC 64-Bit
|
CVE-2018-3299
|
|
|
Oracle Database Server home
|
Oracle JavaVM Component
Database PSU 12.1.0.2.181016 Patch 28440711 for UNIX, or
Oracle JavaVM Component
Microsoft Windows Bundle Patch 12.1.0.2.181016 Patch 28412299
|
CVE-2018-3259
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the
NOTE for more details.
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Oracle JavaVM
Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database Patch Set Update 12.1.0.2.170418 Patch 25171037
|
Released April 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.5 Oracle Database 11.2.0.4
Error Correction information for Oracle Database
11.2.0.4
|
Patch Information
|
11.2.0.4
|
Comments
|
|
Final CPU
|
October 2020
|
|
|
On-Request platforms
|
HP-UX PA RISC
IBM: Linux on System Z
32-bit client-only platforms except Linux x86
|
|
|
On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Patch Availability for Oracle Database 11.2.0.4
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 11.2.0.4.181016 and Database SPU 11.2.0.4.181016 Patch 28689160 for UNIX, or
Combo OJVM PSU 11.2.0.4.181016 and Database PSU
11.2.0.4.181016 Patch 28689165 for UNIX, or
Combo OJVM PSU 11.2.0.4.181016 and GI PSU
11.2.0.4.181016 Patch 28689170, or
Combo OJVM PSU 11.2.0.4.181016 and Exadata BP 11.2.0.4.181016 Patch 28689175
|
CVE-2018-3299, CVE-2018-3259
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the
NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 11.2.0.4.181016 Patch 28204707 for UNIX, or
GI PSU 11.2.0.4.181016 Patch 28429134 for UNIX, or
Database SPU 11.2.0.4.181016 Patch 28364007 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP
11.2.0.4.181016 Patch 28265827, or later;
Quarterly Database Patch for Exadata
BP 11.2.0.4.181016 Patch 28462975 for UNIX, or
Quarterly Full Stack download for Exadata (Oct2018) BP 11.2.0.4 Patch 28689181, or
Quarterly Full Stack download for SuperCluster (Q4.2018) Patch 28689213 for Solaris SPARC 64-Bit
|
CVE-2018-3299
|
|
|
Oracle Database Server home
|
Oracle JavaVM (OJVM)
Component Database PSU 11.2.0.4.181016 Patch 28440700 for UNIX, or
Oracle JavaVM (OJVM)
Component Database PSU 11.2.0.4.181016 Patch 28412269 for Microsoft Windows
|
CVE-2018-3259
|
OJVM PSU 11.2.0.4.161018 and greater includes
Generic JDBC Patch 23727132
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Oracle JavaVM Component
Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied
to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
Database Patch Set Update 11.2.0.4.170418 Patch 24732075
|
Released April 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.5 Oracle Database Mobile/Lite
Server
Error Correction Information for Oracle Database
Mobile Server
|
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
|
Final CPU
|
-
|
October 2021
|
|
Patch Availability for Oracle Database Mobile Server
12.1.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch Availability for Oracle Database Mobile Server
11.3.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle GoldenGate
Error Correction information for Oracle GoldenGate
|
Component
|
12.3.0.1
|
12.2.0.2
|
12.1.2.1
|
11.2.1.0
|
Comments
|
|
Final CPU
|
July 2025
|
October 2023
|
October 2021
|
January 2020
|
|
Patch Availability for Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.3.0.1
|
Install 12.3.0.1.4 Path Set (Available on edelivery/OTN)
|
CVE-2018-2913, CVE-2018-2912, CVE-2018-2914
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
|
12.2.0.2
|
Patch 28651610 - Oracle GoldenGate
12.2.0.2.181009 for Oracle 12c
Patch 28651607 - Oracle GoldenGate
12.2.0.2.181009 for Oracle 11g
|
CVE-2018-2913, CVE-2018-2912, CVE-2018-2914
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
|
12.1.2.1
|
Patch 28696813 - Oracle GoldenGate
12.1.2.1.181016 for Oracle 12c
Patch 28696808 - Oracle GoldenGate
12.1.2.1.181016 for Oracle 11g
|
CVE-2018-2913, CVE-2018-2912, CVE-2018-2914
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
|
11.2.1.0
|
Upgrade to OGG 12.1.2.1 or later and apply the
applicable Security patches listed above
|
-
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
3.1.7 Oracle GoldenGate
for Big Data (Formerly known as Oracle GoldenGate
Application Adapters)
Error Correction information for Oracle GoldenGate for Big Data
|
Component
|
12.3.1.1.0
|
12.3.0.1.0
|
12.2.0.1.0
|
Comments
|
|
Final CPU
|
December 2019
|
December 2019
|
December 2018
|
|
Patch Availability for Oracle GoldenGate
for Big Data
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.3.1.1
|
Oracle GoldenGate for Big
Data 12.3.1.1.6 Patch 28577949
|
CVE-2018-1258, CVE-2016-0635, CVE-2018-1275
|
Refer to Note 1645495.1 for the latest release and additional
platforms
|
|
12.3.2.1
|
Oracle GoldenGate for
Big Data 12.3.2.1.0 Release
|
CVE-2018-1258, CVE-2016-0635, CVE-2018-1275
|
Download the release from OTN
|
|
12.2.0.1
|
Oracle GoldenGate
Application Adapters Patch 28330342
|
CVE-2018-1258, CVE-2016-0635, CVE-2018-1275
|
Refer to Note 1645495.1 for the latest release and additional
platforms
|
3.1.8 Oracle GoldenGate
Veridata
Error Correction information for Oracle GoldenGate Veridata
|
Component
|
11.2.1.0
|
Comments
|
|
Final CPU
|
October 2020
|
|
Patch Availability for Oracle GoldenGate
Veridata
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2.1.0
|
oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665
oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668
|
Released April 2018
|
Golden Gate Veridata
Patch
|
3.1.9 Oracle Secure Backup
Error Correction information for Oracle Secure Backup
|
Patch Information
|
12.1.x
|
Comments
|
|
Final CPU
|
January 2020
|
|
Minimum Product Requirements for Oracle Secure
Backup
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Secure Backup downloads and
installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Secure Backup
|
12.1.0.3
|
Released April 2017
|
|
3.2 Oracle Enterprise Manager
This section contains the following:
3.2.1 Oracle
Application Performance Management
Error Correction information for Oracle Application
Performance Management
|
Patch Information
|
12.1.0.7
|
11.1.x
|
Comments
|
|
Final CPU
|
-
|
January 2019
|
|
|
On-Request platforms
|
-
|
|
|
Minimum Product Requirements for Oracle Application
Performance Management
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For more information on Oracle Application
Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.0.7
|
12.1.0.7.11 Release Patch 25244272
|
Released July 2017
|
|
|
11.1.x
|
11.1.0.5.7 Release Patch 26290928
|
Released July 2017
|
|
3.2.2 Oracle Application Testing
Suite
Error Correction information for Oracle Application
Testing Suite
|
Patch Information
|
13.2.0.1
|
13.1.0.1
|
12.5.0.3
|
Comments
|
|
Final CPU
|
-
|
-
|
April 2020
|
|
Patch Availability for Oracle Application Testing
Suite
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Application Testing Suite
downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic
Server" (Version 12.1.3.0)
|
See "Oracle WebLogic
Server" (Version 12.1.3.0.0)
|
See "Oracle WebLogic
Server" (Version 12.1.3.0.0)
|
|
13.2.0.1
|
BP Patch 27794987
|
Released April 2018
|
|
|
13.1.0.1
|
BP Patch 27794982
|
Released April 2018
|
|
|
12.5.0.3
|
BP Patch 27794971
|
Released April 2018
|
|
3.2.3 Oracle Enterprise Manager
Cloud Control
If your plans include updating the JDK version,
please be sure that the JDK version that you choose is certified with your
OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM
Cloud Control Component.
Error Correction information for Oracle Enterprise
Manager Cloud Control
|
Patch Information
|
13.3.0.0
|
13.2.0.0
|
12.1.0.5
|
Comments
|
|
Final CPU
|
-
|
July 2019
|
October 2019
|
|
|
On-Request platforms
|
-
|
-
|
-
|
|
Availability for Oracle Enterprise Manager Cloud
Control 13c Release 2 (13.3.0.0)
Patch Availability for Oracle Enterprise Manager
Cloud Control 13c Release 1 (13.2.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.1.3.0)
|
See "Oracle WebLogic Server" (Version 12.1.3.0.0)
|
|
|
Base Platform OMS home
|
PSU 13.2.0.0.181016 Patch 28717501
|
CVE-2018-0739
|
|
|
Base Platform OMS home
|
EM for OMS Plugins 13.2.3.0.180630 Patch 28170938 or later
EM for OMS Plugins 13.2.2.0.180630
Patch 28170918 or later
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM VT Plugin BP 13.2.3.0.180630 (Agent
Monitoring) Patch 28195767 Patch 28195767
|
Released July 2018
|
|
|
Base Platform Agent Home
|
EM for OMS Plugins 13.2.3.0.180731 Patch 28347358 or later
EM for OMS Plugins 13.2.2.0.180731
Patch 28347355 or later
|
Released July 2018
|
See "Post Release Patches" for Avaialbility
|
|
Base Platform Agent home
|
EM VT Plugin BP 13.2.2.0.180630 (Agent
Monitoring) Patch 28195765
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM for PeopleSoft 13.2.1.1.0 Patch 28243206 or EM for PeopleSoft 13.1.1.1.0 Patch 28243212
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM for MYSQL Database 13.2.4.0.0 Patch 28788540
|
CVE-2018-1258
|
|
|
Base Platform OMS home
|
OHS SPU for Jan2018CPU Patch 27244723
|
Released July 2018
|
OHS 12.1.3 patch
|
|
Base Platform OMS home
|
SPU Patch 25322055
|
Released in January 2017
|
Oracle ADF Patch 12.1.3.0
This patch is necessary for any co-located installations where ADF
exists.
|
Patch Availability for Oracle Enterprise Manager
Cloud Control 12c Release 5 (12.1.0.5)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
|
|
Base Platform Fusion Middleware home
|
CPU Patch 23703041
|
Released July 2016
|
Oracle Business Intelligence Publisher BP
11.1.1.7.160719 patch for BIP home in Enterprise Manager
|
|
Base Platform OMS home
|
PSU 12.1.0.5.181016 Patch 28595534
|
CVE-2018-0739
|
|
|
Base Platform Fusion Middleware home
|
JSP 11.1.1.7.0 SPU for EM 12.1.0.5
(CPUAPR2018) Patch 27872862
|
Released April 2018
|
JSP 11.1.1.7.0 SPU patch
|
|
Base Platform Agent home
|
BP Patch 22317311
|
Released January 2016
|
Apply to Agent core Oracle Home, after applying
agent patch 25456449, 22342358
|
|
Base Platform Agent home
|
BP Patch 22342358
|
Released January 2016
|
Apply 22342358 to Agent sbin
Oracle Home after applying agent Patch 28193486. Then apply Patch
22317311.
If patches 22342358 and 22317311 were applied earlier, no need to
reapply.
|
|
Base Platform Fusion Middleware home
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
Apply to Oracle_WT
Post installation steps are not applicable for
Enterprise Manager
|
|
Plugin home
|
BP Patch 28347732
|
Released July 2018
|
See "Post Release Patches" for availability
|
|
Base Platform Agent home
|
BP Patch 28193486
|
Released July 2018
|
|
|
Base Platform Fusion Middleware home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
Released January 2018
|
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates
See Note 2400141.1 before applying this patch
Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH
|
|
Base Platform Fusion Middleware home
|
CPU Patch 19345576
|
Released January 2015
|
Oracle Process Management and Notification (OPMN)
Patch for Oracle_WT OH
See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle
Fusion Middleware 11g OPMN/ONS
|
|
Base Platform Fusion Middleware home
|
SPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch for Oracle_WT OH
|
3.2.5 Oracle
Enterprise Manager Ops Center
Error Correction information for Oracle Enterprise
Manager Ops Center
|
Patch Information
|
12.3.x
|
12.2.x
|
Comments
|
|
Final CPU
|
Jun 2020
|
Feb 2019
|
|
Patch Availability for Oracle Enterprise Manager Ops
Center
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Enterprise Manager
Ops Center downloads and installation instructions,
see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
12.3.3 & 12.2.2
|
OpsCenter UI and other patches for CPU October 2018 Patch 28795060
|
CVE-2016-4000
|
|
|
12.3.3 & 12.2.2
|
OpsCenter UCE patches for CPU July 2018 Patch 28329289
|
Released July 2018
|
|
3.2.6 OSS Support Tools
Error Correction information for OSS Support Tools
|
Patch Information
|
8.11.x
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for OSS Support Tools
|
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
|
8.11.16.3.8
|
BP Patch 22783063
|
March 2016
|
See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) -
RDA/Explorer, SNEEP, ACT
|
3.2.7 Oracle Configuration
Manager
Minimum Product Requirements for Oracle Configuration
Manager
Critical Patch Update security vulnerabilities are
fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS
(support.oracle.com). Customer can use collector tab to down the Oracle
Configuration Manager Collector.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Configuration Manager
|
12.1.2.0.6
|
CVE-2017-5645
|
|
3.3 Oracle Fusion Middleware
This section contains the following:
3.3.1 Management
Pack For Oracle GoldenGate
Error Correction information for Management Pack For
Oracle GoldenGate
|
Patch Information
|
12.1.3.x
|
Comments
|
|
Final CPU
|
July 2022
|
|
Patch Availability for Management Pack For Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.1.0
|
Oracle Goldengate Monitor
v11.2.1.0.13 or later Patch 27221310
|
Released April 2018
|
Oracle GoldenGate Monitor
patch
|
3.3.2 NetBeans IDE
Minimum Product Requirements for NetBeans
IDE
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For NetBeans IDE
downloads, see https://netbeans.org/downloads/
|
Product Home
|
Release
|
Advisory Number
|
Comments
|
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle API Gateway
Error Correction information for Oracle API
Gateway
|
Patch Information
|
11.1.2.4.0
|
Comments
|
|
Final CPU
|
March 2021
|
|
Patch Availability for Oracle API Gateway
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4.0
|
OAG 11.1.2.4.0 SPU FOR OCTCPU2018 Patch 28597708
|
CVE-2017-5645
|
|
3.3.4 Oracle Big Data Discovery
Minimum Product Requirements for
Oracle Big Data Discovery
Critical Patch Update security
vulnerabilities are fixed in the listed release only and installations with
any prior versions will need to move to the listed version. For Oracle
Big Data Discovery downloads, seehttps://edelivery.oracle.com and
search for "Oracle Big Data Discovery".
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Big Data Discovery
|
Big Data Discovery 1.6 SPU for October Patch 28780089
|
CVE-2018-1275
|
|
3.3.5 Oracle
Business Intelligence App Mobile Designer
Error Correction information for Oracle Business
Intelligence App Mobile Designer
|
Patch Information
|
11.1.1.7 iOS
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle Business Intelligence
App Mobile Designer
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7
|
SPU Patch 18794832
|
Released July 2014
|
|
3.3.6 Oracle Business
Intelligence Enterprise Edition
Error Correction information for Oracle Business
Intelligence Enterprise Edition
|
Patch Information
|
12.2.1.4.0
|
12.2.1.3.0
|
11.1.1.9
|
11.1.1.7
|
Comments
|
|
Final CPU
|
-
|
April 2019
|
October 2021
|
October 2018
|
11.1.1.9.0 End of Error Correction for Extended
Support Customer only beyond Dec 2018
|
Patch Availability for Oracle Business Intelligence
Enterprise Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server
Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
FMW 12c home
|
See "Oracle Fusion Middleware
12c"
|
See "Oracle Fusion Middleware
12c"
|
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.181016 Patch 28632479 or higher
|
CVE-2017-5645, CVE-2018-8013
|
|
|
11.1.1.9
|
Oracle Business Intelligence Enterprise Edition BP
11.1.1.9.1 Patch 21235195 or higher
|
Released July 2015
|
BIEE Third Party Bundle Patch
|
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.181016 Patch 28632415 or higher
|
CVE-2017-5645, CVE-2018-8013
|
|
|
11.1.1.7
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
Released January 2018
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates
|
|
11.1.1.7
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
|
11.1.1.7
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware 11g OPMN/ONS
|
|
11.1.1.7
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
|
11.1.1.7
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
|
DAC 11.1.1.6.4 home
|
Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU
for apr2018cpu
|
Released April 2018
|
Patch can be installed in any home
|
3.3.7 Oracle Business
Intelligence Mobile
Error Correction information for Oracle Business
Intelligence Mobile
|
Patch Information
|
11.1.1.7 iOS
|
Comments
|
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle Business
Intelligence Mobile
|
Patch Information
|
11.1.1.7.0 iOS
|
Advisory Number
|
Comments
|
|
Minimum Version
|
11.1.1.7.0 (11.6.39)
|
Released July 2015
|
|
3.3.8 Oracle Business
Intelligence Publisher
Error Correction information for Oracle Business
Intelligence Publisher
|
Patch Information
|
11.1.1.9
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Business Intelligence
Publisher
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.181016 Patch 28632479 or higher
|
CVE-2017-5645, CVE-2018-8013
|
|
|
11.1.1.9
|
BP Patch 24580895
|
Released October 2016
|
Webservice BP
|
|
11.1.1.9
|
11.1.1.9 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
|
11.1.1.9
|
WLS 10.3.6.0.181016 Patch 28343311 SU Patch [GENM] or Later
|
Released October 2018
|
WLS 10.3.6 Interim Patch or WLS PSU
|
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.181016 Patch 28632415 or higher
|
CVE-2017-5645, CVE-2018-8013
|
|
|
11.1.1.7
|
BP Patch 24486705
|
Released October 2016
|
Webservice BP
|
|
11.1.1.7
|
11.1.1.7.0 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
|
11.1.1.7
|
WLS 10.3.6.0.181016 Patch 28343311 SU Patch [GENM] or Later
|
Released October 2018
|
WLS 10.3.6 Interim Patch or WLS PSU
|
3.3.9 Oracle Complex Event
Processing
Error Correction information for Oracle Complex Event
Processing
|
Patch Information
|
CEP 12.1.3
|
CEP 11.1.7
|
Comments
|
|
Final CPU
|
December 2019
|
October 2018
|
|
Patch Availability for Oracle Complex Event
Processing
See also the underlying product stack tables (JRockit and WLS) for any applicable patches.
3.3.10 Oracle Data Quality for
Oracle Data Integrator
Error Correction information for Oracle Data Quality
for Oracle Data Integrator
|
Patch Information
|
ODIDQ 11.1.x
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle Data Quality for Oracle
Data Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.11 Oracle Data Visualization
Desktop
Error Correction information for Oracle Data
Visualization Desktop
|
Patch Information
|
12.2.4.1.1
|
Comments
|
|
Final CPU
|
-
|
|
Patch availability for Oracle Data Visualization
Desktop
3.3.12 Oracle Endeca
Server
Error Correction information for Oracle Endeca Server
|
Patch Information
|
7.7
|
7.6
|
Comments
|
|
Final CPU
|
January 2021
|
October 2018
|
|
Patch availability for Oracle Endeca
Server
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Server
7.7 home
|
Oracle Endeca Server
7.7 SPU October 2018 CPU Patch 28340529
|
CVE-2018-0739
|
|
|
Oracle Endeca Server 7.6
home
|
Oracle Endeca Server
7.6.1 SPU October 2018 CPU Patch 28340717
|
CVE-2018-0739
|
|
3.3.13 Oracle Endeca
Information Discovery Studio
Error Correction information for Oracle Endeca Information Discovery Studio
|
Patch Information
|
3.2
|
3.1
|
Comments
|
|
Final CPU
|
January 2021
|
October 2018
|
|
Patch availability for Oracle Endeca
Information Discovery Studio
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca
Information Discovery Studio 3.2 home
|
Endeca Information Discovery Studio 3.2 SPU for
OctCPU2018 Patch 28771368
|
CVE-2015-9251
|
|
|
Oracle Endeca Information
Discovery Studio 3.1 home
|
Endeca Information Discovery Studio 3.1 SPU for
OctCPU2018 Patch 28771365
|
CVE-2015-9251
|
|
3.3.14 Oracle Endeca
Information Discovery Integrator
Error Correction information for Oracle Endeca Information Discovery Studio Integrator
|
Patch Information
|
3.2
|
3.1
|
Comments
|
|
Final CPU
|
January 2021
|
October 2018
|
|
Patch availability for Oracle Endeca
Information Discovery Studio Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca
Information Discovery Integrator 3.2 home
|
Oracle Endeca
Information Discovery Integrator 3.2 SPU october
2018 CPU Patch 28698429
|
CVE-2018-1258, CVE-2018-3215
|
All Patches are cumulative of prior fixes
|
|
Oracle Endeca
Information Discovery Integrator 3.1 home
|
Oracle Endeca
Information Discovery Integrator 3.1 SPU October 2018 CPU Patch 28698454
|
CVE-2018-1258, CVE-2018-3215
|
|
3.3.15 Oracle Enterprise Data
Quality
Error Correction information for Oracle Enterprise
Data Quality
|
Patch Information
|
11.1.1.x
|
9.0
|
8.1
|
Comments
|
|
Final CPU
|
October 2021
|
October 2019
|
July 2019
|
|
Patch Availability for Oracle Enterprise Data Quality
3.3.16 Oracle Enterprise
Repository
Error Correction information for Oracle Enterprise
Repository
|
Patch Information
|
12.1.3
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2018
|
October 2018
|
|
Patch Availability for Oracle Enterprise Repository
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.3.0.0
|
OER 12.1.3.0.0 SPU for July2018CPU Patch 28076713
|
CVE-2018-8013
|
Patch Released in July CPU Patch. CVE announced in
Oct CPU.
|
|
11.1.1.7.0
|
OER 11.1.1.7.0 SPU for July2018CPU Patch 28150760
|
CVE-2018-8013
|
Patch Released in July CPU Patch. CVE announced in
Oct CPU.
|
3.3.17 Oracle Exalogic
Patch Set Update (PSU)
Error Correction information for Oracle Exalogic Patch Set Update (PSU)
|
Patch Information
|
2.x
|
1.x
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Set Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.3.181016 Physical (for all X2-2, X3-2, X4-2,
X5-2) PSU Patch 28428820
|
Released in Oct 2018
|
See Note 1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
|
2.x Virtual
|
2.0.6.3.181016 virtual (for all X2-2, X3-2, X4-2,
X5-2) PSU Patch 28428820
|
Released in Oct 2018
|
See Note 1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013
(15931901)
|
See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE
KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 14834860 Oracle Exalogic
2.0.4.0.0 Upgrade Kit for Exalogic Solaris
x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
3.3.18 Oracle Forms and Reports
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Forms and Reports installation. Only the relevant homes from
those tables need to be patched.
Patch Availability for Oracle Forms and Reports
3.3.19 Oracle Fusion Middleware
For more information on how to identify the
components in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or Oracle
home?.
This section contains the following:
3.3.19.1 Oracle Fusion Middleware
12c
The sections below cover Oracle Fusion Middleware
version 12.2.x and 12.1.x
3.3.19.1.1 Oracle Fusion
Middleware 12.2.1.3
Error Correction information for Oracle Fusion
Middleware 12.2.1.3
|
Patch Information
|
12.2.1.3
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.3
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
|
12.2.1.3 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server
patch
|
|
12.2.1.3 home
|
OAM webgate bundle
patch 12.2.1.3.180622 Patch 28243743 or later.
|
Released July 2018
|
No new CVEs
|
|
12.2.1.3 home
|
OAM bundle patch 12.2.1.3.180622 Patch 28305164 or later.
|
Released July 2018
|
OAM Webgates BP April
2018 or later has to be applied. Also refer to the MOS Note 2386496.1. Includes additional fixes released post April
CPU as one offs.
|
|
12.2.1.3 home
|
OHS (native) bundle patch 12.2.1.3.180710 Patch 28281599 or later.
|
CVE-2018-1000300
|
Oracle HTTP Server Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates
|
|
12.2.1.3 home
|
OBI Bundle Patch 12.2.1.3.181016 Patch 28291838 or higher
|
CVE-2017-5645,CVE-2018-3204,CVE-2018-8013
|
|
|
12.2.1.3 home
|
OIM Bundle Patch 12.2.1.3.180920 patch 28682376 or IDM Suite Bundle Patch
12.2.1.3.181016 Patch 28492345 or later.
|
CVE-2017-15095, CVE-2017-5645, CVE-2018-3179
|
|
|
12.2.1.3 home
|
WCC BP 12.2.1.3.180417 Patch 27393392 or later.
|
Released April 2018
|
WebCenter Content Patch
|
|
12.2.1.3 home
|
Oracle WebCenter
Portal BP 12.2.1.3.181015 Patch 28461652 or later AND WebCenter
Core Bundle Patch 12.2.1.3.180910 Patch 28633811 or later
|
CVE-2018-3254
|
Please apply both WebCenter
Portal and WebCenter Core Patches.
|
|
12.2.1.3 home
|
Oracle WebCenter Sites
12.2.1.3.0 Patch 2 Patch 28600538 or later.
|
CVE-2015-9251, CVE-2018-3238
|
Patch will be available post release, refer to
post release section
|
|
12.2.1.3 home
|
OSS security patch update 12.2.1.3.0 Patch 27210544 or later.
|
Released April 2018
|
Oracle Security Service Patch
|
|
12.2.1.3 home
|
OID Bundle Patch 12.2.1.3.180116 Patch 27396651 or later.
|
Released January 2018
|
|
|
12.2.1.3. home
|
SOA Bundle Patch 12.2.1.3.180705 Patch 28300397 or later.
|
Released July 2018
|
|
|
12.2.1.3 home
|
OSB Bundle Patch 12.2.1.3.180810 Patch 28489610 or later.
|
CVE-2015-9251
|
|
|
12.2.1.3 home
|
Mapviewer 12.2.1.3.0 SPU for CPUOct
2018 Patch 28861980 or later.
|
CVE-2017-14735
|
|
|
12.2.1.3 home
|
ADF bundle patch 12.2.1.3.180607 Patch 28151020 or later.
|
Released July 2018
|
|
|
12.2.1.3 home
|
EDQ 12.2.1.3.0 SPU for JULCPU2018 patch 28263628 or later.
|
Released July 2018
|
|
|
12.2.1.3. home
|
FMW platform 12.2.1.3.0 SPU for JULCPU2018 Patch 26937035 or later.
|
Released July 2018
|
|
|
12.2.1.3 home
|
Oracle Fusion Middleware 12.2.1.3.0 SPU JulCPU2018 Patch 27323998 or later.
|
Released July 2018
|
ONS Patch (WebLogic
Plugin for OHS)
|
3.3.19.1.2 Oracle Fusion
Middleware 12.1.3.0
Error Correction information for Oracle Fusion
Middleware 12.1.3.0
|
Patch Information
|
12.1.3.0
|
Comments
|
|
Final CPU
|
October 2019
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.1.3.0
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
|
12.1.3.0.0 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server
patch
|
|
12.1.3.0.0 home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
12.1.3.0.0 home
|
ADF bundle patch 12.1.3.0.180525 Patch 27800100
|
Released July 2018
|
Oracle JDeveloper
(ADF) Patch
|
|
12.1.3 home
|
Patch 27369653 - OSS security patch update 12.1.3.0.0
|
Released April 2018
|
Oracle Security Service (SSL/Network) Patch
|
|
12.1.3.0.0 home
|
SOA Bundle Patch 12.1.3.0.180717 Patch 28206019
|
Released July 2018
|
SOA Patch
|
|
12.1.3.0.0 home
|
OHS SPU for Jan2018CPU Patch 27244723
|
Released January 2018 (includes CVE-2018-2760)
|
Oracle HTTP Server Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates
|
|
12.1.3.0.0 home
|
OER 12.1.3.0.0 SPU for July2018CPU Patch 28076713
|
CVE-2018-8013
|
Oracle Enterprise Repository Patch
|
|
12.1.3.0.0 home
|
EDQ BP 12.1.3.0.1 Patch 24672265
|
Released April 2017
|
Enterprise Data Quality patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
12.1.3.0.0 home
|
ODI BP 12.1.3.0.170418 Patch 25774021
|
Released July 2017
|
Oracle Data Integrator Patch
Install prior to Java CPUApr2017 JDK/JRE or later version.
|
|
12.1.3.0.0 home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
12.1.3.0.0 home
|
OSB Bundle Patch 12.1.3.0.181016 Patch 28406984
|
CVE-2015-9251
|
OSB patch
|
|
12.1.3.0.0 home
|
BP Patch 27074880, or later
|
Released January 2018
|
Platform Security for Java patch
|
|
12.1.3.0.0 home
|
SPU Patch 24327938
|
Released July 2016
|
Oracle TopLink patch
|
|
12.1.3.0.0 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.19.2 Oracle Forms and Reports
11.1.2.2
Error Correction information for Oracle Forms and
Reports 11.1.2.2
|
Patch Information
|
11.1.2.2
|
Comments
|
|
Final CPU
|
October 2018
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Forms and Reports
11.1.2.2
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
JRockit 28.x home
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server
Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
Oracle Forms and Reports 11.1.2.2 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
|
Oracle Forms and Reports 11.1.2.2 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle Forms and Reports 11.1.2.2 home
|
OHS 11.1.1.7.0 SPU for JanCPU2018 Patch 27197885
|
Released January 2018
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 - SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates .
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 19562319
|
Released January 2015
|
Oracle Forms Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 20002141
|
Released January 2015
|
Oracle Reports, Developer 11.1.2.2 Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware 11g OPMN/ONS
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
3.3.19.3 Oracle Fusion Middleware
11.1.1.9
Error Correction information for Oracle Fusion
Middleware 11.1.1.9
|
Patch Information
|
11.1.1.9
|
Comments
|
|
Final CPU
|
October 2021
|
Oracle Fusion Middleware 11.1.1.9
|
|
On-Request platforms
|
AIX, HPUX, and Windows are on request.
|
|
Patch Availability for Oracle Fusion Middleware 11.1.1.9
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server
Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
SOA 11.1.1.9 home
|
SOA BP 11.1.1.9.170703 Patch 28287135
|
Released July 2018
|
SOA Patch
|
|
Oracle Identity Management 11.1.1.9 home
|
OVD 11.1.1.9.0 spu for
october 18 Patch 28761794
|
CVE-2018-3253
|
Oracle Virtual Directory (OVD) Patch
|
|
Oracle Identity Management 11.1.1.9 home
|
OID bundle patch 11.1.1.9.171127 Patch 26850241, or later
|
Released January 2018
|
Oracle Internet Directory Patch
See Note 2420947.1 for additional information about Oracle
Internet Directory Vulnerability CVE-2015-0204
|
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
Oracle WebCenter 11.1.1.9 home
OSB 11.1.1.9 home
ODI 11.1.1.9 Home
|
OSS SPU Patch 27369643
|
Released April 2018
|
Oracle Security Service (OSS) Patch
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
OHS 11.1.1.9.0 SPU for JanCPU2018 Patch 27301611
|
Released January 2018
|
Oracle HTTP Server 11.1.1.9 Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates
|
|
OSB 11.1.1.9 home
|
OSB Bundle Patch 11.1.1.9.181016 Patch 28481043
|
CVE-2015-9251
|
OSB patch
|
|
ODI 11.1.1.9 Home
|
ODI BP 11.1.1.9.160926 Patch 24675920
|
Released July 2017
|
Oracle Data Integrator Patch
|
|
Oracle WebCenter
11.1.1.9 home
|
WCC BP 11.1.1.9.180226 Patch 27393411
|
Released April 2018
|
WebCenter Content Patch
|
|
OSB 11.1.1.9 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle FMW 11.1.1.9 ORACLE_COMMON home
|
JRF BP 11.1.1.9.160905 Patch 23243563 or later
|
Released January 2017
|
JRF BP
|
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
|
BP Patch 24580895
|
Released October 2016
|
Web Services BP
|
|
Oracle Web Tier 11.1.1.9 home
|
SPU Patch 21905371
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL
Cipher Suite Changes Beginning with CPU January 2016
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle WebCenter 11.1.1.9
home
|
WebCenter Portal Bundle Patch 11.1.1.9.181008 Patch 28538855
|
CVE-2018-3254
|
Oracle WebCenter Portal
11.1.1.9 Patch
See Note 2029169.1, Changes to Portlet
standards request dispatching of Resource Requests
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common
OH for 11.1.1.9.0
|
3.3.19.4 Oracle
Fusion Middleware 11.1.1.7
Error Correction information for Oracle Fusion
Middleware 11.1.1.7
|
Patch Information
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2018
|
Oracle Fusion Middleware 11.1.1.7
See Note 1585582.1, Extended Fusion Middleware 11g
Lifetime Support Policy Dates, and Note 1290894.1, Error Correction Support Dates for
Oracle Fusion Middleware 11g (11.1.1/11.1.2)
Oracle Portal, Forms, Reports and Discoverer may
have different support dates, Please refer to Lifetime Support document
for more details
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
11.1.1.7
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server
Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
Oracle SOA 11.1.1.7 home
|
SOA BP 11.1.1.7.8 Patch 20900797
SOA Overlay Security Patch Update
11.1.1.7.180717 Patch 28293424
|
Released July 2018
|
SOA Patches
Overlay SPU patch can only be installed after the
base BP has been installed.
|
|
Oracle Identity Management 11.1.1.7 home
|
OVD 11.1.1.7.0 SPU for cpuOct2018 Patch 28700386
|
CVE-2018-3253
|
Oracle Virtual Directory (OVD) Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
Released January 2018
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS
Attacks on Oracle HTTP Server After Applying Security Patch Updates
|
|
ODI 11.1.1.7 home
|
ODI SPU Patch 24826305
|
Released July 2017
|
Oracle Data Integrator Patch
|
|
OSB 11.1.1.7 home
|
OSB 11.1.1.7.4 Overlay SPU for OctCPU2018 Patch 28787619
|
CVE-2015-9251
|
OSB Patch. Please apply Patch 20423630 - OSB Bundle Patch 11.1.1.7.4 before
applying the overlay patch.
|
|
OSB 11.1.1.7 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch for Latest JRE Updates
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
Patch 19933795
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
|
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
ODI Patch 25507109
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
|
FMW 11.1.1.7 ORACLE_COMMON home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
JRF BP 11.1.1.7.160905 Patch 23243559 or later
|
Released January 2017
|
JRF BP
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 24716502
|
Released October 2016
|
Oracle Discoverer Patch
|
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
See Note 2155256.1
|
Released July 2016
|
For Oracle Portal 11.1.1.6
|
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 22218959
|
Released July 2016
|
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL
Cipher Suite Changes Beginning with CPU January 2016
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Identity Manager BP 2 (11.1.1.7.2) Patch 21881425 and OIM OVERLAY SPU 11.1.1.7.161018 Patch 24816127
|
Overlay SPU: Released October 2016
OIM BP2: Released October 2015
|
Oracle Identity Manager Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite
11.1.1.7 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Access Manager BP 5 (11.1.1.7.5) Patch 21033489 or later
|
Released July 2015
|
Oracle Access Manager (OAM 11.1.1.7.5) Patch
See Note 1952939.1, Oracle Access Manager 11g Logout
Confirmation Features and Configuration
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 19562278
|
Released January 2015
|
Oracle Forms 11.1.1.7 Patch
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 20002159
|
Released January 2015
|
Oracle Reports, Developer 11.1.1.7 Patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
OAAM 11.1.1.7.0 SPU for CPUOct2018 < Patch
28654420>
|
CVE-2016-1182
|
Oracle Adaptive Access Manager Patch
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite
11.1.1.7 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 19666962
|
Released October 2014
|
Oracle Identity Manager Patch
See Note 1927796.1, Instructions For Enabling OIM CPU Bug
17937383 Fix For OIM BPs (11.1.2.1.9 and 11.1.2.2.4 Versions) / Overlay
SPU (11.1.1.7 and 11.1.1.5 Versions)
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware 11g OPMN/ONS
|
|
Oracle WebCenter 11.1.1.7
home
|
Overlay SPU Patch 18792010 and 11.1.1.7 BP 1 Patch 16761779
|
Released July 2014
|
WebCenter Portal 11.1.1.7 Overlay SPU patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
See Note 1643382.1
|
Released April 2014
|
OAM/WebGate Advisory
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
|
Oracle Identity Management 11.1.1.7 home
|
OID bundle patch 11.1.1.7.180116 Patch 27340965
|
Released January 2018
|
Oracle Internet Directory Patch
Patch 17842883 for HP-UX Itanium, HP-UX PA-RISC (64-bit),
Linux x86, Microsoft Windows (32-bit)
Patch 17839633 for Linux x86-64, IBM AIX Based Systems
(64-bit), Sun Solaris x86-64 (64-bit), Sun Solaris SPARC (64-bit),
Microsoft Windows x64 (64-bit)
See "Oracle Internet Directory (OID) Version
11g Bundle Patch (Including Directory Integration Platform / DIP) /
Bundle Patches For Non-Fusion Applications (NonFA
/ NonP4FA) Customers" (Note 1614114.1) for Bundles that include these and other
fixes.
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Identity Access Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite
11.1.1.7 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
|
Oracle WebCenter Content
11.1.1.7 home
|
BP 2 Patch 17180477 or higher
|
Released October 2013
|
|
|
Oracle Fusion Middleware 11.1.1.7.0 ORACLE_COMMON
home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common
OH for 11.1.1.7.0
|
3.3.19.5 Oracle Identity Access
Management 11.1.2.3
Error Correction information for Oracle Identity
Access Management 11.1.2.3
|
Patch Information
|
11.1.2.3
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Identity Access
Management 11.1.2.3
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2455624.1, Critical Patch Update October 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration Guide
for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server
Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Identity Federation SPU 1 (11.1.1.7.1) Patch 22321057 or later
|
Released January 2016
|
Oracle Identity Federation (OIF 11.1.1.7.1) Patch
|
|
Oracle Identity Management 11.1.2.3 home
|
OIM Bundle Patch 11.1.2.3.180920 Patch 28768324 or DM Suite Bundle Patch
11.1.2.3.181016 Patch 28492339
|
CVE-2017-15095, CVE-2017-5645, CVE-2018-3179
|
Oracle Identity Manager Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
For availability dates, see "Post Release
Patches"
|
|
Oracle Identity Access Management 11.1.2.3 home
|
Patch 28116779 - IDM Suite Bundle Patch 11.1.2.3.180717
OR
Patch 27897816 - OAM bundle patch 11.1.2.3.180717
|
Released July 2018
|
OAM Webgates BP April
2018 or later has to be applied. Also refer to the MOS Note 2386496.1. Included few additional fixes delivered as one
offs post April CPU.
|
|
Oracle Identity Access Management 11.1.2.3.0
home
|
OAAM Server 11.1.2.3.0 SPU for October18 Patch 28750460
|
CVE-2016-1182
|
Oracle Adaptive Access Manager Patch
|
3.3.20 Oracle Hyperion Analytic Provider
Services
Error Correction information for Oracle Hyperion
Analytic Provider Services
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Analytic
Provider Services
3.3.21 Oracle Hyperion BI+
Error Correction information for Oracle Hyperion BI+
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2018
|
|
Patch Availability for Oracle Hyperion BI+
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2 Home
|
11.1.2.4.08 SPU Patch 28314774
|
CVE-2018-3184
|
|
3.3.22 Oracle Hyperion Common
Security
Error Correction information for Oracle Hyperion
Common Security
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion Common
Security
3.3.23 Oracle Hyperion Data
Relationship Management
Error Correction information for Oracle Hyperion
Data Relationship Management
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion Data
Relationship Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
Hyperion Data Relationship Management
11.1.2.4.346 Patch 28367949
|
CVE-2018-3208
|
|
3.3.24 Oracle Hyperion Enterprise
Performance Management Architect
Error Correction information for Oracle Hyperion
Enterprise Performance Management Architect
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Enterprise
Performance Management Architect
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.3
|
SPU Patch 19466859
SPU Patch 20929659
|
Released July 2015
|
|
|
11.1.2.2
|
SPU On-Request
|
Released July 2015
|
|
3.3.25 Oracle Hyperion Essbase
Error Correction information for Oracle Hyperion Essbase
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Essbase
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
11.1.2.4.025 PSU Patch 27797123 (Essbase RTC)
11.1.2.4.025 PSU Patch 27797126 (Essbase Client)
11.1.2.4.025 PSU Patch 27797117 (Essbase Client
MSI)
11.1.2.4.025 PSU Patch 27797131 (Essbase Server)
11.1.2.4.025 PSU Patch 27797138 (ANALYTIC PROVIDER SERVICES)
11.1.2.4.016 PSU Patch 25225889 (Studio Server)
11.1.2.4.016 PSU Patch 25225885 (Studio Console)
11.1.2.4.0.025 PSU Patch 28285151 (ESSBASE ADMINISTRATION SERVICES SERVER)
11.1.2.4.025 PSU Patch 28285134 (ESSBASE ADMIN SERVICES CONSOLE)
|
CVE-2018-3142, CVE-2018-3140, CVE-2018-3141
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
|
|
11.1.2.3
|
11.1.2.3.508 PSU Patch 22347375 (RTC)
11.1.2.3.508 PSU Patch 22347367 (Client)
11.1.2.3.508 PSU Patch 22314799 (Server)
|
Released April 2017
|
|
|
11.1.2.2
|
Upgrade to Hyperion Essbase
11.1.2.3, then apply the patches listed above
|
Released July 2015
|
|
3.3.26 Oracle Hyperion Financial
Management
Error Correction information for Oracle Hyperion
Financial Management
|
Patch Information
|
11.1.2.0
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion Financial
Management
3.3.27 Oracle Hyperion Financial Reporting
Error Correction information for Oracle Hyperion Financial Reporting
Patch Availability for Oracle Hyperion Financial Reporting
3.3.28 Oracle Hyperion Planning
Error Correction information for Oracle Hyperion Planning
Patch Availability for Oracle Hyperion Planning
3.3.29 Oracle Hyperion Strategic Finance
Error Correction information for Oracle Hyperion Strategic Finance
Patch Availability for Oracle Hyperion Strategic Finance
3.3.30 Oracle Identity Access Management
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Identity Access Management installation. Only the relevant homes from those
tables need to be patched.
Patch Availability for Oracle Identity Access Management
3.3.31 Oracle
Identity Analytics
Error
Correction Information for Oracle Identity Analytics
Patch
Availability for Oracle Identity Analytics
3.3.32 Oracle Identity Management
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Identity Management installation. Only the relevant homes from those tables
need to be patched.
Patch Availability for Oracle Identity Management
3.3.33 Oracle Identity
Management Connector
Error Correction information for
Oracle Identity Management Connector
Patch Availability for Oracle
Identity Management Connector
3.3.34 Oracle
JDeveloper and Oracle ADF
Error
Correction information for Oracle JDeveloper and
Oracle ADF
Critical Patch Update Availability for Oracle JDeveloper
and Oracle ADF
3.3.35 Oracle Map Viewer
Error Correction information for Oracle Map Viewer
Patch Availability for Oracle Map Viewer
3.3.36 Oracle Mobile Security Suite
Error Correction information for Oracle Mobile Security Suite
Patch Availability for Oracle Mobile Security Suite
3.3.37 Oracle Outside In Technology
Error Correction information for Oracle Outside In Technology
Patch Availability for Oracle Outside In Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Outside In Technology 8.5.4
|
OIT BP 8.5.4 Oct 2018 Patch 28761127
|
CVE-2018-3147, CVE-2018-18224, CVE-2018-18223,
CVE-2018-3234, CVE-2018-3233, CVE-2018-3232, CVE-2018-3231,
CVE-2018-3230, CVE-2018-3229, CVE-2018-3228, CVE-2018-3227,
CVE-2018-3226, CVE-2018-3225, CVE-2018-3224, CVE-2018-3223,
CVE-2018-3222, CVE-2018-3302, CVE-2018-3221, CVE-2018-3220,
CVE-2018-3219, CVE-2018-3218, CVE-2018-3217
|
|
|
Oracle Outside In Technology 8.5.3
|
OIT BP 8.5.3 Oct 2018 Patch 28760615
|
CVE-2018-3147, CVE-2018-18224,CVE-2018-18223,
CVE-2018-3234,CVE-2018-3233,CVE-2018-3232,CVE-2018-3231,CVE-2018-3230,CVE-2018-3229,CVE-2018-3228,CVE-2018-3227,CVE-2018-3226,CVE-2018-3225,CVE-2018-3224,
CVE-2018-3223,CVE-2018-3222,CVE-2018-3302,CVE-2018-3221,CVE-2018-3220,CVE-2018-3219,CVE-2018-3218,CVE-2018-3217
|
|
3.3.38 Oracle Portal, Forms, Reports, and Discoverer 11g Release
1
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Portal, Forms, Reports, and Discoverer 11g Release 1
installation. Only the relevant homes from those tables need to be patched.
Patch Availability for Oracle Portal, Forms, Reports, and Discoverer
11g Release 1
3.3.39 Oracle
Real Time Decisions Applications
Error
Correction information for Oracle Real Time Decisions Applications
Patch
Availability for Oracle Real Time Decisions Applications
3.3.40 Oracle Real Time Decisions Platform
Error Correction information for Oracle Real Time Decisions Platform
Describes the Error Correction information for Oracle Real Time
Decisions Platform.
Patch Availability for Oracle Real Time Decisions Platform
Describes the available patches for Oracle Real Time Decisions
Platform.
3.3.41 Oracle Real Time Decisions Server
Error Correction information for Oracle Real Time Decisions Server
Patch Availability for Oracle Real Time Decisions Server
3.3.42 Oracle SOA Suite
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
SOA Suite installation. Only the relevant homes from those tables need to
be patched.
Patch Availability for Oracle SOA Suite
3.3.43 Oracle
Traffic Director
Error
Correction information for Oracle Traffic Director
Patch
Availability for Oracle Traffic Director
3.3.44 Oracle Tuxedo
Error Correction information for Oracle Tuxedo
Patch Availability for Oracle Tuxedo
3.3.45 Oracle Tuxedo System and Applications Monitor Plus (TSAM
Plus)
Error Correction Information for Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)
Patch Availability for Oracle Tuxedo System and Applications Monitor
Plus (TSAM Plus)
3.3.46 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Web-Tier 11g Utilities installation. Only the relevant homes
from those tables need to be patched.
Patch Availability for Oracle Web-Tier 11g Utilities
3.3.47 Oracle
WebCenter
For the
appropriate product versions listed below, refer to the corresponding
Oracle Fusion Middleware patch availability sections that contain
information on Error Correction, and for the patches to apply. Not all
homes that are listed in those sections might be present in the Oracle WebCenter installation. Only the relevant homes from
those tables need to be patched.
Patch
Availability for Oracle WebCenter
3.3.48 Oracle
WebCenter Content (Formerly Oracle Universal
Content Management)
Patch
Availability for Oracle WebCenter Content
3.3.49 Oracle
WebCenter Portal
Error
Correction information for Oracle WebCenter
Portal
Patch
Availability for Oracle WebCenter Portal
3.3.50 Oracle
WebCenter Sites (Formerly FatWire
Content Server)
Error
Correction information for Oracle WebCenter Sites
(formerly FatWire Content Server)
Patch
Availability for Oracle WebCenter Sites
3.3.51 Oracle WebCenter Sites
Community
Error Correction information for Oracle WebCenter
Sites Community
Patch Availability for Oracle WebCenter
Sites Community
3.3.52 Oracle
WebCenter Suite
For the
appropriate product versions listed below, refer to the corresponding
Oracle Fusion Middleware patch availability sections that contain
information on Error Correction, and for the patches to apply. Not all
homes that are listed in those sections might be present in the Oracle WebCenter Suite installation. Only the relevant homes
from those tables need to be patched.
Patch
Availability for Oracle WebCenter Suite
3.3.53 Oracle
WebGate
Error
Correction information for Oracle WebGate
Patch
Availability for Oracle WebGate
See
also the underlying product stack tables for any applicable
patches. Refer to comments section and apply the patch to the
respective product home.
3.3.54 Oracle WebLogic Portal
Error Correction information for Oracle WebLogic
Portal
Critical Patch Update Availability for WebLogic
Portal
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
WebLogic Portal patches are cumulative to
include all the prior published advisories. For more information, see My
Oracle Support Note
1355929.1, October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL
Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled with WebLogic
Server 9.2.3.0, which is out of error correction. Contact Oracle support
for security patches needed for WebLogic Server
9.2.3.0
3.3.55 Oracle WebLogic Server
Error Correction information for Oracle WebLogic
Server Patch Set Update
Patch Set Update Availability for Oracle WebLogic
Server
For more information, see MyOracleSupport Note
1470197.1, Patch Set Update (PSU) Release Listing
for Oracle WebLogic Server (WLS). See Note
1306505.1, Patch Set Update (PSU) Administration Guide for
Oracle WebLogic Server (WLS)
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Java SE home
Oracle JRockit 28.x home
|
See Note 2455624.1,
Critical Patch Update October 2018 Patch Availability Document for Oracle
Java SE
|
See Note 2455624.1,
Critical Patch Update October 2018 Patch Availability Document for Oracle
Java SE
|
See Note 1492980.1, How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle WebLogic Server Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS
Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
|
WebLogic Server 12.2.1.3 home
|
WLS PSU
12.2.1.3.181016 Patch 28298734
|
CVE-2018-3246, CVE-2018-3252, CVE-2018-3191, CVE-2018-3201,
CVE-2018-3245, CVE-2018-3213
|
CVE-2018-3213 Is addressed in Docker
Images published after September 13, 2018. Latest docker
image at https://container-registry.oracle.com.
Before Applying this PSU, please apply Opatch 13.9.4 Patch 28186730
See Note 2395745.1, April
2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
|
WLS PSU
12.1.3.0.181016 - Patch 28298916
|
CVE-2018-3246, CVE-2018-3252, CVE-2018-2902,
CVE-2018-3191, CVE-2018-3197, CVE-2018-3201, CVE-2018-3245
|
See Note 2395745.1, April
2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 10.3.6.0 home
|
WLS PSU
10.3.6.0.181016 - Patch 28343311
|
CVE-2018-3250, CVE-2018-3252, CVE-2018-2902,
CVE-2018-3191, CVE-2018-3245, CVE-2018-3248, CVE-2018-3249
|
See Note 1607170.1, SSL
Authentication Problem Using WebLogic 10.3.6
and 12.1.1 With JDK1.7.0_40 or Higher
See Note 2395745.1, April
2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
WebLogic Server 10.3.6.0 home
|
WLS
12.1.3 JDBC Patch 20741228
WLS 10.3.6 JDBC Patch 27541896
|
Released in Jan 2018
|
Please refer to Note 1970437.1 How
To Update the JDBC and UCP Drivers Bundled with WebLogic
Server 10.3.6 and 12c
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.2.1.3.0 home
WebLogic Server 12.1.3.0.0 home
WebLogic Server 10.3.6.0.0 home
|
Weblogic Samples SPU
12.2.1.3.181016 Patch 28484619
Weblogic
Samples SPU 12.1.3.0.181016 Patch 28484190
Weblogic
Samples SPU 10.3.6.0.181016 Patch 28483404
|
CVE-2018-1258
|
Oracle WebLogic Server
Requirements for Apache Struts 2 and CVE-2017-5638 / CVE-2017-9805
This patch is a cumulative patch for all Struts 2
CVEs to date. For more information, see: Note 2255054.1 Oracle
WebLogic Server Requirements for Apache Struts
2 Vulnerabilities
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS
patch
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
WebLogic Server 10.3.6.0 home
|
See Note 1936300.1
|
Released
October 2014
|
SSL
V3.0 "Poodle" Advisory
See Note 2421480.1, July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July
2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
3.3.56 Oracle
WebLogic Server Plug-ins
Critical Patch
Update Availability for Oracle WebLogic Server
Plug-ins
The available
patches for Oracle WebLogic Server Plug-ins
(Oracle HTTP Server/Apache/IIS/iPlanet).
The WebLogic plug-ins include all
cumulative bug fixes and thus include fixes for all previously released
advisories. For more information, see My Oracle Support Note
1111903.1.
3.4 Oracle Sun Middleware
This section contains the following:
3.4.1 Directory
Server Enterprise Edition
Error
Correction information for Directory Server Enterprise Edition
Patch
Availability for Directory Server Enterprise Edition
3.4.2 Reserved for Future Use
Error Correction information for Reserved for Future Use
Patch Availability for Reserved for Future Use
3.4.3 Oracle GlassFish Server
Error Correction information for Oracle GlassFish
Server
Patch Availability for Oracle GlassFish
Server
3.5 Tools
This section contains the following:
3.5.1 Oracle
OPatch
Minimum
Product Requirements for Oracle OPatch
The CPU
security vulnerabilities are fixed in the listed release and later
releases. The Oracle OPatch downloads can be
found at Patch
6880880.
4 Final CPU History
Final CPU History
The Final CPU is the last quarter that a product is supported in the
CPU program as per the Premier Support and Extended Support policies. For
more information, see My Oracle Support Note
209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy.
5 Sources
of Additional Information
The following
documents provide additional information about Critical Patch Updates:
6 Modification
History
Modification
History
7 Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the
Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to
Oracle Support
Oracle
customers have access to electronic support through My Oracle Support. For
information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or
visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you
are hearing impaired.
Critical Patch
Update Availability Document October 2018
Copyright @
2018, Oracle and/or its affiliates. All rights reserved.
This software
and related documentation are provided under a license agreement containing
restrictions on use and disclosure and are protected by intellectual
property laws. Except as expressly permitted in your license agreement or
allowed by law, you may not use, copy, reproduce, translate, broadcast,
modify, license, transmit, distribute, exhibit, perform, publish, or
display any part, in any form, or by any means. Reverse engineering,
disassembly, or decompilation of this software,
unless required by law for interoperability, is prohibited.
The
information contained herein is subject to change without notice and is not
warranted to be error-free. If you find any errors, please report them to
us in writing.
If this is
software or related documentation that is delivered to the U.S. Government
or anyone licensing it on behalf of the U.S. Government, the following
notice is applicable:
U.S.
GOVERNMENT RIGHTS Programs, software, databases, and related documentation
and technical data delivered to U.S. Government customers are
"commercial computer software" or "commercial technical
data" pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, the use, duplication,
disclosure, modification, and adaptation shall be subject to the
restrictions and license terms set forth in the applicable Government
contract, and, to the extent applicable by the terms of the Government
contract, the additional rights set forth in FAR 52.227-19, Commercial
Computer Software License (December 2007). Oracle America, Inc., 500 Oracle
Parkway, Redwood City, CA 94065.
This software
or hardware is developed for general use in a variety of information
management applications. It is not developed or intended for use in any
inherently dangerous applications, including applications that may create a
risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate
fail-safe, backup, redundancy, and other measures to ensure its safe use.
Oracle Corporation and its affiliates disclaim any liability for any
damages caused by use of this software or hardware in dangerous
applications.
Oracle and
Java are registered trademarks of Oracle and/or its affiliates. Other names
may be trademarks of their respective owners.
Intel and
Intel Xeon are trademarks or registered trademarks of Intel Corporation.
All SPARC trademarks are used under license and are trademarks or
registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD
logo, and the AMD Opteron logo are trademarks or registered trademarks of
Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software
or hardware and documentation may provide access to or information on
content, products, and services from third parties. Oracle Corporation and
its affiliates are not responsible for and expressly disclaim all
warranties of any kind with respect to third-party content, products, and
services. Oracle Corporation and its affiliates will not be responsible for
any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services.
|