|
Oracle Cloud Infrastructure - Database
Service - Version N/A and later
Oracle Database - Standard Edition - Version 11.2.0.4 and later
Oracle WebLogic Server - Version 12.2.1.3.0 and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Information in this document applies to any platform.
This document defines the patches and minimum
releases for the Database Product Suite, Fusion Middleware Product Suite,
Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set
Updates released on July 17, 2018.
The document is for Database Administrators
and/or others tasked with Quarterly Security Patching.
Database,
Fusion Middleware, and Enterprise Manager Critical Patch Update July 2018
Patch Availability Document
My Oracle Support Note 2394520.1
Released July 17, 2018
This document contains the following sections:
1 Overview
Oracle provides quarterly cumulative patches to
address security vulnerabilities. The patches may include critical fixes in
addition to the security fixes. The security vulnerabilities addressed are
announced in the Advisory for July 2018, available at:
Oracle Technical Network Advisory
This document lists the Oracle Database, Fusion
Middleware and Enterprise Manager CPU program cumulative patches for
product releases under error correction. The July 2018 release supersedes
earlier CPU program cumulative patches for the same product releases. This
document is subject to continual update after the initial release, and the
changes are listed in "Modification History." If you print this document,
check My Oracle Support to ensure you have the latest version.
This section contains the following:
1.1 How To Use This Document
The following steps explain how to use this document.
Step 1 Assess your
Environments
Determine the Oracle product suites
and products and their release numbers for each of your environments.
Step 2 Read Important
Announcements
Review "What's New in July 2018," as it lists documentation and
packaging changes along with important announcements such as upcoming final
CPUs.
Step 3 Determine
Patches to be Applied
For each environment, determine which
patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table
for each product suite release, such as Oracle Database 12.2.0.1, Oracle
Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control
12.1.0.5.
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or Extended
Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen
In-Memory Database, and OCS Software Error Correction Support Policy.
Patches are provided only for these releases. If you do not see the release
that you have installed, then check "Final CPU History" and contact Oracle Support for
further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from
previous quarterly releases, or the current one without any security fixes,
the column indicates "Released MMM YYYY"
·
When
a section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is referenced, determine the
Oracle Database release that is installed, and find the patches to apply in
the table for that Oracle Database release in "Oracle Database."
Step 4 Apply the
Patches
Download the patches, review the
READMEs, and apply the patches according to the instructions.
Step 5 Planning for
Future Critical Patch Updates
To help you plan for future Critical
Patch Updates, this document includes Final CPU information based on
Oracle's Lifetime Support Policy and error correction policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in July 2018," documents product releases for
which final Critical Patch Updates are upcoming or are being announced. In
each product section, there is also an Error Correction Information Table
that documents the final CPU program patch for the product. Products that
have reached the end of error correction are documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used in this patch
availability document and in the subsequent tables.
- Update - Release Update
- Revision -Release Update Revision
- BP - Bundle Patch
- Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended Support
policies. http://www.oracle.com/us/support/lifetime-support/index.html.
- NA Not Applicable.
- OR On-Request. The patch is made available
through the On-Request program.
- PSU - Patch Set Update
- SPU - Security Patch Update. An iterative,
cumulative patch consisting of security fixes.
- Overlay
SPU patch provided
as an overlay on top of a PSU or BP instead of a base/patch set
release.
1.3 On-Request Patches
Oracle does not proactively release patches for
historically inactive platforms. However, Oracle will deliver these patches
when requested.
The following guidelines describe how to initiate an
on-request (OR) patch.
A request may be made:
- At any
time. However, a patch for a specific quarterly release, such as
CPUOct2012, cannot be requested. Depending on when the request is
received and processed, either the patch for the current quarterly
release or the next quarterly release will be provided. Your Service
Request (SR) will provide you the planned availability date for the
patch.
- As long
as the version is in either Premier Support or Extended Support and
error correction support has not expired. For example, if a product
release is under Extended Support through the release of CPUJan2013 on
January 15, 2013, then you can file a request for the product release
through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager,
TimesTen In-Memory Database, and OCS Software Error Correction Support
Policy.
- For a
platform-version combination when a major release or patch set is
released on a platform after a quarterly release date. Oracle will
provide the next patch for that platform-version combination, however
you may request the current patch by following the on-request process.
For example, if a patch is released for a platform on August 1, 2012,
Oracle will provide the CPUOct2012 patch for that platform. You may
request a CPUOct2012 patch for the platform, and Oracle will review
the request and determine whether to provide CPUJul2012 or CPUOct2012.
A patch that is marked as on-request (OR) may already
have been requested by another customer and be available on My Oracle
Support. Before you file a Service Request (SR), check on My Oracle Support
to see if the patch is already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch recommendation features are
available on the Patches & Update tab. The patches announced in this
document as part of the CPU program are classified as "Security"
patch recommendations in My Oracle Support. If a new patch is being announced
in this document, then the classification on any earlier patch is changed
to "General", causing it to be removed from the My Oracle Support
patch recommendations. If a patch has a "Security"
classification, and a subsequent bundle, SPU, or PSU is released with a recommendation
classification, then it will be classified as a "Security"
recommendation in My Oracle Support.
Once a product release is no longer in error
correction, its CPU patch information is removed from this document, but
the last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle Support (MOS) Conflict Checker tool is
available as of July 21, 2014.
You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from
the Patch Search results screen ("Analyze with OPatch" button).
The MOS Conflict Checker Tool allows you to upload an
OPatch inventory to check for conflicts with patches to apply to your
environment. If no conflicts are found, you can download the patches. If
conflicts are found, the tool finds an existing resolution to download. If
no resolution is found, you can request a solution, and monitor your
request in the Plans region.
For more information and a demonstration video, see
Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict
Checker Tool for Patches Installed with OPatch [Video].
2 What's New in July 2018
This section describes important changes in July
2018:
2.1 Final CPU Information (Error
Correction Policies)
The final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. Final CPUs for upcoming releases, as well as newly
scheduled final CPUs, are listed in the following sections.
Final CPUs scheduled for October 2018
- Oracle
Business Intelligence Enterprise Edition 11.1.1.7
- Oracle
Business Intelligence Publisher 11.1.1.7
- Oracle
Complex Event Processing 11.1.7
- Oracle
Endeca Server 7.6
- Oracle
Endeca Information Discovery Studio 3.1
- Oracle
Enterprise Repository 12.1.3 and 11.1.1.7
- Oracle
Forms and Reports 11.1.2.2
- Oracle
Fusion Middleware 11.1.1.7
- Oracle
JDeveloper and Oracle ADF 11.1.1.7
- Oracle
Real Time Decisions Server 11.1.1.7
- Oracle
Traffic Director 11.1.1.7
- Oracle
WebGate 10.1.4.3
Final CPUs scheduled for July 2018
- FMW
12.2.1.2 all components
- Oracle
Communications Converged Application Server 5.0
2.2 Post Release Patches
Oracle strives to complete preparations and testing
of each Quarterly Security Patch for each platform by the quarterly release
date. Occasionally, circumstances beyond our control dictate that a
particular patch be delayed and be released a few days after the quarterly
release date. The following table lists any current patch delays and the
estimated date of availability.
|
Patch Number
|
Patch
|
Platform
|
Availability
|
|
Patch 28346593
|
18.2.1.0.180717 DB RUR
|
Linux.X64
|
Available
|
|
Patch 28276290
|
18.2.1.0.180717 GI RUR
|
Linux.X64
|
Available
|
|
Patch 28183653
|
12.2.0.1.180717 GI Jul2018 RU
|
Solaris.SPARC64, Solaris86-64, AIX
|
Available
|
|
Patch 28183653
|
12.2.0.1.180717 GI Jul2018 RU
|
Linux.X64, HP-UX IA, Linux-zSer
|
Available
|
|
Patch 27848049
|
12.2.0.1.180717 DB Apr2018 RUR
|
HP-UX IA
|
Available
|
|
Patch 28251239
|
12.2.0.1.180717 GI Apr2018 RUR
|
HP-UX IA
|
Available
|
|
Patch 28251239
|
12.2.0.1.180717 GI Apr2018 RUR
|
Linux.X64, Solaris.SPARC64, Solaris86-64, AIX,
Linux-zSer
|
Available
|
|
Patch 28251142
|
12.2.0.1.180717 GI Jan2018 RUR
|
All
|
Available
|
|
Patch 28317214
|
Combo OJVM PSU 12.1.0.2.180717 and GI PSU
12.1.0.2.180717
|
HP-UX IA
|
Available
|
|
Patch 28317214
|
Combo OJVM PSU 12.1.0.2.180717 and GI PSU
12.1.0.2.180717
|
Linux.X64, Solaris.SPARC64, Linux-zSer,
Solaris86-64, AIX
|
Available
|
|
Patch 27547329
|
12.1.0.2.180717 DB PSU
|
HP-UX IA
|
Available
|
|
Patch 27967747
|
12.1.0.2.180717 GI PSU
|
HP-UX IA
|
Available
|
|
Patch 27967747
|
12.1.0.2.180717 GI PSU
|
Linux.X64, Solaris.SPARC64, Linux-zSer,
Solaris86-64, AIX
|
Available
|
|
Patch 27968010
|
12.1.0.2.180717 DB BP
|
HP-UX IA
|
Available
|
|
Patch 27968010
|
12.1.0.2.180717 DB BP
|
Linux.X64, Solaris.SPARC64, Linux-zSer,
Solaris86-64, AIX
|
Available
|
|
Patch 28183368
|
QFSDP for Exadata (Jul2018) 18.3
|
Linux.X64
|
Available
|
|
Patch 28183380
|
QFSDP for Supercluster (Jul2018) 18.3
|
Solaris.SPARC64
|
Available
|
|
Patch 28183343
|
QFSDP for Exadata (Jul2018) 12.2.0.1
|
Linux.X64, Solaris86-64
|
Available
|
|
Patch 28183354
|
QFSDP for Supercluster (Jul2018) 12.2.0.1
|
Solaris.SPARC64
|
Available
|
|
Patch 28183303
|
QFSDP for Exadata (Jul2018) 12.1.0.2
|
Linux.X64, Solaris86-64
|
Available
|
|
Patch 28183326
|
QFSDP for Supercluster (Jul2018) 12.1.0.2
|
Solaris.SPARC64
|
Available
|
|
Patch 28182317
|
QFSDP for Exadata (Jul2018) 11.2.0.4
|
Linux.X64, Solaris86-64
|
Available
|
|
Patch 28182334
|
QFSDP for Supercluster (Jul2018) 11.2.0.4
|
Solaris.SPARC64
|
Available
|
|
Patch 28347732
|
12.1.0.5.180717 EM for OMS Plugins
|
Generic
|
Available
|
|
Patch 28347355
|
13.2.2.0.180731 EM for OMS Plugins
|
Generic
|
Available
|
|
Patch 28347358
|
13.2.3.0.180731 EM for OMS Plugins
|
Generic
|
Available
|
|
Patch 28367949
|
Hyperion Data Relationship Management
11.1.2.4.346
|
Generic
|
Available
|
2.3 Updates and
Revisions bundle Strategy for 12.2.0.1 and later Database versions
Information on the Update and Revision bundle patches
is also found in the Database Master Note, as well as in Note 2285040.1 Release Update Introduction and FAQ
2.4 Database Bundle
client applicability moving to this Patch Availability Document (PAD)
Database bundle patch README files have historically
had a section indicating for each installation type, the most recent
patches, which includes new security fixes that are pertinent to that
installation type. If a specific patch is listed, then apply that or any
later patch to be current with security fixes.
This information has been moved from the README files
to the Patch Availability Document (PAD).
2.5 Database OJVM
Security fix CVE-2018-3110 now updated for Database versions
Fix for CVE-2018-3110 is included in Database OJVM
patches for 18, 12.2.0.1, 12.1.0.2 and 11.2.0.4 and is documented in their
respective tables in section '3.1.4 Oracle Database' as of 10-Aug-2018.
3 Patch Availability for Oracle Products
This section contains the following:
3.1 Oracle Database
This section contains the following:
3.1.1 Oracle
REST Data Services (formally called Oracle APEX Listener)
Error Correction information for Oracle REST Data
Services 3.0
|
Patch Information
|
3.0
|
Comments
|
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle REST
Data Services
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle REST Data Services downloads and installation
instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
3.0.10.25.02.36
|
Released July 2017
|
|
3.1.2 Oracle Application Express
Minimum Product Requirements for Oracle Application
Express
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Application Express downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Application Express
|
5.1.4.00.08
|
Released January 2018
|
|
3.1.3 Oracle Big Data Spatial and Graph
Error Correction information
for Oracle Big Data Spatial and Graph
|
Patch Information
|
2.0
|
1.2
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Minimum
Product Requirements for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Big Data
Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Big Data Spatial and Graph
|
2.0
|
Released January 2017
|
|
|
Oracle Big Data Spatial and Graph
|
1.2
|
Released January 2017
|
|
3.1.4 Oracle Database
This section contains the following:
3.1.4.1 Patch
Availability for Oracle Database
For information regarding the different types of
patches for Database, refer to Oracle Database - Overview of Database Patch
Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database
Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1
3.1.4.2 Oracle
Database 18
|
Patch Information
|
18
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 18
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Update 18.3.0 and Database Update
18.3.0 Patch 28317326 for UNIX, or
Combo OJVM Update 18.3.0 and GI Update 18.3.0 Patch 28317346, or
Quarterly Full Stack download for Exadata (Jul2018)
18.3.0 Patch 28183368 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster
(Jul2018) 18.3.0 Patch 28183380 for Solaris SPARC 64-Bit
|
CVE-2017-15095, CVE-2018-2939, CVE-2018-3004,
CVE-2018-3110
|
OJVM Update Patches are not RAC Rolling installable
Combos are for environments that take a single
downtime to apply all patches
|
|
Oracle Database Server home
|
Database Update 18.3.0 Patch 28090523, or
Database Update Revision 18.2.1 Patch 28346593, or
GI Update 18.3.0 Patch 28096386, or
GI Update Revision 18.2.1 Patch 28276290, or
Quarterly Full Stack download for Exadata (Jul2018)
18.3.0 Patch 28183368 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster
(Jul2018) 18.3.0 Patch 28183380 for Solaris SPARC 64-Bit
|
CVE-2017-15095, CVE-2018-2939
|
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
OJVM Update Patches are not RAC Rolling installable
|
|
Oracle Database Server home
|
OJVM Update 18.3.0 Patch 27923415 for UNIX
|
CVE-2018-3004, CVE-2018-3110
|
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
none for July 2018
|
|
no security-related content
|
3.1.4.3 Oracle
Database 12.2.0.1
|
Patch Information
|
12.2.0.1
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.2.0.1
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Update 12.2.0.1.180717 and Database
Update 12.2.0.1.180717 Patch 28317292 for UNIX, or
Combo OJVM Update 12.2.0.1.180717 and GI Update
12.2.0.1.180717 Patch 28317269, or
Quarterly Full Stack download for Exadata (Jul2018)
12.2.0.1 Patch 28183343 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Jul2018) 12.2.0.1 Patch 28183354 for Solaris SPARC 64-Bit
|
CVE-2017-15095, CVE-2018-2939, CVE-2018-3004,
CVE-2018-3110
|
OJVM Update Patches are not RAC Rolling installable
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- "Oracle
JavaVM Component Database PSU and Update" (OJVM PSU and OJVM Update)
Patches
|
|
Oracle Database Server home
|
Database Jul 2018 Update 12.2.0.1.180717 Patch 28163133 for UNIX, or
Database Jan 2018 Revision 12.2.0.1.180717 Patch 27872031, or
Database Apr 2018 Revision 12.2.0.1.180717 Patch 27848049, or
GI Update 12.2.0.1.180717 Patch 28183653, or
GI Jan 2018 Revision 12.2.0.1.180717 Patch 28251142, or
GI Apr 2018 Revision 12.2.0.1.180717 Patch 28251239, or
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.180717 Patch 27937914, or later;
Quarterly Full Stack download for Exadata (Jul2018)
12.2.0.1 Patch 28183343 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Jul2018) 12.2.0.1 Patch 28183354 for Solaris SPARC 64-Bit
|
CVE-2017-15095, CVE-2018-2939
|
|
|
Oracle Database Server home
|
OJVM Update 12.2.0.1.180717 Patch 27923353 for UNIX, or
OJVM Microsoft Windows Bundle Patch
12.2.0.1.180810 Patch 28416087 or later
|
CVE-2018-3004, CVE-2018-3110
|
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
Database Update 12.2.0.1.170718 Patch 26123830
|
Released July 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.4 Oracle
Database 12.1.0.2
Error Correction information for Oracle Database
12.1.0.2
|
Patch Information
|
12.1.0.2
|
Comments
|
|
Final CPU
|
July 2021
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 12.1.0.2.180717 and Database PSU
12.1.0.2.180717 Patch 28317232 for UNIX, or
Combo OJVM PSU 12.1.0.2.180717 and GI PSU
12.1.0.2.180717 Patch 28317214, or
Combo OJVM PSU 12.1.0.2.180717 and Database Proactive
BP 12.1.0.2.180717 Patch 28317206 for UNIX, or
Quarterly Full Stack download for Exadata (Jul2018)
BP 12.1.0.2 Patch 28183303 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Jul2018)
BP 12.1.0.2 Patch 28183326 for Solaris SPARC 64-Bit
|
CVE-2018-2939, CVE-2018-3004, CVE-2018-3110
|
OJVM PSU Patches are not RAC Rolling installable
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 12.1.0.2.180717 Patch 27547329 for UNIX, or
GI PSU 12.1.0.2.180717 Patch 27967747, or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.180717 Patch 27937907, or later;
Database Proactive Bundle Patch
12.1.0.2.180717 Patch 27968010 or
Quarterly Full Stack download for Exadata (Jul2018)
BP 12.1.0.2 Patch 28183303 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Jul2018) BP 12.1.0.2 Patch 28183326 for Solaris SPARC 64-Bit
|
CVE-2018-2939
|
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU
12.1.0.2.180717 Patch 27923320 for UNIX, or
Oracle JavaVM Component Microsoft Windows Bundle
Patch 12.1.0.2.180717 Patch 28135126
|
CVE-2018-3004, CVE-2018-3110
|
OJVM PSU Patches are not RAC Rolling installable
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU - Generic
JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database Patch Set Update 12.1.0.2.170418 Patch 25171037
|
Released April 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.5 Oracle Database 11.2.0.4
Error Correction information for Oracle Database
11.2.0.4
|
Patch Information
|
11.2.0.4
|
Comments
|
|
Final CPU
|
October 2020
|
|
|
On-Request platforms
|
HP-UX PA RISC
IBM: Linux on System Z
32-bit client-only platforms except Linux x86
|
|
|
On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Patch Availability for Oracle Database 11.2.0.4
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 11.2.0.4.180717 and Database SPU
11.2.0.4.180717 Patch 28317175 for UNIX, or
Combo OJVM PSU 11.2.0.4.180717 and Database PSU
11.2.0.4.180717 Patch 28317183 for UNIX, or
Combo OJVM PSU 11.2.0.4.180717 and GI PSU
11.2.0.4.180717 Patch 28317141, or
Combo OJVM PSU 11.2.0.4.180717 and Exadata BP
11.2.0.4.180717 Patch 28321254
|
CVE-2018-2939, CVE-2018-3004, CVE-2018-3110
|
OJVM PSU Patches are not RAC Rolling installable.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 11.2.0.4.180717 Patch 27734982 for UNIX, or
GI PSU 11.2.0.4.180717 Patch 27967757 for UNIX, or
Database SPU 11.2.0.4.180717 Patch 27870645 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP
11.2.0.4.180717 Patch 27695940, or later;
Quarterly Database Patch for Exadata BP
11.2.0.4.180717 Patch 27980213 for UNIX, or
Quarterly Full Stack download for Exadata (Jul2018)
BP 11.2.0.4 Patch 28182317, or
Quarterly Full Stack download for Supercluster
(Jul2018) BP 11.2.0.4 Patch 28182334
|
CVE-2018-2939
|
|
|
Oracle Database Server home
|
Oracle JavaVM (OJVM) Component Database PSU
11.2.0.4.180717 Patch 27923163 for UNIX, or
OJVM Microsoft Windows Bundle Patch
11.2.0.4.180810 Patch 28416098 or later
|
CVE-2018-3004, CVE-2018-3110
|
OJVM PSU 11.2.0.4.161018 and greater includes
Generic JDBC Patch 23727132
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU - Generic JDBC
11.2.0.4.160719 Patch 23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied
to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
Database Patch Set Update 11.2.0.4.170418 Patch 24732075
|
Released April 2017
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.5 Oracle Database Mobile/Lite
Server
Error Correction Information for Oracle Database
Mobile Server
|
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
|
Final CPU
|
-
|
October 2021
|
|
Patch Availability for Oracle Database Mobile Server
12.1.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch Availability for Oracle Database Mobile Server
11.3.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle GoldenGate
Error Correction information for Oracle GoldenGate
|
Component
|
12.2.0.1
|
12.1.2.1
|
11.2.1.0
|
Comments
|
|
Final CPU
|
-
|
October 2021
|
January 2020
|
|
Patch Availability for Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.0.1
|
Patch 24765017 - ORACLE GOLDENGATE V12.2.0.1.161018 FOR
DB2 10.1/10.5
Patch 24764985 - ORACLE GOLDENGATE V12.2.0.1.161018 FOR
DB2(IBM I)
Patch 24764950 - ORACLE GOLDENGATE V12.2.0.1.161018 FOR
Oracle 12c
Patch 24764941 - ORACLE GOLDENGATE V12.2.0.1.161018 FOR
Oracle 11g
|
Released October 2016 (Included CVE-2018-2832)
|
Refer to Note 1645495.1 for the latest release.
|
|
12.1.2.1
|
Patch 25184937 - ORACLE GOLDENGATE V12.1.2.1.161031 FOR
MSSQL ON WINDOWS
Patch 25074303 - ORACLE GOLDENGATE V12.1.2.1.161031 FOR
ORACLE 12c
Patch 25074268 - ORACLE GOLDENGATE V12.1.2.1.161031 FOR
ORACLE 11G
Patch 22953549 - Oracle GoldenGate v12.1.2.1.161031 for
FOR IBM DB2 11.1 ON Z/OS
|
Released October 2016
|
Refer to Note 1645495.1 for the latest release.
|
|
11.2.1.0
|
Patch 22077109 - Sybase 15.5: OGG 11.2.1.0.31
Patch 22077052 - IBM AS400: DB2(IBM I): OGG 11.2.1.0.31
Patch 22076884 - Teradata: OGG 11.2.1.0.31
Patch 22076755 - Oracle 11g: OGG 11.2.1.0.31
Patch 22076584 - Windows x86-64: MSSQL: OGG 11.2.1.0.31
Patch 22076540 - IBM Z/OS: DB2 9.1: OGG 11.2.1.0.31
|
Released January 2016
|
OGG Bundle Patch post 11.2.1.0.31 will include
fixes listed here. See Note 1645495.1
|
3.1.7 Oracle GoldenGate Veridata
Error Correction information for Oracle GoldenGate
Veridata
|
Component
|
11.2.1.0
|
Comments
|
|
Final CPU
|
October 2020
|
|
Patch Availability for Oracle GoldenGate Veridata
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2.1.0
|
oracle goldengate veridata v11.2.1.0.2 java agent
- Patch 27425665
oracle goldengate veridata v11.2.1.0.2 server
- Patch 27425668
|
Released April 2018
|
Golden Gate Veridata Patch
|
3.1.8 Oracle Secure Backup
Error Correction information for Oracle Secure Backup
|
Patch Information
|
12.1.x
|
Comments
|
|
Final CPU
|
January 2020
|
|
Minimum Product Requirements for Oracle Secure
Backup
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Secure Backup downloads and
installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Secure Backup
|
12.1.0.3
|
Released April 2017
|
|
3.2 Oracle Enterprise Manager
This section contains the following:
3.2.1 Oracle
Application Performance Management
Error Correction information for Oracle Application
Performance Management
|
Patch Information
|
12.1.0.7
|
11.1.x
|
Comments
|
|
Final CPU
|
-
|
January 2019
|
|
|
On-Request platforms
|
-
|
|
|
Minimum Product Requirements for Oracle Application
Performance Management
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For more information on Oracle Application
Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.0.7
|
12.1.0.7.11 Release Patch 25244272
|
Released July 2017
|
|
|
11.1.x
|
11.1.0.5.7 Release Patch 26290928
|
Released July 2017
|
|
3.2.2 Oracle Application Testing
Suite
Error Correction information for Oracle Application
Testing Suite
|
Patch Information
|
13.2.0.1
|
13.1.0.1
|
12.5.0.3
|
Comments
|
|
Final CPU
|
-
|
-
|
April 2020
|
|
Patch Availability for Oracle Application Testing
Suite
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Application Testing
Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version
12.1.3.0)
|
See "Oracle WebLogic Server" (Version
12.1.3.0.0)
|
See "Oracle WebLogic Server" (Version
12.1.3.0.0)
|
|
13.2.0.1
|
BP Patch 27794987
|
Released April 2018
|
|
|
13.1.0.1
|
BP Patch 27794982
|
Released April 2018
|
|
|
12.5.0.3
|
BP Patch 27794971
|
Released April 2018
|
|
3.2.3 Oracle Enterprise Manager
Cloud Control
Error Correction information for Oracle Enterprise
Manager Cloud Control
|
Patch Information
|
13.2.0.0
|
12.1.0.5
|
Comments
|
|
Final CPU
|
-
|
October 2019
|
|
|
On-Request platforms
|
-
|
-
|
|
Patch Availability for Oracle Enterprise Manager
Cloud Control 13c Release 1 (13.2.0.0)
Patch Availability for Oracle Enterprise Manager
Cloud Control 12c Release 5 (12.1.0.5)
|
Product Home
|
UNIX
|
Microsoft Windows
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
See "Oracle Database"
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
|
|
Base Platform Fusion Middleware home
|
CPU Patch 23703041
|
CPU Patch 23703041
|
Released July 2016
|
Oracle Business Intelligence Publisher BP
11.1.1.7.160719 patch for BIP home in Enterprise Manager
|
|
Base Platform OMS home
|
PSU 12.1.0.5.180717 Patch 28026487
|
PSU 12.1.0.5.180717 Patch 28026487
|
CVE-2017-5645
|
|
|
Base Platform Fusion Middleware home
|
JSP 11.1.1.7.0 SPU for EM 12.1.0.5 (CPUAPR2018) Patch 27872862
|
JSP 11.1.1.7.0 SPU for EM 12.1.0.5
(CPUAPR2018) Patch 27872862
|
Released April 2018
|
JSP 11.1.1.7.0 SPU patch
|
|
Base Platform Agent home
|
BP Patch 22317311
|
BP Patch 22317311
|
Released January 2016
|
Apply to Agent core Oracle Home, after applying
agent patch 25456449, 22342358
|
|
Base Platform Agent home
|
BP Patch 22342358
|
BP Patch 22342358
|
Released January 2016
|
Apply 22342358 to Agent sbin Oracle Home after
applying agent Patch 28193486. Then apply Patch 22317311.
If patches 22342358 and 22317311 were applied earlier, no need to
reapply.
|
|
Base Platform Fusion Middleware home
|
SPU Patch 22013598
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
Apply to Oracle_WT
Post installation steps are not applicable for
Enterprise Manager
|
|
Plugin home
|
BP Patch 28347732
|
BP Patch 28347732
|
CVE-2017-5645, CVE-2016-1181
|
See "Post Release Patches" for
availability
|
|
Base Platform Agent home
|
BP Patch 28193486
|
BP Patch 28193486
|
CVE-2017-5645
|
|
|
Base Platform Fusion Middleware home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
Released January 2018
|
Released October 2015
|
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates
See Note 2400141.1 before applying this patch
Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH
|
|
Base Platform Fusion Middleware home
|
CPU Patch 19345576
|
CPU Patch 19345576
|
Released January 2015
|
Oracle Process Management and Notification (OPMN)
Patch for Oracle_WT OH
See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle
Fusion Middleware 11g OPMN/ONS
|
|
Base Platform Fusion Middleware home
|
SPU Patch 17337741
|
SPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch for
Oracle_WT OH
|
3.2.5 Oracle
Enterprise Manager Ops Center
Error Correction information for Oracle Enterprise
Manager Ops Center
|
Patch Information
|
12.3.x
|
12.2.x
|
Comments
|
|
Final CPU
|
Jun 2020
|
Feb 2019
|
|
Patch Availability for Oracle Enterprise Manager Ops
Center
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Enterprise Manager
Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
12.3.3
|
Solaris 10 Sparc, Solaris 10 x86 and Linux
x86 Patch 28329304 and Patch 28329289
|
CVE-2018-1275, CVE-2018-2976, CVE-2017-9798,
CVE-2018-0739, CVE-2016-9878
|
|
|
12.2.2
|
Solaris 10 Sparc, Solaris 10 x86 and Linux
x86 Patch 28329304 and Patch 28329289
|
CVE-2018-1275, CVE-2017-9798, CVE-2018-0739,
CVE-2016-9878
|
|
3.2.6 OSS Support Tools
Error Correction information for OSS Support Tools
|
Patch Information
|
8.11.x
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for OSS Support Tools
|
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
|
8.11.16.3.8
|
BP Patch 22783063
|
March 2016
|
See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) -
RDA/Explorer, SNEEP, ACT
|
3.2.7 Oracle Configuration
Manager
Minimum Product Requirements for Oracle Configuration
Manager
Critical Patch Update security vulnerabilities are
fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS
(support.oracle.com). Customer can use collector tab to down the Oracle
Configuration Manager Collector.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Configuration Manager
|
12.1.2.0.4
|
Released October 2016
|
Released July 2017
|
3.3 Oracle Fusion Middleware
This section contains the following:
3.3.1 Management
Pack For Oracle GoldenGate
Error Correction information for Management Pack For
Oracle GoldenGate
|
Patch Information
|
12.1.3.x
|
Comments
|
|
Final CPU
|
July 2022
|
|
Patch Availability for Management Pack For Oracle
GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.1.0
|
Oracle Goldengate Monitor v11.2.1.0.13 or
later Patch 27221310
|
Released April 2018
|
Oracle GoldenGate Monitor patch
|
3.3.2 NetBeans IDE
Minimum Product Requirements for NetBeans IDE
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/
|
Product Home
|
Release
|
Advisory Number
|
Comments
|
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle API Gateway
Error Correction information for Oracle API
Gateway
|
Patch Information
|
11.1.2.4.0
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle API Gateway
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4.0
|
OAG 11.1.2.4.0 SPU for JULCPU2018 Patch 28201203
|
CVE-2018-0739
|
|
3.3.4 Oracle Big Data Discovery
Minimum Product Requirements for
Oracle Big Data Discovery
Critical Patch Update security
vulnerabilities are fixed in the listed release only and installations with
any prior versions will need to move to the listed version. For Oracle
Big Data Discovery downloads, seehttps://edelivery.oracle.com and
search for "Oracle Big Data Discovery".
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Big Data Discovery
|
1.6
|
Released April 2018
|
|
3.3.5 Oracle
Business Intelligence App Mobile Designer
Error Correction information for Oracle Business
Intelligence App Mobile Designer
|
Patch Information
|
11.1.1.7 iOS
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle Business Intelligence
App Mobile Designer
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7
|
SPU Patch 18794832
|
Released July 2014
|
|
3.3.6 Oracle Business
Intelligence Enterprise Edition
Error Correction information for Oracle Business
Intelligence Enterprise Edition
|
Patch Information
|
12.2.1.3.0
|
12.2.1.2.0
|
11.1.1.9
|
11.1.1.7
|
Comments
|
|
Final CPU
|
-
|
July 2018
|
October 2021
|
October 2018
|
11.1.1.9.0 End of Error Correction for Extended
Support Customer only beyond Dec 2018
|
Patch Availability for Oracle Business Intelligence
Enterprise Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
FMW 12c home
|
See "Oracle Fusion Middleware
12c"
|
See "Oracle Fusion Middleware
12c"
|
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.180717 Patch 28119112 or higher
|
CVE-2018-2925, CVE-2018-2958
|
|
|
11.1.1.9
|
Oracle Business Intelligence Enterprise Edition BP
11.1.1.9.1 Patch 21235195 or higher
|
Released July 2015
|
BIEE Third Party Bundle Patch
|
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.180717 Patch 28119130 or higher
|
CVE-2018-2925, CVE-2018-2958, CVE-2018-2900
|
|
|
11.1.1.7
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
Released January 2018
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates
|
|
11.1.1.7
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
|
11.1.1.7
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware 11g OPMN/ONS
|
|
11.1.1.7
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
|
11.1.1.7
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
|
DAC 11.1.1.6.4 home
|
Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU
for apr2018cpu
|
Released April 2018
|
Patch can be installed in any home
|
3.3.7 Oracle Business
Intelligence Mobile
Error Correction information for Oracle Business
Intelligence Mobile
|
Patch Information
|
11.1.1.7 iOS
|
Comments
|
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle Business
Intelligence Mobile
|
Patch Information
|
11.1.1.7.0 iOS
|
Advisory Number
|
Comments
|
|
Minimum Version
|
11.1.1.7.0 (11.6.39)
|
Released July 2015
|
|
3.3.8 Oracle Business
Intelligence Publisher
Error Correction information for Oracle Business
Intelligence Publisher
|
Patch Information
|
11.1.1.9
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Business Intelligence
Publisher
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.170718 Patch 26092391 or higher
|
Released July 2017
|
|
|
11.1.1.9
|
BP Patch 24580895
|
Released October 2016
|
Webservice BP
|
|
11.1.1.9
|
11.1.1.9 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
|
11.1.1.9
|
WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12
(Jul2015) or later WLS PSU
|
Released October 2016
|
WLS 10.3.6 Interim Patch or WLS PSU
|
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.170718 Patch 26092384 or higher
|
Released July 2017
|
|
|
11.1.1.7
|
BP Patch 24486705
|
Released October 2016
|
Webservice BP
|
|
11.1.1.7
|
11.1.1.7.0 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
|
11.1.1.7
|
WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12
(Jul2015) or later WLS PSU
|
Released October 2016
|
WLS 10.3.6 Interim Patch or WLS PSU
|
3.3.9 Oracle Complex Event
Processing
Error Correction information for Oracle Complex Event
Processing
|
Patch Information
|
CEP 12.1.3
|
CEP 11.1.7
|
Comments
|
|
Final CPU
|
December 2019
|
October 2018
|
|
Patch Availability for Oracle Complex Event
Processing
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
3.3.10 Oracle Data Quality for
Oracle Data Integrator
Error Correction information for Oracle Data Quality
for Oracle Data Integrator
|
Patch Information
|
ODIDQ 11.1.x
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle Data Quality for Oracle
Data Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.11 Oracle Data Visualization
Desktop
Error Correction information for Oracle Data
Visualization Desktop
|
Patch Information
|
12.2.4.1.1
|
Comments
|
|
Final CPU
|
-
|
|
Patch availability for Oracle Data Visualization
Desktop
3.3.12 Oracle Endeca Server
Error Correction information for Oracle Endeca Server
|
Patch Information
|
7.7
|
7.6
|
7.4
|
7.3
|
Comments
|
|
Final CPU
|
January 2021
|
October 2018
|
July 2020
|
-
|
|
Patch availability for Oracle Endeca Server
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Server 7.7 home
|
SPU Patch 27236674
|
Released April 2018
|
|
|
Oracle Endeca Server 7.6 home
|
SPU Patch 27236680
|
Released April 2018
|
|
|
Oracle Endeca Server 7.5 home
|
SPU Patch 27236689
|
Released April 2018
|
|
3.3.13 Oracle Endeca Information
Discovery Studio
Error Correction information for Oracle Endeca
Information Discovery Studio
|
Patch Information
|
3.2
|
3.1
|
Comments
|
|
Final CPU
|
January 2021
|
October 2018
|
|
Patch availability for Oracle Endeca Information
Discovery Studio
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Information Discovery Studio 3.2
home
|
Endeca Information Discovery Studio SPU 3.2
CPUJUL2018 Patch 28316347
|
CVE-2011-4461
|
|
|
Oracle Endeca Information Discovery Studio 3.1 home
|
Endeca Information Discovery Studio SPU 3.1
CPUJUL2018 Patch 28316335
|
CVE-2011-4461
|
|
3.3.14 Oracle Endeca Information
Discovery Integrator
Error Correction information for Oracle Endeca
Information Discovery Studio Integrator
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
-
|
|
Patch availability for Oracle Endeca Information
Discovery Studio Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Information Discovery Integrator
3.2 home
|
April 2018 SPU Patch 27236651
|
Released April 2018
|
All Patches are cumulative of prior fixes
|
|
Oracle Endeca Information Discovery Integrator
3.1 home
|
April 2018 SPU patch 27236635
|
Released April 2018
|
|
3.3.15 Oracle Enterprise Data
Quality
Error Correction information for Oracle Enterprise
Data Quality
|
Patch Information
|
11.1.1.x
|
9.0
|
8.1
|
Comments
|
|
Final CPU
|
October 2021
|
October 2019
|
July 2019
|
|
Patch Availability for Oracle Enterprise Data Quality
3.3.16 Oracle Enterprise
Repository
Error Correction information for Oracle Enterprise
Repository
|
Patch Information
|
12.1.3
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2018
|
October 2018
|
|
Patch Availability for Oracle Enterprise Repository
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.3.0.0
|
OER 12.1.3.0.0 SPU for July2018CPU Patch 28076713
|
CVE-2018-1275
|
|
|
11.1.1.7.0
|
OER 11.1.1.7.0 SPU for July2018CPU Patch 28150760
|
CVE-2018-1275
|
|
3.3.17 Oracle Exalogic Patch Set
Update (PSU)
Error Correction information for Oracle Exalogic
Patch Set Update (PSU)
|
Patch Information
|
2.x
|
1.x
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Set Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.2.170418 Physical Linux x86-64 (for all X2-2,
X3-2, X4-2, X5-2) PSU Patch 25422080
2.0.6.2.170418 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2)
PSU Patch 25422080
|
Released April 2017
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
|
2.x Virtual
|
2.0.6.2.170418 Virtual (for all X2-2, X3-2, X4-2,
X5-2) PSU Patch 25422070
|
Released April 2017
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013 (15931901)
|
See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE
KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 14834860 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for
Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set
Updates)
|
3.3.18 Oracle Forms and Reports
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Forms and Reports installation. Only the relevant homes from
those tables need to be patched.
Patch Availability for Oracle Forms and Reports
3.3.19 Oracle Fusion Middleware
For more information on how to identify the
components in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or
Oracle home?.
This section contains the following:
3.3.19.1 Oracle Fusion Middleware
12c
The sections below cover Oracle Fusion Middleware
version 12.2.x and 12.1.x
3.3.19.1.1 Oracle Fusion
Middleware 12.2.1.3
Error Correction information for Oracle Fusion
Middleware 12.2.1.3
|
Patch Information
|
12.2.1.3
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.3
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
|
12.2.1.3 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server patch
|
|
12.2.1.3 home
|
OAM webgate bundle patch 12.2.1.3.180622 Patch 28243743
|
Released July 2018
|
No new CVEs
|
|
12.2.1.3 home
|
OAM bundle patch 12.2.1.3.180622 Patch 28305164
|
Released July 2018
|
OAM Webgates BP April 2018 or later has to be
applied. Also refer to the MOS Note 2386496.1. Includes additional fixes released post April
CPU as one offs.
|
|
12.2.1.3 home
|
OHS (native) bundle patch 12.2.1.3.171117 Patch 27149535
|
Released January 2018
|
Oracle HTTP Server Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates
|
|
12.2.1.3 home
|
OBI bundle patch 12.2.1.3.180717 Patch 27329720 or higher
|
CVE-2018-2925, CVE-2018-2958
|
Jan BP contains this fix for CVE-2017-5662. No
action required if it is already applied.
|
|
12.2.1.3 home
|
WCC BP 12.2.1.3.180417 Patch 27393392
|
Released April 2018
|
WebCenter Content Patch
|
|
12.2.1.3 home
|
Oracle WebCenter Portal BP 12.2.1.3.180716 Patch 27989235 or later AND WebCenter Core Bundle Patch
12.2.1.3.180710 Patch 28330217 or later
|
CVE-2018-7489, CVE-2018-3101
|
Please apply both WebCenter Portal and WebCenter
Core Patches.
|
|
12.2.1.3 home
|
Oracle WebCenter Sites 12.2.1.3.180215 Patch 27562268
|
Released April 2018
|
|
|
12.2.1.3 home
|
Patch 27210544 - OSS security patch update 12.2.1.3.0
|
Released April 2018
|
Oracle Security Service Patch
|
|
12.2.1.3 home
|
OID Bundle Patch 12.2.1.3.180116 Patch 27396651
|
Released January 2018
|
|
|
12.2.1.3. home
|
SOA Bundle Patch 12.2.1.3.180705 Patch 28300397
|
CVE-2018-3105, CVE-2018-3100
|
|
|
12.2.1.3 home
|
Mapviewer 12.2.1.3.0 SPU JULCPU2018 Patch 28215668
|
CVE-2018-2943, CVE-2017-5645, CVE-2018-3109, CVE-2018-8013
|
12.2.1.3 patch can be applied to 12.2.1.2 homes
as well to address these CVEs
|
|
12.2.1.3 home
|
ADF bundle patch 12.2.1.3.180607 Patch 28151020
|
CVE-2015-7940
|
|
|
12.2.1.3 home
|
EDQ 12.2.1.3.0 SPU for JULCPU2018 patch 28263628
|
CVE-2017-5645
|
|
|
12.2.1.3. home
|
FMW platform 12.2.1.3.0 SPU for JULCPU2018 Patch 26937035
|
CVE-2017-12617
|
|
|
12.2.1.3 home
|
Oracle Fusion Middleware 12.2.1.3.0 SPU
JulCPU2018 Patch 27323998
|
CVE-2018-3108
|
ONS Patch (WebLogic Plugin for OHS)
|
3.3.19.1.2 Oracle Fusion
Middleware 12.2.1.2
Error Correction information for Oracle Fusion
Middleware 12.2.1.2
|
Patch Information
|
12.2.1.2
|
Comments
|
|
Final CPU
|
Jul 2018
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.2
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
|
12.2.1.2 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server patch
|
|
12.2.1.2 home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
12.2.1.2 home
|
ADF bundle patch 12.2.1.2.180525 patch 27783350
|
CVE-2015-7940
|
ADF (Infrastructure) Patch
|
|
12.2.1.2 home
|
OHS bundle patch 12.2.1.2.171220 Patch 27198002
|
Released January 2018 (includes CVE-2018-2760)
|
Oracle HTTP Server Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates
|
|
12.2.1.2 home
|
OBIE bundle patch 12.2.1.2.180717 Patch 27916905 or higher
|
CVE-2018-2925, CVE-2018-2958
|
|
|
12.2.1.2 home
|
OBIEE MOS Note: Note 2310021.1
|
Released October 2017
|
|
|
12.2.1.2 home
|
OBIEE MOS Note: Note 2310008.1
|
Released October 2017
|
|
|
12.2.1.2 home
|
SOA Bundle Patch 12.2.1.2.180717 Patch 27647358
|
CVE-2018-3105, CVE-2018-3100
|
SOA Patch
|
|
12.2.1.2 home
|
WCC BP 12.2.1.2.180417 Patch 27393378
|
Released April 2018
|
WebCenter Content Patch
|
|
12.2.1.2 home
|
Oracle WebCenter Portal BP 12.2.1.2.180417 Patch 27430719 or later
|
Released April 2018
|
Webcenter Portal Patch
|
|
12.2.1.2. home
|
WebCenter Core Bundle Patch
12.2.1.2.180710 Patch 28329830
|
CVE-2018-3101
|
Webcenter Core Patch for the Web Center Portal
Home
|
|
12.2.1.2 home
|
OSB BP 12.2.1.2.170418 Patch 25439629
|
Released April 2017
|
OSB Patch
|
|
12.2.1.2 home
|
Patch 27210537 - OSS security patch update 12.2.1.2.0
|
Released April 2018
|
Oracle Security Service Patch
|
|
12.2.1.2 home
|
Oracle WebCenter Sites 12.2.1.2.0 Patch 3 Patch 27589545
|
Released April 2018
|
WebCenter Sites Patch.
|
|
12.2.1.2 home
|
Patch 25375317
Patch 24908939
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
12.2.1.2. home
|
FMW platform 12.2.1.2.0 SPU for JULCPU2018 Patch 26937036
|
CVE-2017-12617
|
|
|
12.2.1.2 home
|
Oracle Fusion Middleware 12.2.1.2.0 SPU
JulCPU2018 Patch 27368779
|
CVE-2018-3108
|
ONS Patch (WebLogic Plugin for OHS)
|
3.3.19.1.3 Oracle Fusion
Middleware 12.1.3.0
Error Correction information for Oracle Fusion
Middleware 12.1.3.0
|
Patch Information
|
12.1.3.0
|
Comments
|
|
Final CPU
|
October 2019
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.1.3.0
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
|
12.1.3.0.0 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server patch
|
|
12.1.3.0.0 home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
12.1.3.0.0 home
|
ADF bundle patch 12.1.3.0.180525 Patch 27800100
|
CVE-2015-7940
|
Oracle JDeveloper (ADF) Patch
|
|
12.1.3 home
|
Patch 27369653 - OSS security patch update 12.1.3.0.0
|
Released April 2018
|
Oracle Security Service (SSL/Network) Patch
|
|
12.1.3.0.0 home
|
SOA Bundle Patch 12.1.3.0.180717 Patch 28206019
|
CVE-2018-3105
|
SOA Patch
|
|
12.1.3.0.0 home
|
OHS SPU for Jan2018CPU Patch 27244723
|
Released January 2018 (includes CVE-2018-2760)
|
Oracle HTTP Server Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates
|
|
12.1.3.0.0 home
|
OER BP Patch 25184722
|
Released July 2017
|
Oracle Enterprise Repository Patch
|
|
12.1.3.0.0 home
|
EDQ BP 12.1.3.0.1 Patch 24672265
|
Released April 2017
|
Enterprise Data Quality patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
12.1.3.0.0 home
|
ODI BP 12.1.3.0.170418 Patch 25774021
|
Released July 2017
|
Oracle Data Integrator Patch
Install prior to Java CPUApr2017 JDK/JRE or later version.
|
|
12.1.3.0.0 home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
12.1.3.0.0 home
|
OSB BP 12.1.3.0.170418 patch 23133629
|
Released April 2017
|
OSB patch
|
|
12.1.3.0.0 home
|
BP Patch 27074880, or later
|
Released January 2018
|
Platform Security for Java patch
|
|
12.1.3.0.0 home
|
SPU Patch 24327938
|
Released July 2016
|
Oracle TopLink patch
|
|
12.1.3.0.0 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.19.2 Oracle Forms and Reports
11.1.2.2
Error Correction information for Oracle Forms and
Reports 11.1.2.2
|
Patch Information
|
11.1.2.2
|
Comments
|
|
Final CPU
|
October 2018
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Forms and Reports
11.1.2.2
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
Oracle Forms and Reports 11.1.2.2 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
|
Oracle Forms and Reports 11.1.2.2 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle Forms and Reports 11.1.2.2 home
|
OHS 11.1.1.7.0 SPU for JanCPU2018 Patch 27197885
|
Released January 2018
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 - SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates .
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 19562319
|
Released January 2015
|
Oracle Forms Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 20002141
|
Released January 2015
|
Oracle Reports, Developer 11.1.2.2 Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN) Patch
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware 11g OPMN/ONS
|
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
3.3.19.3 Oracle Fusion Middleware
11.1.1.9
Error Correction information for Oracle Fusion
Middleware 11.1.1.9
|
Patch Information
|
11.1.1.9
|
Comments
|
|
Final CPU
|
October 2021
|
Oracle Fusion Middleware 11.1.1.9
|
|
On-Request platforms
|
AIX, HPUX, and Windows are on request.
|
|
Patch Availability for Oracle Fusion Middleware
11.1.1.9
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
SOA 11.1.1.9 home
|
SOA BP 11.1.1.9.170703 Patch 28287135
|
CVE-2018-3105
|
SOA Patch
|
|
Oracle Identity Management 11.1.1.9 home
|
OVD 11.1.1.9 Patch 26962279
|
Released October 2017
|
Oracle Virtual Directory (OVD) Patch
|
|
Oracle Identity Management 11.1.1.9 home
|
OID bundle patch 11.1.1.9.171127 Patch 26850241, or later
|
Released January 2018
|
Oracle Internet Directory Patch
See Note 2420947.1 for additional information about Oracle
Internet Directory Vulnerability CVE-2015-0204
|
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
Oracle WebCenter 11.1.1.9 home
OSB 11.1.1.9 home
ODI 11.1.1.9 Home
|
OSS SPU Patch 27369643
|
Released April 2018
|
Oracle Security Service (OSS) Patch
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
OHS 11.1.1.9.0 SPU for JanCPU2018 Patch 27301611
|
Released January 2018
|
Oracle HTTP Server 11.1.1.9 Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates
|
|
OSB 11.1.1.9 home
|
OSB BP 11.1.1.9.170718 patch 25926992
|
Released July 2017
|
OSB patch
|
|
ODI 11.1.1.9 Home
|
ODI BP 11.1.1.9.160926 Patch 24675920
|
Released July 2017
|
Oracle Data Integrator Patch
|
|
Oracle WebCenter 11.1.1.9 home
|
WCC BP 11.1.1.9.180226 Patch 27393411
|
Released April 2018
|
WebCenter Content Patch
|
|
OSB 11.1.1.9 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle FMW 11.1.1.9 ORACLE_COMMON home
|
JRF BP 11.1.1.9.160905 Patch 23243563 or later
|
Released January 2017
|
JRF BP
|
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
|
BP Patch 24580895
|
Released October 2016
|
Web Services BP
|
|
Oracle Web Tier 11.1.1.9 home
|
SPU Patch 21905371
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL
Cipher Suite Changes Beginning with CPU January 2016
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle WebCenter 11.1.1.9 home
|
WebCenter Portal Bundle Patch 11.1.1.9.180717 Patch 28275295
|
CVE-2018-3101
|
Oracle WebCenter Portal 11.1.1.9 Patch
See Note 2029169.1, Changes to Portlet standards request
dispatching of Resource Requests
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for
11.1.1.9.0
|
3.3.19.4 Oracle
Fusion Middleware 11.1.1.7
Error Correction information for Oracle Fusion
Middleware 11.1.1.7
|
Patch Information
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2018
|
Oracle Fusion Middleware 11.1.1.7
See Note 1585582.1, Extended Fusion Middleware 11g
Lifetime Support Policy Dates, and Note 1290894.1, Error Correction Support Dates for
Oracle Fusion Middleware 11g (11.1.1/11.1.2)
Oracle Portal, Forms, Reports and Discoverer may
have different support dates, Please refer to Lifetime Support document
for more details
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
11.1.1.7
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
Oracle SOA 11.1.1.7 home
|
SOA BP 11.1.1.7.8 Patch 20900797
SOA Overlay Security Patch Update
11.1.1.7.180717 Patch 28293424
|
CVE-2018-3105
|
SOA Patches
Overlay SPU patch can only be installed after the
base BP has been installed.
|
|
Oracle Identity Management 11.1.1.7 home
|
OVD 11.1.1.7 Patch 26962267
|
Released October 2017
|
Oracle Virtual Directory (OVD) Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
Released January 2018
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 SSL Configuration Required to Secure
Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates
|
|
ODI 11.1.1.7 home
|
ODI SPU Patch 24826305
|
Released July 2017
|
Oracle Data Integrator Patch
|
|
OSB 11.1.1.7 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
Patch 19933795
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
|
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
ODI Patch 25507109
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
|
|
FMW 11.1.1.7 ORACLE_COMMON home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
JRF BP 11.1.1.7.160905 Patch 23243559 or later
|
Released January 2017
|
JRF BP
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 24716502
|
Released October 2016
|
Oracle Discoverer Patch
|
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
See Note 2155256.1
|
Released July 2016
|
For Oracle Portal 11.1.1.6
|
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 22218959
|
Released July 2016
|
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL
Cipher Suite Changes Beginning with CPU January 2016
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Identity Manager BP 2 (11.1.1.7.2) Patch 21881425 and OIM OVERLAY SPU 11.1.1.7.161018 Patch 24816127
|
Overlay SPU: Released October 2016
OIM BP2: Released October 2015
|
Oracle Identity Manager Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Access Manager BP 5 (11.1.1.7.5) Patch 21033489 or later
|
Released July 2015
|
Oracle Access Manager (OAM 11.1.1.7.5) Patch
See Note 1952939.1, Oracle Access Manager 11g Logout
Confirmation Features and Configuration
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 19562278
|
Released January 2015
|
Oracle Forms 11.1.1.7 Patch
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 20002159
|
Released January 2015
|
Oracle Reports, Developer 11.1.1.7 Patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 20060599
|
Released January 2015
|
Oracle Adaptive Access Manager Patch
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 19666962
|
Released October 2014
|
Oracle Identity Manager Patch
See Note 1927796.1, Instructions For Enabling OIM CPU Bug
17937383 Fix For OIM BPs (11.1.2.1.9 and 11.1.2.2.4 Versions) / Overlay
SPU (11.1.1.7 and 11.1.1.5 Versions)
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware 11g OPMN/ONS
|
|
Oracle WebCenter 11.1.1.7 home
|
Overlay SPU Patch 18792010 and 11.1.1.7 BP 1 Patch 16761779
|
Released July 2014
|
WebCenter Portal 11.1.1.7 Overlay SPU patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
See Note 1643382.1
|
Released April 2014
|
OAM/WebGate Advisory
|
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
|
Oracle Identity Management 11.1.1.7 home
|
OID bundle patch 11.1.1.7.180116 Patch 27340965
|
Released January 2018
|
Oracle Internet Directory Patch
Patch 17842883 for HP-UX Itanium, HP-UX PA-RISC (64-bit),
Linux x86, Microsoft Windows (32-bit)
Patch 17839633 for Linux x86-64, IBM AIX Based Systems
(64-bit), Sun Solaris x86-64 (64-bit), Sun Solaris SPARC (64-bit),
Microsoft Windows x64 (64-bit)
See "Oracle Internet Directory (OID) Version
11g Bundle Patch (Including Directory Integration Platform / DIP) /
Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA)
Customers" (Note 1614114.1) for Bundles that include these and other
fixes.
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Identity Access Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
|
Oracle WebCenter Content 11.1.1.7 home
|
BP 2 Patch 17180477 or higher
|
Released October 2013
|
|
|
Oracle Fusion Middleware 11.1.1.7.0 ORACLE_COMMON
home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for 11.1.1.7.0
|
3.3.19.5 Oracle Identity Access
Management 11.1.2.3
Error Correction information for Oracle Identity
Access Management 11.1.2.3
|
Patch Information
|
11.1.2.3
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Identity Access
Management 11.1.2.3
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration Guide
for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Identity Federation SPU 1 (11.1.1.7.1) Patch 22321057 or later
|
Released January 2016
|
Oracle Identity Federation (OIF 11.1.1.7.1) Patch
|
|
Oracle Identity Management 11.1.2.3 home
|
OIM BP 11.1.2.3.180111 Patch 27377675
|
Released January 2018
|
Oracle Identity Manager Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
For availability dates, see "Post Release
Patches"
|
|
Oracle Identity Access Management 11.1.2.3 home
|
Patch 28116779 - IDM suite bundle patch 11.1.2.3.180717
OR
Patch 27897816 - OAM bundle patch 11.1.2.3.180717
|
Released July 2018
|
OAM Webgates BP April 2018 or later has to be
applied. Also refer to the MOS Note 2386496.1. Included few additional fixes delivered as one
offs post April CPU.
|
3.3.20 Oracle Hyperion Analytic Provider
Services
Error Correction information for Oracle Hyperion
Analytic Provider Services
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Analytic
Provider Services
3.3.21 Oracle Hyperion Common
Security
Error Correction information for Oracle Hyperion
Common Security
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion Common
Security
3.3.22 Oracle Hyperion Data
Relationship Management
Error Correction information for Oracle Hyperion
Data Relationship Management
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion Data
Relationship Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
Hyperion Data Relationship Management
11.1.2.4.346 Patch 28367949
|
CVE-2018-2915
|
Patch is in progress, please see "Post
Release Patches"
|
3.3.23 Oracle Hyperion Enterprise
Performance Management Architect
Error Correction information for Oracle Hyperion
Enterprise Performance Management Architect
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Enterprise Performance
Management Architect
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.3
|
SPU Patch 19466859
SPU Patch 20929659
|
Released July 2015
|
|
|
11.1.2.2
|
SPU On-Request
|
Released July 2015
|
|
3.3.24 Oracle Hyperion Essbase
Error Correction information for Oracle Hyperion
Essbase
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Essbase
3.3.25 Oracle Hyperion Financial
Reporting
Error Correction information for Oracle Hyperion
Financial Reporting
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion Financial
Reporting
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2
|
Jdev 11.1.1.7.1 SPU Patch 27457998
|
CVE-2018-2907
|
Jdev ADF Patch needs to be applied to Hyperion
Financial Reporting Home. To download this patch please contact support
to get the password.
|
3.3.26 Oracle Hyperion Planning
Error Correction information for Oracle Hyperion
Planning
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion Planning
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
SPU Patch 27177721
|
Released January 2018
|
|
3.3.27 Oracle Hyperion Strategic
Finance
Error Correction information for Oracle Hyperion
Strategic Finance
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Hyperion Strategic
Finance
3.3.28 Oracle Identity Access
Management
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Identity Access Management installation. Only the relevant
homes from those tables need to be patched.
Patch Availability for Oracle Identity Access
Management
3.3.29 Oracle Identity Management
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Identity Management installation. Only the relevant homes
from those tables need to be patched.
Patch Availability for Oracle Identity Management
3.3.30 Oracle Identity Management
Connector
Error Correction
information for Oracle Identity Management Connector
|
Patch Information
|
9.1.1.5
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Identity Management Connector
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Microsoft AD
connector 9.1.1.5
|
OIM Connector 9.1.1.5.15 Patch 25028999
|
Released October 2017
|
|
|
ca top
secret connector 9.0.4.20.6
|
OIM Connector 9.0.4.20.6 Patch 26566700
|
Released January 2018
|
|
|
RACF adv
connector 9.0.4.25.4
|
OIM Connector 9.0.4.20.6 Patch 26599074
|
Released January 2018
|
|
|
acf2
connector 9.0.4.21
|
OIM Connector 9.0.4.21 bpl Patch 26615477
|
Released January 2018
|
|
3.3.31 Oracle
JDeveloper and Oracle ADF
Error Correction
information for Oracle JDeveloper and Oracle ADF
|
Patch Information
|
12.2.1.3
|
12.2.1.2
|
12.1.3.0
|
11.1.2.4
|
11.1.1.7
|
Comments
|
|
Final CPU
|
-
|
July 2018
|
-
|
October 2021
|
October 2018
|
|
Critical Patch Update Availability for Oracle
JDeveloper and Oracle ADF
|
Release
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.2.0
|
ADF bundle patch 12.2.1.2.180525 patch 27783350
|
CVE-2015-7940
|
|
|
12.1.3.0.0
|
ADF bundle patch 12.1.3.0.180525 Patch 27800100
|
CVE-2015-7940
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
For availability dates, see "Post Release Patches"
|
|
11.1.2.4.0
|
ADF SPU 11.1.2.4.0 for JanCPU2018 Patch 27213077
|
Released January 2018
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
|
|
11.1.1.9.0
|
ADF SPU 11.1.1.9.0 for JanCPU2018 Patch 27120730
|
Released January 2018
|
|
|
11.1.1.7.0
|
ADF SPU 11.1.1.7.0 for JanCPU2018 Patch 27251436
|
Released January 2018
|
|
|
Oracle JDeveloper 11.1.7.0.0 home
Oracle ADF 11.1.7.0 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technology Patch
|
3.3.32 Oracle JRockit
Critical Patch Update Availability for Oracle JRockit
Oracle JRockit R28.3.13 includes fixes for all security advisories that
have been released through CPUjan2017.
|
Product
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle JRockit JRE and JDK 6
|
R28.3.13 Patch 25061582
|
Released January 2017
|
|
3.3.33 Oracle Map Viewer
Error Correction information for Oracle Map Viewer
|
Patch Information
|
11.1.1.9
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Map Viewer
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.3
|
Patch 25506781
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
|
|
11.1.1.9
|
SPU Patch 27534923
|
Released April 2018
|
|
|
11.1.1.7
|
SPU Patch 27733048
|
Released April 2018
|
|
3.3.34 Oracle Mobile Security
Suite
Error Correction information for Oracle Mobile
Security Suite
|
Patch Information
|
3.0.11
|
Comments
|
|
Final CPU
|
Jan 2019
|
|
Patch Availability for Oracle Mobile Security Suite
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
3.0.11
|
OMSS 3.0.11 Patch 27517409
|
Released April 2018
|
|
3.3.35 Oracle Outside In
Technology
Error Correction information for Oracle Outside In
Technology
|
Patch Information
|
8.5.3
|
Comments
|
|
Final CPU
|
April 2019
|
|
Patch Availability for Oracle Outside In Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Outside In Technology 8.5.3
|
OIT BP 8.5.3 July 2018 BP Patch 28206354
|
CVE-2018-3102, CVE-2018-2992, CVE-2018-3009,
CVE-2018-3010, CVE-2018-3092, CVE-2018-3103, CVE-2018-3093,
CVE-2018-3094, CVE-2018-3095, CVE-2018-3096, CVE-2018-3097,
CVE-2018-3104, CVE-2018-3098, CVE-2018-3099, CVE-2016-9843
|
|
3.3.36 Oracle Portal, Forms,
Reports, and Discoverer 11g Release 1
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Portal, Forms, Reports, and Discoverer 11g Release
1 installation. Only the relevant homes from those tables need to be
patched.
Patch Availability for Oracle Portal, Forms, Reports,
and Discoverer 11g Release 1
3.3.37 Oracle Real Time Decisions
Applications
Error Correction information for Oracle Real Time
Decisions Applications
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
July 2019
|
|
Patch Availability for Oracle Real Time Decisions
Applications
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Real Time Decisions (RTD) Application 3.2
home
|
RTD applications 3.2 SPU for April 2018 Patch 27860903
|
Released April 2018
|
|
3.3.38 Oracle Real Time Decisions
Server
Error Correction information for Oracle Real Time
Decisions Server
|
Patch Information
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2018
|
|
Patch Availability for Oracle Real Time Decisions
Server
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Real Time Decisions Server 11.1.1.7.0 home
|
BP 11.1.1.7.150120 Patch 19823874
|
Released January 2015
|
|
3.3.39 Oracle SOA Suite
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle SOA Suite installation. Only the relevant homes from those
tables need to be patched.
Patch Availability for Oracle SOA Suite
3.3.40 Oracle Traffic Director
Error Correction information for Oracle Traffic
Director
|
Patch Information
|
11.1.1.9
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Traffic Director
3.3.41 Oracle Tuxedo
Error Correction information for Oracle Tuxedo
|
Patch Information
|
12.2.2.0
|
12.1.3.0
|
12.1.1.0
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
July 2020
|
|
Patch Availability for Oracle Tuxedo
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
12.2.2.0
|
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018
Linux Patch 28090531
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018
win-64 with vs2015 Patch 28124771
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018
win-32 with vs2015 Patch 28124779
|
CVE-2018-3007
|
For CVE-2017-10269, see extra settings required
with these cumulative patches in Note 2326009.1
|
|
12.1.3.0
|
rp108 oracle tuxedo 12.1.3 SPU for JULCPU2018
Linux Patch 28005865
rp108 oracle tuxedo 12.1.3 SPU for JULCPU2018 (win
vs2013/32bit) Patch 28060108
rp108 oracle tuxedo 12.1.3 SPU for JULCPU2018 (win
vs2012/64bit) Patch 28058873
rp108 oracle tuxedo 12.1.3 SPU for JULCPU2018 (win
x64 vs2010/64-bit) Patch 28060030
|
CVE-2018-3007
|
For CVE-2017-10269, see extra settings required
with these cumulative patches in Note 2326009.1
|
|
12.1.1.0
|
rp096 oracle tuxedo 12.1.1 SPU for julcpu2018
Linux Patch 28025184
rp096 oracle tuxedo 12.1.1 SPU for julcpu2018 for
windows x64 vs2012 Patch 28087512
rrp096 oracle tuxedo 12.1.1 SPU for julcpu2018 for
windows x64 vs2010 Patch 28087436
rp096 oracle tuxedo SPU openssl to 1.0.2o for
12.1.1.0 client vs2010 Patch 28005709
|
CVE-2018-3007, CVE-2018-0739
|
|
3.3.42 Oracle Tuxedo System and Applications
Monitor Plus (TSAM Plus)
Error Correction Information for Oracle Tuxedo System
and Applications Monitor Plus (TSAM Plus)
|
Patch Information
|
12.2.2
|
12.1.3
|
12.1.1.1
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
July 2020
|
|
Patch Availability for Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
TSAM Plus 12.2.2
|
RP002 Patch 25389632
|
Released July 2017
|
|
|
TSAM Plus 12.1.3
|
RP019 FOR LINUX 64-BIT X86 Patch 27379436
|
Released January 2018
|
|
|
TSAM Plus 12.1.1.1
|
RP025 Patch 23707307
|
Released July 2017
|
|
3.3.43 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Web-Tier 11g Utilities installation. Only the
relevant homes from those tables need to be patched.
Patch Availability for Oracle Web-Tier 11g Utilities
3.3.44 Oracle WebCenter
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle WebCenter installation. Only the relevant homes from those
tables need to be patched.
Patch Availability for Oracle WebCenter
3.3.45 Oracle WebCenter Content
(Formerly Oracle Universal Content Management)
Patch Availability for Oracle WebCenter Content
3.3.46 Oracle WebCenter Portal
Error Correction information for Oracle WebCenter
Portal
|
Patch Information
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle WebCenter Portal
3.3.47 Oracle WebCenter Sites
(Formerly FatWire Content Server)
Error Correction information for Oracle WebCenter
Sites (formerly FatWire Content Server)
|
Patch Information
|
12.2.1.3.0
|
12.2.1.2.0
|
11.1.1.8
|
Comments
|
|
Final CPU
|
-
|
July 2018
|
|
|
Patch Availability for Oracle WebCenter Sites
3.3.48 Oracle WebCenter Sites
Community
Error Correction information for Oracle WebCenter
Sites Community
|
Patch Information
|
11.1.1.8
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle WebCenter Sites
Community
3.3.49 Oracle WebCenter Suite
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle WebCenter Suite installation. Only the relevant homes from
those tables need to be patched.
Patch Availability for Oracle WebCenter Suite
3.3.50 Oracle WebGate
Error Correction information for
Oracle WebGate
|
Patch Information
|
10.1.4.3.0
|
Comments
|
|
Final CPU
|
October 2018
|
For Oracle Access Manager 10g WebGates / ASDK
working with Oracle Access Manager 11gR1 (11.1.1.x) and Oracle Access
Manager 11gR2 (11.1.2.x)
|
|
On-Request platforms
|
Platform and Server combinations that are historically
inactive for patching are available on-request. If the patch is not
available for a particular platform, see Section 1.3, "On-Request
Patches" on how
to request them.
|
Post-Release on-Request patches will be
documented on My Oracle Support Note 1563072.1
|
Patch Availability for
Oracle WebGate
See
also the underlying product stack tables for any applicable
patches. Refer to comments section and apply the patch to the
respective product home.
|
Oracle WebGate
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.3 Home
|
Patch 27953548 - OAM webgate bundle patch 11.1.2.3.180717
or Later
|
Released July 2018
|
|
|
10.1.4.3.0 home
|
OAM 10.1.4.3.13-PIT43 ot later
Patch 23761275 - OAM 10gR3 Access Server
Patch 23762129 - OAM 10gR3 Identity Server
Patch 24303301 - OAM Policy Manager 10gR3 OHS 11g
OAM Webgate 10gR3 Patch 27540327
|
Released April 2018
|
|
3.3.51 Oracle WebLogic Portal
Error Correction information for Oracle WebLogic
Portal
|
Patch Information
|
10.3.6.0
|
Comments
|
|
Final CPU
|
October 2021
|
|
Critical Patch Update Availability for WebLogic
Portal
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
WebLogic Portal patches are cumulative to include all
the prior published advisories. For more information, see My Oracle
Support Note 1355929.1, October 2011 Updates Introduce New WebLogic
Portal (WLP) Configuration Options for SSL Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled with WebLogic
Server 9.2.3.0, which is out of error correction. Contact Oracle support
for security patches needed for WebLogic Server 9.2.3.0
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
WebLogic Portal 10.3.6.0 home
|
Patch 27820719 - Oracle WebLogic Portal 10.3.6.0.0 SPU
for April2018CPU
|
Released April 2018
|
|
3.3.52 Oracle WebLogic Server
Error Correction information for Oracle WebLogic
Server Patch Set Update
|
Patch Information
|
12.2.1.3.0
|
12.2.1.2.0
|
12.1.3.0
|
10.3.6.0
|
Comments
|
|
Final CPU
|
-
|
July 2018
|
October 2019
|
October 2021
|
|
Patch Set Update Availability for Oracle WebLogic
Server
For more information, see MyOracleSupport Note 1470197.1, Patch Set Update (PSU) Release Listing for
Oracle WebLogic Server (WLS). See Note 1306505.1, Patch Set Update (PSU) Administration Guide for
Oracle WebLogic Server (WLS)
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Java SE home
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 2420122.1, Critical Patch Update July 2018 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
|
Oracle WebLogic Server Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
|
WebLogic Server 12.2.1.3 home
|
WLS PSU 12.2.1.3.180717 Patch 27912627
|
CVE-2018-2894, CVE-2018-2935, CVE-2018-7489, CVE-2018-2987,
CVE-2018-2998, CVE-2018-2893
|
Before Applying this PSU, please apply Opatch
13.9.4 Patch 28186730
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
WebLogic Server 12.2.1.2 home
|
WLS PSU 12.2.1.2.180717 Patch 27741413
|
CVE-2018-2894, CVE-2018-2935, CVE-2018-7489,
CVE-2018-2987, CVE-2018-2998, CVE-2018-2893
|
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
|
WLS PSU 12.1.3.0.180717 Patch 27919943
|
CVE-2018-2894, CVE-2018-2935, CVE-2018-2987,
CVE-2018-2998, CVE-2018-2893
|
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
WebLogic Server 10.3.6.0 home
|
WLS PSU 10.3.6.0.180717 Patch 27919965
|
CVE-2018-2935, CVE-2018-2987, CVE-2018-2998, CVE-2018-2893
|
See Note 1607170.1, SSL Authentication Problem Using WebLogic
10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
WebLogic Server 10.3.6.0 home
|
WLS 12.1.3 JDBC Patch 20741228
WLS 10.3.6 JDBC Patch 27541896
|
Released in Jan 2018
|
Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers
Bundled with WebLogic Server 10.3.6 and 12c
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
WebLogic Server 12.2.1.3.0 home
Weblogic Server 12.2.1.2.0 home
WebLogic Server 12.1.3.0.0 home
WebLogic Server 10.3.6.0.0 home
|
Weblogic Samples SPU 12.2.1.3.180717 Patch 28168797
Weblogic Samples SPU 12.2.1.2.180717 Patch 28174810
Weblogic Samples SPU 12.1.3.0.180717 Patch 28174808
Weblogic Samples SPU 10.3.6.0.180717 Patch 28168795
|
CVE-2018-1275
|
Oracle WebLogic Server Requirements for Apache
Struts 2 and CVE-2017-5638 / CVE-2017-9805
This patch is a cumulative patch for all Struts 2
CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for
Apache Struts 2 Vulnerabilities
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS patch
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
WebLogic Server 10.3.6.0 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
3.3.53 Oracle WebLogic Server
Plug-ins
Critical Patch Update Availability for Oracle
WebLogic Server Plug-ins
The available patches for Oracle WebLogic Server
Plug-ins (Oracle HTTP Server/Apache/IIS/iPlanet).
The WebLogic plug-ins include all cumulative bug
fixes and thus include fixes for all previously released advisories. For
more information, see My Oracle Support Note 1111903.1.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
WLS Plugin 1.1 (11.1.1.7)
|
SPU Patch 18423831
SPU Patch 18603703
SPU Patch 18603707
SPU Patch 18603714
|
Released July 2014
|
WLS Plug-in for Oracle HTTP Server (mod_wl_ohs)
WLS Plug-in for Apache (mod_wl)
WLS Plug-in for NSAPI (iPlanet)
WLS Plug-in for ISAPI (Microsoft IIS)
|
3.4 Oracle Sun Middleware
This section contains the following:
3.4.1 Directory
Server Enterprise Edition
Error Correction information for Directory Server
Enterprise Edition
|
Patch Information
|
11.1.1.7.0
|
Comments
|
|
Final CPU
|
October 2019
|
|
Patch Availability for Directory Server Enterprise
Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
ODSEE 11.1.1.7 home
|
ODSEE BP 11.1.1.7.171017 Patch 26724938
|
Released January 2018
|
|
|
11.1.1.7.0
|
ODSEE BP 11.1.1.7.171017 Patch 26724938
|
Released January 2018
|
|
3.4.2 Reserved for Future Use
Error Correction information for Reserved for Future
Use
|
Patch Information
|
1.0
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Reserved for Future Use
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
1.0
|
Reserved for Future Use
|
-
|
|
3.4.3 Oracle GlassFish Server
Error Correction information for Oracle GlassFish
Server
|
Patch Information
|
3.1.2
|
Comments
|
|
Final CPU
|
January 2019
|
|
Patch Availability for Oracle GlassFish Server
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle GlassFish Server 3.1.2
|
BP 3.1.2.18 (Closed Network) Patch 26664433 or later
BP 3.1.2.18 (Full Profile) Patch 26664410 or later
BP 3.1.2.18 (Web Profile) Patch 26664429 or later
|
Released October 2017
|
|
|
Oracle GlassFish Server 3.1.2
|
Patch 25650533
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
|
3.5 Tools
This section contains the following:
3.5.1 Oracle
OPatch
Minimum Product Requirements for Oracle OPatch
The CPU security vulnerabilities are fixed in the
listed release and later releases. The Oracle OPatch downloads can be found
at Patch 6880880.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle OPatch
|
1.0.0.0.64
|
Announced July 2011
|
|
4 Final CPU History
Final CPU History
The Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. For more information, see My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy.
|
Release
|
Final CPUs
|
Comments
|
|
April 2018
|
Oracle Enterprise Manager Grid Control 11.1.0.1
Oracle Hyperion BI+ 11.1.2.x
Oracle Hyperion Common Admin 11.1.2.x
Oracle Hyperion EAS 11.1.2.x
Oracle Hyperion Financial Reporting 11.1.2.x
Oracle Hyperion Installation Technology 11.1.2.x
Oracle Hyperion Smart View For Office 11.1.2.x
Oracle Service Architecture Leveraging Tuxedo (SALT) 11.1.1.2.x
Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 11.1.1.2.x
WebLogic Server 12.2.1.0 home
WebLogic Server 12.1.2.0 home
WebLogic Server 12.1.1.0 home
WLS Plugin 12c (12.1.2.0)
WLS Plugin 1.0 (10.3.4 and older)
|
|
|
January 2018
|
Oracle Endeca Information Discovery Studio 3.1,
3.0, 2.4
Oracle Endeca Information Discovery Studio Integrator 3.1, 3.0, 2.4
Oracle Secure Enterprise Search 11.2.2.2
iPlanet Web Server 7.0
|
|
|
October 2017
|
Directory Server Enterprise Edition 7.0
Oracle Fusion Middleware 12.2.1.1
Oracle GlassFish Communications Server 2.0
Oracle GlassFish Server 3.0.1
Oracle Identity Analytics 11.1.1.5.0
Oracle JDeveloper and Oracle ADF 12.2.1.1.0
Oracle Map Viewer 12.2.1.1
Oracle OpenSSO Agents 3.0
Oracle Waveset 8.1.1.0
Oracle WebLogic Server 12.2.1.1.0
Sun Role Manager 5.0.3.2
|
|
|
July 2017
|
Oracle Endeca Server 7.4
Oracle Enterprise Manager Cloud Control 13.1.0.0
|
|
|
April 2017
|
Oracle TimesTen 11.2.1.x
Oracle Business Intelligence Enterprise Edition 12.2.1.0.0
Business Intelligence Publisher 12.2.1.0.0
Oracle Fusion Middleware 12.2.1.0
Oracle Fusion Middleware 10.1.3.5
Oracle Identity Management Connector 9.1.0.4
Oracle JDeveloper and Oracle ADF 12.2.1.0.0
Oracle JDeveloper and Oracle ADF 10.1.3.5
Oracle WebLogic Server 12.2.1.0.0
|
|
|
January 2017
|
Oracle Business Process Management 10.3.2
Oracle Data Service Integrator 10.3.0
Oracle Outside In Technology 8.5.2
Oracle Service Architecture Leveraging Tuxedo (SALT) 10.3
Oracle WebCenter Interaction 10.3.3.0
Oracle WebLogic Integration 10.3.1.0
iPlanet Web Server 7.0
iPlanet Web Proxy Server 4.0
Oracle GlassFish Server 2.1.1
|
|
|
October 2016
|
Oracle Endeca Server 7.3
Oracle Access Manager 10gR3 (10.1.4.x)
Oracle Access Manager 10g WebGates / ASDK working with OAM 10gR3
(10.1.4.x)
Oracle WebLogic Server Proxy Plug-In 10gR3 (formerly known as WebLogic
Server Proxy Plug-In 1.0)
Oracle Outside In Technology 8.5.1
Oracle Audit Vault 10.3
Oracle Secure Backup 10.4.x
|
|
|
July 2016
|
Oracle Outside In Technology 8.5.0
Oracle Database 12.1.0.1 (See MOS Note 742060.1)
|
|
|
April 2016
|
AquaLogic Data Services Platform 3.2
AquaLogic Data Services Platform 3.0.1
Oracle Business Intelligence Enterprise Edition 11.1.1.7
Oracle Endeca Information Discovery 2.3
Oracle Endeca Information Discovery 2.2.2 (Formerly Latitude)
Oracle Enterprise Manager Cloud Control 12.1.0.4
Oracle Fusion Middleware 12.1.2.0
Oracle Identity Access Management 11.1.2.2
Oracle Tuxedo 11.1.1
Oracle WebCenter 11.1.1.8
Oracle WebCenter Portal 11.1.1.8
Oracle WebCenter Sites 7.6.2
|
|
|
January 2016
|
Oracle Real Time Decisions Server 3.0.0.1
Oracle WebCenter Interaction 6.5.1
|
|
|
July 2015
|
Oracle API Gateway 11.1.2.2.0
Oracle Business Intelligence EE and Publisher 10.1.3.4.2
Oracle Communications Converged Application Server 4.0
Oracle Database 11.2.0.3
Oracle Database 11.1.0.7
Oracle Fusion Middleware 12.1.1.0.0
Oracle Identity and Access Management 11.1.1.5.0
Oracle iPlanet Web Server 6.1.x
Oracle iPlanet Web Server (Java System Web Server 6.1.x)
Oracle WebLogic Server 12.1.1.0
|
|
5 Sources of Additional Information
The following documents provide additional
information about Critical Patch Updates:
- My Oracle Support Note 756671.1, Master Note for Database Proactive
Patch Program
- My Oracle Support Note 822485.1, Master Note for Enterprise Manager
Proactive Patch Program
- My Oracle
Support Note 1494151.1, Master Note on Fusion Middleware
Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs)
- My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager,
TimesTen In-Memory Database, and OCS Software Error Correction Support
Policy
6 Modification History
Modification History
|
Date
|
Modification
|
|
17 July 2018
|
Released
|
|
17 July 2018
|
Updated the row for Patch 28243743 in section
3.3.19.1.1
Updated the row for Patch 28305164 in section 3.3.19.1.1
Updated the row for Patch 28116779 and Patch 27897816 in section 3.3.19.5
Updated the "Platform" column for Patch 28183653 in section 2.2
Updated the "Platform" column for Patch 28251239 in section 2.2
Added row for Patch 28251142 in section 2.2
|
|
July 18, 2018
|
Updated row for Patch 27547329 in section 2.2 to
indicate now available on AIX
Updated Weblogic Samples SPU patch numbers in section 3.3.51
Added row for Patch 28317214 to section 2.2
Updated availabilty for Patch 28317214 in section 2.2
Updated 11.1.2.3 Home information in section 3.3.49
Updated section 3.3.22
Added Patch 28367949 to section 2.2
Added 8 rows for QFSDPs to section 2.2
Added section 3.3.25 for Oracle Hyperion Financial Reporting, and
re-numbered the remaining sections.
|
|
July 19, 2018
|
Updated availability for Patch 28317214,
28183653, 28251239, and 28251142 in section 2.2
Edited Platform abbreviations in section 2.2 for consistency
Corrected the Table of Contents entry for new section 3.3.25
|
|
July 20, 2018
|
Updated CVE list for Patch 27919943 in section
3.3.52
Updated CVE list for Patch 27919965 in section 3.3.52
Updated post release section 2.2
|
|
July 26, 2018
|
Updated post release section 2.2
|
|
July 27, 2018
|
Updated post release section 2.2
|
|
August 06, 2018
|
Updated availability for patches 28317214,
27967747, 28347732, 28347355, 28347358 and 27968010 in section 2.2
Updated row for Patch 28287135 in section 3.3.19.3
Updated comments for patch 27323998 in section 3.3.19.1.1
|
|
August 07, 2018
|
Updated availability for Patch 28367949 in
section 2.2
|
|
August 08, 2018
|
Updated row for Patch 26850241 in section
3.3.19.3 to acknowledge that superseding patch is acceptable.
Updated row for Patch 27074880 in section 3.3.19.1.3 to acknowledge that
superseding patch is acceptable.
Added comment for NOTE 2395745.1 to rows for Weblogic 12.2.1.3, 12.2.1.2,
12.1.3, and 10.3.6 in section 3.3.52
|
|
August 10, 2018
|
Updated OJVM Microsoft Windows Bundle Patch
12.2.0.1.180810 information in section 3.1.4.3
Updated OJVM Microsoft Windows Bundle Patch 11.2.0.4.180810 information
in section 3.1.4.5
Updated OJVM Update 18.3.0 Patch 27923415 information in section 3.1.4.2
Updated Oracle JavaVM Component Microsoft Windows Bundle Patch
12.1.0.2.180717 information in section 3.1.4.4
Added Section 2.5 for Database OJVM Security fix CVE-2018-3110
Updated Advisory Numbers in section 3.1.4.2, 3.1.4.3, 3.1.4.4, and
3.1.4.5
|
|
August 14, 2018
|
Updated Table of Contents for Section 2.
Added additional detail to Modification History entry for Section 2.5
from August 10.
Updated section 2.2 for Patch 27547329, Patch 27967747, and for the SPARC
SuperCluster QFSDPs.
Added comments for Note 2421480.1 and Note 2076338.1 to all WebLogic
Server 12.2.1.3 home rows, 12.2.1.2 home rows, 12.1.3.0 home rows and
10.3.6.0 home rows in section 3.3.52.
|
|
August 15, 2018
|
Corrected the "Product Home" value for
Patch 28170938 in section 3.2.3
Added comment for Patch 26850241 in section 3.3.19.3
Updated comment for Patch 27323998 in section 3.3.19.1.1
|
|
August 24, 2018
|
Update Comments for Patch 27368779 in Section
3.3.19.1.2
Added Final CPU date in Section 3.3.19.1.2
Updated post release section 2.2
|
|
August 28, 2018
|
Updated availability for patch 27968010 in
section 2.2
|
|
August 29, 2018
|
Updated post release section 2.2
|
|
September 04, 2018
|
Updated post release section 2.2
|
|
September 07, 2018
|
Removed legacy Plugins row for 12.2.1.3 home
from section 3.3.19.1.1
Updated post release section 2.2
|
|
September 24, 2018
|
Updated post release section 2.2
|
|
October 04, 2018
|
Updated post release section 2.2
|
|
October 30, 2018
|
Updated the final CPU data for Oracle Fusion
Middleware 12.2.1.2 to Jul 2018 in section 3.3.19.1.2
Updated availability for Patch 28183380 in section 2.2
|
7 Documentation Accessibility
For information about Oracle's commitment to
accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers have access to electronic support
through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Critical Patch Update Availability Document July 2018
Copyright @ 2018, Oracle and/or its affiliates.
All rights reserved.
This software and related documentation are provided
under a license agreement containing restrictions on use and disclosure and
are protected by intellectual property laws. Except as expressly permitted
in your license agreement or allowed by law, you may not use, copy,
reproduce, translate, broadcast, modify, license, transmit, distribute,
exhibit, perform, publish, or display any part, in any form, or by any
means. Reverse engineering, disassembly, or decompilation of this software,
unless required by law for interoperability, is prohibited.
The information contained herein is subject to change
without notice and is not warranted to be error-free. If you find any
errors, please report them to us in writing.
If this is software or related documentation that is
delivered to the U.S. Government or anyone licensing it on behalf of the
U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases,
and related documentation and technical data delivered to U.S. Government
customers are "commercial computer software" or "commercial
technical data" pursuant to the applicable Federal Acquisition
Regulation and agency-specific supplemental regulations. As such, the use,
duplication, disclosure, modification, and adaptation shall be subject to
the restrictions and license terms set forth in the applicable Government
contract, and, to the extent applicable by the terms of the Government
contract, the additional rights set forth in FAR 52.227-19, Commercial
Computer Software License (December 2007). Oracle America, Inc., 500 Oracle
Parkway, Redwood City, CA 94065.
This software or hardware is developed for general
use in a variety of information management applications. It is not
developed or intended for use in any inherently dangerous applications,
including applications that may create a risk of personal injury. If you
use this software or hardware in dangerous applications, then you shall be
responsible to take all appropriate fail-safe, backup, redundancy, and
other measures to ensure its safe use. Oracle Corporation and its
affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle
and/or its affiliates. Other names may be trademarks of their respective
owners.
Intel and Intel Xeon are trademarks or registered
trademarks of Intel Corporation. All SPARC trademarks are used under
license and are trademarks or registered trademarks of SPARC International,
Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or
registered trademarks of Advanced Micro Devices. UNIX is a registered
trademark of The Open Group.
This software or hardware and documentation may
provide access to or information on content, products, and services from
third parties. Oracle Corporation and its affiliates are not responsible
for and expressly disclaim all warranties of any kind with respect to
third-party content, products, and services. Oracle Corporation and its
affiliates will not be responsible for any loss, costs, or damages incurred
due to your access to or use of third-party content, products, or services.
|
