|
Oracle Fusion Middleware - Version
11.1.1.7.0 and later
Oracle Database - Enterprise Edition - Version 11.2.0.4 and later
Oracle WebLogic Server - Version 10.3.6 and later
Oracle Database - Standard Edition - Version 11.2.0.4 and later
Information in this document applies to any platform.
This document defines the patches and minimum releases
for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch
Updates and Patch Set Updates released on April 17, 2018.
The document is for Database Administrators
and/or others tasked with Quarterly Security Patching.
Database, Fusion Middleware, and
Enterprise Manager Critical Patch Update April 2018 Patch Availability
Document
My Oracle Support Note 2353306.1
Released April 17, 2018
This document contains the following sections:
1 Overview
Oracle provides quarterly cumulative patches to address
security vulnerabilities. The patches may include critical fixes in addition
to the security fixes. The security vulnerabilities addressed are announced
in the Advisory for April 2018, available at:
Oracle Technical Network Advisory
This document lists the Oracle Database, Fusion Middleware
and Enterprise Manager CPU program cumulative patches for product releases
under error correction. The April 2018 release supersedes earlier CPU program
cumulative patches for the same product releases. This document is subject to
continual update after the initial release, and the changes are listed
in "Modification History." If you print this document, check My
Oracle Support to ensure you have the latest version.
This section contains the following:
1.1 How To Use This Document
The following steps explain how to use this document.
Step 1 Assess your Environments
Determine the Oracle product suites and
products and their release numbers for each of your environments.
Step 2 Read Important
Announcements
Review "What's New in April 2018," as it lists documentation and
packaging changes along with important announcements such as upcoming final
CPUs.
Step 3 Determine Patches
to be Applied
For each environment, determine which
patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for
each product suite release, such as Oracle Database 12.2.0.1, Oracle Identity
Access Management 11.1.2.3, and Enterprise Manager Cloud Control 12.1.0.5.
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of the
homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or Extended
Support and are under error correction as defined in My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error
Correction Support Policy. Patches are provided only for these releases.
If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for
further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's CPU
Advisory, list the vulnerability CVE numbers in the Advisory Number column.
If you are interested in the risk matrix for the vulnerabilities fixed in the
patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous
quarterly releases, or the current one without any security fixes, the column
indicates "Released MMM YYYY"
·
When
a section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is referenced, determine the Oracle
Database release that is installed, and find the patches to apply in the
table for that Oracle Database release in "Oracle Database."
Step 4 Apply the Patches
Download the patches, review the READMEs,
and apply the patches according to the instructions.
Step 5 Planning for Future
Critical Patch Updates
To help you plan for future Critical Patch
Updates, this document includes Final CPU information based on Oracle's
Lifetime Support Policy and error correction policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in April 2018," documents product releases for which
final Critical Patch Updates are upcoming or are being announced. In each
product section, there is also an Error Correction Information Table that
documents the final CPU program patch for the product. Products that have
reached the end of error correction are documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used in this patch
availability document and in the subsequent tables.
- Update - Release Update
- Revision -Release Update Revision
- BP - Bundle Patch
- Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
- NA Not Applicable.
- OR On-Request. The patch is made available
through the On-Request program.
- PSU - Patch Set Update
- SPU - Security Patch Update. An iterative,
cumulative patch consisting of security fixes.
- Overlay SPU patch provided as an overlay on top of a
PSU or BP instead of a base/patch set release.
1.3 On-Request Patches
Oracle does not proactively release patches for
historically inactive platforms. However, Oracle will deliver these patches
when requested.
The following guidelines describe how to initiate an
on-request (OR) patch.
A request may be made:
- At any
time. However, a patch for a specific quarterly release, such as
CPUOct2012, cannot be requested. Depending on when the request is
received and processed, either the patch for the current quarterly
release or the next quarterly release will be provided. Your Service
Request (SR) will provide you the planned availability date for the
patch.
- As long as
the version is in either Premier Support or Extended Support and error
correction support has not expired. For example, if a product release is
under Extended Support through the release of CPUJan2013 on January 15,
2013, then you can file a request for the product release through
January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error
Correction Support Policy.
- For a platform-version
combination when a major release or patch set is released on a platform
after a quarterly release date. Oracle will provide the next patch for
that platform-version combination, however you
may request the current patch by following the on-request process. For
example, if a patch is released for a platform on August 1, 2012, Oracle
will provide the CPUOct2012 patch for that platform. You may request a
CPUOct2012 patch for the platform, and Oracle will review the request
and determine whether to provide CPUJul2012 or CPUOct2012.
A patch that is marked as on-request (OR) may already have
been requested by another customer and be available on My Oracle Support.
Before you file a Service Request (SR), check on My Oracle Support to see if
the patch is already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch recommendation features are
available on the Patches & Update tab. The patches announced in this
document as part of the CPU program are classified as "Security"
patch recommendations in My Oracle Support. If a new patch is being announced
in this document, then the classification on any earlier patch is changed to
"General", causing it to be removed from the My Oracle Support
patch recommendations. If a patch has a "Security" classification,
and a subsequent bundle, SPU, or PSU is released with a recommendation
classification, then it will be classified as a "Security"
recommendation in My Oracle Support.
Once a product release is no longer in error
correction, its CPU patch information is removed from this document, but the
last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle Support (MOS) Conflict Checker tool is
available as of July 21, 2014.
You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the
Patch Search results screen ("Analyze with OPatch"
button).
The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to
apply to your environment. If no conflicts are found, you can download the
patches. If conflicts are found, the tool finds an existing resolution to
download. If no resolution is found, you can request a solution, and monitor
your request in the Plans region.
For more information and a demonstration video, see
Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict Checker
Tool for Patches Installed with OPatch [Video].
2 What's New in April 2018
This section describes important changes in April 2018:
2.1 Final CPU Information (Error
Correction Policies)
The final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended Support
policies. Final CPUs for upcoming releases, as well as newly scheduled final
CPUs, are listed in the following sections.
Final CPUs scheduled for July 2018
- FMW
12.2.1.2 all components
- Oracle
Communications Converged Application Server 5.0
Final CPUs scheduled for April 2018
- Oracle
Enterprise Manager Grid Control 11.1.0.1
- Oracle
Service Architecture Leveraging Tuxedo (SALT) 11.1.1.2.x
- Oracle
Tuxedo System and Applications Monitor Plus (TSAM Plus) 11.1.1.2.x
- Oracle
Hyperion BI+ 11.1.2.x
- Oracle
Hyperion Common Admin 11.1.2.x
- Oracle
Hyperion EAS 11.1.2.x
- Oracle
Hyperion Financial Reporting 11.1.2.x
- Oracle
Hyperion Installation Technology 11.1.2.x
- Oracle
Hyperion Smart View For Office 11.1.2.x
2.2 Post Release Patches
Oracle strives to complete preparations and testing of
each Quarterly Security Patch for each platform by the quarterly release
date. Occasionally, circumstances beyond our control dictate that a
particular patch be delayed and be released a few days after the quarterly
release date. The following table lists any current patch delays and the estimated
date of availability.
|
Patch Number
|
Patch
|
Platform
|
Availability
|
|
Patch 27393427
|
OAM webgate bundle patch
11.1.2.3.180417
|
Linux x86 (32-bit), HPUX-Itanium, IBM AIX, Oracle
Solaris and Oracle Solaris.Sparc
|
Available
|
|
Patch 27393427
|
OAM webgate bundle patch
11.1.2.3.180417
|
Windows
|
Available
|
|
Patch 27863709
|
OAM webgate bundle patch
12.2.1.3.180414
|
Windows
|
Available
|
|
Patch 27863709
|
OAM webgate bundle patch
12.2.1.3.180414
|
IBM AIX
|
Available
|
|
Patch 27803069
|
QFSDP for Exadata
(Apr2018 - 18.2.0.0)
|
Linux x86-64
|
Available
|
|
Patch 27475857
|
QFSDP for Exadata
(Apr2018 - 12.2.0.1)
|
Linux x86-64, Solaris x86-64
|
Available
|
|
Patch 27475867
|
QFSDP for Supercluster
(Apr2018 - 12.2.0.1)
|
Solaris SPARC (64-bit)
|
Available
|
|
Patch 27475838
|
QFSDP for Exadata
(Apr2018 - 12.1.0.2)
|
Linux x86-64, Solaris x86-64
|
Available
|
|
Patch 27475846
|
QFSDP for Supercluster
(Apr2018 - 12.1.0.2)
|
Solaris SPARC (64-bit)
|
Available
|
|
Patch 27475818
|
QFSDP for Exadata
(Apr2018 - 11.2.0.4)
|
Linux x86-64, Solaris x86-64
|
Available
|
|
Patch 27475833
|
QFSDP for Supercluster
(Apr2018 - 11.2.0.4)
|
Solaris SPARC (64-bit)
|
Available
|
|
Patch 27856791
|
Database Jan 2018 RUR 12.2.0.1.180417
|
All Except Linux x86-64
|
Available
|
|
Patch 27696736
|
GI Jan 2018 RUR 12.2.0.1.180417
|
All Except Linux x86-64
|
Available
|
|
Patch 27427077
|
Database Oct 2017 RUR 12.2.0.1.180417
|
All Except Linux x86-64
|
Available
|
|
Patch 27696758
|
GI Oct 2017 RUR 12.2.0.1.180417
|
All Except Linux x86-64
|
Available
|
2.3 New Database Master Note
Information that is specific to the Database proactive
patch program has been moved to Note 756671.1, Master Note for Database Proactive Patch Program.
Patches that are announced as part of the CPU program continue to be listed
here.
2.4 Updates and
Revisions bundle Strategy for 12.2.0.1 and later Database versions
Information on the Update and Revision bundle patches
is also found in the Database Master Note, as well as in Note 2285040.1 Release Update Introduction and FAQ
2.5 Database Bundle
client applicability moving to this Patch Availability Document (PAD)
Database bundle patch README files have historically
had a section indicating for each installation type, the most recent patches,
which includes new security fixes that are pertinent to that installation
type. If a specific patch is listed, then apply that or any later patch to be
current with security fixes.
This information has been moved from the README files
to the Patch Availability Document (PAD).
3 Patch Availability for Oracle Products
This section contains the following:
3.1 Oracle Database
This section contains the following:
3.1.1 Oracle
REST Data Services (formally called Oracle APEX Listener)
Error Correction information for Oracle REST Data
Services 3.0
|
Patch Information
|
3.0
|
Comments
|
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle REST Data
Services
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle REST Data Services downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
3.0.10.25.02.36
|
Released July 2017
|
|
3.1.2 Oracle Application Express
Minimum Product Requirements for Oracle Application
Express
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Application Express downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Application Express
|
5.1.4.00.08
|
Released January 2018
|
|
3.1.3 Oracle Big Data Spatial and Graph
Error Correction information
for Oracle Big Data Spatial and Graph
|
Patch Information
|
2.0
|
1.2
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Minimum Product
Requirements for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Big Data Spatial
and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Big Data Spatial and Graph
|
2.0
|
Released January 2017
|
|
|
Oracle Big Data Spatial and Graph
|
1.2
|
Released January 2017
|
|
3.1.4 Oracle Database
This section contains the following:
3.1.4.1 Patch
Availability for Oracle Database
For information regarding the different types of patches
for Database, refer to Oracle Database - Overview of Database Patch Delivery
Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch
Delivery Methods for 12.2.0.1 and greater, Note 2337415.1
3.1.4.2 Oracle
Database 18
|
Patch Information
|
18
|
Comments
|
|
Final CPU
|
-
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 18
As of the Release date (17-Apr-2018) the only Oracle
Database 18 software that is available is 18.1.0 for on-premise
Exadata. Therefore, the following patches for
Oracle Database 18 are only for on-premise Exadata systems that are running Oracle Database 18.1.0.
3.1.4.3 Oracle
Database 12.2.0.1
Patch
Availability for Oracle Database 12.2.0.1
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Database Server home
|
Combo
OJVM Update 12.2.0.1.180417 and Database Update 12.2.0.1.180417 Patch
27726453 for UNIX, or
Combo OJVM Update 12.2.0.1.180417 and GI Update
12.2.0.1.180417 Patch
27726454, or
Quarterly Full Stack download for Exadata
(Apr2018) 12.2.0.1 Patch
27475857 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Apr2018) 12.2.0.1 Patch
27475867 for Solaris SPARC 64-Bit
|
CVE-2018-2841
|
For availability dates, see Post
Release Patches
OJVM
Update Patches are not RAC Rolling installable
Combos
are for environments that take a single downtime to apply all patches
See Note
1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM
PSU and OJVM Update) Patches
|
|
Oracle
Database Server home
|
Database
Apr 2018 Update 12.2.0.1.180417 Patch
27674384 for UNIX, or
Database Oct 2017 Revision 12.2.0.1.180417 Patch
27427077, or
Database Jan 2018 Revision 12.2.0.1.180417 Patch
27856791, or
GI Update 12.2.0.1.180417 Patch
27468969, or
GI Oct 2017 Revision 12.2.0.1.180417 Patch
27696758, or
GI Jan 2018 Revision 12.2.0.1.180417 Patch
27696736, or
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.180417 Patch
27426753, or later;
Quarterly
Full Stack download for Exadata (Apr2018)
12.2.0.1 Patch
27475857 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Apr2018) 12.2.0.1 Patch
27475867 for Solaris SPARC 64-Bit
|
Released April 2018
|
For availability dates, see Post
Release Patches
|
|
Oracle
Database Server home
|
OJVM
Update 12.2.0.1.180417 Patch
27475613 for UNIX, or
OJVM Microsoft Windows Bundle Patch
12.2.0.1.180417 Patch
27650410
|
CVE-2018-2841
|
See Note
1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle
Database Client home
|
Database
Update 12.2.0.1.170718 Patch
26123830
|
Released July 2017
|
The Instant Client installation is not the same as the
client-only Installation. For additional information about Instant Client
installations, see Oracle
Call Interface Programmer's Guide.
|
3.1.4.4 Oracle
Database 12.1.0.2
Error Correction
information for Oracle Database 12.1.0.2
Patch
Availability for Oracle Database 12.1.0.2
If the Combo
patches that are listed in the first row are applied, then the patches listed
in Rows 2 and 3 do not need to be applied.
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Database Server home
|
Combo
OJVM PSU 12.1.0.2.180417 and Database PSU 12.1.0.2.180417 Patch
27726471 for UNIX, or
Combo OJVM PSU 12.1.0.2.180417 and GI PSU
12.1.0.2.180417 Patch
27726478, or
Combo OJVM PSU 12.1.0.2.180417 and database Proactive
BP 12.1.0.2.180417 Patch
27726492 for UNIX, or
Quarterly Full Stack download for Exadata
(Apr2018) BP 12.1.0.2 Patch
27475838 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Apr2018) BP 12.1.0.2 Patch
27475846 for Solaris SPARC 64-Bit
|
CVE-2018-2841
|
For availability dates, see Post
Release Patches
OJVM PSU
Patches are not RAC Rolling installable
Combos
are for environments that take a single downtime to apply all patches
See Note
1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle
Database Server home
|
Database
PSU 12.1.0.2.180417 Patch
27338041 for UNIX, or
GI PSU 12.1.0.2.180417 Patch
27468957
or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.180417 Patch
27440294, or later;
Database
Proactive Bundle Patch 12.1.0.2.180417 Patch
27486326 or
Quarterly Full Stack download for Exadata
(Apr2018) BP 12.1.0.2 Patch
27475838 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Apr2018) BP 12.1.0.2 Patch
27475846 for Solaris SPARC 64-Bit
|
Released April 2018
|
For availability dates, see Post
Release Patches
|
|
Oracle
Database Server home
|
Oracle JavaVM Component Database PSU 12.1.0.2.180417 Patch
27475603 for UNIX, or
Oracle JavaVM Component
Microsoft Windows Bundle Patch 12.1.0.2.180417 Patch
27650403
|
CVE-2018-2841
|
OJVM PSU Patches are not RAC Rolling installable
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch
23727148
See Note
1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle
Database Server home
|
Oracle JavaVM Component Database PSU - Generic JDBC
12.1.0.2.160719 Patch
23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database Patch Set Update 12.1.0.2.170418 Patch
25171037
|
Released April 2017
|
The Instant Client installation is not the same as the
client-only Installation. For additional information about Instant Client
installations, see Oracle
Call Interface Programmer's Guide.
|
3.1.4.5 Oracle
Database 11.2.0.4
Error Correction
information for Oracle Database 11.2.0.4
Patch
Availability for Oracle Database 11.2.0.4
If the Combo
patches that are listed in the first row are applied, then the patches listed
in Rows 2 and 3 do not need to be applied.
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Database Server home
|
Combo
OJVM PSU 11.2.0.4.180417 (CPUApr2018) and Database SPU 11.2.0.4.171017
(CPUOct2017) Patch
27726497 for UNIX, or
Combo OJVM PSU 11.2.0.4.180417 and Database PSU
11.2.0.4.180417 Patch
27726500 for UNIX, or
Combo OJVM PSU 11.2.0.4.180417 and GI PSU
11.2.0.4.180417 Patch
27726505, or
Combo OJVM PSU 11.2.0.4.180417 and Exadata
BP 11.2.0.4.180417 Patch
27726508
|
CVE-2018-2841
|
For availability dates, see Post
Release Patches
OJVM PSU
Patches are not RAC Rolling installable.
Combos
are for environments that take a single downtime to apply all patches
See Note
1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle
Database Server home
|
Database
PSU 11.2.0.4.180417 Patch
27338049 for UNIX, or
GI PSU 11.2.0.4.180417 Patch
27475913 for UNIX, or
Database SPU 11.2.0.4.171017 (CPUOct2017) Patch
26474853 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP
11.2.0.4.180417 Patch
27381640, or later;
Quarterly
Database Patch for Exadata BP
11.2.0.4.180417 Patch
27475722 for UNIX, or
Quarterly Full Stack download for Exadata
(Apr2017) BP 11.2.0.4 Patch
27475818, or
Quarterly Full Stack download for Supercluster
(Apr2017) BP 11.2.0.4 Patch
26635432
|
Released April 2018
|
For availability dates, see Post
Release Patches
There is
no Database SPU for 11.2.0.4 for the Apr 2018 cycle as there are no new CPU
security vulnerabilities applicable. Future patches are planned until end
of Error Correction listed in the table above.
|
|
Oracle
Database Server home
|
Oracle JavaVM (OJVM) Component Database PSU
11.2.0.4.180417 Patch
27475598 for UNIX, or
Oracle JavaVM (OJVM)
Component Database PSU 11.2.0.4.180417 Patch
27650399 for Microsoft Windows
|
CVE-2018-2841
|
OJVM PSU 11.2.0.4.161018 and greater includes Generic
JDBC Patch
23727132
See Note
1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle
Database Server home
|
Oracle JavaVM Component Database PSU - Generic JDBC
11.2.0.4.160719 Patch
23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied to
Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note
1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle
Database Client home
|
Database
Patch Set Update 11.2.0.4.170418 Patch
24732075
|
Released April 2017
|
The Instant Client installation is not the same as the
client-only Installation. For additional information about Instant Client
installations, see Oracle
Call Interface Programmer's Guide.
|
3.1.5 Oracle
Database Mobile/Lite Server
Error Correction
Information for Oracle Database Mobile Server
Patch
Availability for Oracle Database Mobile Server 12.1.x
Patch Availability for Oracle Database Mobile Server 11.3.x
3.1.6 Oracle GoldenGate
Error Correction information for Oracle GoldenGate
Patch Availability for Oracle GoldenGate
3.1.7 Oracle
GoldenGate Veridata
Error Correction
information for Oracle GoldenGate Veridata
Patch
Availability for Oracle GoldenGate Veridata
3.1.8 Oracle Secure Backup
Error Correction information for Oracle Secure Backup
Minimum Product Requirements for Oracle Secure Backup
Critical Patch Update security vulnerabilities are fixed in the listed
releases. The Oracle Secure Backup downloads and installation instructions
can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
3.2 Oracle Enterprise Manager
This section contains the following:
3.2.1 Oracle
Application Performance Management
Error Correction
information for Oracle Application Performance Management
Minimum Product
Requirements for Oracle Application Performance Management
Critical Patch
Update security vulnerabilities are fixed in the listed releases. For more
information on Oracle Application Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
3.2.2 Oracle Application Testing Suite
Error Correction information for Oracle Application Testing Suite
Patch Availability for Oracle Application Testing Suite
These patches contain Critical Patch Update security vulnerabilities
fixes for this release. All previous versions will need to be upgraded to the
minimum version. Then, apply the following patches to fix the announced
security vulnerabilities. For Oracle Application Testing Suite downloads and
installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
3.2.3 Oracle Enterprise Manager Cloud Control
Error Correction information for Oracle Enterprise Manager Cloud
Control
Patch Availability for Oracle Enterprise Manager Cloud Control 13c
Release 1 (13.2.0.0)
Patch Availability for Oracle Enterprise Manager Cloud Control 12c
Release 5 (12.1.0.5)
3.2.4 Oracle Enterprise Manager Grid Control 11g (11.1.0.1)
Error Correction information for Oracle Enterprise Manager Grid Control
11g (11.1.0.1)
Patch Set Update Availability for Oracle Enterprise Manager Grid
Control 11g (11.1.0.1)
The fixes for security Alert for CVE-2015-4852 are part of Jan2016 WebLogic Server CPU program patches described in this
section.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Base Platform Repository Home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
|
|
Base
Platform Agent Home
|
Unix PSU
11.1.0.1.160119 Patch
9346289
Windows PSU 11.1.0.1.160119 Patch
22274004
|
Released January 2016
|
|
|
Base Platform OMS Home
|
PSU 11.1.0.1.160119 Patch
22266340
|
Released January 2016
|
|
|
Base Platform Fusion Middleware home
|
SPU Patch
14681307
|
Released October 2012
|
WLS 10.3.2.0 JDBC Patch (Not a SU). Before installing
this SPU, see Note
1493990.1, Patching for CVE-2012-3137
|
|
Base
Platform Fusion Middleware home
|
SPU Patch
18992301
SPU Patch
18992319
SPU Patch
18547380
SPU Patch
23539151
SPU Patch
20926784
SPU Patch
18992399
SPU Patch
23539193
SPU Patch
22808855
SPU Patch
20083974
SPU Patch
22360634
|
Released July 2014
Released July 2014
Released April 2014
Released July 2016
Released July 2015
Released July 2014
Released July 2016
Released April 2016
Released January 2015
Released January 2016
|
WLS 10.3.2.0 JVM Patch (SU ID: DHM2)
WLS 10.3.2.0 Deployment Patch (SU ID: Y5B9)
WLS 10.3.2.0 CSS Patch (SU ID: 9AVS)
WLS 10.3.2.0 JMS+Core Patch
(SU ID: JN9V)
WLS 10.3.2.0 WebServices
Patch (SU IDs: SAGA, L8DT, A4JA, 2HLN, SK77, X8W6, NFFE, BIMC)
WLS 10.3.2.0 Security Patch (SU IDs: VHAC, R4P6, NSYJ,
8279)
WLS 10.3.2.0 WebApp Patch
(SU ID: RJX5)
WLS 10.3.2.0 Console Patch (SU ID: 7CB7)
WLS 10.3.2.0 CIE Patch (SU ID: GVGW)
WLS 10.3.2.0 Install Patch (SU ID: 8N2J)
For CVE-2014-4256, see Note
1903763.1, Download Request for Security
Configuration
|
|
Base
Platform Repository Home
|
CPU Patch
13705493
|
Released April 2012
|
OC4J 10.1.2.3 one-off Patch
Enterprise Manager Grid Control
|
3.2.5 Oracle Enterprise Manager Ops Center
Error Correction information for Oracle Enterprise Manager Ops Center
Patch Availability for Oracle Enterprise Manager Ops Center
These patches contain Critical Patch Update security vulnerabilities
fixes for this release. All previous versions will need to be upgraded to the
minimum version. Then, apply the following patches to fix the announced
security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads
and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
3.2.6 OSS Support Tools
Error Correction information for OSS Support Tools
Patch Availability for OSS Support Tools
3.2.7 Oracle
Configuration Manager
Minimum Product
Requirements for Oracle Configuration Manager
Critical Patch
Update security vulnerabilities are fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com).
Customer can use collector tab to down the Oracle Configuration Manager
Collector.
3.3 Oracle
Fusion Middleware
This section
contains the following:
3.3.1 Management
Pack For Oracle GoldenGate
Error Correction
information for Management Pack For Oracle GoldenGate
Patch
Availability for Management Pack For Oracle GoldenGate
3.3.2 NetBeans
IDE
Minimum Product Requirements for NetBeans IDE
Critical Patch Update security vulnerabilities are fixed in the listed
releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/
3.3.3 Oracle API Gateway
Error Correction
information for Oracle API Gateway
Patch
Availability for Oracle API Gateway
3.3.4 Oracle Big Data Discovery
Minimum Product Requirements for Oracle Big Data Discovery
Critical Patch Update security vulnerabilities are fixed in the
listed release only and installations with any prior versions will need to
move to the listed version. For Oracle Big Data Discovery downloads, seehttps://edelivery.oracle.com and search
for "Oracle Big Data Discovery".
3.3.5 Oracle Business Intelligence App Mobile
Designer
Error Correction
information for Oracle Business Intelligence App Mobile Designer
Patch
Availability for Oracle Business Intelligence App Mobile Designer
3.3.6 Oracle Business Intelligence Enterprise Edition
Error Correction information for Oracle Business Intelligence
Enterprise Edition
Patch Availability for Oracle Business Intelligence Enterprise Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any
Database Server associated to a Fusion Middleware installation
|
|
Oracle
Java SE home
|
See Note
2376001.1, Critical Patch Update Apr 2018 Patch
Availability Document for Oracle Java SE
|
See Note
2376001.1, Critical Patch Update Apr 2018 Patch
Availability Document for Oracle Java SE
|
See Note
1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g Products
|
|
Oracle JRockit 28.x home
|
See "Oracle
JRockit"
|
See "Oracle
JRockit"
|
|
|
Oracle WebLogic Server home
|
See "Oracle
WebLogic Server"
|
See "Oracle
WebLogic Server"
|
See Note
1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle
WebLogic Server Plug-ins"
|
See "Oracle
WebLogic Server Plug-ins"
|
WLS
Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
|
FMW 12c
home
|
See "Oracle
Fusion Middleware 12c"
|
See "Oracle
Fusion Middleware 12c"
|
|
|
11.1.1.9
|
Oracle BI
Suite BP 11.1.1.9.180417 Patch
27737733 or higher
|
CVE-2015-7501, CVE-2017-5662
|
|
|
11.1.1.9
|
Oracle Business Intelligence Enterprise Edition BP
11.1.1.9.1 Patch
21235195 or higher
|
Released July 2015
|
BIEE Third Party Bundle Patch
|
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.180417 Patch
27617562 or higher
|
CVE-2015-7501, CVE-2017-5662
|
|
|
11.1.1.7
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch
27197885
|
Released January 2018
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 SSL
Configuration Required to Secure Oracle HTTP Server After Applying Security
Patch Updates
Note 2350321.1 Preventing
Slow HTTP DoS Attacks on Oracle HTTP Server After
Applying Security Patch Updates
|
|
11.1.1.7
|
SPU Patch
25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
|
11.1.1.7
|
SPU Patch
18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note
1905314.1, New SSL Protocol and Cipher Options for
Oracle Fusion Middleware 11g OPMN/ONS
|
|
11.1.1.7
|
SPU Patch
17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
|
11.1.1.7
|
CPU Patch
17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
|
DAC 11.1.1.6.4 home
|
Patch 27825965- dac 11.1.1.6.4 / obi application 7.9.6.4 spu for apr2018cpu
|
CVE-2017-5645
|
Patch can be installed in any home
|
3.3.7 Oracle Business Intelligence Mobile
Error Correction information for Oracle Business Intelligence Mobile
Minimum Product Requirements for Oracle Business Intelligence Mobile
3.3.8 Oracle Business Intelligence Publisher
Error Correction information for Oracle Business Intelligence Publisher
Patch Availability for Oracle Business Intelligence Publisher
3.3.9 Oracle Complex Event Processing
Error Correction information for Oracle Complex Event Processing
Patch Availability for Oracle Complex Event Processing
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
3.3.10 Oracle Data Quality for Oracle Data Integrator
Error Correction information for Oracle Data Quality for Oracle Data
Integrator
Patch Availability for Oracle Data Quality for Oracle Data Integrator
3.3.11 Oracle Data Visualization Desktop
Error Correction information for Oracle Data Visualization Desktop
Patch availability for Oracle Data Visualization Desktop
3.3.12 Oracle Endeca Server
Error Correction information for Oracle Endeca
Server
Patch availability for Oracle Endeca Server
3.3.13 Oracle Endeca Information
Discovery Studio
Error Correction information for Oracle Endeca
Information Discovery Studio
Patch availability for Oracle Endeca
Information Discovery Studio
3.3.14 Oracle
Endeca Information Discovery Integrator
Error Correction
information for Oracle Endeca Information Discovery
Studio Integrator
Patch
availability for Oracle Endeca Information
Discovery Studio Integrator
3.3.15 Oracle Enterprise Data Quality
Error Correction information for Oracle Enterprise Data Quality
Patch Availability for Oracle Enterprise Data Quality
3.3.16 Oracle
Enterprise Repository
Error Correction
information for Oracle Enterprise Repository
Patch
Availability for Oracle Enterprise Repository
3.3.17 Oracle Exalogic Patch Set Update
(PSU)
Error Correction information for Oracle Exalogic
Patch Set Update (PSU)
Patch Set Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.2.170418 Physical Linux x86-64 (for all X2-2,
X3-2, X4-2, X5-2) PSU Patch
25422080
2.0.6.2.170418 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2)
PSU Patch
25422080
|
Released April 2017
|
See Note
1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
|
2.x
Virtual
|
2.0.6.2.170418
Virtual (for all X2-2, X3-2, X4-2, X5-2) PSU Patch
25422070
|
Released April 2017
|
See Note
1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
|
1.x
|
Upgrade
to 2.x based on information in the Comments column. Then apply the patches
listed above.
|
Released
March 2012 (13795376)
Released Februrary 2013 (15931901)
|
See Patch
14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE
KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch
14834860 Oracle Exalogic
2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64
(64 bit)
See Note
1314535.1, Announcing Exalogic
PSUs (Patch Set Updates)
|
3.3.18 Oracle
Forms and Reports
For the
appropriate product versions listed below, refer to the corresponding Oracle
Fusion Middleware patch availability sections that contain information on
Error Correction, and for the patches to apply. Not all homes that are listed
in those sections might be present in the Oracle Forms and Reports installation.
Only the relevant homes from those tables need to be patched.
Patch
Availability for Oracle Forms and Reports
3.3.19 Oracle
Fusion Middleware
For more
information on how to identify the components in an Oracle home, see Note
1591483.1, What is Installed in My Middleware or
Oracle home?.
This section
contains the following:
3.3.19.1 Oracle
Fusion Middleware 12c
The sections
below cover Oracle Fusion Middleware version 12.2.x and 12.1.x
3.3.19.1.1 Oracle
Fusion Middleware 12.2.1.3
Error Correction
information for Oracle Fusion Middleware 12.2.1.3
Patch
Availability for Oracle Fusion Middleware 12.2.1.3
3.3.19.1.2 Oracle Fusion Middleware 12.2.1.2
Error Correction information for Oracle Fusion Middleware 12.2.1.2
Patch Availability for Oracle Fusion Middleware 12.2.1.2
3.3.19.1.3 Oracle Fusion Middleware 12.1.3.0
Error Correction information for Oracle Fusion Middleware 12.1.3.0
Patch Availability for Oracle Fusion Middleware 12.1.3.0
3.3.19.2 Oracle
Forms and Reports 11.1.2.2
Error Correction
information for Oracle Forms and Reports 11.1.2.2
Patch
Availability for Oracle Forms and Reports 11.1.2.2
3.3.19.3 Oracle
Fusion Middleware 11.1.1.9
Error Correction
information for Oracle Fusion Middleware 11.1.1.9
Patch
Availability for Oracle Fusion Middleware 11.1.1.9
3.3.19.4 Oracle
Fusion Middleware 11.1.1.7
Error Correction information for Oracle Fusion Middleware 11.1.1.7
Patch
Availability for Oracle Fusion Middleware 11.1.1.7
|
Product Home
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle
Database home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any
Database Server associated to a Fusion Middleware installation
|
|
Oracle
Java SE home
|
See Note
2376001.1, Critical Patch Update Apr 2018 Patch
Availability Document for Oracle Java SE
|
See Note
2376001.1, Critical Patch Update Apr 2018 Patch
Availability Document for Oracle Java SE
|
See Note
1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g Products
|
|
Oracle JRockit 28.x home
|
See "Oracle
JRockit"
|
See "Oracle
JRockit"
|
|
|
Oracle WebLogic Server home
|
See "Oracle
WebLogic Server"
|
See "Oracle
WebLogic Server"
|
See Note
1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle
WebLogic Server Plug-ins"
|
See "Oracle
WebLogic Server Plug-ins"
|
WLS
Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
|
Oracle
SOA 11.1.1.7 home
|
SOA BP
11.1.1.7.8 Patch
20900797
SOA Overlay SPU 11.1.1.7.8 Patch
26882430
|
Released October 2017
|
SOA Patches
Overlay SPU patch can only be installed after the base
BP has been installed.
|
|
Oracle Identity Management 11.1.1.7 home
|
OVD 11.1.1.7 Patch
26962267
|
Released October 2017
|
Oracle Virtual Directory (OVD) Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch
27197885
|
Released January 2018
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 SSL
Configuration Required to Secure Oracle HTTP Server After Applying Security
Patch Updates
Note 2350321.1 Preventing
Slow HTTP DoS Attacks on Oracle HTTP Server After
Applying Security Patch Updates
|
|
ODI
11.1.1.7 home
|
ODI
SPU Patch
24826305
|
Released July 2017
|
Oracle Data Integrator Patch
|
|
OSB 11.1.1.7 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
Patch 19933795
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
ODI Patch
25507109
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
|
FMW 11.1.1.7 ORACLE_COMMON home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
JRF BP 11.1.1.7.160905 Patch
23243559 or later
|
Released January 2017
|
JRF BP
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
BP Patch
24486705
|
Released October 2016
|
Web Services BP
|
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
SPU Patch
24716502
|
Released October 2016
|
Oracle Discoverer Patch
|
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
See Note
2155256.1
|
Released
July 2016
|
For
Oracle Portal 11.1.1.6
|
|
Oracle
Identity Access Management 11.1.1.7 home
|
SPU Patch
22218959
|
Released July 2016
|
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
SPU Patch
22013598
|
Released January 2016
|
Web Cache Patch
See Note
2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL
Cipher Suite Changes Beginning with CPU January 2016
|
|
Oracle
Identity Management 11.1.1.7 home
Oracle
Web Tier 11.1.1.7 home
Oracle
Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
DB
PSU Patch
22290164 for Unix
DB BP Patch
22607089 for Windows 32-Bit
DB BP Patch
22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Identity Manager BP 2 (11.1.1.7.2) Patch
21881425 and OIM OVERLAY SPU 11.1.1.7.161018 Patch
24816127
|
Overlay SPU: Released October 2016
OIM BP2: Released October 2015
|
Oracle Identity Manager Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite
11.1.1.7 home
|
SPU Patch
25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Access Manager BP 5 (11.1.1.7.5) Patch
21033489 or later
|
Released July 2015
|
Oracle Access Manager (OAM 11.1.1.7.5) Patch
See Note
1952939.1, Oracle Access Manager 11g Logout
Confirmation Features and Configuration
|
|
Oracle
Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
SPU Patch
19562278
|
Released January 2015
|
Oracle Forms 11.1.1.7 Patch
|
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
SPU Patch
20002159
|
Released January 2015
|
Oracle Reports, Developer 11.1.1.7 Patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch
20060599
|
Released January 2015
|
Oracle Adaptive Access Manager Patch
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite
11.1.1.7 home
|
See Note
1936300.1
|
Released
October 2014
|
SSL V3.0
"Poodle" Advisory
|
|
Oracle
Identity Management 11.1.1.7 home
Oracle
Identity Access Management 11.1.1.7 home
|
SPU Patch
19666962
|
Released October 2014
|
Oracle Identity Manager Patch
See Note
1927796.1, Instructions For Enabling OIM CPU Bug
17937383 Fix For OIM BPs (11.1.2.1.9 and 11.1.2.2.4 Versions) / Overlay SPU
(11.1.1.7 and 11.1.1.5 Versions)
|
|
Oracle
Identity Management 11.1.1.7 home
Oracle
Web Tier 11.1.1.7 home
Oracle
Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
SPU Patch
18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note
1905314.1, New SSL Protocol and Cipher Options for
Oracle Fusion Middleware 11g OPMN/ONS
|
|
Oracle WebCenter 11.1.1.7 home
|
Overlay
SPU Patch
18792010 and 11.1.1.7 BP 1 Patch
16761779
|
Released July 2014
|
WebCenter Portal
11.1.1.7 Overlay SPU patch
|
|
Oracle Identity Access Management 11.1.1.7 home
|
See Note
1643382.1
|
Released
April 2014
|
OAM/WebGate Advisory
|
|
Oracle
Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
See Note
1608683.1
|
Released
January 2014
|
Oracle
Reports Advisory
|
|
Oracle
Identity Management 11.1.1.7 home
|
OID bundle
patch 11.1.1.7.180116 Patch
27340965
|
Released January 2018
|
Oracle Internet Directory Patch
Patch 17842883 for
HP-UX Itanium, HP-UX PA-RISC (64-bit), Linux x86, Microsoft Windows
(32-bit)
Patch 17839633 for
Linux x86-64, IBM AIX Based Systems (64-bit), Sun Solaris x86-64 (64-bit),
Sun Solaris SPARC (64-bit), Microsoft Windows x64 (64-bit)
See "Oracle Internet Directory (OID) Version 11g
Bundle Patch (Including Directory Integration Platform / DIP) / Bundle
Patches For Non-Fusion Applications (NonFA /
NonP4FA) Customers" (Note
1614114.1) for Bundles that include these and other fixes.
|
|
Oracle
Identity Management 11.1.1.7 home
Oracle
Identity Access Management 11.1.1.7 home
Oracle
Web Tier 11.1.1.7 home
Oracle Portal,
Forms, Reports and Discoverer 11.1.1.7 home
Oracle
SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
SPU Patch
17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
home
|
CPU Patch
17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
|
Oracle WebCenter Content
11.1.1.7 home
|
BP 2 Patch
17180477 or higher
|
Released October 2013
|
|
|
Oracle Fusion Middleware 11.1.1.7.0 ORACLE_COMMON home
|
SPU Patch
22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common
OH for 11.1.1.7.0
|
3.3.19.5 Oracle Identity Access Management 11.1.2.3
Error Correction information for Oracle Identity Access Management
11.1.2.3
Patch Availability for Oracle Identity Access Management 11.1.2.3
3.3.20 Oracle Hyperion
Analytic Provider Services
Error Correction
information for Oracle Hyperion Analytic Provider Services
Patch
Availability for Oracle Hyperion Analytic Provider Services
3.3.21 Oracle Hyperion BI+
Error Correction information for Oracle Hyperion BI+
Patch Availability for Oracle Hyperion BI+
3.3.22 Oracle
Hyperion Common Admin
Error Correction
information for Oracle Hyperion Common Admin
Patch
Availability for Oracle Hyperion Common Admin
3.3.23 Oracle Hyperion Common Security
Error Correction information for Oracle Hyperion Common Security
Patch Availability for Oracle Hyperion Common Security
3.3.24 Oracle Hyperion Data Relationship Management
Error Correction information for Oracle Hyperion Data Relationship
Management
Patch Availability for Oracle Hyperion Data Relationship
Management
3.3.25 Oracle Hyperion EAS
Error Correction information for Oracle Hyperion EAS
Patch Availability for Oracle Hyperion EAS
3.3.26 Oracle Hyperion Enterprise Performance Management Architect
Error Correction information for Oracle Hyperion Enterprise Performance
Management Architect
Patch Availability for Oracle Hyperion Enterprise Performance Management
Architect
3.3.27 Oracle Hyperion Essbase
Error Correction information for Oracle Hyperion Essbase
Patch Availability for Oracle Hyperion Essbase
3.3.28 Oracle Hyperion Financial Reporting
Error Correction information for Oracle Hyperion Financial Reporting
Patch Availability for Oracle Hyperion Financial Reporting
3.3.29 Oracle Hyperion Installation Technology
Error Correction information for Oracle Hyperion Installation
Technology
Patch Availability for Oracle Hyperion Installation Technology
3.3.30 Oracle Hyperion Planning
Error Correction information for Oracle Hyperion Planning
Patch Availability for Oracle Hyperion Planning
3.3.31 Oracle Hyperion Smart View For Office
Error Correction information for Oracle Hyperion Smart View For Office
Patch Availability for Oracle Hyperion Smart View For Office
3.3.32 Oracle Hyperion Strategic Finance
Error Correction information for Oracle Hyperion Strategic Finance
Patch Availability for Oracle Hyperion Strategic Finance
3.3.33 Oracle Identity Access Management
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle Identity
Access Management installation. Only the relevant homes from those tables
need to be patched.
Patch Availability for Oracle Identity Access Management
3.3.34 Oracle
Identity Management
For the
appropriate product versions listed below, refer to the corresponding Oracle
Fusion Middleware patch availability sections that contain information on
Error Correction, and for the patches to apply. Not all homes that are listed
in those sections might be present in the Oracle Identity Management
installation. Only the relevant homes from those tables need to be patched.
Patch
Availability for Oracle Identity Management
3.3.35 Oracle Identity
Management Connector
Error Correction information for
Oracle Identity Management Connector
Patch Availability for Oracle
Identity Management Connector
3.3.36 Oracle
JDeveloper and Oracle ADF
Error
Correction information for Oracle JDeveloper and
Oracle ADF
Critical Patch Update Availability for Oracle JDeveloper
and Oracle ADF
3.3.37 Oracle JRockit
Critical Patch Update Availability for Oracle JRockit
Oracle JRockit R28.3.13 includes fixes for all
security advisories that have been released through CPUjan2017.
3.3.38 Oracle Map Viewer
Error Correction information for Oracle Map Viewer
Patch Availability for Oracle Map Viewer
3.3.39 Oracle Mobile Security Suite
Error Correction information for Oracle Mobile Security Suite
Patch Availability for Oracle Mobile Security Suite
3.3.40 Oracle Outside In Technology
Error Correction information for Oracle Outside In Technology
Patch Availability for Oracle Outside In Technology
3.3.41 Oracle Portal, Forms, Reports, and Discoverer 11g Release
1
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Portal, Forms, Reports, and Discoverer 11g Release 1
installation. Only the relevant homes from those tables need to be patched.
Patch Availability for Oracle Portal, Forms, Reports, and Discoverer
11g Release 1
3.3.42 Oracle
Real Time Decisions Applications
Error Correction
information for Oracle Real Time Decisions Applications
Patch
Availability for Oracle Real Time Decisions Applications
3.3.43 Oracle Real Time Decisions Server
Error Correction information for Oracle Real Time Decisions Server
Patch Availability for Oracle Real Time Decisions Server
3.3.44 Oracle Service Architecture Leveraging Tuxedo (SALT)
Error Correction information for Oracle Service Architecture Leveraging
Tuxedo (SALT)
Patch Availability for Oracle Service Architecture Leveraging Tuxedo
(SALT)
3.3.45 Oracle SOA Suite
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
SOA Suite installation. Only the relevant homes from those tables need to be
patched.
Patch Availability for Oracle SOA Suite
3.3.46 Oracle
Traffic Director
Error Correction
information for Oracle Traffic Director
Patch
Availability for Oracle Traffic Director
3.3.47 Oracle Tuxedo
Error Correction information for Oracle Tuxedo
Patch Availability for Oracle Tuxedo
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
12.2.2.0
|
Patch 27127290 for
Linux/UNIX
Patch 27127314 for
windows with VS2015 64bit
|
CVE-2017-10269, CVE-2017-10272, CVE-2017-10267,
CVE-2017-10278, CVE-2017-10266
|
These CVE are released as part of the Security Alert
documented in Note
2326009.1 as these are not announced in April CPU.
For
CVE-2017-10269, see extra settings required with these cumulative patches
in Note
2326009.1
|
|
12.1.3.0
|
Patch 27112856 for
Linux/UNIX, Windows with VS2013 32bit, Windows with VS2010 64bit platforms
Patch 27121813 for
windows with VS2012 64bit
|
CVE-2017-10269, CVE-2017-10272, CVE-2017-10267,
CVE-2017-10278, CVE-2017-10266
|
These CVE are released as part of the Security Alert
documented in Note
2326009.1 as these are not announced in April CPU.
For
CVE-2017-10269, see extra settings required with these cumulative patches
in Note
2326009.1
|
|
12.1.1.0
|
Patch 27379030 for
Linux/UNIX platforms
Patch 27393183 for
windows with VS2012
Patch 27393234 for
windows with VS2010
|
CVE-2017-3736
|
|
3.3.48 Oracle Tuxedo System and Applications Monitor Plus (TSAM
Plus)
Error Correction Information for Oracle Tuxedo System and Applications
Monitor Plus (TSAM Plus)
Patch Availability for Oracle Tuxedo System and Applications Monitor
Plus (TSAM Plus)
3.3.49 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Web-Tier 11g Utilities installation. Only the relevant homes from
those tables need to be patched.
Patch Availability for Oracle Web-Tier 11g Utilities
3.3.50 Oracle
WebCenter
For the
appropriate product versions listed below, refer to the corresponding Oracle
Fusion Middleware patch availability sections that contain information on
Error Correction, and for the patches to apply. Not all homes that are listed
in those sections might be present in the Oracle WebCenter
installation. Only the relevant homes from those tables need to be patched.
Patch
Availability for Oracle WebCenter
3.3.51 Oracle
WebCenter Content (Formerly Oracle Universal
Content Management)
Patch
Availability for Oracle WebCenter Content
3.3.52 Oracle
WebCenter Portal
Error Correction
information for Oracle WebCenter Portal
Patch
Availability for Oracle WebCenter Portal
3.3.53 Oracle
WebCenter Sites (Formerly FatWire
Content Server)
Error Correction
information for Oracle WebCenter Sites (formerly FatWire Content Server)
Patch
Availability for Oracle WebCenter Sites
3.3.54 Oracle WebCenter Sites Community
Error Correction information for Oracle WebCenter
Sites Community
Patch Availability for Oracle WebCenter Sites
Community
3.3.55 Oracle
WebCenter Suite
For the
appropriate product versions listed below, refer to the corresponding Oracle
Fusion Middleware patch availability sections that contain information on
Error Correction, and for the patches to apply. Not all homes that are listed
in those sections might be present in the Oracle WebCenter
Suite installation. Only the relevant homes from those tables need to be
patched.
Patch
Availability for Oracle WebCenter Suite
3.3.56 Oracle
WebGate
Error Correction
information for Oracle WebGate
Patch
Availability for Oracle WebGate
See also
the underlying product stack tables for any applicable patches. Refer to
comments section and apply the patch to the respective product home.
3.3.57 Oracle WebLogic Portal
Error Correction information for Oracle WebLogic
Portal
Critical Patch Update Availability for WebLogic
Portal
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
WebLogic Portal patches are cumulative to
include all the prior published advisories. For more information, see My
Oracle Support Note
1355929.1, October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL
Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled with WebLogic
Server 9.2.3.0, which is out of error correction. Contact Oracle support for
security patches needed for WebLogic Server 9.2.3.0
3.3.58 Oracle WebLogic Server
Error Correction information for Oracle WebLogic
Server Patch Set Update
Patch Set Update Availability for Oracle WebLogic
Server
For more information, see MyOracleSupport Note
1470197.1, Patch Set Update (PSU) Release Listing
for Oracle WebLogic Server (WLS). See Note
1306505.1, Patch Set Update (PSU) Administration Guide for
Oracle WebLogic Server (WLS)
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Java SE home
|
See Note
2376001.1, Critical Patch Update Apr 2018 Patch
Availability Document for Oracle Java SE
|
See Note
2376001.1, Critical Patch Update Apr 2018 Patch
Availability Document for Oracle Java SE
|
See Note
1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g Products
|
|
Oracle JRockit 28.x home
|
See "Oracle
JRockit"
|
See "Oracle
JRockit"
|
|
|
Oracle WebLogic Server Plug-ins home
|
See "Oracle
WebLogic Server Plug-ins"
|
See "Oracle
WebLogic Server Plug-ins"
|
WLS
Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
|
WebLogic Server 12.2.1.3 home
|
WLS PSU
12.2.1.3.180417 Patch
27342434
|
CVE-2018-2628, CVE-2013-1768, CVE-2017-5645
|
See Note
2395745.1, April 2018 Critical Patch Update:
Additional Information about the Oracle WebLogic
Server Vulnerability CVE-2018-2628
|
|
WebLogic Server 12.2.1.2 home
|
WLS PSU
12.2.1.2.180417 Patch
27338939
|
CVE-2018-2628, CVE-2017-5645
|
See Note
2395745.1, April 2018 Critical Patch Update:
Additional Information about the Oracle WebLogic
Server Vulnerability CVE-2018-2628
|
|
WebLogic Server 12.1.3.0 home
|
WLS PSU
12.1.3.0.180417 Patch
27419391
|
CVE-2018-2628, CVE-2017-5645
|
See Note
2395745.1, April 2018 Critical Patch Update:
Additional Information about the Oracle WebLogic
Server Vulnerability CVE-2018-2628
|
|
WebLogic Server 10.3.6.0 home
|
WLS PSU
10.3.6.0.180417 Patch
27395085
|
CVE-2018-2628, CVE-2017-5645
|
See Note
1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher
See Note
2395745.1, April 2018 Critical Patch Update:
Additional Information about the Oracle WebLogic
Server Vulnerability CVE-2018-2628
|
|
WebLogic Server 12.1.3.0 home
WebLogic Server 10.3.6.0 home
|
WLS
12.1.3 JDBC Patch
20741228
WLS 10.3.6 JDBC Patch
27541896
|
Released in Jan 2018
|
Please refer to Note
1970437.1 How To Update the JDBC and UCP Drivers
Bundled with WebLogic Server 10.3.6 and 12c
|
|
WebLogic Server 12.2.1.3.0 home
Weblogic Server 12.2.1.2.0 home
WebLogic Server 12.1.3.0.0 home
WebLogic Server 10.3.6.0.0 home
|
Weblogic Samples SPU 12.2.1.3.180417 Patch
27441341
Weblogic Samples
SPU 12.2.1.2.180417 Patch
27452780
Weblogic Samples
SPU 12.1.3.0.180417 Patch
27452778
Weblogic Samples
SPU 10.3.6.0.180417 Patch
27453773
|
CVE-2017-7525
|
Oracle WebLogic Server
Requirements for Apache Struts 2 and CVE-2017-5638 / CVE-2017-9805
This patch is a cumulative patch for all Struts 2 CVEs
to date. For more information, see: Note
2255054.1 Oracle WebLogic
Server Requirements for Apache Struts 2 Vulnerabilities
|
|
WebLogic Server 12.1.3.0 home
|
SPU Patch
24327938
|
Released July 2016
|
TopLink JPA-RS
patch
|
|
WebLogic Server
12.1.3.0 home
WebLogic Server
10.3.6.0 home
|
See Note
1936300.1
|
Released
October 2014
|
SSL V3.0
"Poodle" Advisory
|
3.3.59 Oracle
WebLogic Server Plug-ins
Critical Patch
Update Availability for Oracle WebLogic Server
Plug-ins
The available
patches for Oracle WebLogic Server Plug-ins (Oracle
HTTP Server/Apache/IIS/iPlanet).
The WebLogic plug-ins include all
cumulative bug fixes and thus include fixes for all previously released
advisories. For more information, see My Oracle Support Note
1111903.1.
3.4 Oracle Sun Middleware
This section contains the following:
3.4.1 Directory
Server Enterprise Edition
Error Correction
information for Directory Server Enterprise Edition
Patch
Availability for Directory Server Enterprise Edition
3.4.2 Reserved for Future Use
Error Correction information for Reserved for Future Use
Patch Availability for Reserved for Future Use
3.4.3 Oracle GlassFish Server
Error Correction information for Oracle GlassFish
Server
Patch Availability for Oracle GlassFish
Server
3.5 Tools
This section contains the following:
3.5.1 Oracle
OPatch
Minimum Product
Requirements for Oracle OPatch
The CPU security
vulnerabilities are fixed in the listed release and later releases. The
Oracle OPatch downloads can be found at Patch
6880880.
4 Final CPU History
Final CPU History
The Final CPU is the last quarter that a product is supported in the
CPU program as per the Premier Support and Extended Support policies. For
more information, see My Oracle Support Note
209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy.
5 Sources
of Additional Information
The following
documents provide additional information about Critical Patch Updates:
6 Modification
History
Modification
History
7 Documentation
Accessibility
For information
about Oracle's commitment to accessibility, visit the Oracle Accessibility
Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle
Support
Oracle customers
have access to electronic support through My Oracle Support. For information,
visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or
visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are
hearing impaired.
Critical Patch
Update Availability Document April 2018
Copyright @
2018, Oracle and/or its affiliates. All rights reserved.
|
