微信公众号:云库管    www.yunDBA.com

北京云库管科技有限公司 (内部培训资料) 返回上级

 

PDF文档下载

 

说明: https://support.oracle.com/epmos/adf/images/t.gif

说明: https://support.oracle.com/epmos/adf/images/t.gif

 

说明: https://support.oracle.com/epmos/adf/images/t.gif

Patch Set Update and Critical Patch Update July 2017 Availability Document (Doc ID 2261562.1)

 

 


说明: https://support.oracle.com/epmos/adf/images/t.gif

APPLIES TO:

Oracle Database - Enterprise Edition - Version 11.2.0.4 to 12.2.0.1 [Release 11.2 to 12.2]
Oracle WebLogic Server - Version 10.3.6 to 10.3.6
Information in this document applies to any platform.

PURPOSE

This document defines the patches and minimum releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates released on July 18, 2017.

SCOPE

 The document is for Database Administrators and/or others tasked with Quarterly Security Patching.

DETAILS

Database, Fusion Middleware, and Enterprise Manager Critical Patch Update July 2017 Patch Availability Document

My Oracle Support Note 2261562.1

Released July 18, 2017

This document contains the following sections:

1 Overview

Oracle provides quarterly cumulative patches to address security vulnerabilities. The patches may include critical fixes in addition to the security fixes. The security vulnerabilities addressed are announced in the Advisory for July 2017, available at:

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

This document lists the Oracle Database, Fusion Middleware and Enterprise Manager CPU program cumulative patches for product releases under error correction. The July 2017 release supersedes earlier CPU program cumulative patches for the same product releases. This document is subject to continual update after the initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to ensure you have the latest version.

This section contains the following:

1.1 How To Use This Document

The following steps explain how to use this document.

Step 1   Assess your Environments

Determine the Oracle product suites and products and their release numbers for each of your environments.

Step 2   Read Important Announcements

Review "What's New in July 2017," as it lists documentation and packaging changes along with important announcements such as upcoming final CPUs.

Step 3   Determine Patches to be Applied

For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 11.1.0.7, Oracle Identity Access Management 11.1.1.5, and Enterprise Manager Grid Control 10.2.0.5

·         The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite

·         The patches are listed in the order released, with newest patches listed first

·         For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes

·         The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance

·         Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

·         When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."

Step 4   Apply the Patches

Download the patches, review the READMEs, and apply the patches according to the instructions.

Step 5   Planning for Future Critical Patch Updates

To help you plan for future Critical Patch Updates, this document includes Final CPU information based on Oracle's Lifetime Support Policy and error correction policies.

"Final CPU Information (Error Correction Policies)" in "What's New in July 2017," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU program patch for the product. Products that have reached the end of error correction are documented in "Final CPU History."

1.2 Terminology in the Tables

The following terminology is used in this patch availability document and in the subsequent tables.

  • RU - Release Update
  • RUR -Release Update Revision
  • BP - Bundle Patch
  • Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
  • NA Not Applicable.
  • OR On-Request. The patch is made available through the On-Request program.
  • PSU - Patch Set Update
  • SPU - Security Patch Update. An iterative, cumulative patch consisting of security fixes.
  • Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

1.3 On-Request Patches

Oracle does not proactively release patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

The following guidelines describe how to initiate an on-request (OR) patch.

A request may be made:

  • At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.
  • As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.
  • For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUJul2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

1.4 CPU Program and My Oracle Support Patch Recommendations

My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

1.5 My Oracle Support (MOS) Conflict Checker Tool

The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

For more information and a demonstration video, see Knowledge Document Note 1091294.1How to use the My Oracle Support Conflict Checker Tool.

2 What's New in July 2017

This section describes important changes in July 2017:

2.1 Final CPU Information (Error Correction Policies)

The final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. Final CPUs for upcoming releases, as well as newly scheduled final CPUs, are listed in the following sections.

Final CPUs scheduled for October 2017

  • Oracle Fusion Middleware 12.2.1.1
  • Oracle Identity Analytics 11.1.1.5.0
  • Oracle Map Viewer 12.2.1.1
  • Oracle Waveset 8.1.1.0
  • Oracle WebLogic Server 12.2.1.1.0
  • Directory Server Enterprise Edition 7.0
  • Oracle GlassFish Communications Server 2.0
  • Oracle GlassFish Server 3.0.1
  • Oracle OpenSSO Agents 3.0
  • Sun Role Manager 5.0.3.2

Final CPUs scheduled for July 2017

  • Oracle Enterprise Manager Cloud Control 13.1.0.0

2.2 Post Release Patches

Oracle strives to complete preparations and testing of each Quarterly Security Patch for each platform by the quarterly release date. Occasionally, circumstances beyond our control dictate that a particular patch be delayed and be released a few days after the quarterly release date. The following table lists any current patch delays and the estimated date of availability.

Patch Number

Patch

Platform

Availability

26133434

Grid Infrastructure Release Update 12.2.0.1.170718

Solaris SPARC 64-bit

7-August-2017

26133434

Grid Infrastructure Release Update 12.2.0.1.170718

Solaris x86-64, AIX, HP-UX Itanium

7-August-2017

25901062

Grid Infrastructure Patch Set Update 12.1.0.2.170718

IBM Linux on System Z, HP-UX Itanium

25-July-2017

25901062

Grid Infrastructure Patch Set Update 12.1.0.2.170718

AIX

Superseded by 26610308

26022196

Database Proactive Bundle Patch 12.1.0.2.170718

HP-UX Itanium

25-July-2017

26022196

Database Proactive Bundle Patch 12.1.0.2.170718

AIX

Superseded by 26610322

26161724

Windows DB Bundle Patch 12.1.0.2.170718

Windows x86-64, Windows 32-Bit

20-July-2017

26182439

OJVM Component Windows BP 12.1.0.2.170718

Windows x86-64, Windows 32-Bit

18-August-2017

26194136

Windows DB Bundle Patch 11.2.0.4.170718

Windows x86-64, Windows 32-Bit

03-August-2017

26182425

OJVM Component Windows BP 11.2.0.4.170718

Windows x86-64, Windows 32-Bit

03-August-2017

26031091

Quarterly Full Stack Download Patch for Supercluster (July2017 - 12.1.0.2)

Solaris SPARC 64-bit

22-August-2017

26031022 [superseded by 26568963]

Quarterly Full Stack Download Patch for Supercluster (July2017 - 11.2.0.4.0)

Solaris SPARC 64-bit

22-August-2017

26440258

Quarterly Full Stack Download Patch for Supercluster (July2017 - 12.2.0.1)

Solaris SPARC 64-bit

22-August-2017

26031106 [superseded by 26635256]

Quarterly Full Stack Download for Exadata (July2017 - 12.1.0.2)

Linux x86-64, Solaris x86-64

17-August-2017

26440253 [superseded by 26635229]

Quarterly Full Stack Download for Exadata (July2017 - 12.2.0.1)

Linux x86-64, Solaris x86-64

17-August-2017

2.3 New Database Master Note

Information that is specific to the Database proactive patch program has been moved to Note 756671.1, Master Note for Database Proactive Patch Program. Patches that are announced as part of the CPU program continue to be listed here.

2.4 New Release Update and Release Update Revision Strategy

Information on the new Release Update patches is also found in the Database Master Note, as well as in Note 2285040.1 Release Update and Release Update Revisions for Database Proactive Patch Program

3 Patch Availability for Oracle Products

This section contains the following:

3.1 Oracle Database

This section contains the following:

3.1.1 Oracle REST Data Services (formally called Oracle APEX Listener)

Error Correction information for Oracle REST Data Services 3.0

Patch Information

3.0

Comments

Final CPU

-

 

Minimum Product Requirements for Oracle REST Data Services

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle REST Data Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.

Product

Release

Advisory Number

Comments

Oracle REST Data Services

3.0.10.25.02.36

CVE-2016-3092

 

3.1.2 Oracle Application Express

Minimum Product Requirements for Oracle Application Express

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

Component

Release

Advisory Number

Comments

Oracle Application Express

5.0.4.00.12

Released Oct 2016

 

3.1.3 Oracle Big Data Spatial and Graph

Error Correction information for Oracle Big Data Spatial and Graph

Patch Information

2.0

1.2

Comments

Final CPU

-

-

 

Minimum Product Requirements for Oracle Big Data Spatial and Graph

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Big Data Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.

Product

Release

Advisory Number

Comments

Oracle Big Data Spatial and Graph

2.0

Released January 2017

 

Oracle Big Data Spatial and Graph

1.2

Released January 2017

 

3.1.4 Oracle Database

This section contains the following:

3.1.4.1 Patch Availability for Oracle Database

For information regarding the different types of patches for Database, refer to Oracle Database - Overview of Database Patch Delivery Methods, Note 1962125.1.

3.1.4.2 Oracle Database 12.2.0.1

Patch Information

12.2.0.1

Comments

Final CPU

TBD

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 12.2.0.1

Product Home

Patch

Advisory Number

Comments

Oracle Database home

Combo OJVM RU 12.2.0.1.170718 and Database RU 12.2.0.1.170718 Patch 26146314 for UNIX, or

Combo OJVM RU 12.2.0.1.170718 and GI RU 12.2.0.1.170718 Patch 26146318, or

Quarterly Full Stack download for Exadata (Jul2017) RU 12.2.0.1, Patch 26440253 [superseded by Patch 26635229]for Linux x86-64 and Solaris x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2017) RU 12.2.0.1 Patch 26440258 for Solaris SPARC 64-Bit

CVE-2017-10202

For availability dates, see Post Release Patches

OJVM RU Patches are not RAC Rolling installable

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database home

Database RU 12.2.0.1.170718 Patch 26123830 for UNIX, or

GI RU 12.2.0.1.170718 Patch 26133434, or

Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.170718 Patch 26204212, or later;

Quarterly Full Stack download for Exadata (Jul2017) RU 12.2.0.1, Patch 26440253 [superseded by Patch 26635229]for Linux x86-64 and Solaris x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2017) RU 12.2.0.1 Patch 26440258 for Solaris SPARC 64-Bit

Released July 2017

For availability dates, see Post Release Patches

Oracle Database home

Oracle JavaVM Component Database RU 12.2.0.1.170718 Patch 25811364 for UNIX, or

Oracle JavaVM Component Microsoft Windows Bundle Patch 12.2.0.1.170718 Patch 26182467

CVE-2017-10202

PSU 12.1.0.2.160719 includes Generic JDBC Patch 23727148

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

3.1.4.3 Oracle Database 12.1.0.2

Error Correction information for Oracle Database 12.1.0.2

Patch Information

12.1.0.2

Comments

Final CPU

July 2021

 

On-Request platforms

 32-bit client-only platforms

 

Patch Availability for Oracle Database 12.1.0.2

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database home

Combo OJVM PSU 12.1.0.2.170718 and Database PSU 12.1.0.2.170718 Patch 25901056 for UNIX, or

Combo OJVM PSU 12.1.0.2.170718 and GI PSU 12.1.0.2.170718 Patch 26030704, or

Combo OJVM PSU 12.1.0.2.170718 and database Proactive BP 12.1.0.2.170718  Patch 26030586 for UNIX, or

Quarterly Full Stack download for Exadata (Jul2017) BP 12.1.0.2, Patch 26031106 [superseded by Patch 26635256] for Linux x86-64 and Solaris x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2017) BP 12.1.0.2 Patch 26031091 for Solaris SPARC 64-Bit

CVE-2014-3566, CVE-2016-2183, CVE-2017-10120, CVE-2017-10202

For availability dates, see Post Release Patches

OJVM PSU Patches are not RAC Rolling installable

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database home

Database PSU 12.1.0.2.170718 Patch 25755742 for UNIX, or

GI PSU 12.1.0.2.170718 Patch 25901062
or

Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.170718 Patch 26161724, or later;

Database Proactive Bundle Patch 12.1.0.2.170718 Patch 26022196 or

Quarterly Full Stack download for Exadata (Jul2017) BP 12.1.0.2, Patch 26031106 [superseded by Patch 26635256] for Linux x86-64 and Solaris x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2017) BP 12.1.0.2 Patch 26031091 for Solaris SPARC 64-Bit

CVE-2014-3566, CVE-2016-2183, CVE-2017-10120

For availability dates, see Post Release Patches

Oracle Database home

Oracle JavaVM Component Database PSU 12.1.0.2.170718 Patch 26027162 for UNIX, or

Oracle JavaVM Component Microsoft Windows Bundle Patch 12.1.0.2.170718 Patch 26182439

CVE-2017-10202

OJVM PSU Patches are not RAC Rolling installable

PSU 12.1.0.2.161018 includes Generic JDBC Patch 23727148

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database home

Oracle JavaVM Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148

Released July 2016

 

3.1.4.4 Oracle Database 11.2.0.4

Error Correction information for Oracle Database 11.2.0.4

Patch Information

11.2.0.4

Comments

Final CPU

October 2020

 

On-Request platforms

HP-UX PA RISC

IBM: Linux on System Z

32-bit client-only platforms except Linux x86

 

On-Request platforms

32-bit client-only platforms except Linux x86

 

Patch Availability for Oracle Database 11.2.0.4

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database home

Combo OJVM PSU 11.2.0.4.170718 (CPUJul2017) and Database SPU 11.2.0.4.170718 (CPUJul2017) Patch 26031190 for UNIX, or

Combo OJVM PSU 11.2.0.4.170718 and Database PSU 11.2.0.4.170718 Patch 26031209 for UNIX, or 

Combo OJVM PSU 11.2.0.4.170718 and GI PSU 11.2.0.4.170718 Patch 26030870, or

Combo OJVM PSU 11.2.0.4.170718 and Exadata BP 11.2.0.4.170718 Patch 26031172

CVE-2014-3566, CVE-2016-2183, CVE-2017-10202

For availability dates, see Post Release Patches

OJVM PSU Patches are not RAC Rolling installable.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database home

Database SPU 11.2.0.4.170718 (CPUJul2017) Patch 25879656 for UNIX, or

Database PSU 11.2.0.4.170718 Patch 25869727 for UNIX, or

GI PSU 11.2.0.4.170718 Patch 26030799 for UNIX, or

Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.170718 Patch 26194136, or later;

Quarterly Database Patch for Exadata BP 11.2.0.4.170718 Patch 26031163 for UNIX, or

Quarterly Full Stack download for Exadata (Jul2017) BP 11.2.0.4 Patch 26031061, or

Quarterly Full Stack download for Supercluster (Jul2017) BP 11.2.0.4, Patch 26031022 [superseded by Patch 26568963]

CVE-2014-3566, CVE-2016-2183

For availability dates, see Post Release Patches

Oracle Database home

Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.170718 Patch 26027154 for UNIX, or

Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.170718 Patch 26182425 for Microsoft Windows

CVE-2017-10202

OJVM PSU 11.2.0.4.161018 and greater includes Generic JDBC Patch 23727132

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database home

Oracle JavaVM Component Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132

Released July 2016

For RAC deployments, this patch should be applied to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

3.1.5 Oracle Database Mobile/Lite Server

Error Correction Information for Oracle Database Mobile Server

Patch Information

12.1 (Mobile Server)

11.3 (Mobile Server)

Comments

Final CPU

-

October 2021

 

Patch Availability for Oracle Database Mobile Server 12.1.x

Product Home

Patch

Advisory Number

Comments

12.1

12.1.0.0 BP Patch 21974980

Released October 2015

 

Patch Availability for Oracle Database Mobile Server 11.3.x

Product Home

Patch

Advisory Number

Comments

11.3

11.3.0.2 BP Patch 21950285

Released October 2015

 

3.1.6 Oracle GoldenGate

Error Correction information for Oracle GoldenGate

Component

12.2.0.1

12.1.2.1

11.2.1.0

Comments

Final CPU

-

October 2021

January 2020

 

Patch Availability for Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

12.2.0.1

OGG BP 12.2.0.1.161018 Patch 24711729

Released October 2016

For availability dates, see "Post Release Patches"

12.1.2.1

OGG BP 12.1.2.1.161031 Patch 24513832

Released October 2016

For availability dates, see "Post Release Patches"

11.2.1.0

Patch 22077109 - Sybase 15.5: OGG 11.2.1.0.31

Patch 22077052 - IBM AS400: DB2(IBM I): OGG 11.2.1.0.31

Patch 22076884 - Teradata: OGG 11.2.1.0.31

Patch 22076755 - Oracle 11g: OGG 11.2.1.0.31

Patch 22076584 - Windows x86-64: MSSQL: OGG 11.2.1.0.31

Patch 22076540 - IBM Z/OS: DB2 9.1: OGG 11.2.1.0.31

Released January 2016

OGG Bundle Patch post 11.2.1.0.31 will include fixes listed here. See Note 1645495.1

3.1.7 Oracle GoldenGate Veridata

Error Correction information for Oracle GoldenGate Veridata

Component

11.2.1.0

Comments

Final CPU

October 2020

 

Patch Availability for Oracle GoldenGate Veridata

Product Home

Patch

Advisory Number

Comments

11.2.1.0

BP 11.2.1.0.1 Patch 16291209 or later

Released April 2013

 

3.1.8 Oracle Secure Backup

Error Correction information for Oracle Secure Backup

Patch Information

12.1.x

Comments

Final CPU

January 2020

 

Minimum Product Requirements for Oracle Secure Backup 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Secure Backup downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html

Product

Release

Advisory Number

Comments

Oracle Secure Backup

12.1.0.3

Released April 2017

 

3.2 Oracle Enterprise Manager

This section contains the following:

3.2.1 Oracle Application Performance Management

Error Correction information for Oracle Application Performance Management

Patch Information

12.1.0.7

11.1.x

Comments

Final CPU

-

January 2019

 

On-Request platforms

-

 

 

Minimum Product Requirements for Oracle Application Performance Management

Critical Patch Update security vulnerabilities are fixed in the listed releases. For more information on Oracle Application Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.

Product Version

Patch

Advisory Number

Comments

12.1.0.7

12.1.0.7.11 Release Patch 25244272

CVE-2015-7940

 

11.1.x

11.1.0.5.7 Release Patch 26290928

CVE-2015-7940

 

3.2.2 Oracle Application Testing Suite

Error Correction information for Oracle Application Testing Suite

Patch Information

12.5.0.3

12.5.0.2

Comments

Final CPU

-

-

 

On-Request platforms

-

-

 

Patch Availability for Oracle Application Testing Suite

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.

Product Home

UNIX

Advisory Number

Comments

12.5.0.2

BP Patch 26281812

CVE-2016-1181

 

12.5.0.3

BP Patch 26281683

CVE-2016-1181

 

3.2.3 Oracle Enterprise Manager Cloud Control

Error Correction information for Oracle Enterprise Manager Cloud Control

Patch Information

13.2.0.0

13.1.0.0

12.1.0.5

Comments

Final CPU

-

July 2017

October 2019

 

On-Request platforms

-

-

-

 

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.2.0.0)

Product Home

UNIX

Microsoft Windows 32-Bit

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

See "Oracle Database"

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.1.3.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

 

Base Platform OMS home

PSU 13.2.0.0.170718 Patch 25731746

PSU 13.2.0.0.170718 Patch 25731746

CVE-2017-3732, CVE-2017-10091

 

Base Platform OMS home

SPU Patch 25322055

SPU Patch 25322055

Released in January 2017

Oracle ADF Patch 12.1.3.0
This patch is necessary for any co-located installations where ADF exists.

 

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.1.0.0)

Product Home

UNIX

Microsoft Windows 32-Bit

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

See "Oracle Database"

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.1.3.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

 

Base Platform OMS home

PSU 13.1.0.0.170718 Patch 25904755

PSU 13.1.0.0.170718 Patch 25904755

CVE-2017-3732, CVE-2017-10091

 

Base Platform OMS home

SPU Patch 25322055

SPU Patch 25322055

Released in January 2017

Oracle ADF Patch 12.1.3.0
This patch is necessary for any co-located installations where ADF exists.

Patch Availability for Oracle Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5)

Product Home

UNIX

Microsoft Windows 32-Bit

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

See "Oracle Database"

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 10.3.6.0)

See "Oracle WebLogic Server" (Version 10.3.6.0)

See "Oracle WebLogic Server" (Version 10.3.6.0)

 

Base Platform Fusion Middleware home

CPU Patch 23703041

CPU Patch 23703041

Released July 2016

Oracle Business Intelligence Publisher BP 11.1.1.7.160719 patch for BIP home in Enterprise Manager

Base Platform OMS home

PSU 12.1.0.5.170718 Patch 25904769

Patch 25904769

CVE-2017-3732, CVE-2017-10091

 

Base Platform Agent home

BP Patch 22317311

BP Patch 22317311

Released January 2016

Apply to Agent core Oracle Home, after applying agent patch 25456449, 22342358

Base Platform Agent home

BP Patch 22342358

BP Patch 22342358

Released January 2016

Apply 22342358 to Agent sbin Oracle Home after applying agent Patch 26028158. Then apply Patch 22317311

Base Platform Fusion Middleware home

SPU Patch 22013598

SPU Patch 22013598

Released January 2016

Web Cache Patch

Apply to Oracle_WT

Post installation steps are not applicable for Enterprise Manager

Plugin home

BP Patch 25723866 or later

BP Patch 25723866 or later

Released in March 2017

 

Base Platform Agent home

BP Patch 26028158

BP Patch 26028158

Released in June 2017

 

Base Platform Fusion Middleware home

SPU Patch 21640624

SPU Patch 21640624

Released October 2015

See Note 2400141.1 before applying this patch

Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH

Base Platform Fusion Middleware home

CPU Patch 19345576

CPU Patch 19345576

Released January 2015

Oracle Process Management and Notification (OPMN) Patch for Oracle_WT OH

See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

Base Platform Fusion Middleware home

SPU Patch 17337741

SPU Patch 17337741

Released October 2013

Oracle Security Service (SSL/Network) Patch for Oracle_WT OH

3.2.4 Oracle Enterprise Manager Grid Control 11g (11.1.0.1)

Error Correction information for Oracle Enterprise Manager Grid Control 11g (11.1.0.1)

Patch Information

11.1.0.1

Comments

Final CPU

April 2018

 

On-Request platforms

-

 

Patch Set Update Availability for Oracle Enterprise Manager Grid Control 11g (11.1.0.1)

The fixes for security Alert for CVE-2015-4852 are part of Jan2016 WebLogic Server CPU program patches described in this section.

Product Home

Patch

Advisory Number

Comments

Base Platform Repository Home

See "Oracle Database"

See "Oracle Database"

 

Base Platform Agent Home

Unix PSU 11.1.0.1.160119 Patch 9346289

Windows PSU 11.1.0.1.160119 Patch 22274004

Released January 2016

 

Base Platform OMS Home

PSU 11.1.0.1.160119 Patch 22266340

Released January 2016

 

Base Platform Fusion Middleware home

SPU Patch 14681307

Released October 2012

WLS 10.3.2.0 JDBC Patch (Not a SU). Before installing this SPU, see Note 1493990.1Patching for CVE-2012-3137

Base Platform Fusion Middleware home

SPU Patch 18992301

SPU Patch 18992319

SPU Patch 18547380

SPU Patch 23539151

SPU Patch 20926784

SPU Patch 18992399

SPU Patch 23539193

SPU Patch 22808855

SPU Patch 20083974

SPU Patch 22360634

Released July 2014

Released July 2014

Released April 2014

Released July 2016

Released July 2015

Released July 2014

Released July 2016

Released April 2016

Released January 2015

Released January 2016

WLS 10.3.2.0 JVM Patch (SU ID: DHM2)

WLS 10.3.2.0 Deployment Patch (SU ID: Y5B9)

WLS 10.3.2.0 CSS Patch (SU ID: 9AVS)

WLS 10.3.2.0 JMS+Core Patch (SU ID: JN9V)

WLS 10.3.2.0 WebServices Patch (SU IDs: SAGA, L8DT, A4JA, 2HLN, SK77, X8W6, NFFE, BIMC)

WLS 10.3.2.0 Security Patch (SU IDs: VHAC, R4P6, NSYJ, 8279)

WLS 10.3.2.0 WebApp Patch (SU ID: RJX5)

WLS 10.3.2.0 Console Patch (SU ID: 7CB7)

WLS 10.3.2.0 CIE Patch (SU ID: GVGW)

WLS 10.3.2.0 Install Patch (SU ID: 8N2J)

For CVE-2014-4256, see Note 1903763.1Download Request for Security Configuration

Base Platform Repository Home

CPU Patch 13705493

Released April 2012

OC4J 10.1.2.3 one-off Patch

Enterprise Manager Grid Control

3.2.5 Oracle Enterprise Manager Ops Center

Error Correction information for Oracle Enterprise Manager Ops Center

Patch Information

12.3.x

12.2.x

12.2.x

Comments

Final CPU

Jun 2020

Feb 2019

Apr 2017

 

On-Request platforms

-

-

-

 

Patch Availability for Oracle Enterprise Manager Ops Center

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.

Product Home

UNIX

Advisory Number

Comments

12.3.2

Solaris 10 Sparc, Solaris 10 x86 and Linux x86 Patch 26440122

CVE-2017-3732, CVE-2016-5387, CVE-2016-3092

 

12.2.2

Solaris 10 Sparc, Solaris 10 x86 and Linux x86 Patch 26440116

CVE-2017-3732, CVE-2016-5387, CVE-2016-3092

 

3.2.6 OSS Support Tools

Error Correction information for OSS Support Tools

Patch Information

8.11.x

Comments

Final CPU

-

 

Patch Availability for OSS Support Tools

Product Home

Solaris

Advisory Number

Comments

8.11.16.3.8

BP Patch 22783063

March 2016

See My Oracle Support Note 1153444.1Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT

3.2.7 Oracle Configuration Manager

Minimum Product Requirements for Oracle Configuration Manager

Critical Patch Update security vulnerabilities are fixed in the listed releases.  
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com). Customer can use collector tab to down the Oracle Configuration Manager Collector.

Component

Release

Advisory Number

Comments

Oracle Configuration Manager

12.1.2.0.4

Released Oct 2016

CVE-2016-2381

3.3 Oracle Fusion Middleware

This section contains the following:

3.3.1 Management Pack For Oracle GoldenGate

Error Correction information for Management Pack For Oracle GoldenGate

Patch Information

12.1.3.x

Comments

Final CPU

April 2018

 

 

Patch Availability for Management Pack For Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

11.1.2.1.0

BP 11.2.1.0.11 (BP11) or later Patch 19606348

Released April 2015

Oracle GoldenGate Monitor patch


3.3.2 NetBeans IDE

Minimum Product Requirements for NetBeans IDE

Critical Patch Update security vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/

Product Home

Release

Advisory Number

Comments

NetBeans IDE

8.2

Released October 2016

 


3.3.3 Oracle API Gateway

Error Correction information for Oracle API Gateway

Patch Information

11.1.2.4.0

Comments

Final CPU

-

 

Patch Availability for Oracle API Gateway

Product Home

Patch

Advisory Number

Comments

11.1.2.4.0

11.1.2.4 SP6 Patch 26129116

CVE-2017-3732

 

 

3.3.4 Oracle Big Data Discovery

Minimum Product Requirements for Oracle Big Data Discovery

 Critical Patch Update security vulnerabilities are fixed in the listed release only and installations with any prior versions will need to move to the listed version. For Oracle Big Data Discovery downloads, seehttps://edelivery.oracle.com and search for "Oracle Big Data Discovery".

Product

Release

Advisory Number

Comments

Oracle Big Data Discovery

1.1.3

Released October 2016

 

3.3.5 Oracle Business Intelligence App Mobile Designer

Error Correction information for Oracle Business Intelligence App Mobile Designer

Patch Information

11.1.1.7 iOS

Comments

Final CPU

-

 

Patch Availability for Oracle Business Intelligence App Mobile Designer

Product Home

Patch

Advisory Number

Comments

11.1.1.7

SPU Patch 18794832

Released July 2014

 

3.3.6 Oracle Business Intelligence Enterprise Edition

Error Correction information for Oracle Business Intelligence Enterprise Edition

Patch Information

12.2.1.1.0

11.1.1.9

11.1.1.7

Comments

Final CPU

-

October 2021

October 2018

 

Patch Availability for Oracle Business Intelligence Enterprise Edition

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g Products

Oracle JRockit 28.x home

See "Oracle JRockit"

See "Oracle JRockit"

 

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1Announcing Oracle WebLogic Server PSUs (Patch Set Updates)

Oracle WebLogic Server Proxy Plug-ins home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

FMW 12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

11.1.1.9

Oracle BI Suite BP 11.1.1.9.170718 Patch 26092391 or higher

CVE-2017-10041, CVE-2016-3092, CVE-2017-10156, CVE-2017-10157, CVE-2017-10058, CVE-2017-10035, CVE-2015-3253

Install prior to Java CPUApr2017 JDK/JRE or later version

11.1.1.7

Oracle BI Suite BP 11.1.1.7.170718 Patch 26092384 or higher

CVE-2017-10156, CVE-2017-10157, CVE-2017-10035, CVE-2017-10043, CVE-2017-10068, CVE-2017-10037, CVE-2017-10024, CVE-2017-10025, CVE-2017-10028, CVE-2017-10029

Install prior to Java CPUApr2017 JDK/JRE or later version

11.1.1.7

SPU Patch 21640624

Released October 2015

Oracle HTTP Server 11.1.1.7 Patch

11.1.1.9

Oracle Business Intelligence Enterprise Edition BP 11.1.1.9.1 Patch 21235195 or higher

Released July 2015

BIEE Third Party Bundle Patch

11.1.1.7

SPU Patch 25264940

Released January 2017

Oracle ADF 11.1.1.7 Patch

11.1.1.7

SPU Patch 18423801

Released July 2014

Oracle Process Management and Notification (OPMN) Patch

See Note 1905314.1New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

11.1.1.7

SPU Patch 17617649

Released January 2014

Oracle Help Technologies Patch

11.1.1.7

CPU Patch 17337741

Released October 2013

Oracle Security Service (SSL/Network) Patch

3.3.7 Oracle Business Intelligence Mobile

Error Correction information for Oracle Business Intelligence Mobile

Patch Information

11.1.1.7 iOS

Comments

Final CPU

-

 

Minimum Product Requirements for Oracle Business Intelligence Mobile

Patch Information

11.1.1.7.0 iOS

Advisory Number

Comments

Minimum Version

11.1.1.7.0 (11.6.39)

Released July 2015

 

3.3.8 Oracle Business Intelligence Publisher

Error Correction information for Oracle Business Intelligence Publisher

Patch Information

11.1.1.9

11.1.1.7

Comments

Final CPU

October 2021

October 2018

 

Patch Availability for Oracle Business Intelligence Publisher

Product Home

Patch

Advisory Number

Comments

11.1.1.9

Oracle BI Suite BP 11.1.1.9.170718 Patch 26092391 or higher

CVE-2017-10041, CVE-2016-3092, CVE-2017-10156, CVE-2017-10157, CVE-2017-10058, CVE-2017-10035, CVE-2015-3253

 

11.1.1.9

BP Patch 24580895

Released October 2016

Webservice BP

11.1.1.9

11.1.1.9 Interim Patch 17081528

Released October 2016

XDK Interim Patch

11.1.1.9

WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12 (Jul2015) or later WLS PSU

Released October 2016

WLS 10.3.6 Interim Patch or WLS PSU

11.1.1.7

Oracle BI Suite BP 11.1.1.7.170718 Patch 26092384 or higher

CVE-2017-10156, CVE-2017-10157, CVE-2017-10035, CVE-2017-10043, CVE-2017-10068, CVE-2017-10037, CVE-2017-10024, CVE-2017-10025, CVE-2017-10028, CVE-2017-10029

 

11.1.1.7

BP Patch 24486705

Released October 2016

Webservice BP

11.1.1.7

11.1.1.7.0 Interim Patch 17081528

Released October 2016

XDK Interim Patch

11.1.1.7

WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12 (Jul2015) or later WLS PSU

Released October 2016

WLS 10.3.6 Interim Patch or WLS PSU

3.3.9 Oracle Communications Converged Application Server

Error Correction information for Oracle Communications Converged Application Server

Patch Information

5.0

Comments

Final CPU

July 2018

 

Patch Availability for Oracle Communications Application Server

See also the underlying product stack tables for any applicable patches. Refer to comments section and apply the patch to the respective product home.

Oracle Communications Converged Application Server

Patch

Advisory Number

Comments

5.0

SPU Patch 14364893

CPU Patch 12875001

CPU Patch 12875006

CPU Patch 12874981

CPU Patch 14825824

CPU Patch 10625676

CPU Patch 18767762

Released October 2012

Released October 2011

Released October 2011

Released October 2011

Released January 2013

Released January 2011

Released July 2013

WLS 10.3.0.0 CSS Patch

WLS 10.3.3.0 JMS Patch

WLS 10.3.3.0 WebServices Patch

WLS 10.3.3.0 Security Patch

WLS 10.3.3.0 WebApp Patch

WLS 10.3.3.0 Core Patch

WLS 10.3.3.0 Console Patch

3.3.10 Oracle Complex Event Processing

Error Correction information for Oracle Complex Event Processing

Patch Information

CEP 12.1.3

CEP 11.1.7

Comments

Final CPU

December 2019

October 2018

 

Patch Availability for Oracle Complex Event Processing

See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

Product Home

Patch

Advisory Number

Comments

12.1.3.0

SPU Patch 21071699

Released July 2015

 

11.1.1.7

SPU Patch 21103154

Released July 2015

 

3.3.11 Oracle Data Quality for Oracle Data Integrator

Error Correction information for Oracle Data Quality for Oracle Data Integrator

Patch Information

ODIDQ 11.1.x

Comments

Final CPU

-

 

Patch Availability for Oracle Data Quality for Oracle Data Integrator

Product Home

Patch

Advisory Number

Comments

11.1.1.3.0

CPU Patch 21418574

Released July 2015

 

3.3.12 Oracle Endeca Server

Error Correction information for Oracle Endeca Server

Patch Information

7.7

7.6

7.5

7.4

7.3

Comments

Final CPU

January 2021

October 2018

January 2018

July 2020

-

 

Patch availability for Oracle Endeca Server

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Server 7.7 home

SPU Patch 26318834

CVE-2017-3732

 

Oracle Endeca Server 7.6 home

SPU Patch 26318929

CVE-2017-3732, CVE-2014-3566, CVE-2015-7501

 

Oracle Endeca Server 7.5 home

SPU Patch 26318963

CVE-2017-3732, CVE-2014-3566

 

Oracle Endeca Server 7.4 home

SPU Patch 26318972

CVE-2017-3732, CVE-2014-3566

 

Oracle Endeca Server 7.3 home

SPU Patch 26318985

CVE-2017-3732

 

3.3.13 Oracle Endeca Information Discovery Studio

Error Correction information for Oracle Endeca Information Discovery Studio

Patch Information

3.1

3.0

2.4

Comments

Final CPU

January 2018

January 2018

January 2018

 

Patch availability for Oracle Endeca Information Discovery Studio

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Information Discovery Studio 3.1 home

SPU Patch 19663929

Released October 2014

See Note 1906844.1 Transfer/reinstall Oracle Endeca Information Discovery (EID) Studio and migrate configuration to a newly-installed latest version of Apache Tomcat 6.0.x

Oracle Endeca Information Discovery Studio 3.0 home

SPU Patch 19663937

Released October 2014

 

Oracle Endeca Information Discovery Studio 2.4 home

SPU Patch 19663946

Released October 2014

 

3.3.14 Oracle Endeca Information Discovery Studio Integrator

Error Correction information for Oracle Endeca Information Discovery Studio Integrator

Patch Information

3.1

3.0

2.4

Comments

Final CPU

January 2018

January 2018

January 2018

 

 

Patch availability for Oracle Endeca Information Discovery Studio Integrator

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Information Discovery Studio Integrator 3.1 home

SPU Patch 21131619

Released July 2015

 

Oracle Endeca Information Discovery Studio Integrator 3.0 home

SPU Patch 21131630

Released July 2015

 

Oracle Endeca Information Discovery Studio Integrator 2.4 home

SPU Patch 21131634

Released July 2015

 

3.3.15 Oracle Enterprise Data Quality

Error Correction information for Oracle Enterprise Data Quality

Patch Information

11.1.1.x

9.0

8.1

Comments

Final CPU

October 2021

October 2019

July 2019

 

Patch Availability for Oracle Enterprise Data Quality

Product Home

Patch

Advisory Number

Comments

12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

11.1.1.9

Patch 25084186

Patch 25534288 (EDQ-CDS)

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

9.0

EDQ 9.0.11 Patch 19320253

Released October 2014

See Note 1595538.1How To Upgrade The Apache Tomcat Version Installed By The EDQ (Enterprise Data Quality) Windows Installer

8.1

EDQ 8.1.13 Patch 25510229

CVE-2015-3253, CVE-2015-7501

See Note 1595538.1How To Upgrade The Apache Tomcat Version Installed By The EDQ (Enterprise Data Quality) Windows Installer

3.3.16 Oracle Enterprise Repository

Error Correction information for Oracle Enterprise Repository

Patch Information

12.1.3

11.1.1.7

Comments

Final CPU

October 2018

October 2018

 

Patch Availability for Oracle Enterprise Repository

Product Home

Patch

Advisory Number

Comments

12.1.3.0.0

OER SPU Patch 25184722

CVE-2015-5254, CVE-2017-10048, CVE-2016-0635, CVE-2015-7940, CVE-2015-7501

 

11.1.1.7.0

OER SPU Patch 26437341

CVE-2015-5254, CVE-2017-10048

 

3.3.17 Oracle Exalogic Patch Set Update (PSU)

Error Correction information for Oracle Exalogic Patch Set Update (PSU)

Patch Information

2.x

1.x

Comments

Final CPU

-

-

 

Patch Set Update Availability for Oracle Exalogic

Oracle Exalogic

Patch

Advisory Number

Comments

2.x Physical

2.0.6.2.170418 Physical Linux x86-64 (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 25422080

2.0.6.2.170418 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2) PSU 
Patch 25422080

Released April 2017

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

2.x Virtual

2.0.6.2.170418 Virtual (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 25422070

Released April 2017

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

1.x

Upgrade to 2.x based on information in the Comments column. Then apply the patches listed above.

Released March 2012 (13795376)

Released Februrary 2013 (15931901)

See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)

See Patch 14834860 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)

See Note 1314535.1Announcing Exalogic PSUs (Patch Set Updates)

3.3.18 Oracle Forms and Reports

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Forms and Reports installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Forms and Reports

Product Home

Patches

Comments

FMW 12c home

See "Oracle Fusion Middleware 12c"

 

Oracle Forms and Reports 11.1.2.2 home

See "Oracle Forms and Reports 11.1.2.2"

 

3.3.19 Oracle Fusion Middleware

For more information on how to identify the components in an Oracle home, see Note 1591483.1What is Installed in My Middleware or Oracle home?.

This section contains the following:

3.3.19.1 Oracle Fusion Middleware 12c

The sections below cover Oracle Fusion Middleware version 12.2.x and 12.1.x

3.3.19.1.1 Oracle Fusion Middleware 12.2.1.2

Error Correction information for Oracle Fusion Middleware 12.2.1.2

Patch Information

12.2.1.2

Comments

Final CPU

-

 

On-Request platforms

-

 

Patch Availability for Oracle Fusion Middleware 12.2.1.2

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2253297.1

See Note 2253297.1

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

12.2.1.2 home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

Oracle WebLogic Server patch

12.2.1.2 home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

12.2.1.2 home

OBIEE BP 12.2.1.2.170718 Patch 26146793

CVE-2017-10041, CVE-2016-3092, CVE-2017-10156, CVE-2017-10157, CVE-2017-10058

OBIEE Patch

Install prior to Java CPUApr2017 JDK/JRE or later version.

12.2.1.2 home

WCC BP 12.2.1.2.170718 Patch 26355487

CVE-2017-10075

WebCenter Content Patch

12.2.1.2 home

OSB BP 12.2.1.2.170418 Patch 25439629

Released April 2017

OSB Patch

12.2.1.2 home

12.2.1.2.170415 Patch 25806946 or later

Released April 2017

WebCenter Sites Patch. For availability dates, see "Post Release Patches"

12.2.1.2 home

Patch 25375317
Patch 24908939

Released April 2017

Oracle Stream Analytics Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

3.3.19.1.2 Oracle Fusion Middleware 12.2.1.1

Error Correction information for Oracle Fusion Middleware 12.2.1.1

Patch Information

12.2.1.1

Comments

Final CPU

October 2017

 

On-Request platforms

-

 

Patch Availability for Oracle Fusion Middleware 12.2.1.1

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

12.2.1.1 home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

 Oracle WebLogic Server patch

12.2.1.1 home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

12.2.1.1 home

WCC BP 12.2.1.1.170718 Patch 26328204

CVE-2017-10075, CVE-2017-10040

WebCenter Content Patch

12.2.1.1 home

OBIEE BP 2.2.1.1.170718 Patch 26146804

CVE-2017-10041, CVE-2016-3092, CVE-2017-10156, CVE-2017-10157, CVE-2017-10058

OBIEE Patch
Install prior to Java CPUApr2017 JDK/JRE or later version.

12.2.1.1 home

ODI BP 12.2.1.1.170418 Patch 25683635

Released April 2017

Oracle Data Integrator Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.2.1.1 home

Patch 25375317
Patch 25714997

Released April 2017

Oracle Stream Analytics Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.2.1.1 home

OSB SPU 12.2.1.1.170418 patch 25491960

Released April 2017

OSB patch

12.2.1.1 home

12.2.1.1.170415 Patch 25806943 or later

Released April 2017

WebCenter Sites Patch. For availability dates, see "Post Release Patches"

12.2.1.1 home

SPU Patch 24618613

Released October 2016

Platform Security for Java patch

12.2.1.1 home

SPU Patch 24327938

Released July 2016

Oracle TopLink patch

3.3.19.1.3 Oracle Fusion Middleware 12.1.3.0

Error Correction information for Oracle Fusion Middleware 12.1.3.0

Patch Information

12.1.3.0

Comments

Final CPU

October 2019

 

On-Request platforms

-

 

Patch Availability for Oracle Fusion Middleware 12.1.3.0

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

12.1.3.0.0 home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

Oracle WebLogic Server patch

12.1.3.0.0 home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

12.1.3.0.0 home

OER BP Patch 25184722

CVE-2015-5254, CVE-2017-10048, CVE-2016-0635, CVE-2015-7940, CVE-2015-7501

Oracle Enterprise Repository Patch

12.1.3.0.0 home

EDQ BP 12.1.3.0.1 Patch 24672265

Released April 2017

Enterprise Data Quality patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.1.3.0.0 home

ODI BP 12.1.3.0.170418 Patch 25774021

CVE-2015-7501

Oracle Data Integrator Patch

Install prior to Java CPUApr2017 JDK/JRE or later version.

12.1.3.0.0 home

Patch 25375317

Released April 2017

Oracle Stream Analytics Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.1.3.0.0 home

OSB BP 12.1.3.0.170418 patch 23133629

Released April 2017

OSB patch

12.1.3.0.0 home

BP Patch 24592776

Released October 2016

Platform Security for Java patch

12.1.3.0.0 home

SPU Patch 22557350

Released July 2016

Oracle HTTP Server Patch

12.1.3.0.0 home

SPU Patch 24327938

Released July 2016

Oracle TopLink patch

12.1.3.0.0 home

SPU Patch 21773981

Released October 2015

Oracle ADF Patch

This patch is necessary for any co-located installations where ADF exists

12.1.3.0.0 home

Oracle SOA 12.1.3.0.1 BP Patch 19707784 or later

Released January 2015

SOA Patch

12.1.3.0.0 home

SPU Patch 19485414

Released January 2015

Oracle Security Service (SSL/Network) Patch

12.1.3.0.0 home

See Note 1936300.1

Released October 2014

SSL V3.0 "Poodle" Advisory

 

3.3.19.2 Oracle Forms and Reports 11.1.2.2

Error Correction information for Oracle Forms and Reports 11.1.2.2

Patch Information

11.1.2.2

Comments

Final CPU

October 2018

 

On-Request platforms

-

 

Patch Availability for Oracle Forms and Reports 11.1.2.2

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products

Oracle JRockit 28.x home

See "Oracle JRockit"

See "Oracle JRockit"

 

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1Announcing Oracle WebLogic Server PSUs (Patch Set Updates)

Oracle WebLogic Server Proxy Plug-ins home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

Oracle Forms and Reports 11.1.2.2 home

BP Patch 24486705

Released October 2016

Web Services BP

Oracle Forms and Reports 11.1.2.2 home

DB PSU Patch 22290164 for Unix

DB BP Patch 22607089 for Windows 32-Bit

DB BP Patch 22607090 for Windows x64

Release January 2016

Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only

Oracle Forms and Reports 11.1.2.2 home

SPU Patch 21640624

Released October 2015

Oracle HTTP Server 11.1.1.7 Patch

Oracle Forms and Reports 11.1.2.2 home

SPU Patch 25264940

Released January 2017

Oracle ADF 11.1.1.7 Patch

Oracle Forms and Reports 11.1.2.2 home

SPU Patch 19562319

Released January 2015

Oracle Forms Patch

Oracle Forms and Reports 11.1.2.2 home

SPU Patch 20002141

Released January 2015

Oracle Reports, Developer 11.1.2.2 Patch

Oracle Forms and Reports 11.1.2.2 home

See Note 1936300.1

Released October 2014

SSL V3.0 "Poodle" Advisory

Oracle Forms and Reports 11.1.2.2 home

SPU Patch 18423801

Released July 2014

Oracle Process Management and Notification (OPMN) Patch

See Note 1905314.1New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

Oracle Forms and Reports 11.1.2.2 home

SPU Patch 17617649

Released January 2014

Oracle Help Technologies Patch

Oracle Forms and Reports 11.1.2.2 home

CPU Patch 17337741

Released October 2013

Oracle Security Service (SSL/Network) Patch

Oracle Forms and Reports 11.1.2.2 home

See Note 1608683.1

Released January 2014

Oracle Reports Advisory

3.3.19.3 Oracle Fusion Middleware 11.1.1.9

Error Correction information for Oracle Fusion Middleware 11.1.1.9

Patch Information

11.1.1.9

Comments

Final CPU

October 2021

Oracle Fusion Middleware 11.1.1.9

On-Request platforms

-

 

Patch Availability for Oracle Fusion Middleware 11.1.1.9

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g Products

Oracle JRockit 28.x home

See "Oracle JRockit"

See "Oracle JRockit"

 

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1Announcing Oracle WebLogic Server PSUs (Patch Set Updates)

Oracle WebLogic Server Proxy Plug-ins home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

OSB 11.1.1.9 home

OSB BP 11.1.1.9.170718 patch 25926992

CVE-2017-10119

OSB patch

ODI 11.1.1.9 Home

ODI BP 11.1.1.9.160926 Patch 24675920

CVE-2015-7501

Oracle Data Integrator Patch

Oracle WebCenter 11.1.1.9 home

WCC BP 11.1.1.9.170213 Patch 25475105

Released April 2017

WebCenter Content Patch

OSB 11.1.1.9 home

Patch 24847885

Released April 2017

OSB Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

Oracle FMW 11.1.1.9 ORACLE_COMMON home

JRF BP 11.1.1.9.160905 Patch 23243563 or later

Released January 2017

JRF BP

Oracle Identity Management 11.1.1.9 home

Oracle Web Tier 11.1.1.9 home

BP Patch 24580895

Released October 2016

Web Services BP

Oracle Web Tier 11.1.1.9 home

SPU Patch 21905371

Released January 2016

Web Cache Patch

See Note 2095166.1Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January 2016

Oracle Web Tier 11.1.1.9 home

Identity Management 11.1.1.9 home

DB PSU Patch 22290164 for Unix

DB BP Patch 22607089 for Windows 32-Bit

DB BP Patch 22607090 for Windows x64

Release January 2016

Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only

Oracle Web Tier 11.1.1.9 home

Identity Management 11.1.1.9 home

SPU Patch 23623015

Released July 2016

Oracle HTTP Server 11.1.1.9 Patch

Oracle WebCenter 11.1.1.9 home

Oracle WebCenter Portal BP 11.1.1.9.2 Patch 21354925 or later

Released July 2015

Oracle WebCenter Portal 11.1.1.9 Patch

See Note 2029169.1Changes to Portlet standards request dispatching of Resource Requests

Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home

SPU Patch 22567790

Released in July 2016

FMW Control Patch applies to oracle_common OH for 11.1.1.9.0

 3.3.19.4 Oracle Fusion Middleware 11.1.1.7

Error Correction information for Oracle Fusion Middleware 11.1.1.7

Patch Information

11.1.1.7

Comments

Final CPU

October 2018

Oracle Fusion Middleware 11.1.1.7

See Note 1585582.1Extended Fusion Middleware 11g Lifetime Support Policy Dates, and Note 1290894.1Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)

Oracle Portal, Forms, Reports and Discoverer may have different support dates, Please refer to Lifetime Support document for more details

On-Request platforms

-

 

Patch Availability for Oracle Fusion Middleware 11.1.1.7

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g Products

Oracle JRockit 28.x home

See "Oracle JRockit"

See "Oracle JRockit"

 

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1Announcing Oracle WebLogic Server PSUs (Patch Set Updates)

Oracle WebLogic Server Proxy Plug-ins home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

ODI 11.1.1.7 Home

ODI SPU Patch 24826305

CVE-2015-7501

Oracle Data Integrator Patch

OSB 11.1.1.7 home

Patch 24847885

Released April 2017

OSB Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

Patch 19933795

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

Oracle FMW 11.1.1.7 ORACLE_COMMON home

ODI Patch 25507109

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

FMW 11.1.1.7 ORACLE_COMMON home

Patch 25375317

Released April 2017

Oracle Stream Analytics Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

Oracle FMW 11.1.1.7 ORACLE_COMMON home

JRF BP 11.1.1.7.160905 Patch 23243559 or later

Released January 2017

JRF BP

Oracle Identity Management 11.1.1.7 home

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

BP Patch 24486705

Released October 2016

Web Services BP

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

SPU Patch 24716502

Released October 2016

Oracle Discoverer Patch

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

See Note 2155256.1

Released July 2016

For Oracle Portal 11.1.1.6

Oracle Identity Access Management 11.1.1.7 home

SPU Patch 22218959

Released July 2016

 

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

SPU Patch 22013598

Released January 2016

Web Cache Patch

See Note 2095166.1Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January 2016

Oracle Identity Management 11.1.1.7 home

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

DB PSU Patch 22290164 for Unix

DB BP Patch 22607089 for Windows 32-Bit

DB BP Patch 22607090 for Windows x64

Release January 2016

Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only

Oracle Identity Access Management 11.1.1.7 home

Oracle Identity Manager BP 2 (11.1.1.7.2) Patch 21881425 and OIM OVERLAY SPU 11.1.1.7.161018 Patch 24816127

Overlay SPU: Released October 2016

OIM BP2: Released October 2015

Oracle Identity Manager Patch

Oracle Identity Management 11.1.1.7 home

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

SPU Patch 21640624

Released October 2015

Oracle HTTP Server 11.1.1.7 Patch

Oracle Identity Management 11.1.1.7 home

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

Oracle SOA Suite 11.1.1.7 home

Oracle WebCenter Suite 11.1.1.7 home

SPU Patch 25264940

Released January 2017

Oracle ADF 11.1.1.7 Patch

Oracle Identity Access Management 11.1.1.7 home

Oracle Access Manager BP 5 (11.1.1.7.5) Patch 21033489 or later

Released July 2015

Oracle Access Manager (OAM 11.1.1.7.5) Patch

See Note 1952939.1Oracle Access Manager 11g Logout Confirmation Features and Configuration

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

SPU Patch 19562278

Released January 2015

Oracle Forms 11.1.1.7 Patch

Oracle SOA Suite 11.1.1.7 home

Oracle SOA 11.1.1.7.6 BP Patch 19953598 or later

Released January 2015

SOA Patch.

For CVE-2014-6548, see Note 1962206.1

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

SPU Patch 20002159

Released January 2015

Oracle Reports, Developer 11.1.1.7 Patch

Oracle Identity Access Management 11.1.1.7 home

SPU Patch 20060599

Released January 2015

Oracle Adaptive Access Manager Patch

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

Oracle SOA Suite 11.1.1.7 home

Oracle WebCenter Suite 11.1.1.7 home

See Note 1936300.1

Released October 2014

SSL V3.0 "Poodle" Advisory

Oracle Identity Management 11.1.1.7 home

Oracle Identity Access Management 11.1.1.7 home

SPU Patch 19666962

Released October 2014

Oracle Identity Manager Patch

See Note 1927796.1Instructions For Enabling OIM CPU Bug 17937383 Fix For OIM BPs (11.1.2.1.9 and 11.1.2.2.4 Versions) / Overlay SPU (11.1.1.7 and 11.1.1.5 Versions)

Oracle Identity Management 11.1.1.7 home

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

SPU Patch 18423801

Released July 2014

Oracle Process Management and Notification (OPMN) Patch

See Note 1905314.1New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

Oracle WebCenter 11.1.1.7 home

Overlay SPU Patch 18792010 and 11.1.1.7 BP 1 Patch 16761779

Released July 2014

WebCenter Portal 11.1.1.7 Overlay SPU patch

Oracle Identity Access Management 11.1.1.7 home

See Note 1643382.1

Released April 2014

OAM/WebGate Advisory

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

See Note 1608683.1

Released January 2014

Oracle Reports Advisory

Oracle Identity Management 11.1.1.7 home

CPU Patch 17842883 and

CPU Patch 17839633

Released January 2014

Oracle Internet Directory Patch

Patch 17842883 for HP-UX Itanium, HP-UX PA-RISC (64-bit), Linux x86, Microsoft Windows (32-bit)

Patch 17839633 for Linux x86-64, IBM AIX Based Systems (64-bit), Sun Solaris x86-64 (64-bit), Sun Solaris SPARC (64-bit), Microsoft Windows x64 (64-bit)

See "Oracle Internet Directory (OID) Version 11g Bundle Patch (Including Directory Integration Platform / DIP) / Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers" (Note 1614114.1) for Bundles that include these and other fixes.

Oracle Identity Management 11.1.1.7 home

Oracle Identity Access Management 11.1.1.7 home

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

Oracle SOA Suite 11.1.1.7 home

Oracle WebCenter Suite 11.1.1.7 home

SPU Patch 17617649

Released January 2014

Oracle Help Technologies Patch

Oracle Identity Management 11.1.1.7 home

Oracle Web Tier 11.1.1.7 home

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

CPU Patch 17337741

Released October 2013

Oracle Security Service (SSL/Network) Patch

Oracle WebCenter Content 11.1.1.7 home

BP 2 Patch 17180477 or higher

Released October 2013

 

Oracle Fusion Middleware 11.1.1.7.0 ORACLE_COMMON home

SPU Patch 22567790

Released in July 2016

FMW Control Patch applies to oracle_common OH for 11.1.1.7.0

3.3.19.5 Oracle Identity Access Management 11.1.2.3

Error Correction information for Oracle Identity Access Management 11.1.2.3

Patch Information

11.1.2.3

Comments

Final CPU

-

 

On-Request platforms

-

 

Patch Availability for Oracle Identity Access Management 11.1.2.3

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products

Oracle JRockit 28.x home

See "Oracle JRockit"

See "Oracle JRockit"

 

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)

Oracle WebLogic Server Proxy Plug-ins home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

Oracle Identity Access Management 11.1.1.7 home

Oracle Identity Federation SPU 1 (11.1.1.7.1) Patch 22321057 or later

Released January 2016

Oracle Identity Federation (OIF 11.1.1.7.1) Patch

Oracle Identity Management 11.1.2.3 home

Patch 25348617

Released April 2017

Oracle Identity Manager Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

Oracle Identity Access Management 11.1.2.3 home

Oracle Identity Management Suite BP 11.1.2.3.170418 Patch 25654150

or

Oracle Identity Management BP 11.1.2.3.170418 Patch 25348617

Released April 2017

Oracle Access Manager Patch

Oracle Identity Manager Patch




3.3.20 Oracle Hyperion Analytic Provider Services

Error Correction information for Oracle Hyperion Analytic Provider Services

Patch Information

11.1.2.x

Comments

Final CPU

April 2021

 

Patch Availability for Oracle Hyperion Analytic Provider Services

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 20184072 
SPU 
Patch 20184082

Released October 2015

 

11.1.2.2

SPU Patch 18148649

Released July 2014

 

3.3.21 Oracle Hyperion BI+

Error Correction information for Oracle Hyperion BI+

Patch Information

11.1.2.x

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Hyperion BI+

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 20029854

Released April 2015

 

11.1.2.2

SPU Patch 18659116

Released April 2015

 

3.3.22 Oracle Hyperion Common Admin

Error Correction information for Oracle Hyperion Common Admin

Patch Information

11.1.2.x

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Hyperion Common Admin

Product Home

Patch

Advisory Number

Comments

11.1.2.3

CPU Patch 18672071

Released July 2014

 

11.1.2.2

CPU Patch 18659116

Released July 2014

 

3.3.23 Oracle Hyperion Common Security

Error Correction information for Oracle Hyperion Common Security

Patch Information

11.1.2.x

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Hyperion Common Security

Product Home

Patch

Advisory Number

Comments

11.1.2.4

SPU Patch 20876722

Released July 2015

 

11.1.2.3

SPU Patch 20675028

Released July 2015

 

11.1.2.2

SPU Patch 21052487

Released July 2015

 

3.3.24 Oracle Hyperion EAS

Error Correction information for Oracle Hyperion EAS

Patch Information

11.1.2.x

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Hyperion EAS

Product Home

Patch

Advisory Number

Comments

11.1.2.3

Admin Server Patch 17417347

Admin Console Patch 17417344

Released January 2014

 

11.1.2.2

Admin Server Patch 17277761

Admin Console Patch 17277764

Released January 2014

 

11.1.2.1

Admin Server Patch 17545122

Admin Console Patch 17545124

Released January 2014

 

3.3.25 Oracle Hyperion Enterprise Performance Management Architect

Error Correction information for Oracle Hyperion Enterprise Performance Management Architect

Patch Information

11.1.2.x

Comments

Final CPU

April 2021

 

Patch Availability for Oracle Hyperion Enterprise Performance Management Architect

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 19466859

SPU Patch 20929659

Released July 2015

 

11.1.2.2

SPU On-Request

Released July 2015

 

3.3.26 Oracle Hyperion Essbase

Error Correction information for Oracle Hyperion Essbase

Patch Information

11.1.2.x

Comments

Final CPU

April 2021

 

Patch Availability for Oracle Hyperion Essbase

Product Home

Patch

Advisory Number

Comments

11.1.2.4

11.1.2.4.016 PSU Patch 25511963 (RTC)
11.1.2.4.016 PSU 
Patch 25511968 (Client)
11.1.2.4.016 PSU 
Patch 25511953 (Client MSI)
11.1.2.4.016 PSU 
Patch 25511973 (Server)
11.1.2.4.016 PSU 
Patch 25511937 (Analytics)
11.1.2.4.016 PSU 
Patch 25225889 (Studio Server)
11.1.2.4.016 PSU 
Patch 25225885 (Studio Console
11.1.2.4.016 PSU 
Patch 24816731 (Admin Server)
11.1.2.4.016 PSU 
Patch 24816727 (Admin console)

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

11.1.2.3

11.1.2.3.508 PSU Patch 22347375 (RTC)
11.1.2.3.508 PSU 
Patch 22347367 (Client)
11.1.2.3.508 PSU 
Patch 22314799 (Server)

Released April 2017

 

11.1.2.2

Upgrade to Hyperion Essbase 11.1.2.3, then apply the patches listed above

Released July 2015

 

3.3.27 Oracle Hyperion Financial Reporting

Error Correction information for Oracle Hyperion Financial Reporting

Patch Information

11.1.2.4

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Hyperion Financial Reporting

Product Home

Patch

Advisory Number

Comments

Oracle Hyperion Financial Reporting 11.1.2.4

SPU Patch 23557946

Released July 2016

 

3.3.28 Oracle Hyperion Installation Technology

Error Correction information for Oracle Hyperion Installation Technology

Patch Information

11.1.2.x

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Hyperion Installation Technology

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 17424524

Released October 2015

 

3.3.29 Oracle Hyperion Smart View For Office

Error Correction information for Oracle Hyperion Smart View For Office

Patch Information

11.1.2.x

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Hyperion Smart View For Office

Product Home

Patch

Advisory Number

Comments

11.1.2.x

SPU Patch 20327649

Released April 2015

 

3.3.30 Oracle Hyperion Strategic Finance

Error Correction information for Oracle Hyperion Strategic Finance

Patch Information

11.1.2.x

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Hyperion Strategic Finance

Product Home

Patch

Advisory Number

Comments

11.1.2.2

CPU Patch 14593946

Released April 2014

 

11.1.2.1

CPU Patch 17636270

Released April 2014

 

3.3.31 Oracle Identity Access Management

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Identity Access Management installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Identity Access Management

Product Home

Patches

Comments

Oracle Identity Access Management 11.1.2.3 home

See "Oracle Identity Access Management 11.1.2.3"

 

Oracle Identity Access Management 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

3.3.32 Oracle Identity Analytics

Error Correction Information for Oracle Identity Analytics

Patch Information

11.1.1.5.0

Comments

Final CPU

October 2017

 

Patch Availability for Oracle Identity Analytics

Product Home

Patch

Advisory Number

Comments

11.1.1.5.0

Patch 25155306

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

3.3.33 Oracle Identity Management

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Identity Management installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Identity Management

Product Home

Patches

Comments

Oracle Identity Management 11.1.1.9 home

See Section "Oracle Fusion Middleware 11.1.1.9"

 

3.3.34 Oracle JDeveloper and Oracle ADF

Error Correction information for Oracle JDeveloper and Oracle ADF

Patch Information

12.2.1.0

12.1.3.0

11.1.2.4

11.1.1.7

Comments

Final CPU

-

-

October 2021

October 2018

 

Critical Patch Update Availability for Oracle JDeveloper and Oracle ADF

Release

Patch

Advisory Number

Comments

12.2.1.2.0

ADF BP 12.2.1.2.170117 Patch 23622699

Released January 2017

 

12.2.1.1.0

ADF BP 12.2.1.1.170418 Patch 25639913

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

12.2.1.0.0

ADF BP 12.2.1.0.170418 Patch 25637372

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

For availability dates, see "
Post Release Patches"

12.1.3.0.0

ADF BP 12.1.3.0.170418 Patch 25635721

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

For availability dates, see "
Post Release Patches"

11.1.2.4.0

SPU Patch 24730407

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

11.1.1.9.0

SPU Patch 25245227

Released January 2017

 

11.1.1.7.0

SPU Patch 25264940

Released January 2017

 

Oracle JDeveloper 11.1.7.0.0 home

Oracle ADF 11.1.7.0 home

SPU Patch 17617649

Released January 2014

Oracle Help Technology Patch

3.3.35 Oracle JRockit

Critical Patch Update Availability for Oracle JRockit



Oracle JRockit R28.3.13 includes fixes for all security advisories that have been released through CPUjan2017.

Product

Patch

Advisory Number

Comments

Oracle JRockit JRE and JDK 6

R28.3.13 Patch 25061582

Released January 2017

 

3.3.36 Oracle Map Viewer

Error Correction information for Oracle Map Viewer

Patch Information

12.2.1.1

11.1.1.9

Comments

Final CPU

October 2017

October 2021

 

Patch Availability for Oracle Map Viewer

Product Home

Patch

Advisory Number

Comments

12.2.1.2

Patch 25779681

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

12.2.1.1

BP Patch 25451397
Patch 25779583

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

12.1.3

Patch 25506781

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

11.1.1.9

BP Patch 25451337

Released April 2017

 

3.3.37 Oracle Mobile Security Suite

Error Correction information for Oracle Mobile Security Suite

Patch Information

11.1.2.3

3.0.5

Comments

Final CPU

-

July 2016

 

Patch Availability for Oracle Mobile Security Suite

Product Home

Patch

Advisory Number

Comments

3.0.5

CPU Patch 21639665

Released October 2015

 

3.3.38 Oracle Outside In Technology

Error Correction information for Oracle Outside In Technology

Patch Information

8.5.3

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Outside In Technology

Product Home

Patch

Advisory Number

Comments

Oracle Outside In Technology 8.5.3

BP 8.5.3.57 Patch 26438252

CVE-2017-10141, CVE-2017-10196

 

3.3.39 Oracle Portal, Forms, Reports, and Discoverer 11g Release 1

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Portal, Forms, Reports, and Discoverer 11g Release 1 installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Portal, Forms, Reports, and Discoverer 11g Release 1

Product Home

Patches

Comments

Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home

See Section "Oracle Fusion Middleware 11.1.1.7"

 

3.3.40 Oracle Real Time Decisions Server

Error Correction information for Oracle Real Time Decisions Server

Patch Information

11.1.1.7

Comments

Final CPU

October 2018

 

Patch Availability for Oracle Real Time Decisions Server

Product Home

Patch

Advisory Number

Comments

Oracle Real Time Decisions Server 11.1.1.7.0 home

BP 11.1.1.7.150120 Patch 19823874

Released January 2015

 

3.3.41 Oracle Secure Enterprise Search

Error Correction information for Oracle Secure Enterprise Search

Patch Information

11.2.2.2

Comments

Final CPU

January 2018

 

Patch Availability for Oracle Secure Enterprise Search

Product Home

Patch

Advisory Number

Comments

SES 11.2.2.2

SES BP Patch 23138553

CVE-2015-7940

 

3.3.42 Oracle Service Architecture Leveraging Tuxedo (SALT)

Error Correction information for Oracle Service Architecture Leveraging Tuxedo (SALT)

Patch Information

11.1.1.2.2

Comments

Final CPU

April 2018

 

Patch Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)

Product Home

Patch

Advisory Number

Comments

Oracle Service Architecture Leveraging Tuxedo (SALT) 11.1.1.2.2 home

Patch 20014357

Released October 2015

 

3.3.43 Oracle SOA Suite

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle SOA Suite installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle SOA Suite

Product Home

Patches

Comments

Oracle SOA Suite 12c home

See "Oracle Fusion Middleware 12c"

 

Oracle SOA Suite 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

Oracle SOA Suite 11.1.1.7 home

See "Oracle Fusion Middleware 11.1.1.7"

 

3.3.44 Oracle Traffic Director

Error Correction information for Oracle Traffic Director

Patch Information

11.1.1.9

11.1.1.7

Comments

Final CPU

October 2021

October 2018

 

Patch Availability for Oracle Traffic Director

Product Home

Patch

Advisory Number

Comments

11.1.1.9

SPU Patch 24794531

CVE-2016-2834

 

11.1.1.7

SPU Patch 25329806

CVE-2016-2834

 

3.3.45 Oracle Tuxedo

Error Correction information for Oracle Tuxedo

Patch Information

12.1.1.0

Comments

Final CPU

July 2020

 

Patch Availability for Oracle Tuxedo

Product Home

Patches

Advisory Number

Comments

12.1.1.0

SPU Patch 25707009 Microsoft Windows x64 (64-bit) patch with VS2010
SPU 
Patch 25706818 All Other Platforms

CVE-2017-3732

 

3.3.46 Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Error Correction Information for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Patch Information

12.2.2

12.1.3

12.1.1.1

11.1.1.2.2

11.1.1.2.1

11.1.1.2.0

Comments

Final CPU

 

April 2024April 2022July 2020April 2018April 2018April 2018 

Patch Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Product Home

Patches

Advisory Number

Comments

TSAM Plus 12.2.2

RP002 Patch 25389632

CVE-2016-0635

 

TSAM Plus 12.1.3

RP016 Patch 23554431 Winx64 w/ MSVS 2012
RP016 
Patch 19784041 All other platforms

CVE-2016-0635, CVE-2015-7501

 

TSAM Plus 12.1.1.1

RP025 Patch 23707307

CVE-2016-0635, CVE-2015-7501

 

TSAM 11.1.1.2.2

RP018 Patch 23713567

CVE-2016-0635, CVE-2015-7501

 

TSAM 11.1.1.2.1

RP004 Patch 23707516

CVE-2016-0635, CVE-2015-7501

 

TSAM 11.1.1.2.0

RP003 Patch 23639278

CVE-2016-0635, CVE-2015-7501

 

3.3.47 Oracle Waveset

Error Correction information for Oracle Waveset

Patch Information

8.1.1.0

Comments

Final CPU

October 2017

 

Patch Availability for Oracle Waveset

Product Home

Patch

Advisory Number

Comments

8.1.1.0

Patch 24948332

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

8.1.1.0

Oracle Waveset 8.1.1.10 BP Patch 19428350

Released January 2015

 

3.3.48 Oracle Web-Tier 11g Utilities

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Web-Tier 11g Utilities installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Web-Tier 11g Utilities

Product Home

Patches

Comments

FMW 12c home

See "Oracle Fusion Middleware 12c"

 

Oracle Web-Tier 11g Utilities 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

Oracle Web-Tier 11g Utilities 11.1.1.7 home

See "Oracle Fusion Middleware 11.1.1.7"

 

3.3.49 Oracle WebCenter

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle WebCenter

Product Home

Patches

Comments

FMW 12c home

See "Oracle Fusion Middleware 12c"

 

Oracle WebCenter 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

3.3.50 Oracle WebCenter Content (Formerly Oracle Universal Content Management)

Patch Availability for Oracle WebCenter Content

Component

Patch

Advisory Number

Comments

Oracle WebCenter Content 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

See "Oracle Fusion Middleware 11.1.1.9"

 

Oracle WebCenter Content 11.1.1.8 home

See "Oracle WebCenter 11.1.1.8"

See "Oracle WebCenter 11.1.1.8"

 

3.3.51 Oracle WebCenter Portal

Error Correction information for Oracle WebCenter Portal

Patch Information

11.1.1.9

Comments

Final CPU

-

 

Patch Availability for Oracle WebCenter Portal

Product Home

Patches

Comments

Oracle WebCenter 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

3.3.52 Oracle WebCenter Sites (Formerly FatWire Content Server)

Error Correction information for Oracle WebCenter Sites (formerly FatWire Content Server)

Patch Information

12.2.1.0.0

11.1.1.8

Comments

Final CPU

-

 

 

Patch Availability for Oracle WebCenter Sites

Product Home

Patch

Advisory Number

Comments

12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

11.1.1.8 home

11.1.1.8.0 Patch 17 Patch 25883419 or later

Released April 2017

For availability dates, see "Post Release Patches"

3.3.53 Oracle WebCenter Sites Community

Error Correction information for Oracle WebCenter Sites Community

Patch Information

11.1.1.8

Comments

Final CPU

-

 

Patch Availability for Oracle WebCenter Sites Community

Product Home

Patch

Advisory Number

Comments

11.1.1.8 home

11.1.1.8.0 Patch 5 Patch 21314921 or later

Released October 2015

See "Oracle WebCenter 11.1.1.8"

3.3.54 Oracle WebCenter Suite

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter Suite installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle WebCenter Suite

Product Home

Patches

Comments

Oracle WebCenter Suite 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

Oracle WebCenter Suite 11.1.1.7 home

See "Oracle Fusion Middleware 11.1.1.7"

 

 

3.3.55 Oracle WebGate

Error Correction information for Oracle WebGate

Patch Information

10.1.4.3.0

Comments

Final CPU

October 2018

For Oracle Access Manager 10g WebGates / ASDK working with Oracle Access Manager 11gR1 (11.1.1.x) and Oracle Access Manager 11gR2 (11.1.2.x)

On-Request platforms

Platform and Server combinations that are historically inactive for patching are available on-request. If the patch is not available for a particular platform, see Section 1.3, "On-Request Patches" on how to request them.

Post-Release on-Request patches will be documented on My Oracle Support Note 1563072.1

 Patch Availability for Oracle WebGate

 See also the underlying product stack tables for any applicable patches. Refer to comments section and apply the patch to the respective product home.

Oracle WebGate

Patch

Advisory Number

Comments

10.1.4.3.0 home

OAM 10.1.4.3.13-PIT28 or later


Patch 23761275 - OAM 10gR3 Access Server


Patch 23762129 - OAM 10gR3 Identity Server


Patch 24303301 - OAM Policy Manager 10gR3 OHS 11g


Patch 23742474 - OAM WebGate 10gR3 OHS 11g


Patch 23742706 - OAM WebGate 10gR3 Apache 2.2

Released July 2016

Post-Release on-Request patches will be documented on My Oracle Support Note 1563072.1

3.3.56 Oracle WebLogic Portal

Error Correction information for Oracle WebLogic Portal

Patch Information

10.3.6.0

Comments

Final CPU

October 2021

 

Critical Patch Update Availability for WebLogic Portal

See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

WebLogic Portal patches are cumulative to include all the prior published advisories. For more information, see My Oracle Support Note 1355929.1October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session ID and SSL Filters.

WebLogic Portal 9.2.3.0 is bundled with WebLogic Server 9.2.3.0, which is out of error correction. Contact Oracle support for security patches needed for WebLogic Server 9.2.3.0

Product Home

Patch

Advisory Number

Comments

10.3.6.0

SPU Patch 21871537

Released January 2016

WebLogic Portal Patch for WebLogic Portal 10.3.6.0 home

3.3.57 Oracle WebLogic Server

Error Correction information for Oracle WebLogic Server Patch Set Update

Patch Information

12.2.1.1.0

12.1.3.0

10.3.6.0

Comments

Final CPU

October 2017

October 2019

October 2021

 

Patch Set Update Availability for Oracle WebLogic Server

For more information, see MyOracleSupport Note 1470197.1Master Note on WebLogic Server Patch Set Updates (PSUs). See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)

Product Home

Patch

Advisory Number

Comments

Oracle Java SE home

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 2253297.1, Critical Patch Update April 2017 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g Products

Oracle JRockit 28.x home

See "Oracle JRockit"

See "Oracle JRockit"

 

Oracle WebLogic Server Plug-ins home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

WebLogic Server 12.2.1.2 home

WLS PSU 12.2.1.2.170718 Patch 25871788

CVE-2013-2027, CVE-2017-10063, CVE-2017-10147, CVE-2017-10148, CVE-2017-10178, CVE-2017-5638

Fix for CVE-2017-5638 is not included in the WLS PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version 2.3.32 for WebLogic Code Example"

WebLogic Server 12.2.1.1 home

WLS PSU 12.2.1.1.170718 Patch 25961827

CVE-2013-2027, CVE-2017-10063, CVE-2017-10147, CVE-2017-10148, CVE-2017-10178, CVE-2017-5638

Fix for CVE-2017-5638 is not included in the WLS PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version 2.3.32 for WebLogic Code Example"

WebLogic Server 12.1.3.0 home

WLS PSU 12.1.3.0.170718 Patch 25869659

CVE-2013-2027, CVE-2017-10063, CVE-2017-10147, CVE-2017-10148, CVE-2017-10178, CVE-2017-5638, CVE-2017-10137, CVE-2017-10123

Fix for CVE-2017-5638 is not included in the WLS PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version 2.3.32 for WebLogic Code Example"

WebLogic Server 10.3.6.0 home

WLS PSU 10.3.6.0.170718 Patch 25869650

CVE-2013-2027, CVE-2017-10063, CVE-2017-10147, CVE-2017-10148, CVE-2017-10178, CVE-2017-5638, CVE-2017-10137

See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher

Fix for CVE-2017-5638 is not included in the WLS PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version 2.3.32 for WebLogic Code Example"

WebLogic Server 12.2.1.1 home

WebLogic Server 12.2.1.0 home

WebLogic Server 12.1.3.0 home

SPU Patch 24327938

Released July 2016

TopLink JPA-RS patch

WebLogic Server 12.1.3.0 home

WebLogic Server 12.1.2.0 home

WebLogic Server 12.1.1.0 home

WebLogic Server 10.3.6.0 home

See Note 1936300.1

Released October 2014

SSL V3.0 "Poodle" Advisory

3.3.58 Oracle WebLogic Server Plug-ins

Critical Patch Update Availability for Oracle WebLogic Server Plug-ins

The available patches for Oracle WebLogic Server Plug-ins (Oracle HTTP Server/Apache/IIS/iPlanet).

The WebLogic plug-ins include all cumulative bug fixes and thus include fixes for all previously released advisories. For more information, see My Oracle Support Note 1111903.1.

Product Home

Patch

Advisory Number

Comments

WLS Plugin 12c (12.1.2.0)

SPU Patch 18423842

SPU Patch 18603723

SPU Patch 18603725

SPU Patch 18603728

Released July 2014

WLS Plug-in for Oracle HTTP Server (mod_wl_ohs)

WLS Plug-in for Apache (mod_wl)

WLS Plug-in for NSAPI (iPlanet)

WLS Plug-in for ISAPI (Microsoft IIS)

WLS Plugin 1.1 (11.1.1.7)

SPU Patch 18423831

SPU Patch 18603703

SPU Patch 18603707

SPU Patch 18603714

Released July 2014

WLS Plug-in for Oracle HTTP Server (mod_wl_ohs)

WLS Plug-in for Apache (mod_wl)

WLS Plug-in for NSAPI (iPlanet)

WLS Plug-in for ISAPI (Microsoft IIS)

WLS Plugin 1.0 (10.3.4 and older)

CPU Patch 11845433

Released April 2011

See Note 1111903.1WebLogic Server Web Server Plug-In Support

3.4 Oracle Sun Middleware

This section contains the following:

3.4.1 Directory Server Enterprise Edition

Error Correction information for Directory Server Enterprise Edition

Patch Information

7.0

Comments

Final CPU

October 2017

 

Patch Availability for Directory Server Enterprise Edition

Product Home

Patch

Advisory Number

Comments

7.0

Upgrade to Directory Server Enterprise Edition 11.1.1.7, then apply the patches listed above

Released October 2015

For CVE-2014-3566, see SSL V3.0 "Poodle" Vulnerability, at http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html

See Note 1373397.1 for Oracle DSEE New Bundle Patch Process

3.4.2 iPlanet Web Server

Error Correction information for iPlanet Web Server

Patch Information

7.0

Comments

Final CPU

January 2018

 

Patch Availability for iPlanet Web Server

Product Home

Patch

Advisory Number

Comments

7.0

BP 7.0.26.0.170418 Patch 25542055

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

3.4.3 Oracle GlassFish Communications Server

Error Correction information for Oracle GlassFish Communications Server

Patch Information

2.0

Comments

Final CPU

October 2017

 

Patch Availability for Oracle GlassFish Communications Server

Product Home

Patch

Advisory Number

Comments

Oracle GlassFish Communications Server 2.0

Linux x86: 143477-19

Linux x86-64: 143478-19

Solaris x86 and x86-64: 143476-07

Solaris SPARC 32 and 64 bit: 143475-16

Released July 2015

 

3.4.4 Oracle GlassFish Server

Error Correction information for Oracle GlassFish Server

Patch Information

3.1.2

3.0.1

Comments

Final CPU

January 2019

October 2017

 

Patch Availability for Oracle GlassFish Server

Product Home

Patch

Advisory Number

Comments

Oracle GlassFish Server 3.1.2

Patch 25650533

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

Oracle GlassFish Server 3.1.2

BP 3.1.2.17 (Closed Network) Patch 25695307 or later

BP 3.1.2.17 (Full Profile) 
Patch 25695317 or later

BP 3.1.2.17 (Web Profile) 
Patch 25695310 or later

Released April 2017

 

Oracle GlassFish Server 3.0.1

BP 3.0.1.16

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

3.4.5 Oracle OpenSSO Agents

On-Request information for Oracle OpenSSO Server Platforms

Apache Web Server 2.0.5x

Apache Web Server 2.2

iPlanet Web Server 7.0

Domino 8.5.2

IIS 6

IIS 7/7.5

iPlanet Web Proxy Server 4.0

Comments

Solaris SPARC 9/10 (32/64 bit)

Solaris x86 9/10 (32/64 bit)

Windows 2003 (32 bit)

Windows 2008 (32 bit)

Linux RHEL 4.0/5.0 (32/64 bit)

Linux Debian/GNU 4.x (32/64 bit)

Linux SUSE 9.x (32/64 bit)

Linux Ubantu 8.x (32/64 bit)

AIX 5.x/6.1

HPUX 11iv2

Solaris SPARC 9/10 (32 bit)

Solaris x86 9/10 (32/64 bit)

Windows 2008 (32 bit)

Linux Debian/GNU 4.x (32/64 bit)

Linux SUSE 9.x (32/64 bit)

Linux Ubantu 8.x (32/64 bit)

AIX 5.x/6.1HPUX 11iv2

Solaris SPARC 9/10 (32 bit)

Solaris x86 9/10 (32 bit)

Windows 2003 (32 bit)

Linux RHEL 4.0/5.0 (32 bit)

Linux SUSE 10.3/11.1 (64 bit)

Solaris SPARC 10 (32 bit)

Windows 2003 (32 bit)

Windows 2008 (32 bit)

Linux RHEL 5.5 (32/64 bit)

NA

NA

Solaris SPARC 9/10 (32 bit)

Solaris x86 9/10 (32 bit)

Windows 2003 (32 bit)

Linux RHEL 4.0/5.0 (32 bit)

Linux Sue 10.3/11.1 (64 bit)

 

Error Correction information for Oracle OpenSSO Agents

Patch Information

3.0

Comments

Final CPU

October 2017

 

Patch Availability for Oracle OpenSSO Agents

Product Home

Patch

Advisory Number

Comments

Oracle OpenSSO Agent 3.0 home

BP 3.0.0.8 Patch 25544365

CVE-2016-2834

Apache HTTP Server 2.2.X Patch

Oracle OpenSSO Agent 3.0 home

BP 3.0.0.8 Patch 25544471

CVE-2016-2834

Sun Java System Web Server 7.0

Oracle OpenSSO Agent 3.0 home

BP 3.0.0.8 Patch 25546746

CVE-2016-2834

IIS 7 Patch

Oracle OpenSSO Agent 3.0 home

BP 3.0.0.8 Patch 25546774

CVE-2016-2834

IBM Lotus Domino Server 8.5 Patch

3.4.6 Sun Role Manager

Error Correction information for Sun Role Manager

Patch Information

5.0.3.2

Comments

Final CPU

October 2017

 

On-Request platforms

 

 

Patch Availability for Sun Role Manager

See also the underlying product stack tables for any applicable patches. Refer to comments section and apply the patch to the respective product home.

Oracle Sun Role Manager

Patch

Advisory Number

Comments

Sun Role Manager 5.0.3.3 home

BP 3 Patch 18175969 or higher

Released April 2014

 

3.5 Tools

This section contains the following:

3.5.1 Oracle OPatch

Minimum Product Requirements for Oracle OPatch

The CPU security vulnerabilities are fixed in the listed release and later releases. The Oracle OPatch downloads can be found at Patch 6880880.

Component

Release

Advisory Number

Comments

Oracle OPatch

1.0.0.0.64

Announced July 2011

 

 

4 Final CPU History

Final CPU History

The Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. For more information, see My Oracle Support Note 209768.1Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.

Release

Final CPUs

Comments

April 2017

Oracle TimesTen 11.2.1.x
Oracle Business Intelligence Enterprise Edition 12.2.1.0.0
Business Intelligence Publisher 12.2.1.0.0
Oracle Fusion Middleware 12.2.1.0
Oracle Fusion Middleware 10.1.3.5
Oracle Identity Management Connector 9.1.0.4
Oracle JDeveloper and Oracle ADF 10.1.3.5
Oracle WebLogic Server 12.2.1.0.0
Directory Server Enterprise Edition 11.1.1.7

 

January 2017

Oracle Business Process Management 10.3.2
Oracle Data Service Integrator 10.3.0
Oracle Outside In Technology 8.5.2
Oracle Service Architecture Leveraging Tuxedo (SALT) 10.3
Oracle WebCenter Interaction 10.3.3.0
Oracle WebLogic Integration 10.3.1.0
iPlanet Web Server 7.0
iPlanet Web Proxy Server 4.0
Oracle GlassFish Server 2.1.1

 

October 2016

Oracle Access Manager 10gR3 (10.1.4.x)
Oracle Access Manager 10g WebGates / ASDK working with OAM 10gR3 (10.1.4.x)
Oracle WebLogic Server Proxy Plug-In 10gR3 (formerly known as WebLogic Server Proxy Plug-In 1.0)
Oracle Outside In Technology 8.5.1
Oracle Audit Vault 10.3
Oracle Secure Backup 10.4.x

 

July 2016

Oracle Outside In Technology 8.5.0
Oracle Mobile Security Suite 3.0.5
Oracle Database 12.1.0.1 (See MOS 
Note 742060.1)

 

April 2016

AquaLogic Data Services Platform 3.2
AquaLogic Data Services Platform 3.0.1
Oracle Business Intelligence Enterprise Edition 11.1.1.7
Oracle Endeca Information Discovery 2.3
Oracle Endeca Information Discovery 2.2.2 (Formerly Latitude)
Oracle Enterprise Manager Cloud Control 12.1.0.4
Oracle Fusion Middleware 12.1.2.0
Oracle Identity Access Management 11.1.2.2
Oracle Tuxedo 11.1.1
Oracle WebCenter 11.1.1.8
Oracle WebCenter Portal 11.1.1.8
Oracle WebCenter Sites 7.6.2

 

January 2016

Oracle Real Time Decisions Server 3.0.0.1
Oracle WebCenter Interaction 6.5.1

 

July 2015

Oracle API Gateway 11.1.2.2.0
Oracle Business Intelligence EE and Publisher 10.1.3.4.2
Oracle Communications Converged Application Server 4.0
Oracle Database 11.2.0.3
Oracle Database 11.1.0.7
Oracle Fusion Middleware 12.1.1.0.0
Oracle Identity and Access Management 11.1.1.5.0
Oracle iPlanet Web Server 6.1.x
Oracle iPlanet Web Server (Java System Web Server 6.1.x)
Oracle WebLogic Server 12.1.1.0

 

5 Sources of Additional Information

The following documents provide additional information about Critical Patch Updates:

  • My Oracle Support Note 756671.1Master Note for Database Proactive Patch Program
  • My Oracle Support Note 822485.1Master Note for Enterprise Manager Proactive Patch Program
  • My Oracle Support Note 1494151.1Master Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs)
  • My Oracle Support Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy

 

6 Modification History

Modification History

Date

Modification

18 July 2017

Released

18 July 2017

added 3 rows to table 2.2, fixed capitalization, corrected platform column

18 July 2017

modified row = 26204212 in table of section table 2.2

19 July 2017

corrected table formating in section 3.3.45 and 3.3.46

19 July 2017

corrected version number for patch 26182467 in section 3.1.4.2
corrected patch number for Windows DB Bundle Patch 12.1.0.2.170718 in section 2.2
corrected patch number for OJVM Component Windows BP 12.1.0.2.170718 in section 2.2
corrected patch number for the WLS PSU 12.2.1.1.170718 in section 3.3.57

21 July 2017

changed CPUApr2017 to CPUJul2017 in 3 places in the table for 11.2.0.4 Database
Added info for CVE-2017-5638, and 
Note 2255054.1 into section 3.3.57, 2nd table
Added ref to 
Note 1607170.1 into section 3.3.57, 2nd table
corrected table formatting problem in section 4

26 July 2017

updated availability dates in section 2.2

09 August 2017

updated availability dates in section 2.2

11 August 2017

updated Aug 11 dates to Aug 18 in section 2.2
corrected Apr2017 references to Jul2017 in sections 3.1.4.3 and 3.1.4.4

14 August 2017

added section 2.2 data for Patch 26031106 and Patch 26440253

23 August 2017

Updated availability dates in section 2.2

25 August 2017

Changed "Patch 26031106" to "Patch 26031106 [superseded by Patch 26635256]" for clarity, throughout the document.
Changed "Patch 26440253" to "Patch 26440253 [superseded by Patch 26635229]" for clarity, throughout the document.
Changed "Patch 26031022" to "Patch 26031022 [superseded by Patch 26568963]" for clarity, throughout the document.

10 October 2017

Removed last two ETA entries from table in section 2.2

27-October-2017

Patch 25604440 changed to Patch 19933795 in section 3.3.19.4

8-November-2017

Updated title for Note 1614114.1

21-May-2018

Updated Note number 1984662.1 to number 2400141.1 in section 3.2.3

 

7 Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

 


Patch Set Update and Critical Patch Update Availability Document July 2016

Copyright ) 2016, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.