微信公众号:云库管 www.yunDBA.com

北京云库管科技有限公司（内部培训资料）返回上级


		Patch Set Update and Critical Patch Update October 2016 Availability Document (Doc ID 2171485.1)

PURPOSE

This document defines the patches and minimum releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates released on October 18, 2016.

DETAILS

Patch Set Update and Critical Patch Update Availability Document October 2016

My Oracle Support Note 2171485.1

Released October 18, 2016

This document contains the following sections:

Patch Set Update and Critical Patch Update Availability Document October 2016

1 Overview

2 What's New in October 2016

3 Patch Availability for Oracle Products

1 Overview

Oracle provides quarterly Security Patch Updates (SPU) to address security vulnerabilities, and Patch Set Updates (PSU) to address proactive, critical fixes and security vulnerabilities. The security vulnerabilities addressed are announced in the Advisory for October 2016, available at:

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

This document lists the Oracle Database, Fusion Middleware and Enterprise Manager SPU and PSU patches for product releases under error correction. The October 2016 release supersedes earlier Critical Patch Updates and Patch Set Updates for the same product releases. This document is subject to continual update after the initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to ensure you have the latest version.

This section contains the following:

· Section 1.1 "How To Use This Document"

· Section 1.2 "Terminology in the Tables"

· Section 1.3 "On-Request Patches"

· Section 1.4 "CPU Program and My Oracle Support Patch Recommendations"

· Section 1.5 "Oracle Database Patching - SPU vs PSU/BP"

· Section 1.6 "Pro-Active Replacement Interim Patches For Conflicts With Critical Patch Update Program Patches (PSUs and Bundles)"

· Section 1.7 "My Oracle Support (MOS) Conflict Checker Tool"

1.1 How To Use This Document

The following steps explain how to use this document.

Step 1 Assess your Environments

Determine the Oracle product suites and products and their release numbers for each of your environments.

Step 2 Read Important Announcements

Review "What's New in October 2016," as it lists documentation and packaging changes along with important announcements such as upcoming final patches.

Step 3 Determine Patches to be Applied

For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 11.1.0.7, Oracle Identity Access Management 11.1.1.5, and Enterprise Manager Grid Control 10.2.0.5

· The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite

· The patches are listed in the order released, with newest patches listed first

· For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes

· The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final Patch History" and contact Oracle Support for further assistance

· Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

· When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."

Step 4 Apply the Patches

Download the patches, review the READMEs, and apply the patches according to the instructions.

Step 5 Planning for Future Critical Patch Updates

To help you plan for future Critical Patch Updates, this document includes final patch information based on Oracle's Lifetime Support Policy and error correction policies.

"Final Patch Information (Error Correction Policies)" in "What's New in October 2016," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU patch for the product. Products that have reached the end of error correction are documented in "Final Patch History."

1.2 Terminology in the Tables

The following terminology is used in this patch availability document and in the subsequent tables.

· BP Bundle Patch. An iterative, cumulative patch that is issued between patch sets. Bundle patches usually include only fixes, but some products may include minor enhancements.

· CPU Critical Patch Update patch. Prior to October 2012, Security Patch Update (SPU) patches were called Critical Patch Update (CPU) patches. For patches that were previously released as CPU patches, this Patch Availability Document will continue to reference them as CPUs.

· Final Patch is the last quarterly cycle until when patches will be provided as per the Premier Support or Extended Support policies. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html.

· NA Not Applicable.

· OR On-Request. The patch is made available through the On-Request program.

· PSU Patch Set Update. An iterative, cumulative patch that contains both security fixes and non-security critical fixes that are high-value and low-risk.

· SPU Security Patch Update. An iterative, cumulative patch consisting of security fixes. Formerly known as a Critical Patch Update. Note that Oracle's program for quarterly release of security fixes continues to be called the Critical Patch Update. Patches released as part of this program may be Patch Set Updates, Security Patch Updates, and Bundle Patches. Regardless of the patch type, the patches are cumulative.

· Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

1.3 On-Request Patches

Oracle does not release proactive patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

The following guidelines describe how to initiate an on-request (OR) patch.

A request may be made:

· At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.

· As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.

· For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUJul2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

1.4 CPU Program and My Oracle Support Patch Recommendations

My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

1.5 Oracle Database Patching - SPU vs PSU/BP

The Database Security Patch Updates (SPU) and Patch Set Updates (PSU) / Bundle Patches (BP) that are released each quarter contain the same security fixes. However, they use different patching mechanisms, and PSU/BP include both security and critical fixes.

For more information on Database Patch Delivery Methods see My Oracle Support Note 1962125.1, Oracle Database - Overview of Database Patch Delivery Methods.

NOTE: Applying a SPU on an installation with an installed PSU/BP is not supported

1.6 Pro-Active Replacement Interim Patches For Conflicts With Critical Patch Update Program Patches (PSUs and Bundles)

Oracle produces new pro-active patches every quarter as part of the Critical Patch Update program. On Unix platforms, these pro-active patches or bundles may conflict with already installed interim patches. In order to allow such conflicts to be resolved quickly, Oracle pro-actively produces new interim patches for existing patches that would cause conflicts. Replacement patches are made available on the same date that the Database Patch Set Update or Bundle is released.

For more information, see My Oracle Support Note 1998563.1 Pro-Active Replacement Interim Patches For Conflicts With Critical Patch Update Program Patches (PSUs and Bundles).

1.7 My Oracle Support (MOS) Conflict Checker Tool

The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

For more information and a demonstration video, see Knowledge Document Note 1091294.1, How to use the My Oracle Support Conflict Checker Tool.

2 What's New in October 2016

This section describes important changes in October 2016:

· Section 2.1 Database patch for Engineered Systems and Database In-Memory 12.1.0.2 renamed to "Proactive Bundle Patch 12.1.0.2"

· Section 2.2 "Change to Bundle Patch Numbering"

· Section 2.3 "Final Patch Information (Error Correction Policies)"

· Section 2.4 "Changes to Database READMEs"

· Section 2.5 "Post Release Patches"

Section 2.6 "Behavior Changes starting in OPatch 12.2.0.1.5 and 11.2.0.3.14 releases"

2.1 Database patch for Engineered Systems and Database In-Memory 12.1.0.2 renamed to "Proactive Bundle Patch 12.1.0.2"

Starting from Apr2016 onwards the prior Database Bundle that was called "Database patch for Engineered Systems and Database In-Memory 12.1.0.2" will now be called "Proactive Bundle Patch 12.1.0.2". This patch will continue be a cummulative patch and will include all prior fixes. The Apr2016 Proactive BP can also be applied on top the Jan2016 "Database patch for Engineered Systems and Database In-Memory 12.1.0.2".

2.2 Change to Bundle Patch Numbering

As of November 2015, the version numbering for new Bundle Patches, Patch Set Updates, and Security Patch Updates for Oracle Database, Enterprise Manager and Middleware products have a new format. This new format replaces the numeric 5th digit of the bundle version with a release date in the form YYMMDD:

· YY is the last 2 digits of the year

· MM is the numeric month (2 digits)

· DD is the numeric day of the month (2 digits)

Note that the release date is the release date of the main bundle, PSU, or SPU.

Some bundles may continue to use a numeric 5th digit in the short term, but they will transition to the new format over time.

This new version format makes it easier to see which bundle patches are from which time frame, and in particular, which patches are from the same Critical Patch Update release. For examples and more information, see My Oracle Support Note 2061926.1, Oracle Database, Enterprise Manager and Middleware - Change to Patch Numbering from Nov 2015 onwards.

2.3 Final Patch Information (Error Correction Policies)

The Final patch is the last CPU or PSU release for which the product release is under error correction. Final patches for upcoming releases, as well as newly scheduled final patches, are listed in the following sections.

Final patches scheduled for January 2017

Final patches scheduled for October 2016

· Oracle Access Manager 10gR3 (10.1.4.x)

· Oracle Access Manager WebGates/ASDK 10gR3 (10.1.4.x)

· Oracle WebLogic Server Proxy Plug-In 10gR3 (formerly known as WebLogic Server Proxy Plug-In 1.0)

· Oracle Outside In Technology 8.5.1

· Oracle Audit Vault 10.3

· Oracle Secure Backup 10.4.x

Newly Scheduled final patches:

· Oracle Database 12.1.0.2 - July 2021 (See MOS Note 742060.1)

· Oracle Database 11.2.0.4 - October 2020 (See MOS Note 742060.1)

For additional final patch history information, see "Final Patch History". For information on the error correction support policy for patches, refer to My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.

2.4 Changes to Database READMEs

Oracle JavaVM (OJVM) Component Database PSU patches now require database instances to be started in "startup upgrade" mode prior to running the required post-installation SQL scripts.

2.5 Post Release Patches

PATCH NUMBER	PATCH	PLATFORM	AVAILABILITY
Patch 24436544	Quarterly Full Stack download for SuperCluster (Oct2016) 12.1.0.2 BP	Solaris SPARC (64-bit)	Available: Tuesday, November 1, 2016
Patch 24436497	Quarterly Full Stack download for SuperCluster (Oct2016) 11.2.0.4 BP	Solaris SPARC (64-bit)	Available: Tuesday, November 1, 2016
Patch 24436306	Combo OJVM PSU 12.1.0.2.161018 and Database BP 12.1.0.2.161018	All ports except Linux x86-64	Available: Wednesday, October 19, 2016
Patch 24711729	Golden Gate BP 12.1.2.1.161031	All Platforms	ETA; Tuesday, November 1, 2016
Patch 24513832	Golden Gate BP 12.2.0.1.161018	All Platforms	ETA; Tuesday, November 15, 2016

2.6 Behavior Changes starting in OPatch 12.2.0.1.5 and 11.2.0.3.14 releases

Beginning in OPatch 12.2.0.1.5 and 11.2.0.3.14 there is a behavior change in the way superset patches address subset. Additionally, in OPatch 12.2.0.1.5 OVM has been removed. Please see the following for additional information:

Note: 2161861.1 OPatch: Behavior Changes starting in OPatch 12.2.0.1.5 and 11.2.0.3.14 releases

Note: These releases of OPatch are not necessarily the minimum version of OPatch. Please review the required the minimum version of OPatch as documented in each patch's README.

3 Patch Availability for Oracle Products

This section contains the following:

· Section 3.1 "Oracle Database"

· Section 3.2 "Oracle Enterprise Manager"

· Section 3.3 "Oracle Fusion Middleware"

· Section 3.4 "Oracle Sun Middleware"

· Section 3.5 "Tools"

3.1 Oracle Database

This section contains the following:

· Section 3.1.1 "Oracle APEX Listener"

· Section 3.1.2 "Oracle Application Express"

· Section 3.1.3 "Oracle Audit Vault"

Section 3.1.4 "Oracle Big Data Spatial and Graph"

· Section 3.1.5 "Oracle Database"

· Section 3.1.6 "Oracle Database Appliance"

· Section 3.1.7 "Oracle Database Mobile/Lite Server"

· Section 3.1.8 "Oracle GoldenGate"

· Section 3.1.9 "Oracle GoldenGate Veridata"

· Section 3.1.10 "Oracle Secure Backup"

· Section 3.1.11 "Oracle TimesTen"

3.1.1 Oracle APEX Listener

Error Correction information for Oracle APEX Listener 1.1.4

Describes the Error Correction information for Oracle APEX Listener 1.1.4.

Patch Information	1.1.4	Comments
Final Patch	-

Minimum Product Requirements for Oracle APEX Listener

Describes the minimum product requirements for Oracle APEX Listener. Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle APEX Listener downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex-listener/downloads/index.html.

Component	Release	Advisory Number	Comments
Oracle APEX Listener	1.1.4	Released July 2012

3.1.2 Oracle Application Express

Minimum Product Requirements for Oracle Application Express

Describes the minimum product requirements for Oracle Application Express. Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

Component	Release	Advisory Number	Comments
Oracle Application Express	5.0.4.00.12	CVE-2016-5552

3.1.3 Oracle Audit Vault

Error Correction information for Oracle Audit Vault

Describes the Error Correction information for Oracle Audit Vault.

Patch Information	10.3	Comments
Final Patch	October 2016

Patch Availability for Oracle Audit Vault 10.3.0.0

Describes the available patches for Oracle Audit Vault 10.3.0.0.

Product Home

Patch

Advisory Number

Comments

Agent home

CPU Patch 13894921 and

CPU Patch 13705483

Released April 2012

Standalone OC4J 10.1.3.4 Patch Set (Special OPatch needed, see README)

OC4J 10.1.3.4 one-off patch (Special OPatch needed, see README)

Server home

CPU Patch 13705483

Released April 2012

OC4J 10.1.3.4 one-off patch (Special OPatch needed, see README)

3.1.4 Oracle Big Data Spatial and Graph

Error Correction information for Oracle Big Data Spatial and Graph

Describes the Error Correction information for Oracle Big Data Spatial and Graph.

Patch Information	1.1	1.0	Comments
Final Patch	-	-

Patch Availability for Oracle Big Data Spatial and Graph

Describes the available patches for Oracle Big Data Spatial and Graph.

Product Home	Patch	Advisory Number	Comments
1.1	SPU Patch<="" a="">	CVE-2015-7501	Apache Commons Collections
1.0	SPU Patch 24825694	CVE-2015-7501	Apache Commons Collections

3.1.5 Oracle Database

This section contains the following:

· Section 3.1.5.1 "Patch Availability for Oracle Database"

· Section 3.1.5.2 "Oracle Database 12.1.0.2"

· Section 3.1.5.3 "Oracle Database 11.2.0.4"

3.1.5.1 Patch Availability for Oracle Database

For Oracle Database 10.2.0.4 and later releases, customers have the option to install the Security Patch Update (SPU) or the Patch Set Update (PSU). Both patch types are cumulative patches. The PSU includes the security vulnerability bug fixes, as well as additional non-security bug fixes recommended by Oracle. For more information on PSU patches, see My Oracle Support Note 854428.1, Patch Set Updates (PSUs) for Oracle Products.

For the Microsoft Windows platforms, Oracle Database patches are released as cumulative patch bundles. You may install the indicated patch or later bundle in the Database Windows bundle series. The Windows patch bundles include the security vulnerability bug fixes, the PSU recommended non-security bug fixes, and other customer-requested bug fixes.

3.1.5.2 Oracle Database 12.1.0.2

Error Correction information for Oracle Database 12.1.0.2

Describes the Error Correction information for Oracle Database 12.1.0.2.

Patch Information	12.1.0.2	Comments
Final Patch	July 2021
PSU On-Request platforms	32-bit client-only platforms

Patch Availability for Oracle Database 12.1.0.2

Describes all combinations of patches that are available for Oracle Database 12.1.0.2.

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home	Patch	Advisory Number	Comments
Oracle Database home	Combo OJVM PSU 12.1.0.2.161018 and Database PSU 12.1.0.2.161018 Patch 24433133 for UNIX, or Combo OJVM PSU 12.1.0.2.161018 and GI PSU 12.1.0.2.161018 Patch 24433148, or Combo OJVM PSU 12.1.0.2.161018 and Database BP 12.1.0.2.161018 Patch 24436306 for UNIX, or Quarterly Full Stack download for Exadata (Oct2016) BP 12.1.0.2 Patch 24436624 for Linux x86-64 and Solaris x86-64, or Quarterly Full Stack download for SuperCluster (Oct2016) BP 12.1.0.2 Patch 24436544 for Solaris SPARC 64-Bit	CVE-2016-5572, CVE-2016-5497, CVE-2016-5516, CVE-2016-5498, CVE-2016-5499, CVE-2016-3562, CVE-2016-5555	For availability dates, see "Post Release Patches" OJVM PSU Patches are not RAC Rolling installable Combos are for environments that take a single downtime to apply all patches See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
Oracle Database home	Database PSU 12.1.0.2.161018 Patch 24006101 for UNIX, or GI PSU 12.1.0.2.161018 Patch 24412235 or Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.161018 Patch 24591642, or later; Database Proactive Bundle Patch 12.1.0.2.161018 Patch 24448103, or Quarterly Full Stack download for Exadata (Oct2016) BP 12.1.0.2 Patch 24436624 for Linux x86-64 and Solaris x86-64, or Quarterly Full Stack download for SuperCluster (Oct2016) BP 12.1.0.2 Patch 24436544 for Solaris SPARC 64-Bit	CVE-2016-5572, CVE-2016-5497, CVE-2016-5516, CVE-2016-5498, CVE-2016-5499, CVE-2016-3562	For availability dates, see "Post Release Patches"
Oracle Database home	Oracle JavaVM Component Database PSU 12.1.0.2.161018 Patch 24315824 for UNIX, or Oracle JavaVM Component Microsoft Windows Bundle Patch 12.1.0.2.161018 Patch 24591630	CVE-2016-5555	OJVM PSU Patches are not RAC Rolling installable PSU 12.1.0.2.161018 includes Generic JDBC Patch 23727148 See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
Oracle Database home	Oracle JavaVM Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148	Released July 2016

3.1.5.4 Oracle Database 11.2.0.4

Error Correction information for Oracle Database 11.2.0.4

Describes the Error Correction information for Oracle Database 11.2.0.4.

Patch Information	11.2.0.4	Comments
Final Patch	October 2020
SPU On-Request platforms	HP-UX PA RISC IBM: Linux on System Z 32-bit client-only platforms except Linux x86
PSU On-Request platforms	32-bit client-only platforms except Linux x86

Patch Availability for Oracle Database 11.2.0.4

Describes all combinations of patches that are available for Oracle Database 11.2.0.4.

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home	Patch	Advisory Number	Comments
Oracle Database home	Combo OJVM PSU 11.2.0.4.161018 and Database SPU 11.2.0.4.161018 (CPUOct2016) Patch 24433791 for UNIX, or Combo OJVM PSU 11.2.0.4.161018 and Database PSU 11.2.0.4.161018 Patch 24436313 for UNIX, or Combo OJVM PSU 11.2.0.4.161018 and GI PSU 11.2.0.4.161018 Patch 24436346, or Combo OJVM PSU 11.2.0.4.161018 and Exadata BP 11.2.0.4.161018 Patch 24436641, or Quarterly Full Stack download for Exadata (Octl2016) BP 11.2.0.4 Patch 24436504, or Quarterly Full Stack download for Supercluster (Octl2016) BP 11.2.0.4 Patch 24436497	CVE-2016-5505, CVE-2016-5498, CVE-2016-5499, CVE-2016-3562, CVE-2016-5555	For availability dates, see "Post Release Patches" OJVM PSU Patches are not RAC Rolling installable. Combos are for environments that take a single downtime to apply all patches See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
Oracle Database home	Database SPU 11.2.0.4.161018 (CPUOct2016) Patch 24433711 for UNIX, or Database PSU 11.2.0.4.161018 Patch 24006111 for UNIX, or GI PSU 11.2.0.4.161018 Patch 24436338 for UNIX, or Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.161018 Patch 24591646, or later; Quarterly Database Patch for Exadata BP 11.2.0.4.161018 Patch 24479801 for UNIX, or Quarterly Full Stack download for Exadata (Octl2016) BP 11.2.0.4 Patch 24436504, or Quarterly Full Stack download for Supercluster (Octl2016) BP 11.2.0.4 Patch 24436497	CVE-2016-5505, CVE-2016-5498, CVE-2016-5499, CVE-2016-3562	For availability dates, see "Post Release Patches"
Oracle Database home	Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.161018 Patch 24315821 for UNIX, or Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.161018 Patch 24591637 for Microsoft Windows	CVE-2016-5555	OJVM PSU 11.2.0.4.161018 and greater includes Generic JDBC Patch 23727132 See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
Oracle Database home	Oracle JavaVM Component Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132	Released July 2016	For RAC deployments, this patch should be applied to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

3.1.6 Oracle Database Appliance

Minimum Product Requirements for Oracle Database Appliance

Describes the minimum product requirements for Oracle Database Appliance. The CPU security vulnerabilities are fixed in the listed release and later releases. The Oracle Database Appliance downloads and installation instructions can be found at http://www.oracle.com/technetwork/server-storage/engineered-systems/database-appliance/overview/index.html.

Component	Release	Advisory Number	Comments
Oracle Database Appliance	12.1.2.4	Released July 2015

3.1.7 Oracle Database Mobile/Lite Server

Error Correction Information for Oracle Database Mobile Server

Describes the Error Correction information for Oracle Database Mobile/Lite Server.

Patch Information	12.1 (Mobile Server)	11.3 (Mobile Server)	Comments
Final Patch	-	October 2021

Patch Availability for Oracle Database Mobile Server 12.1.x

Describes the available patches for Oracle Database Mobile Server 12.1.x.

Product Home	Patch	Advisory Number	Comments
12.1	12.1.0.0 BP Patch 21974980	Released October 2015

Patch Availability for Oracle Database Mobile Server 11.3.x

Describes the available patches for Oracle Database Mobile Server 11.3.x.

Product Home	Patch	Advisory Number	Comments
11.3	11.3.0.2 BP Patch 21950285	Released October 2015

3.1.8 Oracle GoldenGate

Error Correction information for Oracle GoldenGate

Describes the error correction information for Oracle GoldenGate.

Component	12.2.0.1	12.1.2.1	11.2.1.0	Comments
Final Patches	-	October 2021	January 2020

Patch Availability for Oracle GoldenGate

Describes the available patches for Oracle GoldenGate.

Product Home	Patch	Advisory Number	Comments
12.2.0.1	OGG BP 12.2.0.1.161018 Patch 24711729	Released October 2016	For availability dates, see "Post Release Patches"
12.1.2.1	OGG BP 12.1.2.1.161031 Patch 24513832	Released October 2016	For availability dates, see "Post Release Patches"
11.2.1.0	Patch 22077109 - Sybase 15.5: OGG 11.2.1.0.31 Patch 22077052 - IBM AS400: DB2(IBM I): OGG 11.2.1.0.31 Patch 22076884 - Teradata: OGG 11.2.1.0.31 Patch 22076755 - Oracle 11g: OGG 11.2.1.0.31 Patch 22076584 - Windows x86-64: MSSQL: OGG 11.2.1.0.31 Patch 22076540 - IBM Z/OS: DB2 9.1: OGG 11.2.1.0.31	Released January 2016	OGG Bundle Patch post 11.2.1.0.31 will include fixes listed here. See Note 1645495.1

3.1.9 Oracle GoldenGate Veridata

Error Correction information for Oracle GoldenGate Veridata

Describes the error correction information for Oracle GoldenGate Veridata.

Component	11.2.1.0	Comments
Final Patches	-

Patch Availability for Oracle GoldenGate Veridata

Describes the available patches for Oracle GoldenGate Veridata.

Product Home	Patch	Advisory Number	Comments
11.2.1.0	BP 11.2.1.0.1 Patch 16291209 or later	Released April 2013

3.1.10 Oracle Secure Backup

Error Correction information for Oracle Secure Backup

Describes the Error Correction information for Oracle Secure Backup.

Patch Information	12.1.x	10.4.x	Comments
Final Patch	-	October 2016

Minimum Product Requirements for Oracle Secure Backup

describes the minimum product requirements for Oracle Secure Backup. Critical Patch Update security vulnerabilities are fixed in the listed releases.

Product	Release	Advisory Number	Comments
Oracle Secure backup	10.4.0.4	CVE-2015-0286
Oracle Secure Backup	12.1.0.2.0	CVE-2015-1351

3.1.11 Oracle TimesTen

Error Correction information for Oracle TimesTen

Describes Error Correction information for Oracle TimesTen.

Patch Information	11.2.1.x	Comments
Final Patch	April 2017

Minimum Product Requirements for Oracle TimesTen

Describes the minimum product requirements for Oracle TimesTen. The CPU security vulnerabilities are fixed in the listed release and later releases.

Product	Release	Advisory Number	Comments
Oracle TimesTen 11.2.1.x	11.2.1.6.1	Released July 2010

3.2 Oracle Enterprise Manager

This section contains the following:

· Section 3.2.1 "Oracle Application Performance Management"

· Section 3.2.2 "Oracle Application Testing Suite"

· Section 3.2.3 "Oracle Enterprise Manager Cloud Control,"

· Section 3.2.4 "Oracle Enterprise Manager Grid Control 11g (11.1.0.1)"

· Section 3.2.5 "Oracle Enterprise Manager Ops Center"

· Section 3.2.6 "OSS Support Tools"

3.2.1 Oracle Application Performance Management

Error Correction information for Oracle Application Performance Management

Describes Error Correction information for Oracle Application Performance Management

Patch Information	12.1.0.6	Comments
Final Patch	-
CPU On-Request platforms	-

Minimum Product Requirements for Oracle Application Performance Management

Describes the minimum product requirements for Oracle Application Performance Management. Critical Patch Update security vulnerabilities are fixed in the listed releases. For more information on Oracle Application Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.

Product Version	Patch	Advisory Number	Comments
12.1.0.6	12.1.0.6.2 Release Patch 19712806	Released October 2014
12.1.0.6	12.1.0.6.1 Release Patch 19498441	Released October 2014

3.2.2 Oracle Application Testing Suite

Error Correction information for Oracle Application Testing Suite

Describes Error Correction information for Oracle Application Testing Suite.

Patch Information	12.5.0.3	12.5.0.2	12.5.0.1	12.4.0.2	Comments
Final Patch	-	-	-	-
CPU On-Request Platforms	-	-	-	-

Patch Availability for Oracle Application Testing Suite

Describes the available patches for Oracle Application Testing Suite. These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.

Product Home	UNIX	Advisory Number	Comments
12.5.0.3	BP Patch 24751219	CVE-2015-7940
12.5.0.2	BP Patch 24751241	CVE-2015-7940
12.5.0.1	BP Patch 24751264	CVE-2015-7940
12.4.0.2	BP Patch 23012275	Released April 2016

3.2.3 Oracle Enterprise Manager Cloud Control

Error Correction information for Oracle Enterprise Manager Cloud Control

Describes Error Correction information for Oracle Enterprise Manager Cloud Control.

Patch Information	13.2.0.0	13.1.0.0	12.1.0.5	Comments
Final Patch	-	July 2017	October 2019
PSU On-Request Platforms	-	-	-

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.2.0.0)

Describes the available patches for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.2.0.0).

Product Home	UNIX	Microsoft Windows 32-Bit	Advisory Number	Comments
Base Platform Repository home	See "Oracle Database"	See "Oracle Database"	See "Oracle Database"
Base Platform Fusion Middleware home	See "Oracle WebLogic Server" (Version 12.1.3.0)	See "Oracle WebLogic Server" (Version 12.1.3.0.0)	See "Oracle WebLogic Server" (Version 12.1.3.0.0)
Base Platform OMS home	NA	NA	NA	Enterprise Manager Cloud Control 13.2.0.0 includes all security vulnerabilities announced in the CPU Advisory
Plugin Home	NA	NA	NA

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.1.0.0)

Describes the available patches for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.1.0.0).

Product Home	UNIX	Microsoft Windows 32-Bit	Advisory Number	Comments
Base Platform Repository home	See "Oracle Database"	See "Oracle Database"	See "Oracle Database"
Base Platform Fusion Middleware home	See "Oracle WebLogic Server" (Version 12.1.3.0)	See "Oracle WebLogic Server" (Version 12.1.3.0.0)	See "Oracle WebLogic Server" (Version 12.1.3.0.0)
Base Platform OMS home	PSU 13.1.0.0.161018 Patch 24316719	PSU 13.1.0.0.161018 Patch 24316719	Released in October 2016	Enterprise Manager Cloud Control 13.1.0.0 includes all security vulnerabilities announced in the CPU Advisory
Plugin Home	BP Patch 24754368 or later	BP Patch 24754368 or later	Released in October 2016
Oracle Infrastructure 12.1.3.0 home	SPU Patch 22223793	SPU Patch 22223793	Released December 2015	Oracle ADF Patch This patch is necessary for any co-located installations where ADF exists

Patch Availability for Oracle Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5)

Describes the available patches for Oracle Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5).

Product Home	UNIX	Microsoft Windows 32-Bit	Advisory Number	Comments
Base Platform Repository home	See "Oracle Database"	See "Oracle Database"	See "Oracle Database"
Base Platform Fusion Middleware home	See "Oracle WebLogic Server" (Version 10.3.6.0)	See "Oracle WebLogic Server" (Version 10.3.6.0)	See "Oracle WebLogic Server" (Version 10.3.6.0) CVE-2016-5604
Base Platform Fusion Middleware home	CPU Patch 23703041	CPU Patch 23703041	Released July 2016	Oracle Business Intelligence Publisher BP 11.1.1.7.160719 patch for BIP home in Enterprise Manager
Base Platform OMS home	PSU 12.1.0.5.161018 Patch 24316675	PSU 12.1.0.5.161018 Patch 24316675	Released October 2016
Base Platform Agent home	BP Patch 22317311	BP Patch 22317311	Released January 2016	Apply to Agent core Oracle Home, after applying agent patch 24343991, 22342358
Base Platform Agent home	BP Patch 22342358	BP Patch 22342358	Released January 2016	Apply 22342358 to Agent sbin Oracle Home after applying agent Patch 24343991. Then apply Patch 22317311
Base Platform Fusion Middleware home	SPU Patch 22013598	SPU Patch 22013598	Released January 2016	Web Cache Patch Apply to Oracle_WT Post installation steps are not applicable for Enterprise Manager
Plugin home	BP Patch 24610255 or later	BP Patch 24610255 or later	Released in September 2016
Base Platform Agent home	BP Patch 24343991	BP Patch 24343991	Released in August 2016	Apply to Agent core Oracle Home
Base Platform Fusion Middleware home	SPU Patch 21640624	SPU Patch 21640624	Released October 2015	See Note 1984662.1 before applying this patch Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH
Base Platform Fusion Middleware home	CPU Patch 19345576	CPU Patch 19345576	Released January 2015	Oracle Process Management and Notification (OPMN) Patch for Oracle_WT OH See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS
Base Platform Fusion Middleware home	SPU Patch 17337741	SPU Patch 17337741	Released October 2013	Oracle Security Service (SSL/Network) Patch for Oracle_WT OH
Base Platform Fusion Middleware home	CPU Patch 22567790	CPU Patch 22567790	Released July 2016	FMW Control Patch applies to oracle_common OH

3.2.4 Oracle Enterprise Manager Grid Control 11g (11.1.0.1)

Error Correction information for Oracle Enterprise Manager Grid Control 11g (11.1.0.1)

Describes Error Correction information for Oracle Enterprise Manager Grid Control 11g (11.1.0.1).

Patch Information	11.1.0.1	Comments
Final Patch	April 2018
PSU On-Request Platforms	-

Patch Set Update Availability for Oracle Enterprise Manager Grid Control 11g (11.1.0.1)

Describes the available patches for Oracle Enterprise Manager Grid Control 11g (11.1.0.1). The fixes for security Alert for CVE-2015-4852 are part of Jan2016 WebLogic Server CPU patches described in this section.

Product Home	Patch	Advisory Number	Comments
Base Platform Repository Home	See "Oracle Database"	See "Oracle Database"
Base Platform Agent Home	Unix PSU 11.1.0.1.160119 Patch 9346289 Windows PSU 11.1.0.1.160119 Patch 22274004	Released January 2016
Base Platform OMS Home	PSU 11.1.0.1.160119 Patch 22266340	Released January 2016
Base Platform Fusion Middleware home	SPU Patch 14681307	Released October 2012	WLS 10.3.2.0 JDBC Patch (Not a SU). Before installing this SPU, see Note 1493990.1, Patching for CVE-2012-3137
Base Platform Fusion Middleware home	SPU Patch 18992301 SPU Patch 18992319 SPU Patch 18547380 SPU Patch 23539151 SPU Patch 20926784 SPU Patch 18992399 SPU Patch 23539193 SPU Patch 22808855 SPU Patch 20083974 SPU Patch 22360634	Released July 2014 Released July 2014 Released April 2014 Released July 2016 Released July 2015 Released July 2014 Released July 2016 Released April 2016 Released January 2015 Released January 2016	WLS 10.3.2.0 JVM Patch (SU ID: DHM2) WLS 10.3.2.0 Deployment Patch (SU ID: Y5B9) WLS 10.3.2.0 CSS Patch (SU ID: 9AVS) WLS 10.3.2.0 JMS+Core Patch (SU ID: JN9V) WLS 10.3.2.0 WebServices Patch (SU IDs: SAGA, L8DT, A4JA, 2HLN, SK77, X8W6, NFFE, BIMC) WLS 10.3.2.0 Security Patch (SU IDs: VHAC, R4P6, NSYJ, 8279) WLS 10.3.2.0 WebApp Patch (SU ID: RJX5) WLS 10.3.2.0 Console Patch (SU ID: 7CB7) WLS 10.3.2.0 CIE Patch (SU ID: GVGW) WLS 10.3.2.0 Install Patch (SU ID: 8N2J) For CVE-2014-4256, see Note 1903763.1, Download Request for Security Configuration
Base Platform Repository Home	CPU Patch 13705493	Released April 2012	OC4J 10.1.2.3 one-off Patch Enterprise Manager Grid Control

3.2.5 Oracle Enterprise Manager Ops Center

Error Correction information for Oracle Enterprise Manager Ops Center

Describes Error Correction information for Oracle Enterprise Manager Ops Center.

Patch Information	12.3.x	12.2.x	12.2.x	Comments
Final Patch	Jun 2020	Feb 2019	Apr 2017
CPU On-Request Platforms		-	-

Patch Availability for Oracle Enterprise Manager Ops Center

Describes the available patches for Oracle Enterprise Manager Ops Center. These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.

Product Home	UNIX	Advisory Number	Comments
12.3.2, 12.2.2, 12.1.4	Solaris 10 Sparc, Solaris 10 x86 and Linux x86 Patch 24809383	CVE-2016-2107, CVE-2016-4979, CVE-2015-7940
12.2.2, 12.1.4	Solaris 10 Sparc, Solaris 10 x86, Solaris 11 and Linux x86 - BP Patch 24296952	Released July 2016

3.2.6 OSS Support Tools

Error Correction information for OSS Support Tools

Describes Error Correction information for OSS Support Tools.

Patch Information	8.11.x	Comments
Final Patch	-

Patch Availability for OSS Support Tools

Describes the available patches for OSS Support Tools.

Product Home	Solaris	Advisory Number	Comments
8.11.16.3.8	BP Patch 22783063	March 2016	See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT

3.3 Oracle Fusion Middleware

This section contains the following:

· Section 3.3.1 "Management Pack For Oracle GoldenGate"

Section 3.3.2 "NetBeans IDE"

· Section 3.3.3 "Oracle API Gateway"

Section 3.3.5 "Oracle Big Data Discovery"

· Section 3.3.6 "Oracle Business Intelligence App Mobile Designer"

· Section 3.3.7 "Oracle Business Intelligence Enterprise Edition"

· Section 3.3.8 "Oracle Business Intelligence Mobile"

· Section 3.3.9 "Oracle Business Intelligence Publisher"

· Section 3.3.10 "Oracle Business Process Management"

· Section 3.3.11 "Oracle Communications Converged Application Server"

· Section 3.3.12 "Oracle Complex Event Processing"

· Section 3.3.13 "Oracle Data Quality for Oracle Data Integrator"

· Section 3.3.14 "Oracle Data Service Integrator"

· Section 3.3.15 "Oracle Endeca Server"

· Section 3.3.16 "Oracle Endeca Information Discovery Studio"

· Section 3.3.17 "Oracle Endeca Information Discovery Studio Integrator"

· Section 3.3.18 "Oracle Enterprise Data Quality"

· Section 3.3.19 "Oracle Exalogic Patch Set Update (PSU)"

· Section 3.3.20 "Oracle Forms and Reports 11g Release 2"

· Section 3.3.21 "Oracle Fusion Middleware"

· Section 3.3.22 "Oracle Hyperion Analytic Provider Services"

· Section 3.3.23 "Oracle Hyperion BI+"

· Section 3.3.24 "Oracle Hyperion Common Admin"

· Section 3.3.25 "Oracle Hyperion Common Security"

· Section 3.3.26 "Oracle Hyperion EAS"

· Section 3.3.27 "Oracle Hyperion Enterprise Performance Management Architect"

· Section 3.3.28 "Oracle Hyperion Essbase"

Section 3.3.29 "Oracle Hyperion Financial Reporting"

· Section 3.3.30 "Oracle Hyperion Installation Technology"

· Section 3.3.31 "Oracle Hyperion Smart View For Office"

· Section 3.3.32 "Oracle Hyperion Strategic Finance"

· Section 3.3.33 "Oracle Identity Access Management"

· Section 3.3.34 "Oracle Identity Management"

· Section 3.3.35 "Oracle Identity Management Connector"

· Section 3.3.36 "Oracle JDeveloper and Oracle ADF"

· Section 3.3.37 "Oracle JRockit"

· Section 3.3.38 "Oracle Map Viewer"

· Section 3.3.39 "Oracle Mobile Security Suite"

· Section 3.3.40 "Oracle Outside In Technology"

· Section 3.3.41 "Oracle Portal, Forms, Reports, and Discoverer 11g Release 1"

· Section 3.3.42 "Oracle Real Time Decisions Server"

· Section 3.3.43 "Oracle Service Architecture Leveraging Tuxedo (SALT)"

· Section 3.3.44 "Oracle SOA Suite"

· Section 3.3.45 "Oracle Traffic Director"

· Section 3.3.46 "Oracle Tuxedo"

· Section 3.3.47 "Oracle Waveset"

· Section 3.3.48 "Oracle Web-Tier 11g Utilities"

· Section 3.3.49 "Oracle WebCenter"

· Section 3.3.50 "Oracle WebCenter Content (Formerly Oracle Universal Content Management)"

· Section 3.3.51 "Oracle WebCenter Interaction"

· Section 3.3.52 "Oracle WebCenter Portal"

· Section 3.3.53 "Oracle WebCenter Sites (Formerly FatWire Content Server)"

· Section 3.3.54 "Oracle WebCenter Sites Community"

· Section 3.3.55 "Oracle WebCenter Suite"

Section 3.3.56 "Oracle WebGate"

· Section 3.3.57 "Oracle WebLogic Integration"

· Section 3.3.58 "Oracle WebLogic Portal"

· Section 3.3.59 "Oracle WebLogic Server"

· Section 3.3.60 "Oracle WebLogic Server Plug-ins"

3.3.1 Management Pack For Oracle GoldenGate

Error Correction information for Management Pack For Oracle GoldenGate

Describes the Error Correction information for Management Pack For Oracle GoldenGate.

Patch Information	12.1.3.x	Comments
Final Patch	April 2018

Patch Availability for Management Pack For Oracle GoldenGate

Describes the available patches for Error Correction information for Management Pack For Oracle GoldenGate.

Product Home	Patch	Advisory Number	Comments
11.1.2.1.0	BP 11.2.1.0.11 (BP11) or later Patch 19606348	Released April 2015	Oracle GoldenGate Monitor patch

3.3.2 NetBeans IDE

Minimum Product Requirements for NetBeans IDE

Describes the minimum product requirements for NetBeans IDE. Critical Patch Update security vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/

Product Home	Release	Advisory Number	Comments
NetBeans IDE	8.2	CVE-2016-5537

3.3.3 Oracle API Gateway

Error Correction information for Oracle API Gateway

Describes the Error Correction information for Oracle API Gateway.

Patch Information	11.1.1.2.4.0	11.1.1.2.3.0	Comments
Final Patch	-	-

Patch Availability for Oracle API Gateway

Describes the available patches for Error Correction information for Oracle API Gateway.

Product Home	Patch	Advisory Number	Comments
11.1.1.2.4.0	Patch 22695601	Released April 2016
11.1.1.2.3.0	Patch 22805555	Released April 2016

3.3.5 Oracle Big Data Discovery

Minimum Product Requirements for Oracle Big Data Discovery

Describes the minimum product requirements for Oracle Data Discovery. Critical Patch Update security vulnerabilities are fixed in the listed release only and installations with any prior versions will need to move to the listed version. For Oracle Big Data Discovery downloads, see https://edelivery.oracle.com and search for "Oracle Big Data Discovery".

Product	Release	Advisory Number	Comments
Oracle Big Data Discovery	1.1.3	CVE-2015-3253

3.3.6 Oracle Business Intelligence App Mobile Designer

Error Correction information for Oracle Business Intelligence App Mobile Designer

Describes the Error Correction information for Oracle Business Intelligence App Mobile Designer.

Patch Information	11.1.1.7 iOS	Comments
Final Patch	-

Patch Availability for Oracle Business Intelligence App Mobile Designer

Describes the available patches for Oracle Business Intelligence App Mobile Designer.

Product Home	Patch	Advisory Number	Comments
11.1.1.7	SPU Patch 18794832	Released July 2014

3.3.7 Oracle Business Intelligence Enterprise Edition

Error Correction information for Oracle Business Intelligence Enterprise Edition

Describes the Error Correction information for Oracle Business Intelligence Enterprise Edition.

Patch Information	12.2.1.1.0	12.2.1.0.0	11.1.1.9	11.1.1.7	Comments
Final Patch	-	April 2017	October 2021	October 2018

Patch Availability for Oracle Business Intelligence Enterprise Edition

Describes the available patches for Oracle Business Intelligence Enterprise Edition.

Customers on earlier versions of Oracle Business Intelligence Enterprise Edition 10.x will need to apply 10.1.3.4.1 and then apply the patch.

Product Home	Patch	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
Oracle JRockit 28.x home	See "Oracle JRockit"	See "Oracle JRockit"
Oracle WebLogic Server home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
Oracle WebLogic Server Proxy Plug-ins home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
12.2.1.1.0	Oracle BI Suite BP 12.2.1.1.161018 Patch 24580495 or higher	CVE-2016-2107
12.2.1.0.0	Oracle BI Suite BP 12.2.1.0.161018 Patch 24695761 or higher	CVE-2016-2107
11.1.1.9	Oracle BI Suite BP 11.1.1.9.161018 Patch 24668000 or higher	CVE-2016-2107
11.1.1.7	Oracle BI Suite BP 11.1.1.7.160719 Patch 23703041 or higher	CVE-2016-2107
11.1.1.7	SPU Patch 21640624	Released October 2015	Oracle HTTP Server 11.1.1.7 Patch
11.1.1.9	Oracle Business Intelligence Enterprise Edition BP 11.1.1.9.1 Patch 21235195 or higher	Released July 2015	BIEE Third Party Bundle Patch
11.1.1.7	SPU Patch 23622763	Released July 2016	Oracle ADF 11.1.1.7 Patch
11.1.1.7	SPU Patch 18423801	Released July 2014	Oracle Process Management and Notification (OPMN) Patch See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS
11.1.1.7	SPU Patch 17617649	Released January 2014	Oracle Help Technologies Patch
11.1.1.7	CPU Patch 17337741	Released October 2013	Oracle Security Service (SSL/Network) Patch

3.3.8 Oracle Business Intelligence Mobile

Error Correction information for Oracle Business Intelligence Mobile

Describes the Error Correction information for Oracle Business Intelligence Mobile.

Patch Information	11.1.1.7 iOS	Comments
Final Patch	-

Minimum Product Requirements for Oracle Business Intelligence Mobile

Describes the minimum product requirements for Oracle Business Intelligence Mobile.

Patch Information	11.1.1.7.0 iOS	Advisory Number	Comments
Minimum Version	11.1.1.7.0 (11.6.39)	Released July 2015

3.3.9 Oracle Business Intelligence Publisher

Error Correction information for Oracle Business Intelligence Publisher

Describes the Error Correction information for Oracle Business Intelligence Publisher.

Patch Information	12.2.1.0	11.1.1.9	11.1.1.7	Comments
Final Patch	April 2017	October 2021	October 2018

Patch Availability for Oracle Business Intelligence Publisher

Describes the available patches for Oracle Business Intelligence Publisher.

Customers on earlier versions of Oracle Business Intelligence Publisher 10.x will need to apply 10.1.3.4.1 and then apply the patch.

Product Home	Patch	Advisory Number	Comments
12.2.1.0	Oracle BI Suite BP 12.2.1.0.161018 Patch 24695761 or higher	CVE-2016-3473
11.1.1.9	Oracle BI Suite BP 11.1.1.9.161018 Patch 24668000 or higher	CVE-2016-3473
11.1.1.9	BP Patch 24580895	CVE-2016-3473	Webservice BP
11.1.1.9	11.1.1.9 Interim Patch 17081528	CVE-2016-3473	XDK Interim Patch
11.1.1.9	WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12 (Jul2015) or later WLS PSU.	CVE-2016-3473	WLS 10.3.6 Interim Patch or WLS PSU
11.1.1.7	Oracle BI Suite BP 11.1.1.7.160719 Patch 23703041 or higher	CVE-2016-3473
11.1.1.7	BP Patch 24486705	CVE-2016-3473	Webservice BP
11.1.1.7	11.1.1.7.0 Interim Patch 17081528	CVE-2016-3473	XDK Interim Patch
11.1.1.7	WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12 (Jul2015) or later WLS PSU.	CVE-2016-3473	WLS 10.3.6 Interim Patch or WLS PSU

3.3.10 Oracle Business Process Management

Follow the special instructions below to download Oracle Business Process Management patches.

1. Click Patches & Updates after logging into My Oracle Support.

2. Search for Oracle Business Process Management Suite.

3. Search for the required BPM release by clicking Select up to 10.

4. Select the patch with the build number that is indicated in Patch Availability for Oracle Business Process Management, or the patch with higher build number than what is indicated for the platform you are about to update, for example: EnterpriseJ2EE, Studio, or EnterpriseSA.

5. Download the patch.

Error Correction information for Oracle Business Process Management

Describes the Error Correction information for Oracle Business Process Management.

Patch Information	10.3.2	Comments
Final Patch	January 2017

Patch Availability for Oracle Business Process Management

Describes the available patches for Oracle Business Process Management.

Product Home	Patch	Advisory Number	Comments
BPM 10.3.2	100375	Released July 2010	See the instructions above on how to download the patch

3.3.11 Oracle Communications Converged Application Server

Error Correction information for Oracle Communications Converged Application Server

Describes the Error Correction information for Oracle Communications Converged Application Server.

Patch Information	5.0	Comments
Final Patch	July 2018

Patch Availability for Oracle Communications Application Server

Describes the available patches for Oracle Communications Converged Application Server. See also the underlying product stack tables for any applicable patches. Refer to comments section and apply the patch to the respective product home.

Oracle Communications Converged Application Server

Patch

Advisory Number

Comments

5.0

SPU Patch 14364893

CPU Patch 12875001

CPU Patch 12875006

CPU Patch 12874981

CPU Patch 14825824

CPU Patch 10625676

CPU Patch 18767762

Released October 2012

Released October 2011

Released January 2013

Released January 2011

Released July 2013

WLS 10.3.0.0 CSS Patch

WLS 10.3.3.0 JMS Patch

WLS 10.3.3.0 WebServices Patch

WLS 10.3.3.0 Security Patch

WLS 10.3.3.0 WebApp Patch

WLS 10.3.3.0 Core Patch

WLS 10.3.3.0 Console Patch

3.3.12 Oracle Complex Event Processing

Error Correction information for Oracle Complex Event Processing

Describes the Error Correction information for Oracle Complex Event Processing.

Patch Information	CEP 12.1.3	CEP 11.1.7	Comments
Final Patch	December 2019	October 2018

Patch Availability for Oracle Complex Event Processing

Describes the available patches for Oracle Complex Event Processing. See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

Product Home	Patch	Advisory Number	Comments
12.1.3.0	SPU Patch 21071699	Released July 2015
11.1.1.7	SPU Patch 21103154	Released July 2015

3.3.13 Oracle Data Quality for Oracle Data Integrator

Error Correction information for Oracle Data Quality for Oracle Data Integrator

Describes the Error Correction information for Oracle Data Quality for Oracle Data Integrator.

Patch Information	ODIDQ 11.1.x	Comments
Final Patch	-

Patch Availability for Oracle Data Quality for Oracle Data Integrator

Describes the available patches for Oracle Data Quality for Oracle Data Integrator.

Product Home	Patch	Advisory Number	Comments
11.1.1.3.0	CPU Patch 21418574	Released July 2015

3.3.14 Oracle Data Service Integrator

Error Correction information for Oracle Data Service Integrator

Describes the Error Correction information for Oracle Data Service Integrator.

Patch Information	ODSI 10.3.0	Comments
Final Patch	January 2017

Patch Availability for Oracle Data Service Integrator

Describes the available patches for Data Service Integrator. See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

Product Home

Patch

Advisory Number

Comments

10.3.0

SPU Patch 18526551

SPU Patch 12875001

SPU Patch 14825824

Released July 2014

Released April 2014

Released October 2011

Released July 2014

Released January 2013

Released July 2014

WLS 10.3.0.0 JVM Patch

WLS 10.3.0.0 Deployment Patch

WLS 10.3.0.0 CSS Patch

WLS 10.3.0.0 JMS Patch

WLS 10.3.0.0 WebServices Patch

WLS 10.3.0.0 Security Patch

WLS 10.3.0.0 WebApp Patch

WLS 10.3.0.0 Core Patch

WLS 10.3.0.0 Console Patch

10.3.0

CPU Patch 8268258

Released April 2009

ODSI Patch

3.3.15 Oracle Endeca Server

Error Correction information for Oracle Endeca Server

Describes the Error Correction information for Oracle Endeca Server.

Patch Information	7.6	7.5	7.4	7.3	Comments
Final Patch	-	-	July 2020	-

Minimum Product Requirements for Oracle Endeca Server 7.5.x

Describes the minimum version information for Oracle Endeca Server.

Patch Information	7.5.x	Advisory Number	Comments
Minimum Version	7.5.1.1	Released July 2013

Patch availability for Oracle Endeca Server

Describes the available patches for Oracle Endeca Server.

Product Home	Patch	Advisory Number	Comments
Oracle Endeca Server 7.6 home	SPU Patch 22159508	Released January 2016
Oracle Endeca Server 7.5 home	SPU Patch 22159522	Released January 2016
Oracle Endeca Server 7.4 home	SPU Patch 22159534	Released January 2016
Oracle Endeca Server 7.3 home	SPU Patch 22159539	Released January 2016

3.3.16 Oracle Endeca Information Discovery Studio

Error Correction information for Oracle Endeca Information Discovery Studio

Describes the Error Correction information for Oracle Endeca Information Discovery Studio.

Patch Information	3.1	3.0	2.4	Comments
Final Patch	January 2018	January 2018	January 2018

Patch availability for Oracle Endeca Information Discovery Studio

Describes the available patches for Oracle Endeca Information Discovery Studio.

Product Home	Patch	Advisory Number	Comments
Oracle Endeca Information Discovery Studio 3.1 home	SPU Patch 19663929	Released October 2014	See Note 1906844.1 Transfer/reinstall Oracle Endeca Information Discovery (EID) Studio and migrate configuration to a newly-installed latest version of Apache Tomcat 6.0.x
Oracle Endeca Information Discovery Studio 3.0 home	SPU Patch 19663937	Released October 2014
Oracle Endeca Information Discovery Studio 2.4 home	SPU Patch 19663946	Released October 2014

3.3.17 Oracle Endeca Information Discovery Studio Integrator

Error Correction information for Oracle Endeca Information Discovery Studio Integrator

Describes the Error Correction information for Oracle Endeca Information Discovery Studio Integrator.

Patch Information	3.1	3.0	2.4	Comments
Final Patch	January 2018	January 2018	January 2018

Patch availability for Oracle Endeca Information Discovery Studio Integrator

Describes the available patches for Oracle Endeca Information Discovery Studio Integrator.

Product Home	Patch	Advisory Number	Comments
Oracle Endeca Information Discovery Studio Integrator 3.1 home	SPU Patch 21131619	Released July 2015
Oracle Endeca Information Discovery Studio Integrator 3.0 home	SPU Patch 21131630	Released July 2015
Oracle Endeca Information Discovery Studio Integrator 2.4 home	SPU Patch 21131634	Released July 2015

3.3.18 Oracle Enterprise Data Quality

Error Correction information for Oracle Enterprise Data Quality

Describes the Error Correction information for Oracle Enterprise Data Quality.

Patch Information	9.0.11	8.1.12	Comments
Final Patch	October 2019	July 2019

Patch Availability for Oracle Enterprise Data Quality

Describes the available patches for Oracle Enterprise Data Quality.

Product Home	Patch	Advisory Number	Comments
Oracle Enterprise Data Quality 9.0.11 home	SPU Patch 19320253	Released October 2014	See Note 1595538.1, How To Upgrade The Apache Tomcat Version Installed By The EDQ (Enterprise Data Quality) Windows Installer
Oracle Enterprise Data Quality 8.1.12 home	SPU Patch 18709680	Released October 2014	See Note 1595538.1, How To Upgrade The Apache Tomcat Version Installed By The EDQ (Enterprise Data Quality) Windows Installer

3.3.19 Oracle Exalogic Patch Set Update (PSU)

Error Correction information for Oracle Exalogic Patch Set Update (PSU)

Describes the Error Correction information for Exalogic Patch Set Update (PSU).

Patch Information	2.x	1.x	Comments
Final Patch	-	-

Patch Set Update Availability for Oracle Exalogic

Describes the available patches for Oracle Exalogic.

Oracle Exalogic	Patch	Advisory Number	Comments
2.x Physical	2.0.6.2.161018 Physical Linux x86-64 (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 24375256 2.0.6.2.161018 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 24375256	Released October 2016	See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
2.x Virtual	2.0.6.2.161018 Virtual (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 24375265	Released October 2016	See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
1.x	Upgrade to 2.x based on information in the Comments column. Then apply the patches listed above.	Released July 2016	See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0) See Patch 14834860 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit) See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

3.3.20 Oracle Forms and Reports 11g Release 2

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Forms and Reports 11g Release 2 installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Forms and Reports 11g Release 2

Describes the available patches for Oracle Forms and Reports 11g Release 2.

Product Home	Patches	Comments
Oracle Forms and Reports 11.1.2.2 home	See "Oracle Forms and Reports 11.1.2.2"

3.3.21 Oracle Fusion Middleware

For more information on how to identify the components in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or Oracle home?.

This section contains the following:

· Section 3.3.21.1 "Oracle Fusion Middleware 12.2.1.1"

Section 3.3.21.2 "Oracle Fusion Middleware 12.2.1.0"

· Section 3.3.21.3 "Oracle Fusion Middleware 12.1.3.0"

· Section 3.3.21.4 "Oracle Forms and Reports 11.1.2.2"

· Section 3.3.21.5 "Oracle Fusion Middleware 11.1.1.9"

· Section 3.3.21.6 "Oracle Fusion Middleware 11.1.1.7"

· Section 3.3.21.7 "Oracle Fusion Middleware 10.1.3.5.x"

· Section 3.3.21.8 "Oracle Identity Access Management 11.1.2.3"

3.3.21.1 Oracle Fusion Middleware 12.2.1.1

Error Correction information for Oracle Fusion Middleware 12.2.1.1

Describes the Error Correction information for Oracle Fusion Middleware 12.2.1.1.

Patch Information	12.2.1.1	Comments
Final Patch	-
CPU On-Request Platforms	-

Patch Availability for Oracle Fusion Middleware 12.2.1.1

Describes the available patches for Oracle Fusion Middleware 12.2.1.1.

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g/12c Products
12.2.1.1 home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	Oracle WebLogic Server patch
12.2.1.1 home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
12.2.1.1 home	SPU Patch 24618613	CVE-2016-8281, CVE-2016-5536	Platform Security for Java patch
12.2.1.1 home	Oracle BI Suite BP 12.2.1.1.161018 Patch 24580495 or higher	CVE-2016-2107	OBIEE patch
12.2.1.1 home	SPU Patch 24327938	Released July 2016	Oracle TopLink patch

3.3.21.2 Oracle Fusion Middleware 12.2.1.0

Error Correction information for Oracle Fusion Middleware 12.2.1.0

Describes the Error Correction information for Oracle Fusion Middleware 12.2.1.0.

Patch Information	12.2.1.0	Comments
Final Patch	April 2017
CPU On-Request Platforms	-

Patch Availability for Oracle Fusion Middleware 12.2.1.0

Describes the available patches for Oracle Fusion Middleware 12.2.1.0.

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g/12c Products
12.2.1.0 home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	Oracle WebLogic Server patch
12.2.1.0 home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
12.2.1.0 home	SPU Patch 24618494	CVE-2016-8281, CVE-2016-5536	Platform Security for Java Patch
12.2.1.0 home	Oracle BI Suite BP 12.2.1.0.161018 Patch 24695761 or higher	CVE-2016-2107, CVE-2016-3473	OBIEE and BIP BP
12.2.1.0 home	Patch 1 Patch 22137683 or higher	Released July 2016	Oracle WebCenter Sites patch
12.2.1.0 home	SPU Patch 24327938	Released July 2016	Oracle TopLink patch

3.3.21.3 Oracle Fusion Middleware 12.1.3.0

Error Correction information for Oracle Fusion Middleware 12.1.3.0

Describes the Error Correction information for Oracle Fusion Middleware 12.1.3.0.

Patch Information	12.1.3.0	Comments
Final Patch	October 2019
CPU On-Request Platforms	-

Patch Availability for Oracle Fusion Middleware 12.1.3.0

Describes the available patches for Oracle Fusion Middleware 12.1.3.0.

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g/12c Products
12.1.3.0.0 home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	Oracle WebLogic Server patch
12.1.3.0.0 home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
12.1.3.0.0 home	BP Patch 24592776	CVE-2016-8281, CVE-2016-5536	Platform Security for Java patch
12.1.3.0.0 home	SPU Patch 22557350	Released July 2016	Oracle HTTP Server Patch
12.1.3.0.0 home	SPU Patch 24327938	Released July 2016	Oracle TopLink patch
12.1.3.0.0 home	SPU Patch 21773981	Released October 2015	Oracle ADF Patch This patch is necessary for any co-located installations where ADF exists
12.1.3.0.0 home	Oracle SOA 12.1.3.0.1 BP Patch 19707784 or later	Released January 2015	SOA Patch
12.1.3.0.0 home	SPU Patch 19485414	Released January 2015	Oracle Security Service (SSL/Network) Patch
12.1.3.0.0 home	See Note 1936300.1	Released October 2014	SSL V3.0 "Poodle" Advisory

3.3.21.4 Oracle Forms and Reports 11.1.2.2

Error Correction information for Oracle Forms and Reports 11.1.2.2

Describes the Error Correction information for Oracle Forms and Reports 11.1.2.2.

Patch Information	11.1.2.2	Comments
Final Patch	October 2017
CPU On-Request Platforms	-

Patch Availability for Oracle Forms and Reports 11.1.2.2

Describes the available patches for Oracle Forms and Reports 11.1.2.2.

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
Oracle JRockit 28.x home	See "Oracle JRockit"	See "Oracle JRockit"
Oracle WebLogic Server home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
Oracle WebLogic Server Proxy Plug-ins home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
Oracle Forms and Reports 11.1.2.2 home	DB PSU Patch 22290164 for Unix DB BP Patch 22607089 for Windows 32-Bit DB BP Patch 22607090 for Windows x64	Release January 2016	Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only
Oracle Forms and Reports 11.1.2.2 home	SPU Patch 21640624	Released October 2015	Oracle HTTP Server 11.1.1.7 Patch
Oracle Forms and Reports 11.1.2.2 home	SPU Patch 23622763	Released July 2016	Oracle ADF 11.1.1.7 Patch
Oracle Forms and Reports 11.1.2.2 home	SPU Patch 19562319	Released January 2015	Oracle Forms Patch
Oracle Forms and Reports 11.1.2.2 home	SPU Patch 20002141	Released January 2015	Oracle Reports, Developer 11.1.2.2 Patch
Oracle Forms and Reports 11.1.2.2 home	See Note 1936300.1	Released October 2014	SSL V3.0 "Poodle" Advisory
Oracle Forms and Reports 11.1.2.2 home	SPU Patch 18423801	Released July 2014	Oracle Process Management and Notification (OPMN) Patch See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS
Oracle Forms and Reports 11.1.2.2 home	SPU Patch 17617649	Released January 2014	Oracle Help Technologies Patch
Oracle Forms and Reports 11.1.2.2 home	CPU Patch 17337741	Released October 2013	Oracle Security Service (SSL/Network) Patch
Oracle Forms and Reports 11.1.2.2 home	See Note 1608683.1	Released January 2014	Oracle Reports Advisory

3.3.21.5 Oracle Fusion Middleware 11.1.1.9

Error Correction information for Oracle Fusion Middleware 11.1.1.9

Describes the Error Correction information for Oracle Fusion Middleware 11.1.1.9.

Patch Information	11.1.1.9	Comments
Final Patch	-	Oracle Fusion Middleware 11.1.1.9
CPU On-Request Platforms	-

Patch Availability for Oracle Fusion Middleware 11.1.1.9

Describes the available patches for Oracle Fusion Middleware 11.1.1.9.

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
Oracle JRockit 28.x home	See "Oracle JRockit"	See "Oracle JRockit"
Oracle WebLogic Server home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
Oracle WebLogic Server Proxy Plug-ins home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
Oracle Identity Management 11.1.1.9 home Oracle Web Tier 11.1.1.9 home	BP Patch 24580895	CVE-2016-3551	Web Services BP
Oracle Web Tier 11.1.1.9 home	SPU Patch 21905371	Released January 2016	Web Cache Patch See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January 2016
Oracle Web Tier 11.1.1.9 home Identity Management 11.1.1.9 home	DB PSU Patch 22290164 for Unix DB BP Patch 22607089 for Windows 32-Bit DB BP Patch 22607090 for Windows x64	Release January 2016	Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only
Oracle Web Tier 11.1.1.9 home Identity Management 11.1.1.9 home	SPU Patch 23623015	Released July 2016	Oracle HTTP Server 11.1.1.9 Patch
Oracle WebCenter 11.1.1.9 home	Oracle WebCenter Portal BP 11.1.1.9.2 Patch 21354925 or later	Released July 2015	Oracle WebCenter Portal 11.1.1.9 Patch See Note 2029169.1, Changes to Portlet standards request dispatching of Resource Requests

3.3.21.6 Oracle Fusion Middleware 11.1.1.7

Error Correction information for Oracle Fusion Middleware 11.1.1.7

Describes the Error Correction information for Oracle Fusion Middleware 11.1.1.7.

Patch Information

11.1.1.7

Comments

Final Patch

December 2018

Oracle Fusion Middleware 11.1.1.7

See Note 1585582.1, Extended Fusion Middleware 11g Lifetime Support Policy Dates, and Note 1290894.1, Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)

Oracle Portal, Forms, Reports and Discoverer may have different support dates, Please refer to Lifetime Support document for more details

CPU On-Request Platforms

Patch Availability for Oracle Fusion Middleware 11.1.1.7

Describes the available patches for Oracle Fusion Middleware 11.1.1.7.

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
Oracle JRockit 28.x home	See "Oracle JRockit"	See "Oracle JRockit"
Oracle WebLogic Server home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
Oracle WebLogic Server Proxy Plug-ins home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
Oracle Identity Management 11.1.1.7 home Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	BP Patch 24486705	CVE-2016-3551	Web Services BP
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	SPU Patch 24716502	CVE-2016-5495, CVE-2016-5500	Oracle Discoverer Patch
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	See Note 2155256.1	Released July 2016	For Oracle Portal 11.1.1.6
Oracle Identity Access Management 11.1.1.7 home	SPU Patch 22218959	Released July 2016
Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	SPU Patch 22013598	Released January 2016	Web Cache Patch See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January 2016
Oracle Identity Management 11.1.1.7 home Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	DB PSU Patch 22290164 for Unix DB BP Patch 22607089 for Windows 32-Bit DB BP Patch 22607090 for Windows x64	Release January 2016	Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only
Oracle Identity Access Management 11.1.1.7 home	Oracle Identity Manager BP 2 (11.1.1.7.2) Patch 21881425 and OIM OVERLAY SPU 11.1.1.7.161018 Patch 24816127	Overlay SPU: Released October 2016 OIM BP2: Released October 2015	Oracle Identity Manager Patch
Oracle Identity Management 11.1.1.7 home Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	SPU Patch 21640624	Released October 2015	Oracle HTTP Server 11.1.1.7 Patch
Oracle Identity Management 11.1.1.7 home Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home Oracle SOA Suite 11.1.1.7 home Oracle WebCenter Suite 11.1.1.7 home	SPU Patch 23622763	Released July 2016	Oracle ADF 11.1.1.7 Patch
Oracle Identity Access Management 11.1.1.7 home	Oracle Access Manager BP 5 (11.1.1.7.5) Patch 21033489 or later	Released July 2015	Oracle Access Manager (OAM 11.1.1.7.5) Patch See Note 1952939.1, Oracle Access Manager 11g Logout Confirmation Features and Configuration
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	SPU Patch 19562278	Released January 2015	Oracle Forms 11.1.1.7 Patch
Oracle SOA Suite 11.1.1.7 home	Oracle SOA 11.1.1.7.6 BP Patch 19953598 or later	Released January 2015	SOA Patch. For CVE-2014-6548, see Note 1962206.1
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	SPU Patch 20002159	Released January 2015	Oracle Reports, Developer 11.1.1.7 Patch
Oracle Identity Access Management 11.1.1.7 home	SPU Patch 20060599	Released January 2015	Oracle Adaptive Access Manager Patch
Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home Oracle SOA Suite 11.1.1.7 home Oracle WebCenter Suite 11.1.1.7 home	See Note 1936300.1	Released October 2014	SSL V3.0 "Poodle" Advisory
Oracle Identity Management 11.1.1.7 home Oracle Identity Access Management 11.1.1.7 home	SPU Patch 19666962	Released October 2014	Oracle Identity Manager Patch See Note 1927796.1, Instructions For Enabling OIM CPU Bug 17937383 Fix For OIM BPs (11.1.2.1.9 and 11.1.2.2.4 Versions) / Overlay SPU (11.1.1.7 and 11.1.1.5 Versions)
Oracle Identity Management 11.1.1.7 home Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	SPU Patch 18423801	Released July 2014	Oracle Process Management and Notification (OPMN) Patch See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS
Oracle WebCenter 11.1.1.7 home	Overlay SPU Patch 18792010 and 11.1.1.7 BP 1 Patch 16761779	Released July 2014	WebCenter Portal 11.1.1.7 Overlay SPU patch
Oracle Identity Access Management 11.1.1.7 home	See Note 1643382.1	Released April 2014	OAM/WebGate Advisory
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	See Note 1608683.1	Released January 2014	Oracle Reports Advisory
Oracle Identity Management 11.1.1.7 home	CPU Patch 17842883 and CPU Patch 17839633	Released January 2014	Oracle Internet Directory Patch Patch 17842883 for HP-UX Itanium, HP-UX PA-RISC (64-bit), Linux x86, Microsoft Windows (32-bit) Patch 17839633 for Linux x86-64, IBM AIX Based Systems (64-bit), Sun Solaris x86-64 (64-bit), Sun Solaris SPARC (64-bit), Microsoft Windows x64 (64-bit) See Note 1614114.1, "Oracle Internet Directory (OID) Version 11g Bundle Patches For Non-Fusion Applications Customers" for Bundles that include these and other fixes.
Oracle Identity Management 11.1.1.7 home Oracle Identity Access Management 11.1.1.7 home Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home Oracle SOA Suite 11.1.1.7 home Oracle WebCenter Suite 11.1.1.7 home	SPU Patch 17617649	Released January 2014	Oracle Help Technologies Patch
Oracle Identity Management 11.1.1.7 home Oracle Web Tier 11.1.1.7 home Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	CPU Patch 17337741	Released October 2013	Oracle Security Service (SSL/Network) Patch
Oracle WebCenter Content 11.1.1.7 home	BP 2 Patch 17180477 or higher	Released October 2013

3.3.21.7 Oracle Fusion Middleware 10.1.3.5.x

Error Correction information for Oracle Fusion Middleware 10.1.3.5.x

Describes the Error Correction information for Oracle Fusion Middleware 10.1.3.5.x.

Patch Information

10.1.3.5.x

Comments

Final Patch

Oracle SOA Suite: October 2014

JDeveloper: April 2017

Application Development Framework: April 2017

Oracle HTTP Server: April 2017

Oracle Container for Java (OC4J): April 2017

TopLink: April 2017

For all other components that are NOT listed here, see the Comments section in the LSP document.

For more information, see Lifetime Support Policy for Oracle Fusion Middleware

CPU On-Request Platforms

IBM: Linux on System Z

Linux on POWER

Oracle HTTP Server 10.1.3.5.0

Oracle Solaris x86-64

Patch Availability for Oracle Fusion Middleware 10.1.3.5.x

Describes the available patches for Oracle Fusion Middleware 10.1.3.5.x.

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update
Oracle Application Server 10g Release 3 home Oracle HTTP Server 2.0 standalone home Oracle SOA Suite 10g home Oracle WebCenter Suite 10g home Oracle SOA Suite 10g for WebLogic Server home	UNIX: CPU Patch 21845960 Microsoft Windows (32-Bit): CPU Patch 21845962 Microsoft Windows Itanium (64-Bit): CPU Patch 21845971	Released October 2015	See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware's OPMN/ONS Component See Note 1301699.1, How the SSL/TLS Renegotiation Protocol Change Affects Oracle HTTP Server See Note 1936300.1, How to Change SSL Protocols (to Disable SSL 3.0) in Oracle Fusion Middleware Products
OC4J Standalone home	SPU Patch 20034769	Released January 2015	Patch for OC4J Standalone 10.1.3.5 media available on OTN
Oracle Application Server 10g Release 3 home Oracle HTTP Server 2.0 standalone home Oracle SOA Suite 10g home Oracle WebCenter Suite 10g home Oracle SOA Suite 10g for WebLogic Server home	See Note 1586861.1	Released October 2013	OC4J Advisory
Oracle Application Server 10g Release 3 home OC4J Standalone home Oracle SOA Suite 10g home	SPU Patch 16920865	Released October 2013	WebServices Patch
OC4J Standalone home	CPU Patch 14123312	Released July 2012	Enterprise Manager AS Control Patch Patch for OC4J Standalone 10.1.3.5 media available on OTN
Oracle SOA Suite 10g for WebLogic Server home	CPU Patch 12539587	Released October 2011	Oracle Web Services Manager (OWSM) Patch
Oracle SOA Suite 10g home Oracle WebCenter Suite 10g home	CPU Patch 12957596	Released October 2011	Oracle Web Services Manager (OWSM) Patch

3.3.21.8 Oracle Identity Access Management 11.1.2.3

Error Correction information for Oracle Identity Access Management 11.1.2.3

Describes the Error Correction information for Oracle Identity Access Management 11.1.2.3.

Patch Information	11.1.2.3	Comments
Final Patch	-
CPU On-Request Platforms	-

Patch Availability for Oracle Identity Access Management 11.1.2.3

Describes the available patches for Oracle Identity Access Management 11.1.2.3.

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
Oracle JRockit 28.x home	See "Oracle JRockit"	See "Oracle JRockit"
Oracle WebLogic Server home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
Oracle WebLogic Server Proxy Plug-ins home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
Oracle Identity Access Management 11.1.1.7 home	Oracle Identity Federation SPU 1 (11.1.1.7.1) Patch 22321057 or later	Released January 2016	Oracle Identity Federation (OIF 11.1.1.7.1) Patch
Oracle Identity Access Management 11.1.2.3 home	Oracle Identity Management Suite BP 2 (11.1.2.3.2) Patch 21698880 or later	Released October 2015	Oracle Access Manager Patch
Oracle Identity Access Management 11.1.2.3 home	Oracle Identity Management Suite BP 2 (11.1.2.3.2) Patch 21698880 or later	Released October 2015	Oracle Identity Manager Patch

3.3.22 Oracle Hyperion Analytic Provider Services

Error Correction information for Oracle Hyperion Analytic Provider Services

Describes the Error Correction information for Oracle Hyperion Analytic Provider Services.

Patch Information	11.1.2.x	Comments
Final Patch	April 2021

Patch Availability for Oracle Hyperion Analytic Provider Services

Describes the available patches for Oracle Hyperion Analytic Provider Services, based on release.

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 20184072

SPU Patch 20184082

Released October 2015

11.1.2.2

SPU Patch 18148649

Released July 2014

3.3.23 Oracle Hyperion BI+

Error Correction information for Oracle Hyperion BI+

Describes the Error Correction information for Oracle Hyperion BI+.

Patch Information	11.1.2.x	Comments
Final Patch	April 2018

Patch Availability for Oracle Hyperion BI+

Describes the available patches for Oracle Hyperion BI+, based on release.

Product Home	Patch	Advisory Number	Comments
11.1.2.3	SPU Patch 20029854	Released April 2015
11.1.2.2	SPU Patch 18659116	Released April 2015

3.3.24 Oracle Hyperion Common Admin

Error Correction information for Oracle Hyperion Common Admin

Describes the Error Correction information for Oracle Hyperion Common Admin.

Patch Information	11.1.2.x	Comments
Final Patch	April 2018

Patch Availability for Oracle Hyperion Common Admin

Describes the available patches for Oracle Hyperion Common Admin.

Product Home	Patch	Advisory Number	Comments
11.1.2.3	CPU Patch 18672071	Released July 2014
11.1.2.2	CPU Patch 18659116	Released July 2014

3.3.25 Oracle Hyperion Common Security

Error Correction information for Oracle Hyperion Common Security

Describes the Error Correction information for Oracle Hyperion Common Security.

Patch Information	11.1.2.x	Comments
Final Patch	April 2018

Patch Availability for Oracle Hyperion Common Security

Describes the available patches for Oracle Hyperion Common Security.

Product Home	Patch	Advisory Number	Comments
11.1.2.4	SPU Patch 20876722	Released July 2015
11.1.2.3	SPU Patch 20675028	Released July 2015
11.1.2.2	SPU Patch 21052487	Released July 2015

3.3.26 Oracle Hyperion EAS

Error Correction information for Oracle Hyperion EAS

Describes the Error Correction information for Oracle Hyperion EAS.

Patch Information	11.1.2.x	Comments
Final Patch	April 2018

Patch Availability for Oracle Hyperion EAS

Describes the available patches for Oracle Hyperion EAS, based on release.

Product Home	Patch	Advisory Number	Comments
11.1.2.3	Admin Server Patch 17417347 Admin Console Patch 17417344	Released January 2014
11.1.2.2	Admin Server Patch 17277761 Admin Console Patch 17277764	Released January 2014
11.1.2.1	Admin Server Patch 17545122 Admin Console Patch 17545124	Released January 2014

3.3.27 Oracle Hyperion Enterprise Performance Management Architect

Error Correction information for Oracle Hyperion Enterprise Performance Management Architect

Describes the Error Correction information for Oracle Hyperion Enterprise Performance Management Architect.

Patch Information	11.1.2.x	Comments
Final Patch	April 2021

Patch Availability for Oracle Hyperion Enterprise Performance Management Architect

Describes the available patches for Oracle Hyperion Enterprise Performance Management Architect.

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 19466859

SPU Patch 20929659

Released July 2015

11.1.2.2

SPU On-Request

Released July 2015

3.3.28 Oracle Hyperion Essbase

Error Correction information for Oracle Hyperion Essbase

Describes the Error Correction information for Oracle Hyperion Essbase.

Patch Information	11.1.2.x	Comments
Final Patch	April 2021

Patch Availability for Oracle Hyperion Essbase

Describes the available patches for Oracle Hyperion Essbase.

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 20184072

SPU Patch 20184082

Released July 2015

11.1.2.2

Upgrade to Hyperion Essbase 11.1.2.3, then apply the patches listed above

Released July 2015

3.3.29 Oracle Hyperion Financial Reporting

Error Correction information for Oracle Hyperion Financial Reporting

Describes the Error Correction information for Oracle Hyperion Financial Reporting.

Patch Information	11.1.2.4	Comments
Final Patch	April 2018

Patch Availability for Oracle Hyperion Financial Reporting

Describes the minimum revisions of Hyperion Financial Reporting patches that are required to resolve the vulnerabilities for CPUJal2016.

Product Home	Patch	Advisory Number	Comments
Oracle Hyperion Financial Reporting 11.1.2.4	SPU Patch 23557946	Released July 2016

3.3.30 Oracle Hyperion Installation Technology

Error Correction information for Oracle Hyperion Installation Technology

Describes the Error Correction information for Oracle Hyperion Installation Technology.

Patch Information	11.1.2.x	Comments
Final Patch	April 2018

Patch Availability for Oracle Hyperion Installation Technology

Describes the available patches for Oracle Hyperion Installation Technology.

Product Home	Patch	Advisory Number	Comments
11.1.2.3	SPU Patch 17424524	Released October 2015

3.3.31 Oracle Hyperion Smart View For Office

Error Correction information for Oracle Hyperion Smart View For Office

Describes the Error Correction information for Oracle Hyperion Smart View For Office.

Patch Information	11.1.2.x	Comments
Final Patch	April 2018

Patch Availability for Oracle Hyperion Smart View For Office

Describes the available patches for Oracle Hyperion Smart View For Office.

Product Home	Patch	Advisory Number	Comments
11.1.2.x	SPU Patch 20327649	Released April 2015

3.3.32 Oracle Hyperion Strategic Finance

Error Correction information for Oracle Hyperion Strategic Finance

Describes the Error Correction information for Oracle Hyperion Strategic Finance.

Patch Information	11.1.2.x	Comments
Final Patch	April 2018

Patch Availability for Oracle Hyperion Strategic Finance

Describes the available patches for Oracle Hyperion Strategic Finance.

Product Home	Patch	Advisory Number	Comments
11.1.2.2	CPU Patch 14593946	Released April 2014
11.1.2.1	CPU Patch 17636270	Released April 2014

3.3.33 Oracle Identity Access Management

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Identity Access Management installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Identity Access Management

Describes the available patches for Oracle Identity Access Management.

Product Home	Patches	Comments
Oracle Identity Access Management 11.1.2.3 home	See "Oracle Identity Access Management 11.1.2.3"
Oracle Identity Access Management 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"
Oracle Identity Access Management 11.1.1.7 home	See "Oracle Fusion Middleware 11.1.1.7"

3.3.34 Oracle Identity Management

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Identity Management installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Identity Management

Describes the available patches for Oracle Identity Management.

Product Home	Patches	Comments
Oracle Identity Management 11.1.1.9 home	See Section "Oracle Fusion Middleware 11.1.1.9"
Oracle Identity Management 11.1.1.7 home	See Section "Oracle Fusion Middleware 11.1.1.7"

3.3.35 Oracle Identity Management Connector

Error Correction information for Oracle Identity Management Connector

Describes the Error Correction information for Oracle Identity Management Connector.

Patch Information	9.1.0.4	Comments
Final Patch	April 2017

Patch Availability for Oracle Identity Management Connector

Describes the available patches for Oracle Identity Manager.

Product Home	Patch	Advisory Number	Comments
9.1.0.4	CPU Patch 13636081	Released April 2012

3.3.36 Oracle JDeveloper and Oracle ADF

Error Correction information for Oracle JDeveloper and Oracle ADF

Describes the Error Correction information for Oracle JDeveloper and Oracle ADF.

Patch Information	12.2.1.0	12.1.3.0	11.1.2.4	11.1.1.7	10.1.3.5	Comments
Final Patch	-	-	October 2021	October 2018	April 2017

Critical Patch Update Availability for Oracle JDeveloper and Oracle ADF

Describes the available patches for Oracle JDeveloper and Oracle ADF.

Release	Patch	Advisory Number	Comments
12.2.1.0	SPU Patch 23622699	Released July 2016
12.1.3.0	SPU Patch 23754311	Released July 2016
11.1.2.4	SPU Patch 23754328	Released July 2016
11.1.1.9	SPU Patch 23622640	Released July 2016
11.1.1.7	SPU Patch 23622763	Released July 2016
Oracle JDeveloper 11.1.7.0.0 home Oracle ADF 11.1.7.0 home	SPU Patch 17617649	Released January 2014	Oracle Help Technology Patch
10.1.3.5	SPU Patch 14756862	Released October 2012

3.3.37 Oracle JRockit

Critical Patch Update Availability for Oracle JRockit

Describes the Critical Patch Update availability for Oracle JRockit.

Oracle JRockit R28.3.11 includes fixes for all security advisories that have been released through CPUJuly2016.

Oracle JRockit	R28.3.11	Advisory Number	Comments
JRE and JDK 6	Patch 23218381	Released CPUJuly2016

3.3.38 Oracle Map Viewer

Error Correction information for Oracle Map Viewer

Describes the Error Correction information for Oracle Map Viewer.

Patch Information	10.1.3.1	Comments
Final Patch	-

Patch Availability for Oracle Map Viewer

Describes the available patches for Oracle Map Viewer.

Product Home	Patch	Advisory Number	Comments
10.1.3.1	CPU Patch 13997316	Released July 2012

3.3.39 Oracle Mobile Security Suite

Error Correction information for Oracle Mobile Security Suite

Describes the Error Correction information for Oracle Mobile Security Suite.

Patch Information	11.1.2.3	3.0.5	Comments
Final Patch	-	July 2016

Patch Availability for Oracle Mobile Security Suite

Describes the available patches for Oracle Mobile Security Suite.

Product Home	Patch	Advisory Number	Comments
3.0.5	CPU Patch 21639665	Released October 2015

3.3.40 Oracle Outside In Technology

Error Correction information for Oracle Outside In Technology

Describes the Error Correction information for Oracle Outside In Technology.

Patch Information	8.5.3	8.5.2	8.5.1	Comments
Final Patch	-	January 2017	October 2016

Patch Availability for Oracle Outside In Technology

Describes the available patches for Oracle Outside in Technology.

Product Home	Patch	Advisory Number	Comments
Oracle Outside In Technology 8.5.3	SPU Patch 24797925	CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, CVE-2016-5588
Oracle Outside In Technology 8.5.2	SPU Patch 24797949	CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, CVE-2016-5588
Oracle Outside In Technology 8.5.1	SPU Patch 24797962	CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, CVE-2016-5588

3.3.41 Oracle Portal, Forms, Reports, and Discoverer 11g Release 1

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Portal, Forms, Reports, and Discoverer 11g Release 1 installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Portal, Forms, Reports, and Discoverer 11g Release 1

Describes the available patches for Oracle Portal, Forms, Reports, and Discoverer 11g Release 1.

Product Home	Patches	Comments
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home	See Section "Oracle Fusion Middleware 11.1.1.7"

3.3.42 Oracle Real Time Decisions Server

Error Correction information for Oracle Real Time Decisions Server

Describes the Error Correction information for Oracle Real Time Decisions Server.

Patch Information	11.1.1.7	Comments
Final Patch	October 2018

Patch Availability for Oracle Real Time Decisions Server

Describes the available patches for Oracle Real Time Decisions Server.

Product Home	Patch	Advisory Number	Comments
Oracle Real Time Decisions Server 11.1.1.7.0 home	BP 11.1.1.7.150120 Patch 19823874	Released January 2015

3.3.43 Oracle Service Architecture Leveraging Tuxedo (SALT)

Error Correction information for Oracle Service Architecture Leveraging Tuxedo (SALT)

Describes the Error Correction information for Oracle Service Architecture Leveraging Tuxedo (SALT).

Patch Information	11.1.1.2.2	10.3	Comments
Final Patch	April 2018	January 2017

Patch Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)

Describes the available patches for Oracle Service Architecture Leveraging Tuxedo (SALT).

Product Home

Patch

Advisory Number

Comments

Oracle Service Architecture Leveraging Tuxedo (SALT) 11.1.1.2.2 home

Patch 20014357

Released October 2015

Oracle Service Architecture Leveraging Tuxedo (SALT) 10.3 home

Linux X86/64-Bit SPU Patch 20014288

Linux X86 SPU Patch 20380065

IBM AIX/32-Bit SPU Patch 20380112

IBM AIX/64-Bit SPU Patch 20380205

Solaris SPARC 64-Bit SPU Patch 20380159

Solaris SPARC 32-Bit SPU Patch 20380176

HP IA 64-Bit SPU Patch 20380216

Released October 2015

3.3.44 Oracle SOA Suite

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle SOA Suite installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle SOA Suite

Describes the available patches for Oracle SOA Suite.

Product Home	Patches	Comments
Oracle SOA Suite 12.1.3.0 home	See "Oracle Fusion Middleware 12.1.3.0"
Oracle SOA Suite 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"
Oracle SOA Suite 11.1.1.7 home	See "Oracle Fusion Middleware 11.1.1.7"

3.3.45 Oracle Traffic Director

Error Correction information for Oracle Traffic Director

Describes the Error Correction information for Oracle Traffic Director.

Patch Information	11.1.1.9	11.1.1.7	Comments
Final Patch	-	October 2018

Patch Availability for Oracle Traffic Director

Describes the available patches for Oracle Traffic Director.

Product Home	Patch	Advisory Number	Comments
11.1.1.9	SPU Patch 22740011	Released April 2016
11.1.1.7	SPU Patch 22740011	Released April 2016

3.3.46 Oracle Tuxedo

Error Correction information for Oracle Tuxedo

Describes the Error Correction information for Oracle Tuxedo.

Patch Information	12.1.1.0	Comments
Final Patch	-

Patch Availability for Oracle Tuxedo

Describes the available patches for Oracle Tuxedo.

Product Home	Patch	Advisory Number	Comments
12.1.1.0	SPU Patch 22757758 Microsoft Windows x64 (64-bit) patch with VS2010 SPU Patch 22616078 Linux x86-64 SPU Patch 22745300 all other platforms	Released April 2016

3.3.47 Oracle Waveset

Error Correction information for Oracle Waveset

Describes the Error Correction information for Oracle Waveset.

Patch Information	8.1.1.10	Comments
Final Patch	October 2017

Patch Availability for Oracle Waveset

Describes the available patches for Oracle Waveset.

Product Home	Patch	Advisory Number	Comments
Oracle Waveset 8.1.1.0 home	Oracle Waveset 8.1.1.10 BP Patch 19428350	Released January 2015

3.3.48 Oracle Web-Tier 11g Utilities

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Web-Tier 11g Utilities installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Web-Tier 11g Utilities

Describes the available patches for Oracle Web-Tier 11g Utilities.

Product Home	Patches	Comments
Oracle Web-Tier 11g Utilities 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"
Oracle Web-Tier 11g Utilities 11.1.1.7 home	See "Oracle Fusion Middleware 11.1.1.7"

3.3.49 Oracle WebCenter

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle WebCenter

Describes the available patches for Oracle WebCenter.

Product Home	Patches	Comments
Oracle WebCenter 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"

3.3.50 Oracle WebCenter Content (Formerly Oracle Universal Content Management)

Patch Availability for Oracle WebCenter Content

Describes the available patches for Oracle WebCenter Content (formerly Oracle Universal Content Management).

Component	Patch	Advisory Number	Comments
Oracle WebCenter Content 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"	See "Oracle Fusion Middleware 11.1.1.9"
Oracle WebCenter Content 11.1.1.8 home	See "Oracle WebCenter 11.1.1.8"	See "Oracle WebCenter 11.1.1.8"

3.3.51 Oracle WebCenter Interaction

Error Correction information for Oracle WebCenter Interaction

Describes the Error Correction information for Oracle WebCenter Interaction.

Patch Information	10.3.3.0	Comments
Final Patch	January 2017

Patch Availability for Oracle WebCenter Interaction

Describes the available patches for Oracle WebCenter Interaction. See also the underlying product stack tables for any applicable patches. Refer to comments section and apply the patch to the respective product home.

Oracle WebCenter Interaction	Patch	Advisory Number	Comments
10.3.3.0	CPU Patch 16398622	Released April 2013

3.3.52 Oracle WebCenter Portal

Error Correction information for Oracle WebCenter Portal

Describes the Error Correction information for Oracle WebCenter Portal.

Patch Information	11.1.1.9	Comments
Final Patch	-

Patch Availability for Oracle WebCenter Portal

Describes the available patches for Oracle WebCenter Portal.

Product Home	Patches	Comments
Oracle WebCenter 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"

3.3.53 Oracle WebCenter Sites (Formerly FatWire Content Server)

Error Correction information for Oracle WebCenter Sites (formerly FatWire Content Server)

Describes the Error Correction information for Oracle WebCenter Sites (formerly FatWire Content Server).

Patch Information	12.2.1.0.0	11.1.1.8	Comments
Final Patch	-

Patch Availability for Oracle WebCenter Sites

Describes the available patches for Oracle WebCenter Sites. See also the underlying product stack tables.

Product Home	Patch	Advisory Number	Comments
12.2.1 home	See "Oracle Fusion Middleware 12.2.1.0"	See "Oracle Fusion Middleware 12.2.1.0"
11.1.1.8 home	11.1.1.8.0 Patch 15 Patch 23705717 or later	Released July 2016	See "Oracle WebCenter 11.1.1.8"

3.3.54 Oracle WebCenter Sites Community

Error Correction information for Oracle WebCenter Sites Community

Describes the Error Correction information for Oracle WebCenter Sites Community.

Patch Information	11.1.1.8	Comments
Final Patch	-

Patch Availability for Oracle WebCenter Sites Community

Describes the available patches for Oracle WebCenter Sites. See also the underlying product stack tables.

Product Home	Patch	Advisory Number	Comments
11.1.1.8 home	11.1.1.8.0 Patch 5 Patch 21314921 or later	Released October 2015	See "Oracle WebCenter 11.1.1.8"

3.3.55 Oracle WebCenter Suite

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter Suite installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle WebCenter Suite

Describes the available patches for Oracle WebCenter Suite.

Product Home	Patches	Comments
Oracle WebCenter Suite 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"
Oracle WebCenter Suite 11.1.1.7 home	See "Oracle Fusion Middleware 11.1.1.7"
Oracle WebCenter Suite 10g home	See "Oracle Fusion Middleware 10.1.3.5.x"

3.3.56 Oracle WebGate

Error Correction information for Oracle WebGate

Describes the Error Correction information for Oracle WebGate.

Patch Information	10.1.4.3.0	Comments
Final Patch	October 2016	For Oracle Access Manager 10g WebGates / ASDK working with Oracle Access Manager 10gR3 (10.1.4.x)
Final Patch	October 2018	For Oracle Access Manager 10g WebGates / ASDK working with Oracle Access Manager 11gR1 (11.1.1.x) and Oracle Access Manager 11gR2 (11.1.2.x)
On-Request platforms	Platform and Server combinations that are historically inactive for patching are available on-request. If the patch is not available for a particular platform, see Section 1.3, "On-Request Patches" section on how to request them.	Post-Release on-Request patches will be documented on My Oracle Support Note 1563072.1

Patch Availability for Oracle WebGate

Describes the available patches for Oracle WebGate. See also the underlying product stack tables for any applicable patches. Refer to comments section and apply the patch to the respective product home.

Oracle WebGate

Patch

Advisory Number

Comments

11.1.1.7 home

See Section 3.3.21.6 "Oracle Fusion Middleware 11.1.1.7"

10.1.4.3.0 home

OAM 10.1.4.3.13-PIT28 or later

Patch 23761275 - OAM 10gR3 Access Server

Patch 23762129 - OAM 10gR3 Identity Server

Patch 24303301 - OAM Policy Manager 10gR3 OHS 11g

Patch 23742474 - OAM WebGate 10gR3 OHS 11g

Patch 23742706 - OAM WebGate 10gR3 Apache 2.2

Released July 2016

Post-Release on-Request patches will be documented on My Oracle Support Note 1563072.1

3.3.57 Oracle WebLogic Integration

Error Correction information for Oracle WebLogic Integration

Describes the Error Correction information for Oracle WebLogic Integration.

Patch Information	10.3.1.0	Comments
Final Patch	January 2017

Critical Patch Update Availability for Oracle WebLogic Integration

Describes the availability for Critical Patch Updates for Oracle WebLogic Integration. See also the underlying product stack tables.

Product Home

Patch

Advisory Number

Comments

10.3.1.0

SPU Patch 18526551

SPU Patch 12875001

SPU Patch 14825824

Released July 2014

Released April 2014

Released October 2011

Released July 2014

Released January 2013

Released July 2014

WLS 10.3.0.0 JVM Patch

WLS 10.3.0.0 Deployment Patch

WLS 10.3.0.0 CSS Patch

WLS 10.3.0.0 JMS Patch

WLS 10.3.0.0 WebServices Patch

WLS 10.3.0.0 Security Patch

WLS 10.3.0.0 WebApp Patch

WLS 10.3.0.0 Core Patch

WLS 10.3.0.0 Console Patch

3.3.58 Oracle WebLogic Portal

Error Correction information for Oracle WebLogic Portal

Describes the Error Correction information for Oracle WebLogic Portal.

Patch Information	10.3.6.0	Comments
Final Patch	October 2021

Critical Patch Update Availability for WebLogic Portal

Describes the available patches for WebLogic Portal. See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

WebLogic Portal patches are cumulative to include all the prior published advisories. For more information, see My Oracle Support Note 1355929.1, October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session ID and SSL Filters.

WebLogic Portal 9.2.3.0 is bundled with WebLogic Server 9.2.3.0, which is out of error correction. Contact Oracle support for security patches needed for WebLogic Server 9.2.3.0

Product Home	Patch	Advisory Number	Comments
10.3.6.0	SPU Patch 21871537	Released January 2016	WebLogic Portal Patch for WebLogic Portal 10.3.6.0 home

3.3.59 Oracle WebLogic Server

Error Correction information for Oracle WebLogic Server Patch Set Update

Describes the Error Correction information for Oracle WebLogic Server.

Patch Information	12.2.1.0	12.1.3.0	10.3.6.0	Comments
Final Patch	-	-	October 2021

Patch Set Update Availability for Oracle WebLogic Server

Describes the available patches for Oracle WebLogic Server. For more information, see MyOracleSupport Note 1470197.1, Master Note on WebLogic Server Patch Set Updates (PSUs). The fixes for security Alert for CVE-2015-4852 are part of Jan2016 WebLogic Server CPU patches described in this section.

Product Home	Patch	Advisory Number	Comments
Oracle Java SE home	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 2153042.1, Oracle Java SE Critical Patch Update	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
Oracle JRockit 28.x home	See "Oracle JRockit"	See "Oracle JRockit"
Oracle WebLogic Server Plug-ins home	See "Oracle WebLogic Server Plug-ins"	See "Oracle WebLogic Server Plug-ins"	WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
WebLogic Server 12.2.1.1 home WebLogic Server 12.2.1.0 home WebLogic Server 12.1.3.0 home	SPU Patch 24327938	Released July 2016	TopLink JPA-RS patch
WebLogic Server 12.2.1.1 home	PSU 12.2.1.1.161018 Patch 24286152	CVE-2016-5601, CVE-2016-5535	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
WebLogic Server 12.2.1.0 home	PSU 12.2.1.0.161018 Patch 24286148	CVE-2016-5531, CVE-2015-7501, CVE-2016-3505, CVE-2016-5601, CVE-2016-5535, CVE-2016-3551	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
WebLogic Server 12.1.3.0 home	PSU 12.1.3.0.161018 Patch 23744018	CVE-2016-5531, CVE-2015-7501, CVE-2016-5488, CVE-2016-3505, CVE-2016-5601, CVE-2016-5535, CVE-2016-3551	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates) For CVE-2014-6499 released in October 2014, see Note 1930466.1, Deprecation of Link Level Encryption (LLE) in Tuxedo and WebLogic Server See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher
WebLogic Server 10.3.6.0 home	PSU 10.3.6.0.161018 Patch 23743997	CVE-2016-5531, CVE-2015-7501, CVE-2016-5488, CVE-2016-3505, CVE-2016-5535	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates) See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher For CVE-2014-4256, see Note 1903763.1, Download Request for Security Configuration For CVE-2014-6499 released in October 2014, see Note 1930466.1, Deprecation of Link Level Encryption (LLE) in Tuxedo and WebLogic Server
WebLogic Server 12.1.3.0 home WebLogic Server 12.1.2.0 home WebLogic Server 12.1.1.0 home WebLogic Server 10.3.6.0 home	See Note 1936300.1	Released October 2014	SSL V3.0 "Poodle" Advisory

3.3.60 Oracle WebLogic Server Plug-ins

Critical Patch Update Availability for Oracle WebLogic Server Plug-ins

The available patches for Oracle WebLogic Server Plug-ins (Oracle HTTP Server/Apache/IIS/iPlanet).

The WebLogic plug-ins include all cumulative bug fixes and thus include fixes for all previously released advisories. For more information, see My Oracle Support Note 1111903.1.

Product Home	Patch	Advisory Number	Comments
WLS Plugin 12c (12.1.2.0)	SPU Patch 18423842 SPU Patch 18603723 SPU Patch 18603725 SPU Patch 18603728	Released July 2014	WLS Plug-in for Oracle HTTP Server (mod_wl_ohs) WLS Plug-in for Apache (mod_wl) WLS Plug-in for NSAPI (iPlanet) WLS Plug-in for ISAPI (Microsoft IIS)
WLS Plugin 1.1 (11.1.1.7)	SPU Patch 18423831 SPU Patch 18603703 SPU Patch 18603707 SPU Patch 18603714	Released July 2014	WLS Plug-in for Oracle HTTP Server (mod_wl_ohs) WLS Plug-in for Apache (mod_wl) WLS Plug-in for NSAPI (iPlanet) WLS Plug-in for ISAPI (Microsoft IIS)
WLS Plugin 1.0 (10.3.4 and older)	CPU Patch 11845433	Released April 2011	See Note 1111903.1, WebLogic Server Web Server Plug-In Support

3.4 Oracle Sun Middleware

This section contains the following:

· Section 3.4.1 "Directory Server Enterprise Edition"

· Section 3.4.2 "iPlanet Web Server"

· Section 3.4.3 "iPlanet Web Proxy Server"

· Section 3.4.4 "Oracle GlassFish Communications Server"

· Section 3.4.5 "Oracle GlassFish Server"

· Section 3.4.6 "Oracle OpenSSO Agents"

· Section 3.4.7 "Sun Role Manager"

3.4.1 Directory Server Enterprise Edition

Error Correction information for Directory Server Enterprise Edition

Describes the Error Correction information for Directory Server Enterprise Edition.

Patch Information	11.1.1.7	7.0	Comments
Final Patch	April 2017	October 2017

Patch Availability for Directory Server Enterprise Edition

Describes the minimum revisions of Directory Server Enterprise Edition server patches that are required to resolve the vulnerabilities for CPUJan2016.

Product Home

Patch

Advisory Number

Comments

Directory Server Enterprise Edition 11.1.1.7

ODSEE BP 11.1.1.7.160719 - Patch 24343108

Released July 2016

For CVE-2014-3566, see SSL V3.0 "Poodle" Vulnerability, at http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html

Directory Server Enterprise Edition 7.0

Upgrade to Directory Server Enterprise Edition 11.1.1.7, then apply the patches listed above

Released October 2015

For CVE-2014-3566, see SSL V3.0 "Poodle" Vulnerability, at http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html

See Note 1373397.1 for Oracle DSEE New Bundle Patch Process

3.4.2 iPlanet Web Server

Error Correction information for iPlanet Web Server

Describes the Error Correction information for iPlanet Web Server.

Patch Information	7.0	Comments
Final Patch	January 2017

Patch Availability for iPlanet Web Server

Describes the minimum revisions of iPlanet Web Server patches that are required to resolve the vulnerabilities for CPUJan2016.

Product Home	Patch	Advisory Number	Comments
iPlanet Web Server 7.0 home	BP Patch 24671006 or later	CVE-2016-1950

3.4.3 iPlanet Web Proxy Server

Error Correction information for iPlanet Web Proxy Server

Describes the Error Correction information for iPlanet Web Proxy Server.

Patch Information	4.0	Comments
Final Patch	January 2017

Patch Availability for iPlanet Web Proxy Server

Describes the minimum revisions of iPlanet Web Proxy Server patches that are required to resolve the vulnerabilities announced.

Product Home	Patch	Advisory Number	Comments
iPlanet Web Proxy Server 4.0 home	BP 4.0.28 Patch 24671497 or later	CVE-2016-1950

3.4.4 Oracle GlassFish Communications Server

Error Correction information for Oracle GlassFish Communications Server

Describes the Error Correction information for Oracle GlassFish Communications Server.

Patch Information	2.0	Comments
Final Patch	October 2017

Patch Availability for Oracle GlassFish Communications Server

Describes the minimum revisions of Oracle GlassFish Communications Server patches that are required to resolve the vulnerabilities.

Product Home

Patch

Advisory Number

Comments

Oracle GlassFish Communications Server 2.0

Linux x86: 143477-19

Linux x86-64: 143478-19

Solaris x86 and x86-64: 143476-07

Solaris SPARC 32 and 64 bit: 143475-16

Released July 2015

3.4.5 Oracle GlassFish Server

Error Correction information for Oracle GlassFish Server

Describes the Error Correction information for Oracle GlassFish Server.

Patch Information	3.1.2	3.0.1	2.1.1	Comments
Final Patch	January 2019	October 2017	January 2017

Patch Availability for Oracle GlassFish Server

Describes the minimum revisions of GlassFish server patches that are required to resolve the vulnerabilities for CPUJan2016.

Product Home	Patch	Advisory Number	Comments
Oracle GlassFish Server 3.1.2	BP 3.1.2.15 (Closed Network) Patch 23327256 or later BP 3.1.2.15 (Full Profile) Patch 23327241or later BP 3.1.2.15 (Web Profile) Patch 23327057 or later	CVE-2016-5519	For CVE-2014-3566, see SSL V3.0 "Poodle" Vulnerability, at http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html
Oracle GlassFish Server 3.0.1	BP 3.0.1.14 Patch 23494779 or later	CVE-2016-5519	For CVE-2014-3566, see SSL V3.0 "Poodle" Vulnerability, at http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html
Oracle GlassFish Server 2.1.1	BP 2.1.1.29 (EE) Patch 24671530 or later BP 2.1.1.29 (PE) Patch 24671518 or later	CVE-2016-5519, CVE-2016-1950	For CVE-2014-3566, see SSL V3.0 "Poodle" Vulnerability, at http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html

3.4.6 Oracle OpenSSO Agents

On-Request information for Oracle OpenSSO Server Platforms

Describes the On-Request information for Oracle OpenSSO Server platforms.

Apache Web Server 2.0.5x

Apache Web Server 2.2

iPlanet Web Server 7.0

Domino 8.5.2

IIS 6

IIS 7/7.5

iPlanet Web Proxy Server 4.0

Comments

Solaris SPARC 9/10 (32/64 bit)

Solaris x86 9/10 (32/64 bit)

Windows 2003 (32 bit)

Windows 2008 (32 bit)

Linux RHEL 4.0/5.0 (32/64 bit)

Linux Debian/GNU 4.x (32/64 bit)

Linux SUSE 9.x (32/64 bit)

Linux Ubantu 8.x (32/64 bit)

AIX 5.x/6.1

HPUX 11iv2

Solaris SPARC 9/10 (32 bit)

Solaris x86 9/10 (32/64 bit)

Windows 2008 (32 bit)

Linux Debian/GNU 4.x (32/64 bit)

Linux SUSE 9.x (32/64 bit)

Linux Ubantu 8.x (32/64 bit)

AIX 5.x/6.1HPUX 11iv2

Solaris SPARC 9/10 (32 bit)

Solaris x86 9/10 (32 bit)

Windows 2003 (32 bit)

Linux RHEL 4.0/5.0 (32 bit)

Linux SUSE 10.3/11.1 (64 bit)

Solaris SPARC 10 (32 bit)

Windows 2003 (32 bit)

Windows 2008 (32 bit)

Linux RHEL 5.5 (32/64 bit)

Solaris SPARC 9/10 (32 bit)

Solaris x86 9/10 (32 bit)

Windows 2003 (32 bit)

Linux RHEL 4.0/5.0 (32 bit)

Linux Sue 10.3/11.1 (64 bit)

Error Correction information for Oracle OpenSSO Agents

Describes the Error Correction information for Oracle OpenSSO Agents.

Patch Information	3.0	Comments
Final Patch	October 2017

Patch Availability for Oracle OpenSSO Agents

Describes the available patches for Oracle OpenSSO Agents.

Product Home	Patch	Advisory Number	Comments
Oracle OpenSSO Agent 3.0 home	BP 3.0.0.5 SPU Patch 20450584 or later	Released April 2015	iPlanet Proxy Server 4.0 patch
Oracle OpenSSO Agent 3.0 home	BP 3.0.0.7 SPU Patch 22665680 or later	Released April 2016	Apache HTTP Server 2.2.X Patch
Oracle OpenSSO Agent 3.0 home	BP 3.0.0.7 Patch 22665727 or later	Released April 2016	IBM Lotus Domino Server 8.5 Patch
Oracle OpenSSO Agent 3.0 home	BP 3.0.0.5 SPU Patch 19003807 or later	Released October 2014	IIS 6 Patch
Oracle OpenSSO Agent 3.0 home	BP 3.0.0.7 Patch 22665590 or later	Released April 2016	IIS 7 Patch
Oracle OpenSSO Agent 3.0 home	BP 3.0.0.7 Patch 22665643 or later	Released April 2016	Sun Java System Web Server Patch

3.4.7 Sun Role Manager

Error Correction information for Sun Role Manager

Describes the Error Correction information for Sun Role Manager.

Patch Information	5.0.3.2	Comments
Final Patch	October 2017
On-Request platforms

Patch Availability for Sun Role Manager

Describes the available patches for Sun role Manager. See also the underlying product stack tables for any applicable patches. Refer to comments section and apply the patch to the respective product home.

Oracle Sun Role Manager	Patch	Advisory Number	Comments
Sun Role Manager 5.0.3.3 home	BP 3 Patch 18175969 or higher	Released April 2014

3.5 Tools

This section contains the following:

· Section 3.5.1 "Oracle OPatch"

3.5.1 Oracle OPatch

Minimum Product Requirements for Oracle OPatch

Describes the minimum product requirements for Oracle OPatch. The CPU security vulnerabilities are fixed in the listed release and later releases. The Oracle OPatch downloads can be found at Patch 6880880.

Component	Release	Advisory Number	Comments
Oracle OPatch	1.0.0.0.64	Announced July 2011

4 Final Patch History

Final Patch History

Describes the final patch history.

The final patch is the last CPU/PSU release for which the product release is under error correction. For more information, see My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.

Release	Final Patches	Comments
July 2016	Oracle Outside In Technology 8.5.0 Oracle Mobile Security Suite 3.0.5 Oracle Database 12.1.0.1 (See MOS Note 742060.1)
April 2016	AquaLogic Data Services Platform 3.2 AquaLogic Data Services Platform 3.0.1 Oracle Business Intelligence Enterprise Edition 11.1.1.7 Oracle Endeca Information Discovery 2.3 Oracle Endeca Information Discovery 2.2.2 (Formerly Latitude) Oracle Enterprise Manager Cloud Control 12.1.0.4 Oracle Fusion Middleware 12.1.2.0 Oracle Identity Access Management 11.1.2.2 Oracle Tuxedo 11.1.1 Oracle WebCenter 11.1.1.8 Oracle WebCenter Portal 11.1.1.8 Oracle WebCenter Sites 7.6.2
January 2016	Oracle Real Time Decisions Server 3.0.0.1 Oracle WebCenter Interaction 6.5.1
July 2015	Oracle API Gateway 11.1.2.2.0 Oracle Business Intelligence EE and Publisher 10.1.3.4.2 Oracle Communications Converged Application Server 4.0 Oracle Database 11.2.0.3 Oracle Database 11.1.0.7 Oracle Fusion Middleware 12.1.1.0.0 Oracle Identity and Access Management 11.1.1.5.0 Oracle iPlanet Web Server 6.1.x Oracle iPlanet Web Server (Java System Web Server 6.1.x) Oracle WebLogic Server 12.1.1.0
April 2015	Oracle Database Management Plug-in 12.1.0.5 Oracle Enterprise Manager Cloud Control 12.1.0.3 Oracle JDeveloper and Oracle ADF 12.1.2.0 Oracle Outside In Technology 8.4.1
January 2015	JRockit 5.x Oracle Identity and Access Management 11.1.2.1 Oracle TimesTen 7.0.x WebLogic Integration 10.2.1.0 WebLogic Integration 10.0.1.0 WebLogic Portal 10.2.1.0 WebLogic Portal 10.0.1.0 WebLogic Server 10.0.2.0 WebLogic Workshop 10.2.1.0 WebLogic Workshop 10.0.1.0
October 2014	Oracle Access Manager 10gR3 (10.1.4.x) Oracle Database Management Plug-in 12.1.0.4 Oracle Enterprise Manager Grid Control 10.2.0.5 Oracle Forms and Reports 11.1.2.1.0 Oracle Fusion Middleware 10.1.3.5 SOA Suite

5 Sources of Additional Information

The following documents provide additional information about Critical Patch Updates:

· My Oracle Support Note 2171503.1, Critical Patch Update October 2016 Database Known Issues

· My Oracle Support Note 1227443.1, Patch Set Updates Known Issues Notes

· My Oracle Support Note 2006094.1, Critical Patch Update July 2015 Database Patch Security Vulnerability Molecule Mapping

· My Oracle Support Note 2171486.1, Critical Patch Update October 2016 Oracle Fusion Middleware Known Issues

· My Oracle Support Note 1591483.1, What is Installed in My Middleware or Oracle home?

· My Oracle Support Note 1571367.1, Patch Set Update for Exalogic Known Issues

· My Oracle Support Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)

· My Oracle Support Note 1365205.1, Getting Started with Oracle WebLogic Server: How to Make Sure that Recommended Patches are Applied

· My Oracle Support Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

· My Oracle Support Note 1227443.1, Patch Set Updates Known Issues Notes

· My Oracle Support Note 854428.1, Patch Set Updates (PSUs) for Oracle Products.

· My Oracle Support Note 605795.1, Introduction to catbundle.sql.

· My Oracle Support Note 605398.1, How To Find The Version Of The Main EM Components.

· My Oracle Support Note 438314.1, Critical Patch Update - Introduction to Database n-Apply CPU Patches.

· My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.

· My Oracle Support Note 161549.1, Oracle Database Server and Networking Patches for Microsoft Platforms.

6 Modification History

Describes the modification history for this document.

Modification History

Date	Modification
15 December 2016	Corrected the fourth note name and number in section 5 Sources of Additional Information
13 December 2016	updated row 5 and 9, column 2 and 4 of the second table in section 3.3.9
05 December 2016	updated patch number and date for the 12th row in the second table of section 3.3.7 updated patch number and date for the 8th row in the second table of section 3.3.21.4 updated patch number and date for the 14th row in the second table of section 3.3.21.6
31 October 2016	Updated table 2.5 for patch 24436544 and patch 24436497 Added row to 3.3.21.6 Oracle Fusion Middleware 11.1.1.7 Updated row Oracle Identity Access Management 11.1.1.7 home
28 October 2016	Updated Table 2.5 for Patch <="" a="">24436544> and Patch <="" a=""> Added CVE reference to 3.3.40 Oracle Outside In Technology Correct release for 3.1.2 Oracle Application Express
24 October 2016	Fixed link to https://support.oracle.com/epmos/faces/PatchConflictCheck
21 October 2016	Updated Table 2.5 for Patch 24436306
19 October 2016	Updated Table 2.5 for Oracle GoldenGate patches Added patches for 3.1.8 Oracle GoldenGate
18 October 2016	Released

7 Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

Patch Set Update and Critical Patch Update Availability Document July 2016

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.