|
This document defines the patches
and minimum releases for the Database Product Suite, Fusion Middleware
Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch
Updates and Patch Set Updates released on April 17, 2012.
Patch Set Update and Critical Patch Update April 2012
Availability Document
My
Oracle Support Note 1406574.1
Released April 17th, 2012
This document contains the
following sections:
·
Section
1, "Overview"
·
Section
2, "What's New in April 2012"
·
Section
3, "Patch Availability for Oracle Products"
·
Section
4, "Final Patch History"
·
Section
5, "Sources of Additional Information"
·
Section
6, "Modification History"
·
Section
7, "Documentation Accessibility"
1 Overview
Oracle provides quarterly Critical
Patch Updates (CPU) to address security vulnerabilities, and Patch Set
Updates (PSU) to address proactive, critical fixes and security
vulnerabilities. The security vulnerabilities addressed are announced in
the Advisory for April 2012, available athttp://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html.
This document lists the Oracle
Database, Fusion Middleware and Enterprise Manager CPU and PSU patches for
product releases under error correction. For information on products not
covered by this document, including Oracle Java SE Critical Patch Updates,
seehttp://www.oracle.com/technetwork/topics/security/alerts-086861.html.
The April 2012 release supersedes
earlier Critical Patch Updates and Patch Set Updates for the same product
releases. This document is subject to continual update after the initial
release, and the changes are listed in Section
6, "Modification History." If you
print this document, check My Oracle Support to ensure you have the latest
version.
This section contains the
following:
·
Section
1.1, "How To Use This Document"
·
Section
1.2, "Terminology in the Tables"
·
Section
1.3, "On-Request Patches"
·
Section
1.4, "Oracle Database Critical Patch Updates and Patch Set
Updates"
1.1 How To Use This Document
The following steps explain how to
use this document.
Step 1 Assess your
Environments
Determine
the Oracle product suites and products and their release numbers for each
of your environments.
Step 2 Read Important
Announcements
Review Section
2, "What's New in April 2012," as it lists documentation and packaging changes along
with important announcements such as upcoming final patches.
Step 3 Determine
Patches to be Applied
For each
environment, determine which patches need to be applied by using the tables
in Section
3, "Patch Availability for Oracle Products." There is one availability table for each product suite
release, such as Oracle Database 11.1.0.7, Oracle Fusion Middleware
11.1.1.5.0, and Enterprise Manager Grid Control 10.2.0.5
·
The
table lists the Critical Patch Update and Patch Set Update to be applied
either to the product or to the appropriate product Oracle homes that are
associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note
209768.1, Database, FMW, EM Grid
Control, and OCS Software Error Correction Support Policy. CPU
and PSU patches are provided only for these releases. If you do not see the
release that you have installed, then check Table
92, "Final Patch History" and
contact Oracle Support for further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory athttp://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly
releases, the column will indicate 'Released MMM YYYY'. You can easily find
which Critical Patch Updates are new by searching for the string 'CVE' in
the tables
·
When a
section is referenced in a table, follow the link to determine which
patches to install. For example, when Section
3.2.3, "Oracle Database" is
referenced, determine the Oracle Database release that is installed, and
find the patches to apply in the table for that Oracle Database release in Section
3.2.3, "Oracle Database."
Step 4 Apply the
Patches
Download
the patches, review the READMEs, and apply the patches according to the
instructions.
1.2 Terminology in the Tables
The following terminology is used
in this patch availability document and in the subsequent tables.
·
Not Applicable (NA) The patch is not planned for this platform
and release version combination. This may be due to several reasons
including:
1.
The
release version is not available on this platform.
2.
The
release version does not fall under Critical Patch Update release policies.
Refer to My Oracle Support Note
209768.1, Database, FMW, EM Grid
Control, and OCS Software Error Correction Support Policy.
·
On-Request (OR) The patch may be made available through the
On-Request program.
1.3 On-Request Patches
Oracle does not release proactive
patches for platform-version combinations that have fewer than 10 downloads
in the prior Critical Patch Update (CPU) or Patch Set Update (PSU) period.
Oracle will deliver patches for these historically inactive
platform-version combinations when requested.
The following guidelines describe
how you may request an on-request (OR) Critical Patch Update or Patch Set
Update.
A request may be made:
·
At any
time. However, a specific CPU/PSU cannot be requested. Either the current
CPU/PSU or the next CPU/PSU patch will be provided depending on when the
request is received and processed. Your Service Request (SR) will provide
you the planned availability date for the patch.
·
As long
as the version is in either Premier Support or Extended Support. Once the
final patch for the version has been released, an OR can be requested for
up to 2 weeks after the release date. For example, if a product release is
under Extended Support through the release of CPUJan2013 on January 15,
2013, then you can file a request for the product release through January
29, 2013.
·
For a
platform-version combination if the product or patch set is released on a
platform after a CPU/PSU release date. Oracle will provide the next CPU/PSU
for that platform-version combination, however you may request the current
CPU/PSU by following the on-request process. For example, if a patch set is
released for a platform on August 1, 2012, Oracle will provide the
CPUOct2012 patch for that platform. You may request a CPUJul2012 patch for
the platform, and Oracle will review the request and determine whether to
provide CPUJul2012 or CPUOct2012.
A patch that is marked as
on-request (OR) may already have been requested by another customer and be
available on My Oracle Support. Before you file a Service Request (SR),
check on My Oracle Support to see if the patch is already available for
your platform.
1.4 Oracle Database Critical
Patch Updates and Patch Set Updates
The Database Patch Set Updates and
Critical Patch Updates that are released each quarter contain the same
security fixes. However, they use different patching mechanisms, and Patch
Set Updates include both security and recommended bug fixes. Consider the
following guidelines when you are deciding to apply Patch Set Updates
instead of Critical Patch Updates.
·
Critical
Patch Updates are applied only on the base release version, for example 10.2.0.4.0.
·
Patch
Set Updates can be applied on the base release version or on any earlier
Patch Set Update. For example, 11.1.0.7.2 can be applied on 11.1.0.7.1 and
11.1.0.7.0.
·
Once a
Patch Set Update has been applied, the recommended way to get future security
content is to apply subsequent Patch Set Updates. Reverting from an applied
Patch Set Update back to the Critical Patch Update, while technically
possible, requires significant time and effort, and is not advised.
·
Applying
a Critical Patch Update on an installation with a Patch Set Update
installed is not supported.
For more information on Patch Set
Updates, see My Oracle Support Note
854428.1, Patch Set Updates (PSUs) for
Oracle Products.
2 What's New in April 2012
This section describes important
changes in April 2012:
·
Section
2.1, "Patch Set Update (PSU) Package Improvement - Composite
Patches"
·
Section
2.2, "Final Patch Information (Error Correction Policies)"
·
Section
2.3, "New Minimum Product Requirements for CPUApr2012"
·
Section
2.4, "New OPatch Requirements"
·
Section
2.5, "Changes to the Patch Availability Document"
2.1 Patch Set Update (PSU)
Package Improvement - Composite Patches
The Oracle Database 11.2.0.3.1
Patch Set Update (PSU) introduced a new patch format called Composite
Patches. The improvements include decreased patch installation time and
reduces the need to roll back previously applied overlay patches. With the
new composite patch format, it is possible for overlay patches provided on
earlier PSUs to co-exist with the new PSU being installed. For example,
Oracle Database 11.2.0.3.1 PSU overlay patches do not need to be rolled
back and replaced if they do not conflict with the new content in Database
11.2.0.3.2 PSU. For more information, see My Oracle Support Note
1376691.1.
2.2 Final Patch Information
(Error Correction Policies)
The Final patch is the last CPU/PSU
release for which the product release is under error correction. Final
patches for the July 2012 and April 2012 releases, and newly scheduled
final patches are listed in the following sections.
Final patches scheduled for April 2012:
·
Oracle
Fusion Middleware 11.1.1.4 except for 11.1.1.4 Portal Forms, Reports, &
Discoverer (PFRD)
·
Oracle
WebLogic Server 10.3.4.0
Final patches scheduled for July 2012:
·
Oracle
Business Intelligence Enterprise Edition 10.1.3.4.1
·
Oracle
Business Intelligence Publisher 10.1.3.4.1
·
Oracle
Outside In Technology 8.3.5.0
Final patches scheduled for January 2013:
·
Oracle
Business Intelligence Enterprise Edition 11.1.1.5.0
·
Oracle
Business Intelligence Publisher 11.1.1.5.0
·
Oracle
Database 11.2.0.2 (Updated)
·
Oracle
Fusion Middleware 11.1.1.5
Newly Scheduled final patches:
·
None
For additional final patch history
information, see Table
92. For information on the error correction
support policy for patches, refer to My Oracle Support Note
209768.1, Database, FMW, EM Grid
Control, and OCS Software Error Correction Support Policy.
2.3 New Minimum Product
Requirements for CPUApr2012
The following is new for
CPUApr2012:
·
The new
minimum version for Oracle Database Appliance is 2.2.0.0.0
·
The new
minimum version for Oracle Application Express is 4.1.1.00.23
2.4 New OPatch Requirements
The following are new minimum
OPatch requirements for April 2012.
·
Minimum
OPatch version required for Database and GI PSU 11.2.0.3.2 is 11.2.0.3.0
2.5 Changes to the Patch
Availability Document
The following changes to this
document are for April 2012:
·
Patches
in the Patch Availability tables are now listed in the order they were
released
·
The
Patch Information tables have been renamed to Error Correction Information
tables to more accurately describe their content
·
The information
from My Oracle Support Note
1400322.1, Oracle WebLogic Server and
Oracle Application Server (OC4J) Security Alert for CVE-2011-5035,
has been merged with this document. Search the document for
"CVE-2011-5035" to find out which information is from the latest
alert.
3 Patch Availability for Oracle Products
This section contains the
following:
·
Section
3.1, "Oracle Collaboration"
·
Section
3.2, "Oracle Database"
·
Section
3.3, "Oracle Enterprise Manager"
·
Section
3.4, "Oracle Fusion Middleware"
·
Section
3.5, "Tools"
3.1 Oracle Collaboration
This section contains the
following:
·
Section
3.1.1, "Patch Availability Information for Oracle Collaboration
Suite"
3.1.1 Patch Availability
Information for Oracle Collaboration Suite
Oracle Collaboration Suite homes
contain database and application server homes. For more information on
Oracle Database and Oracle Fusion Middleware Critical Patch Updates that
apply to Oracle Collaboration Suite homes, see My Oracle Support Note
559534.1 Applying
Critical Patch Updates to Collaboration Suite 10g.
Table
1 describes the available patches for Oracle
Collaboration Suite.
Table 1 Patch
Availability for Oracle Collaboration Suite
3.2 Oracle Database
This section contains the
following:
·
Section
3.2.1, "Oracle Application Express"
·
Section
3.2.2, "Oracle Audit Vault"
·
Section
3.2.3, "Oracle Database"
·
Section
3.2.4, "Oracle Database Appliance"
·
Section
3.2.5, "Oracle Fusion Middleware Utilities for Oracle Databases"
·
Section
3.2.6, "Oracle Secure Backup"
·
Section
3.2.7, "Oracle Secure Enterprise Search"
·
Section
3.2.8, "Oracle TimesTen"
·
Section
3.2.9, "Oracle Workflow Server"
3.2.1 Oracle Application
Express
Table
2describes the minimum product requirements
for Oracle Application Express. The CPU security vulnerabilities are fixed
in the listed release and later releases. The Oracle Application Express
downloads and installation instructions can be found athttp://www.oracle.com/technology/products/database/application_express/download.html.
Table 2 Minimum
Product Requirements for Oracle Application Express
|
Component
|
Release
|
Advisory
Number
|
Comments
|
|
Oracle Application Express
|
4.1.1.00.23
|
CVE-2012-1708
|
|
3.2.2 Oracle Audit Vault
Table
3 describes the available patches for Oracle Audit Vault
10.3.0.0.
Table 3 Patch
Availability for Oracle Audit Vault 10.3.0.0
Table
4 describes the available patches for Oracle Audit Vault
10.2.3.2.
Table 4 Patch
Availability for Oracle Audit Vault 10.2.3.2
3.2.3 Oracle Database
This section contains the
following:
·
Section
3.2.3.1, "Patch Availability for Oracle Database"
·
Section
3.2.3.2, "Oracle Database 11.2.0.3"
·
Section
3.2.3.3, "Oracle Database 11.2.0.2"
·
Section
3.2.3.4, "Oracle Database 11.1.0.7"
·
Section
3.2.3.5, "Oracle Database 10.2.0.5"
·
Section
3.2.3.6, "Oracle Database 10.2.0.4"
·
Section
3.2.3.7, "Oracle Database 10.2.0.3"
3.2.3.1 Patch
Availability for Oracle Database
For Oracle Database 10.2.0.4 and
later releases, customers have the option to install the Critical Patch
Update (CPU) or the Patch Set Update (PSU). Both patch types are cumulative
patches. The PSU includes the security vulnerability bug fixes, as well as
additional non-security bug fixes recommended by Oracle. For more
information on PSU patches, see My Oracle Support Note
854428.1, Patch Set Updates (PSUs) for
Oracle Products.
For the Microsoft Windows
platforms, Oracle Database patches are released as cumulative patch
bundles. You may install the indicated patch or any later bundle in the
Database Windows bundle series to apply the CPU security bug fixes. The
Windows patch bundles include the security vulnerability bug fixes, the PSU
recommended non-security bug fixes, and other customer-requested bug fixes.
3.2.3.2 Oracle
Database 11.2.0.3
Table
5 describes the Error Correction information for Oracle
Database 11.2.0.3.
Table 5 Error
Correction information for Oracle Database 11.2.0.3
|
Patch
Information
|
11.2.0.3
|
Comments
|
|
Final patch
|
-
|
|
|
CPU On-Request platforms
|
HP-UX PA RISC
IBM: Linux on System Z
|
|
|
PSU On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Table
6 describes the available patches for Oracle Database
11.2.0.3.
Table 6 Patch
Availability for Oracle Database 11.2.0.3
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
Database 11.2.0.3 CPU Patch 13632717, or
Database 11.2.0.3.2 PSU Patch 13696216, or
GI 11.2.0.3.2 PSU Patch 13696251, or
Database patch for Exadata (April 2012 - 11.2.0.3.5) Patch 13734832, or
Quarterly Full Stack download for Exadata (April
2012) Patch 13839416, or
Microsoft Windows (32-Bit) Bundle Patch 13885388, or
Microsoft Windows x64 (64-Bit) Bundle Patch 13885389
|
CVE-2012-0552, CVE-2012-0534, CVE-2012-0527,
CVE-2012-0526, CVE-2012-0525
|
|
|
Oracle Database home
|
Patch 13705478
|
CVE-2011-5035
|
OC4J 10.1.3.4 one-off patch (Special OPatch needed,
see README)
|
3.2.3.3 Oracle
Database 11.2.0.2
Table
7 describes the Error Correction information for Oracle
Database 11.2.0.2.
Table 7 Error
Correction information for Oracle Database 11.2.0.2
|
Patch
Information
|
11.2.0.2
|
Comments
|
|
Final patch
|
January 2013
|
|
|
CPU On-Request platforms
|
HP-UX PA RISC
IBM: Linux on System Z
|
|
|
PSU On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Table
8 describes the available patches for Oracle Database
11.2.0.2.
Table 8 Patch Availability
for Oracle Database 11.2.0.2
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
Database 11.2.0.2 CPU Patch 13632725, or
Database 11.2.0.2.6 PSU Patch 13696224, or
GI 11.2.0.2.6 PSU Patch 13696242, or
Exadata Database Recommended Patch 16 Patch 13837673, or
Microsoft Windows (32-Bit) Bundle Patch 13697073, or
Microsoft Windows x64 (64-Bit) Bundle Patch 13697074
|
CVE-2012-0552, CVE-2012-0534, CVE-2012-0527,
CVE-2012-0526, CVE-2012-0525, CVE-2012-0520, CVE-2012-0512, CVE-2012-0519
(Windows only)
|
|
|
Oracle Database home
|
Patch 13705478
|
CVE-2011-5035
|
OC4J 10.1.3.4 one-off patch (Special OPatch needed,
see README)
|
3.2.3.4 Oracle
Database 11.1.0.7
Table
9 describes the Error Correction information for Oracle
Database 11.1.0.7.
Table 9 Error
Correction information for Oracle Database 11.1.0.7
|
Patch
Information
|
11.1.0.7
|
Comments
|
|
Final patch
|
July 2015
|
|
|
CPU On-Request platforms
|
-
|
|
|
PSU On-Request platforms
|
-
|
|
Table
10 describes the available patches for Oracle Database
11.1.0.7.
Table 10 Patch
Availability for Oracle Database 11.1.0.7
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
Database 11.1.0.7 CPU Patch 13632731, or
Database 11.1.0.7.11 PSU Patch 13621679, or
Microsoft Windows (32-Bit) Bundle Patch 13715809, or
Microsoft Windows x64 (64-Bit) Bundle Patch 13715810
|
CVE-2012-0552, CVE-2012-0534, CVE-2012-0528,
CVE-2012-0527, CVE-2012-0526, CVE-2012-0525, CVE-2012-0520,
CVE-2012-0512, CVE-2012-0511, CVE-2012-0510
|
|
|
Oracle Database home
|
Patch 13705478
|
CVE-2011-5035
|
OC4J 10.1.3.3 one-off patch
|
|
Oracle CRS home
|
CRS 11.1.0.7.7 PSU Patch 11724953
|
Released April 2011
|
Non-security content only
|
|
Oracle Database home
|
Patch 9288120
|
Released April 2011
|
Database UIX
For Oracle Secure Enterprise Search 11.1.2.x
installations, follow the instructions given in MOS note Note
1359600.1.
|
|
Oracle Database home
|
Patch 10073948
|
Released April 2011
|
Enterprise Manager Database Control UIX
Not applicable to Oracle Secure Enterprise Search
11.1.2.x
|
|
Oracle Database home
|
Patch 11738232
|
Released April 2011
|
Warehouse Builder
Not applicable to Oracle Secure Enterprise Search
11.1.2.x
|
3.2.3.5 Oracle
Database 10.2.0.5
Table
11 describes the Error Correction information for Oracle
Database 10.2.0.5.
Table 11 Error
Correction information for Oracle Database 10.2.0.5
|
Patch
Information
|
10.2.0.5
|
Comments
|
|
Final patch
|
July 2013
|
|
|
CPU On-Request platforms
|
HP-UX PA-RISC
IBM: Linux on System Z
Linux Itanium
Linux on POWER
|
|
|
Database PSU On-Request platforms
|
-
|
|
|
CRS PSU On-Request platforms
|
HP-UX PA-RISC
IBM: Linux on System Z
Solaris x86-64
|
|
Table
12 describes the available patches for Oracle Database
10.2.0.5.
Table 12 Patch
Availability for Oracle Database 10.2.0.5
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
Database 10.2.0.5 CPU Patch 13632738, or
Database 10.2.0.5.7 PSU Patch 13632743, or
Microsoft Windows (32-Bit) Bundle Patch 13654814, or
Microsoft Windows x64 (64-Bit) Bundle Patch 13654815, or
Microsoft Windows Itanium (64-Bit) Patch 13870404
|
CVE-2012-0552, CVE-2012-0534, CVE-2012-0528,
CVE-2012-0527, CVE-2012-0526, CVE-2012-0520
|
|
|
Oracle Database home
|
Patch 13705478
|
CVE-2011-5035
|
OC4J 10.1.3.4 one-off patch (Special OPatch needed,
see README)
|
|
Oracle Database home
|
Patch 12536181
|
Released July 2011
|
Enterprise Manager Database Control
For HP-UX PA-RISC and HP-UX Itanium platforms only
|
|
Oracle Warehouse Builder home
|
Patch 11738172
|
Released April 2011
|
Warehouse Builder
|
|
Oracle CRS home
|
CRS 10.2.0.5.2 PSU Patch 9952245
|
Released January 2011
|
Non-security content only
|
3.2.3.6 Oracle
Database 10.2.0.4
Table
13 describes the Error Correction information for Oracle
Database 10.2.0.4.
Table 13 Error
Correction information for Oracle Database 10.2.0.4
|
Patch
Information
|
10.2.0.4
|
Comments
|
|
Final patch
|
July 2013 for Oracle Solaris x86 (32-bit) and Apple
Mac OS X
Final patch date pending release of 10.2.0.5 patch
set for HP Open VMS-Alpha and VMS-Itanium
July 2011 for all other platforms
|
|
|
CPU On-Request platforms
|
Apple Mac OS X
HP Open VMS-Alpha
HP Open VMS-Itanium
Oracle Solaris x86 (32-bit)
|
|
|
PSU On-Request platforms
|
-
|
|
Table
14 describes the available patches for Oracle Database
10.2.0.4.
Table 14 Patch
Availability for Oracle Database 10.2.0.4
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
Database 10.2.0.4 CPU Patch 12879926, or
Database 10.2.0.4.12 PSU Patch 12879933
|
CVE-2012-0552, CVE-2012-0534, CVE-2012-0528, CVE-2012-0527,
CVE-2012-0526, CVE-2012-0520, CVE-2012-0511, CVE-2012-0510
|
10.2.0.4.4 PSU Patch 9352164 is
base PSU for 10.2.0.4.12 Overlay PSU
|
|
Oracle Database home
|
Patch 13705478
|
CVE-2011-5035
|
OC4J 9.0.4.1 one-off patch
|
|
Oracle Database home
|
Patch 12536167
|
Released July 2011
|
Enterprise Manager Database Control
For HP-UX PA-RISC and HP-UX Itanium platforms only
|
|
Oracle Database home
|
Patch 12758181
|
Released July 2011
|
Enterprise Manager Database Control UIX
|
|
Oracle Database home
|
Patch 9249369
|
Released April 2011
|
Database UIX
|
|
Oracle Database home
|
Patch 9273865
|
Released April 2011
|
iSqlPlus UIX
|
|
Oracle CRS home
|
CRS 10.2.0.4.4 PSU Patch 9294403
|
Released April 2010
|
Non-security content only
|
3.2.3.7 Oracle
Database 10.2.0.3
Table
15 describes the Error Correction information for Oracle
Database 10.2.0.3.
Table 15 Error Correction
information for Oracle Database 10.2.0.3
|
Patch
Information
|
10.2.0.3
|
Comments
|
|
Final patch
|
-
|
IBM zSeries (z/OS) only
|
|
CPU On-Request platforms
|
-
|
|
Table
16 describes the available patches for Oracle Database
10.2.0.3.
Table 16 Patch
Availability for Oracle Database 10.2.0.3
|
Product
Home
|
IBM
zSeries (z/OS)
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
Patch 13632749
|
CVE-2012-0552, CVE-2012-0534, CVE-2012-0528,
CVE-2012-0527, CVE-2012-0526, CVE-2012-0520, CVE-2012-0511, CVE-2012-0510
|
|
|
Oracle Database home
|
Patch 13705478
|
CVE-2011-5035
|
OC4J 9.0.4.1 one-off patch
|
3.2.4 Oracle Database
Appliance
Table
17describes the minimum product requirements
for Oracle Database Appliance. The CPU security vulnerabilities are fixed
in the listed release and later releases. The Oracle Database Appliance
downloads and installation instructions can be found athttp://www.oracle.com/technetwork/server-storage/engineered-systems/database-appliance/overview/index.html.
Table 17 Minimum
Product Requirements for Oracle Database Appliance
|
Component
|
Release
|
Advisory
Number
|
Comments
|
|
Oracle Database Appliance
|
2.2.0.0.0
|
CVE-2012-0552, CVE-2012-0534, CVE-2012-0527,
CVE-2012-0526, CVE-2012-0525
|
|
3.2.5 Oracle Fusion
Middleware Utilities for Oracle Databases
Table
18 lists the patches for
Oracle Fusion Middleware components, such as Oracle HTTP Server, which are
installed using the Oracle Database Companion CD. For information about
Oracle Fusion Middleware 11g, see My Oracle Support Note
1304604.1, Oracle Fusion Middleware 11g
Web-Tier FAQ, and Section
3.4.13, "Oracle Fusion Middleware."
Table 18
Patch Availability for Oracle Fusion Middleware Utilities for Oracle
Databases
|
Product
Home
|
UNIX
|
Microsoft
Windows (32-Bit)
|
Microsoft
Windows Itanium (64-Bit)
|
Advisory
Number
|
Comments
|
|
Oracle HTTP Server 10.1.2.3 for Oracle 10.2.x
Databases
|
CPU Patch 12837860
|
Bundle Patch 12837864
|
Bundle Patch 12837867
|
Released October 2011
|
See My Oracle Support Note
400010.1 Steps to Maintain Oracle
Database 10.2 Companion CD Home (for Oracle HTTP Server)
|
3.2.6 Oracle Secure Backup
Table
19 describes the available patches for Oracle Secure
Backup.
Table 19 Patch
Availability for Oracle Secure Backup
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Release 10.3.0.3
|
Patch 12573094
|
Released July 2011
|
|
3.2.7 Oracle Secure
Enterprise Search
Table
20 describes the available patches for Oracle Secure Enterprise
Search 11.1.2.x.
Table 20 Patch
Availability for Oracle Secure Enterprise Search 11.1.2.x
3.2.8 Oracle TimesTen
Table
21 describes the minimum product requirements for Oracle
TimesTen. The CPU security vulnerabilities are fixed in the listed release
and later releases.
Table 21 Minimum
Product Requirements for Oracle TimesTen
|
Oracle
TimesTen Release
|
|
11.2.1.6.1
|
|
7.0.6.2.0
|
3.2.9 Oracle Workflow
Server
Table
22 describes the available patches for Oracle Workflow
Server.
Table 22 Patch
Availability for Oracle Workflow Server
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Release 2.6.4
|
Patch 5904430
|
Released April 2007
|
|
3.3 Oracle Enterprise Manager
This section contains the
following:
·
Section
3.3.1, "Patch Availability for Oracle Enterprise Manager Cloud Control
12c (12.1.0.1),"
·
Section
3.3.2, "Patch Availability for Oracle Enterprise Manager Grid Control
11g (11.1.0.1)"
·
Section
3.3.3, "Patch Availability for Oracle Enterprise Manager Grid Control
10g (10.2.0.5)"
·
Section
3.3.4, "Oracle Real User Experience Insight"
3.3.1 Patch Availability
for Oracle Enterprise Manager Cloud Control 12c (12.1.0.1)
Table
23 describes Error Correction information for Oracle
Enterprise Manager Cloud Control 12c (12.1.0.1).
Table 23 Error
Correction information for Oracle Enterprise Manager Cloud Control 12c
(12.1.0.1)
|
Patch
Information
|
12.1.0.1
|
Comments
|
|
Final Patch
|
-
|
|
|
PSU On Request Platforms
|
-
|
|
Table
24 describes the available patches for Oracle Enterprise
Manager Cloud Control 12c (12.1.0.1).
Table 24 Patch
Availability for Oracle Enterprise Manager Cloud Control 12c (12.1.0.1)
3.3.2 Patch Availability
for Oracle Enterprise Manager Grid Control 11g (11.1.0.1)
Table
25 describes Error Correction information for Oracle
Enterprise Manager Grid Control 11g (11.1.0.1).
Table 25 Error
Correction information for Oracle Enterprise Manager Grid Control 11g
(11.1.0.1)
|
Patch
Information
|
11.1.0.1
|
Comments
|
|
Final Patch
|
April 2018
|
|
|
PSU On Request Platforms
|
-
|
|
Table
26 describes the available patches for Oracle Enterprise
Manager Grid Control 11g (11.1.0.1).
Table 26 Patch Set
Update Availability for Oracle Enterprise Manager Grid Control 11g
(11.1.0.1)
3.3.3 Patch Availability
for Oracle Enterprise Manager Grid Control 10g (10.2.0.5)
Table
27 describes Error Correction information for Oracle
Enterprise Manager Grid Control 10g (10.2.0.5).
Table 27 Error
Correction information for Oracle Enterprise Manager Grid Control 10g (10.2.0.5)
|
Patch
Information
|
10.2.0.5
|
Comments
|
|
Final Patch
|
October 2014
|
|
|
PSU On Request Platforms
|
-
|
|
Table
28 describes the available patches for Oracle Enterprise
Manager Grid Control 10g (10.2.0.5).
Table 28 Patch
Availability for Oracle Enterprise Manager Grid Control 10g (10.2.0.5)
3.3.4 Oracle Real User
Experience Insight
Table
29 describes Error Correction information for Oracle Real
User Experience Insight 6.0.x.
Table 29 Error
Correction information for Oracle Real User Experience Insight
|
Patch
Information
|
6.0.x
|
Comments
|
|
Final Patch
|
October 2013
|
|
|
Patch on request platforms
|
|
|
Table
30 describes the available patches for Oracle Real User
Experience Insight.
Table 30 Patch Availability
for Oracle Real User Experience Insight
|
Product
Version
|
Patch
|
Advisory
Number
|
Comments
|
|
6.0.x
|
CPU Patch 9268989
|
Released January 2011
|
|
3.4 Oracle Fusion Middleware
This section contains the
following:
·
Section
3.4.1, "Oracle AquaLogic Data Services Platform"
·
Section
3.4.2, "Oracle AquaLogic Interaction Logging Utilities"
·
Section
3.4.3, "Oracle Beehive"
·
Section
3.4.4, "Oracle Business Intelligence Enterprise Edition"
·
Section
3.4.5, "Oracle Business Intelligence Publisher"
·
Section
3.4.6, "Oracle Business Process Management"
·
Section
3.4.7, "Oracle Communications Converged Application Server"
·
Section
3.4.8, "Oracle Complex Event Processing and WebLogic Event
Server"
·
Section
3.4.9, "Oracle Data Service Integrator"
·
Section
3.4.10, "Oracle Document Capture"
·
Section
3.4.11, "Oracle Enterprise Repository"
·
Section
3.4.12, "Oracle Exalogic Patch Set Update (PSU)"
·
Section
3.4.13, "Oracle Fusion Middleware"
·
Section
3.4.14, "Oracle GoldenGate Veridata"
·
Section
3.4.15, "Oracle Hyperion BI+"
·
Section
3.4.16, "Oracle Identity Management Connector,"
·
Section
3.4.17, "Oracle Identity Manager"
·
Section
3.4.18, "Oracle JDeveloper"
·
Section
3.4.19, "Oracle JRockit"
·
Section
3.4.20, "Oracle Outside In Technology"
·
Section
3.4.21, "Oracle Service Bus,"
·
Section
3.4.22, "Oracle WebCenter Content (Formerly Oracle Universal Content
Management)"
·
Section
3.4.23, "Oracle WebCenter Forms Recognition"
·
Section
3.4.24, "Oracle WebCenter Interaction,"
·
Section
3.4.25, "Oracle WebLogic Integration"
·
Section
3.4.26, "Oracle WebLogic Portal"
·
Section
3.4.27, "Oracle WebLogic Server and WebLogic Express"
·
Section
3.4.28, "Oracle WebLogic Server Patch Set Update (PSU)"
·
Section
3.4.29, "Oracle WebLogic Server Plug-ins"
·
Section
3.4.30, "Oracle WebLogic SIP Server,"
·
Section
3.4.31, "Oracle Workshop for WebLogic,"
3.4.1 Oracle AquaLogic
Data Services Platform
Table
45 describes the Error Correction information for Oracle
AquaLogic Data Services Platform.
Table 31 Error
Correction information for Oracle AquaLogic Data Services Platform
|
Patch
Information
|
ALDSP
3.2
|
ALDSP
3.0.1
|
Comments
|
|
Final Patch
|
April 2016
|
April 2016
|
|
Table
46 describes the availability for Critical Patch Updates
for Oracle AquaLogic Data Services Platform. See also the underlying
product stack tables (JRockit and WLS) for any applicable patches.
Table 32 Patch
Availability for Oracle AquaLogic Data Services Platform
|
Product
Home
|
Patch
|
Advisory
Number
|
Smart
Update Patch Set ID
|
Smart
Update Patch IDs
|
Comments
|
|
3.0.1.0
|
Patch 13705113
|
CVE-2011-5035
|
NA
|
NA
|
WebLogic Server 9.2.2.0 one-off patch that needs to
be applied to WebLogic Server home
|
|
2.5.2.0 (2.5SP2)
|
Patch 13705113
|
CVE-2011-5035
|
NA
|
NA
|
WebLogic Server 8.1.5.0 one-off patch that needs to
be applied to WebLogic Server home
|
|
3.2
|
CPU Patch 8272933
|
Released April 2009
|
NA
|
TXJJ
|
|
|
3.0.1
|
CPU Patch 8284035
|
Released April 2009
|
NA
|
QDWJ
|
|
3.4.2 Oracle AquaLogic
Interaction Logging Utilities
Table
33 describes the availability of Security Alert Patch
updates for Oracle AquaLogic Interaction Logging Utilities. See also the
underlying product stack tables for any applicable patches. Refer to
comments section and apply the patch to the respective product home.
Table 33 Patch
Availability for Oracle AquaLogic Interaction Logging Utilities
|
Oracle
AquaLogic Interaction Logging Utilities
|
Patch
|
Advisory
Number
|
Comments
|
|
1.0
|
Patch 13718641
|
CVE-2011-5035
|
WebLogic Server 9.2.0.0 one-off patch that needs to
be applied to WebLogic Server home
|
3.4.3 Oracle Beehive
Oracle Beehive environments contain
Oracle Database and Oracle Fusion Middleware homes. For more information,
see My Oracle Support Note
758816.1, Applying Critical Patch
Updates to Beehive 1.5.1.x though 2.0.1.x.
Table
34 describes Error Correction information for Oracle
Beehive.
Table 34 Error
Correction information for Oracle Beehive
|
Patch
Information
|
Oracle
Beehive 2.0.1.x
|
Comments
|
|
Minimum Product Requirement
|
2.0.1.4
|
Announced January 2011
|
|
Final Patch
|
Jan 2018
|
|
|
CPU On Request Platforms
|
-
|
|
Table
35 describes the available patches for Oracle Beehive.
For each home you are about to
administer, find the appropriate patches based on the components installed
in that home. Then, apply those patches in the order listed.
Table 35 Patch
Availability for Oracle Beehive
3.4.4 Oracle Business Intelligence
Enterprise Edition
Table
36 describes the Error Correction information for Oracle
Business Intelligence Enterprise Edition.
Table 36 Error
Correction information for Oracle Business Intelligence Enterprise Edition
|
Patch
Information
|
11.1.1.5.0
|
11.1.1.3.0
|
10.1.3.4.2
|
10.1.3.4.1
|
Comments
|
|
Final Patch
|
January 2013
|
July 2012
|
-
|
July 2012
|
|
Table
37 describes the available patches for Oracle Business
Intelligence Enterprise Edition.
Customers on earlier versions of
Oracle Business Intelligence Enterprise Edition 10.x will need to apply
10.1.3.4.1 and then apply the Critical Patch Update.
Table 37
Patch Availability for Oracle Business Intelligence Enterprise Edition
3.4.5 Oracle Business
Intelligence Publisher
Table
38 describes the Error Correction information for Oracle
Business Intelligence Publisher.
Table 38 Error
Correction information for Oracle Business Intelligence Publisher
|
Patch
Information
|
11.1.1.5.0
|
11.1.1.3.0
|
10.1.3.4.2
|
10.1.3.4.1
|
Comments
|
|
Final Patch
|
January 2013
|
July 2012
|
-
|
July 2012
|
|
Table
39 describes the available patches for Oracle Business
Intelligence Publisher.
Customers on earlier versions of
Oracle Business Intelligence Publisher 10.x will need to apply 10.1.3.4.1
and then apply the Critical Patch Update.
Table 39 Patch
Availability for Oracle Business Intelligence Publisher
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
10.1.3.4.2
|
Patch 13647402
|
CVE-2012-0543
|
See My Oracle Support Note
797057.1, Overview of Available
Update Patches for Oracle BI Publisher Enterprise 10g
|
|
10.1.3.4.1
|
Patch 13647402
|
CVE-2012-0543
|
See My Oracle Support Note
797057.1, Overview of Available
Update Patches for Oracle BI Publisher Enterprise 10g
|
|
11.1.1.3.0
|
Patch 10411254
|
Released January 2011
|
|
3.4.6 Oracle Business
Process Management
Follow the special instructions
below to download Oracle Business Process Management patches.
1.
Click Patches & Updates after logging into My Oracle
Support.
2.
Search
for Oracle Business Process Management Suite.
3.
Search
for the required BPM release by clicking Select up to 10.
4.
Select
the patch with the build number that is indicated in Table
41, or the patch with higher build number
than what is indicated for the platform you are about to update, for
example: EnterpriseJ2EE, Studio, or EnterpriseSA.
5.
Download
the patch.
Table
40 describes the Error Correction information for Oracle
Business Process Management.
Table 40 Error
Correction information for Oracle Business Process Management
|
Patch
Information
|
10.3.2
|
10.3.1
|
6.0.5
|
Comments
|
|
Final Patch
|
-
|
-
|
July 2014
|
|
Table
41 describes the availability for Critical Patch Updates
for Oracle Business Process Management.
Table 41
Patch Availability for Oracle Business Process Management
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
BPM 10.3.2
|
MOS: 100375
|
Released July 2010
|
See the instructions above on how to download the
patch
|
|
BPM 10.3.1
|
MOS: 100258
|
Released July 2010
|
See the instructions above on how to download the
patch
|
|
BPM 6.0.5
|
MOS: 100247
|
Released July 2010
|
See the instructions above on how to download the
patch
|
3.4.7 Oracle
Communications Converged Application Server
Table
42 describes the availability of Security Alert Patch
updates for Oracle Communications Converged Application Server. See also
the underlying product stack tables for any applicable patches. Refer to
comments section and apply the patch to the respective product home.
Table 42 Patch
Availability for Oracle Communications Application Server
|
Oracle
Communications Converged Application Server
|
Patch
|
Advisory
Number
|
Comments
|
|
5.0
|
All patches for Oracle WebLogic Server 10.3.3.0 home
|
CVE-2011-5035
|
Refer to Patch Availability for Oracle Fusion
Middleware 11.1.1.3 and apply all patches for Oracle WebLogic Server
10.3.3.0 home
|
|
4.0
|
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 13705098
CPU Patch 10625676
CPU Patch 13442902
|
Released October 2011
Released October 2011
Released October 2011
CVE-2011-5035
Released January 2011
Released January 2012
|
WLS 10.3.0.0 JMS patch
WLS 10.3.0.0 WebServices patch
WLS 10.3.0.0 Security patch
WLS 10.3.0.0 WebApp patch
WLS 10.3.0.0 Core patch
WLS 10.3.0.0 Console patch
|
3.4.8 Oracle Complex Event
Processing and WebLogic Event Server
Table
43 describes the Error Correction information for Oracle
Document Capture.
Table 43 Error
Correction information for Oracle Complex Event Processing and WebLogic
Event Server
|
Patch
Information
|
CEP
10.3
|
EVS
2.0
|
Comments
|
|
Final Patch
|
January 2017
|
July 2014
|
|
Table
44 describes the availability for Critical Patch Updates
for Oracle Complex Event Processing and WebLogic Event Server. See also the
underlying product stack tables (JRockit and WLS) for any applicable
patches.
Table 44 Patch
Availability for Oracle Complex Event Processing and WebLogic Event Server
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
CEP 10.3
|
Patch 8557480
|
Released July 2009
|
|
|
EVS 2.0
|
Upgrade to CEP 10.3 and apply Patch 8557480
|
Released July 2009
|
For EVS 2.0 patch, contact Oracle Support
|
3.4.9 Oracle Data Service
Integrator
Table
45 describes the Error Correction information for Oracle
Data Service Integrator.
Table 45 Error Correction
information for Oracle Data Service Integrator
|
Patch
Information
|
ODSI
10.3.0
|
Comments
|
|
Final Patch
|
January 2017
|
|
Table
46 describes the availability for Critical Patch Updates
for Data Service Integrator. See also the underlying product stack tables
(JRockit and WLS) for any applicable patches.
Table 46 Patch
Availability for Oracle Data Service Integrator
|
Product
Home
|
Patch
|
Advisory
Number
|
Smart
Update Patch Set ID
|
Smart
Update Patch IDs
|
Comments
|
|
10.3.0
|
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 13583186
CPU Patch 10625676
CPU Patch 13442902
|
Released October 2011
Released October 2011
Released October 2011
CVE-2011-5035
Released January 2011
Released January 2012
|
NA
EXP8
ZVC4
AEQE
QHPL
WT6W
|
RPQH
3QHE, NXQM, 982N, 6BME, 5EGH
EDAT, QR92
VXVR, WSNI, SU7Z, PQVV, ZE59, XW21, VV75
2QSG, E65J
8WHJ, K4VY
|
WLS 10.3.0.0 JMS patch
WLS 10.3.0.0 WebServices patch
WLS 10.3.0.0 Security patch
WLS 10.3.0.0 WebApp patch
WLS 10.3.0.0 Core patch
WLS 10.3.0.0 Console patch
|
|
10.3.0
|
CPU Patch 8268258
|
Released April 2009
|
NA
|
8XCC
|
|
3.4.10 Oracle Document
Capture
Table
47 describes the Error Correction information for Oracle
Document Capture.
Table 47 Error
Correction information for Oracle Document Capture
|
Patch
Information
|
10.1.3.5
|
10.1.3.4
|
Comments
|
|
Final Patch
|
-
|
-
|
|
Table
48 describes the available patches for Oracle Document
Capture.
Table 48 Patch
Availability for Oracle Document Capture
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle Document Capture 10.1.3.5 home
|
CPU Patch 10350692
|
Released January 2011
|
|
|
Oracle Document Capture 10.1.3.4 home
|
CPU Patch 10350692
|
Released January 2011
|
|
3.4.11 Oracle Enterprise
Repository
Table
49 describes the availability of Security Alert Patch
updates for Oracle Enterprise Repository. See also the underlying product
stack tables for any applicable patches. Refer to comments section and
apply the patch to the respective product home.
Table 49 Patch
Availability for Oracle Enterprise Repository
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
2.6
|
Patch 13705382
|
CVE-2011-5035
|
WebLogic Server 9.2.0.0 one-off patch that needs to
be applied to WebLogic Server home
|
3.4.12 Oracle Exalogic
Patch Set Update (PSU)
Table
50 describes the Error Correction information for Exalogic
Patch Set Update (PSU).
Table 50 Error Correction
information for Oracle Exalogic Patch Set Update (PSU)
|
Patch
Information
|
1.x
|
Comments
|
|
Final Patch
|
-
|
|
Table
51 describes the available patches for Oracle Exalogic.
Table 51 Patch Set
Update Availability for Oracle Exalogic
|
Oracle
Exalogic
|
Patch
|
Advisory
Number
|
Comments
|
|
2.x
|
PSU Patch 13569004
|
JRockit 28.2.3:
CVE-2012-1695
WebLogic Server 10.3.6.0:
CVE-2011-5035
|
See Note
1314535.1, Announcing Exalogic PSUs
(Patch Set Updates)
Oracle Exalogic 2.x PSU is available only for Linux
x86-64 platforms for Exalogic X2-2 systems running EECS 2.0 in a physical
(NOT virtual) configuration
|
|
1.x
|
PSU Patch 13568143
|
Java SE 6u31:
Released February 2012
JRockit 28.2.3:
CVE-2012-1695
WebLogic Server 10.3.4.0.5:
CVE-2011-5035
|
See Note
1314535.1, Announcing Exalogic PSUs
(Patch Set Updates)
Oracle Exalogic 1.x PSU is available only for Linux
x86-64 and Oracle Solaris x86-64 platforms
|
3.4.13 Oracle Fusion
Middleware
Additional information may be found
in My Oracle Support Note
405972.1, Oracle Application Server
10g Examples for Critical Patch Updates.
This section contains the
following:
·
Section
3.4.13.1, "Patch Availability for Oracle Fusion Middleware
11.1.2.0"
·
Section
3.4.13.2, "Patch Availability for Oracle Fusion Middleware
11.1.1.6"
·
Section
3.4.13.3, "Patch Availability for Oracle Fusion Middleware
11.1.1.5"
·
Section
3.4.13.4, "Patch Availability for Oracle Fusion Middleware
11.1.1.4"
·
Section
3.4.13.5, "Patch Availability for Oracle Fusion Middleware
10.1.3.5.x"
3.4.13.1 Patch
Availability for Oracle Fusion Middleware 11.1.2.0
Table
52 describes the Error Correction information for Oracle
Fusion Middleware 11.1.2.0.
Table 52 Error
Correction information for Oracle Forms and Reports 11g Release 2
|
Patch
Information
|
11.1.2.0
|
Comments
|
|
Final Patch
|
-
|
|
|
CPU On Request Platforms
|
-
|
|
Table
53 describes the available patches for Oracle Fusion
Middleware 11.1.2.0.
Table 53 Patch
Availability for Oracle Forms and Reports 11g Release 2
|
Product
Home
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
See Section
3.2.3, "Oracle Database"
|
See Section
3.2.3, "Oracle Database"
|
|
|
Oracle Java SE home
|
See Oracle Java SE Critical
Patch Update
|
See Oracle Java SE Critical
Patch Update
|
|
|
Oracle JRockit 28.x home
|
See Section
3.4.19, "Oracle JRockit"
|
See Section
3.4.19, "Oracle JRockit"
|
|
|
10.3.5.0.3 for WebLogic Server 10.3.5.0 home
|
See Section
3.4.28, "Oracle WebLogic Server Patch Set Update (PSU)"
|
See Section
3.4.28, "Oracle WebLogic Server Patch Set Update (PSU)"
|
See Note
1306505.1, Announcing Oracle WebLogic
Server PSUs (Patch Set Updates)
|
|
Oracle WebLogic Server Plug-ins
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Note
1111903.1, WebLogic Server 10gR3
(10.3.0) and 11gR1 (10.3.x) - Web Server Plug-In Support
|
|
Oracle Forms and Reports 11.1.2.0 home
|
CPU Patch 13113602
|
Released January 2012
|
Oracle Web Services Manager patch
|
|
Oracle Forms and Reports 11.1.2.0 home
|
CPU Patch 12959541
|
Released October 2011
|
Oracle HTTP Server patch
|
|
Oracle Forms and Reports 11.1.2.0 home
|
CPU Patch 12434187
|
Released July 2011
|
Network
|
3.4.13.2 Patch
Availability for Oracle Fusion Middleware 11.1.1.6
Table
54 describes the Error Correction information for Oracle
Fusion Middleware 11.1.1.6.
Table 54 Error
Correction information for Oracle Fusion Middleware 11.1.1.6
|
Patch
Information
|
11.1.1.6
|
Comments
|
|
Final Patch
|
-
|
|
|
CPU On Request Platforms
|
-
|
|
Table
55 describes the available patches for Oracle Fusion
Middleware 11.1.1.6.
Table 55 Patch
Availability for Oracle Fusion Middleware 11.1.1.6
|
Product
Home
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
See Section
3.2.3, "Oracle Database"
|
See Section
3.2.3, "Oracle Database"
|
|
|
Oracle Java SE home
|
See Oracle Java SE Critical
Patch Update
|
See Oracle Java SE Critical
Patch Update
|
|
|
Oracle JRockit 28.x home
|
See Section
3.4.19, "Oracle JRockit"
|
See Section
3.4.19, "Oracle JRockit"
|
|
|
Oracle WebLogic Server 10.3.6.0
|
See Section
3.4.27, "Oracle WebLogic Server and WebLogic Express"
|
See Section
3.4.27, "Oracle WebLogic Server and WebLogic Express"
|
|
|
Oracle WebLogic Server Plug-ins
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Note
1111903.1, WebLogic Server 10gR3
(10.3.0) and 11gR1 (10.3.x) - Web Server Plug-In Support
|
|
Oracle WebCenter Content 11.1.1.6 home
|
CPU Patch 13586432
|
Released January 2012
|
|
|
Oracle Single Sign-On / Delegated Administration
Services home
|
CPU Patch 13826368
|
Released January 2012
|
OC4J Patch
|
|
Oracle Single Sign-On / Delegated Administration
Services home
|
Unix: CPU Patch 12837860
Microsoft Windows 32-bit: CPU Patch 12837864
Microsoft Windows Itanium 64-bit: CPU Patch 12837867
|
Released October 2011
|
See Note
1301699.1, How the SSL/TLS Renegotiation
Protocol Change Affects Oracle HTTP Server
|
3.4.13.3 Patch
Availability for Oracle Fusion Middleware 11.1.1.5
Table
56 describes the Error Correction information for Oracle
Fusion Middleware 11.1.1.5.
Table 56 Error
Correction information for Oracle Fusion Middleware 11.1.1.5
|
Patch
Information
|
11.1.1.5
|
Comments
|
|
Final Patch
|
January 2013
|
|
|
CPU On Request Platforms
|
-
|
|
Table
57 describes the available patches for Oracle Fusion
Middleware 11.1.1.5.
Table 57 Patch
Availability for Oracle Fusion Middleware 11.1.1.5
|
Product
Home
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
See Section
3.2.3, "Oracle Database"
|
See Section
3.2.3, "Oracle Database"
|
|
|
Oracle Java SE home
|
See Oracle Java SE Critical
Patch Update
|
See Oracle Java SE Critical
Patch Update
|
|
|
Oracle JRockit 28.x home
|
See Section
3.4.19, "Oracle JRockit"
|
See Section
3.4.19, "Oracle JRockit"
|
|
|
Oracle WebLogic Server 10.3.5.0.3 for WebLogic Server
10.3.5.0 home
|
See Section
3.4.28, "Oracle WebLogic Server Patch Set Update (PSU)"
|
See Section
3.4.28, "Oracle WebLogic Server Patch Set Update (PSU)"
|
See Note
1306505.1, Announcing Oracle WebLogic
Server PSUs (Patch Set Updates)
|
|
Oracle WebLogic Server Plug-ins
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Note
1111903.1, WebLogic Server 10gR3
(10.3.0) and 11gR1 (10.3.x) - Web Server Plug-In Support
|
|
Oracle Identity Management 11.1.1.5.0 home
Oracle SOA Suite 11.1.1.5.0 home
Oracle WebCenter Suite 11.1.1.5.0 home
Oracle Web Tier 11.1.1.5.0 home
|
CPU Patch 13113602
|
Released January 2012
|
Oracle Web Services Manager patch
|
|
Oracle Single Sign-On / Delegated Administration
Services home
|
CPU Patch 13826368
|
Released January 2012
|
OC4J Patch
|
|
Oracle WebCenter Content 11.1.1.5 home
|
CPU Patch 13502977
|
Released January 2012
|
|
|
Oracle Identity Management 11.1.1.5.0 home
Oracle Web Tier 11.1.1.5.0 home
|
CPU Patch 12959541
|
Released October 2011
|
Oracle HTTP Server patch
|
|
Oracle Single Sign-On / Delegated Administration
Services home
|
Unix: CPU Patch 12837860
Microsoft Windows 32-bit: CPU Patch 12837864
Microsoft Windows Itanium 64-bit: CPU Patch 12837867
|
Released October 2011
|
See Note
1301699.1, How the SSL/TLS
Renegotiation Protocol Change Affects Oracle HTTP Server
|
|
Oracle Identity Management 11.1.1.5.0 home
Oracle Web Tier 11.1.1.5.0 home
|
CPU Patch 12434187
|
Released July 2011
|
Network
For Solaris x86-64, (Identity Management and Web Tier
homes), apply specific mandatory patches. For more information, see My
Oracle Support Note
1343107.1
|
3.4.13.4 Patch
Availability for Oracle Fusion Middleware 11.1.1.4
Table
58 describes the Error Correction information for Oracle
Fusion Middleware 11.1.1.4.
Table 58 Error
Correction information for Oracle Fusion Middleware 11.1.1.4
|
Patch
Information
|
11.1.1.4
|
Comments
|
|
Final Patch
|
April 2012
|
|
|
CPU On Request Platforms
|
-
|
|
Table
59 describes the available patches for Oracle Fusion
Middleware 11.1.1.4.
Table 59 Patch
Availability for Oracle Fusion Middleware 11.1.1.4
|
Product
Home
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
See Section
3.2.3, "Oracle Database"
|
See Section
3.2.3, "Oracle Database"
|
|
|
Oracle Java SE home
|
See Oracle Java SE Critical
Patch Update
|
See Oracle Java SE Critical
Patch Update
|
|
|
Oracle JRockit 28.x home
|
See Section
3.4.19, "Oracle JRockit"
|
See Section
3.4.19, "Oracle JRockit"
|
|
|
Oracle WebLogic Server 10.3.4.0.5 for WebLogic Server
10.3.4.0 home
|
See Section
3.4.28, "Oracle WebLogic Server Patch Set Update (PSU)"
|
See Section
3.4.28, "Oracle WebLogic Server Patch Set Update (PSU)"
|
See Note
1306505.1, Announcing Oracle WebLogic
Server PSUs (Patch Set Updates)
|
|
Oracle WebLogic Server Plug-ins
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Note
1111903.1, WebLogic Server 10gR3
(10.3.0) and 11gR1 (10.3.x) - Web Server Plug-In Support
|
|
Oracle Identity Management 11.1.1.4.0 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.4.0 home
Oracle SOA Suite 11.1.1.4.0 home
Oracle WebCenter Suite 11.1.1.4.0 home
Oracle Web Tier 11.1.1.4.0 home
|
CPU Patch 13113594
|
Released January 2012
|
Oracle Web Services Manager patch
|
|
Oracle WebCenter Content 11.1.1.4.0 home
|
CPU Patch 13503047
|
Released January 2012
|
|
|
Oracle Single Sign-On / Delegated Administration
Services home
|
CPU Patch 13826368
|
Released January 2012
|
OC4J Patch
|
|
Oracle Identity Management 11.1.1.4.0 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.4.0 home
Oracle Web Tier 11.1.1.4.0 home
|
CPU Patch 12959536
|
Released October 2011
|
Oracle HTTP Server patch
|
|
Oracle Single Sign-On / Delegated Administration
Services home
|
Unix: CPU Patch 12837860
Microsoft Windows 32-bit: CPU Patch 12837864
Microsoft Windows Itanium 64-bit: CPU Patch 12837867
|
Released October 2011
|
See Note
1301699.1, How the SSL/TLS
Renegotiation Protocol Change Affects Oracle HTTP Server
|
|
Oracle Identity Management 11.1.1.4.0 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.4.0 home
Oracle Web Tier 11.1.1.4.0 home
|
CPU Patch 12434184
|
Released July 2011
|
Network
For Solaris x86-64, (Identity Management and Web Tier
homes), apply specific mandatory patches. For more information, see My
Oracle Support Note
1343107.1
|
3.4.13.5 Patch
Availability for Oracle Fusion Middleware 10.1.3.5.x
Table
60 describes the Error Correction information for Oracle
Fusion Middleware 10.1.3.5.x.
Table 60 Error
Correction information for Oracle Fusion Middleware 10.1.3.5.x
Table
61 describes the available patches for Oracle Fusion
Middleware 10.1.3.5.x.
For information about the different
types of installations, see My Oracle Support Note
405972.1, Oracle Application Server
10g Examples for Critical Patch Updates.
Table 61
Patch Availability for Oracle Fusion Middleware 10.1.3.5.x
|
Product
Home
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle Database home
|
See Section
3.2.3, "Oracle Database"
|
See Section
3.2.3, "Oracle Database"
|
|
|
Oracle Application Server 10g Release 3
Oracle HTTP Server 2.0 standalone home
Oracle SOA Suite 10g
Oracle WebCenter Suite 10g
Oracle SOA Suite 10g for
WebLogic Server
|
UNIX: CPU Patch 13564300
Microsoft Windows (32-Bit): CPU Patch 13564301
Microsoft Windows Itanium (64-Bit): CPU Patch 13564303
|
CVE-2011-5035
|
See Note
1301699.1, How the SSL/TLS Renegotiation
Protocol Change Affects Oracle HTTP Server
|
|
OC4J home
|
CPU Patch 13564288
|
CVE-2011-5035
|
Standalone
|
|
Oracle SOA Suite 10g for
WebLogic Server
|
CPU Patch 12539587
|
Released October 2011
|
Oracle Web Services Manager (OWSM) patch
|
|
Oracle SOA Suite 10g
Oracle WebCenter Suite 10g
|
CPU Patch 12957596
|
Released October 2011
|
Oracle Web Services Manager (OWSM) patch
|
3.4.14 Oracle GoldenGate
Veridata
Table
62describes the minimum product requirements
for Oracle GoldenGate Veridata. The CPU security vulnerabilities are fixed
in the listed release and later releases. The Oracle GoldenGate Veridata
downloads and installation instructions can be found athttp://www.oracle.com/technetwork/middleware/goldengate/overview/index.html
Table 62 Minimum
Product Requirements for Oracle GoldenGate Veridata
|
Component
|
Release
|
Advisory
Number
|
Comments
|
|
Oracle GoldenGate Veridata
|
3.0.0.6
|
Announced January 2011
|
|
3.4.15 Oracle Hyperion BI+
Table
63 describes the Error Correction information for Oracle
Hyperion BI+.
Table 63 Error
Correction information for Oracle Hyperion BI+
|
Patch
Information
|
9.3.1.0.52
|
Comments
|
|
Final Patch
|
-
|
|
Table
64 describes the available patches for Oracle Hyperion
BI+, based on release.
Table 64 Patch Availability
for Oracle Hyperion BI+
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Release 9.3.1.0.52
|
CPU Patch 6771133
|
Announced July 2008
|
|
3.4.16 Oracle Identity
Management Connector
Table
65 describes the Error Correction information for Oracle
Identity Management Connector.
Table 65 Error
Correction information for Oracle Identity Management Connector
|
Patch
Information
|
9.1.0.4
|
Comments
|
|
Final Patch
|
April 2017
|
|
Table
66 describes the available patches for Oracle Identity
Manager.
Table 66 Patch
Availability for Oracle Identity Management Connector
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
9.1.0.4
|
CPU Patch 13636081
|
CVE-2012-0515
|
|
3.4.17 Oracle Identity
Manager
Table
67 describes the Error Correction information for Oracle
Identity Manager.
Table 67 Error
Correction information for Oracle Identity Manager
|
Patch
Information
|
9.1.0.2
|
Comments
|
|
Final Patch
|
October 2013
|
|
Table
68 describes the available patches for Oracle Identity
Manager.
Table 68 Patch
Availability for Oracle Identity Manager
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
11.1.1.5.0
|
CPU Patch 13399365
|
CVE-2012-0532
|
11.1.1.5.0 Bundle patch 2 or any later bundle patch
|
|
11.1.1.3.0
|
CPU Patch 13589894
|
CVE-2012-0532
|
11.1.1.3.0 Bundle patch 8 or any later bundle patch
|
|
9.1.0.2
|
CPU Patch 9588374
|
Released July 2010
|
Bundle patch 8 or any later bundle patch
|
3.4.18 Oracle JDeveloper
Table
69 describes the patch availability for Oracle JDeveloper.
Table 69 Critical
Patch Update Availability for Oracle JDeveloper
|
Release
|
Patch
|
Advisory
Number
|
Comments
|
|
10.1.3.5
|
Patch 13658027
|
CVE-2012-0522
|
|
3.4.19 Oracle JRockit
Table
70 describes the Critical Patch Update availability for
Oracle JRockit.
Oracle JRockit R28.2.3 and R27.7.2
include fixes for all security advisories that have been released through
CPUApr2012.
Table 70 Critical
Patch Update Availability for Oracle JRockit
3.4.20 Oracle Outside In
Technology
Table
71 describes the Error Correction information for Oracle
Outside In Technology.
Table 71 Error
Correction information for Oracle Outside In Technology
|
Patch
Information
|
8.3.7
|
8.3.5
|
Comments
|
|
Final Patch
|
-
|
Jul 2012
|
|
Table
72 describes the available patches for Oracle Outside in
Technology.
Table 72
Patch Availability for Oracle Outside In Technology
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle Outside In Technology 8.3.7
|
CPU Patch 13636171
|
CVE-2012-0554, CVE-2012-0555, CVE-2012-0556,
CVE-2012-0557
|
|
|
Oracle Outside In Technology 8.3.5
|
CPU Patch 13636175
|
CVE-2012-0554, CVE-2012-0555, CVE-2012-0556,
CVE-2012-0557
|
|
3.4.21 Oracle Service Bus
Table
73 describes the availability of Security Alert Patch
updates for Oracle Service Bus. See also the underlying product stack
tables for any applicable patches. Refer to comments section and apply the
patch to the respective product home.
Table 73 Patch
Availability for Oracle Service Bus
|
Oracle
Service Bus
|
Patch
|
Advisory
Number
|
Comments
|
|
2.6RP1 (2.6.1.0)
|
Patch 13705128
|
CVE-2011-5035
|
WebLogic Server 9.2.2.0 one-off patch that needs to
be applied to WebLogic Server home
|
3.4.22 Oracle WebCenter
Content (Formerly Oracle Universal Content Management)
Table
74 describes the Error Correction information for Oracle
WebCenter Content (formerly Oracle Universal Content Management).
Table 74 Error
Correction information for WebCenter Content
|
Patch
Information
|
10.1.3.5.1
|
7.5.2
|
Comments
|
|
Final Patch
|
December 2015
|
April 2013
|
|
Table
75 describes the available patches for Oracle WebCenter
Content (formerly Oracle Universal Content Management).
Table 75 Patch
Availability for Oracle WebCenter Content
|
Component
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle WebCenter Content 10.1.3.5.1 home
|
CPU Patch 13502938
|
Released January 2012
|
|
|
Oracle WebCenter Content 7.5.2 home
|
CPU Patch 13526049
|
Released January 2012
|
|
3.4.23 Oracle WebCenter
Forms Recognition
Table
74 describes the Error Correction information for Oracle
WebCenter Forms Recognition.
Table 76 Error
Correction information for Oracle WebCenter Forms Recognition
|
Patch
Information
|
10.1.3.5
|
Comments
|
|
Final Patch
|
-
|
|
Table
77 describes the availability of updates for Oracle
WebCenter Forms Recognition. See also the underlying product stack tables
for any applicable patches. Refer to comments section and apply the patch
to the respective product home.
Table 77 Patch
Availability for Oracle WebCenter Forms Recognition
|
Oracle WebCenter Forms
Recognition
|
Patch
|
Advisory
Number
|
Comments
|
|
10.1.3.5
|
Patch 13882540
|
CVE-2012-1709, CVE-2012-1710
|
|
3.4.24 Oracle WebCenter
Interaction
Table
78 describes the availability of Security Alert Patch
updates for Oracle WebCenter Interaction. See also the underlying product
stack tables for any applicable patches. Refer to comments section and
apply the patch to the respective product home.
Table 78 Patch
Availability for Oracle WebCenter Interaction
|
Oracle WebCenter
Interaction
|
Patch
|
Advisory
Number
|
Comments
|
|
6.5.1
|
Patch 13718635
|
CVE-2011-5035
|
WebLogic Server 9.2.0.0 one-off patch that needs to
be applied to WebLogic Server home
|
3.4.25 Oracle WebLogic
Integration
Table
79 describes the Error Correction information for Oracle
WebLogic Integration.
Table 79 Error
Correction information for Oracle WebLogic Integration
|
Patch
Information
|
10.3.1.0
|
Comments
|
|
Final Patch
|
January 2017
|
|
Table
80 describes the availability for Critical Patch Updates
for Oracle WebLogic Integration. See also the underlying product stack
tables.
Table 80 Critical
Patch Update Availability for Oracle WebLogic Integration
|
Product
Home
|
Patch
|
Advisory
Number
|
Smart
Update Patch Set ID
|
Smart
Update Patch IDs
|
Comments
|
|
10.3.1.0
|
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 13583186
CPU Patch 10625676
CPU Patch 13442902
|
Released October 2011
Released October 2011
Released October 2011
CVE-2011-5035
Released January 2011
Released January 2012
|
NA
EXP8
ZVC4
AEQE
QHPL
WT6W
|
RPQH
3QHE, NXQM, 982N, 6BME, 5EGH
EDAT, QR92
VXVR, WSNI, SU7Z, PQVV, ZE59, XW21, VV75
2QSG, E65J
8WHJ, K4VY
|
WLS 10.3.0.0 JMS patch
WLS 10.3.0.0 WebServices patch
WLS 10.3.0.0 Security patch
WLS 10.3.0.0 WebApp patch
WLS 10.3.0.0 Core patch
WLS 10.3.0.0 Console patch
|
|
9.2.3.0
|
Patch 13705387
|
CVE-2011-5035
|
|
|
WebLogic Server 9.2.3.0 is a one-off patch for the
WebLogic Server home
|
3.4.26 Oracle WebLogic
Portal
Table
81 describes the Error Correction information for Oracle
WebLogic Portal.
Table 81 Error
Correction information for Oracle WebLogic Portal
|
Patch
Information
|
10.3.2.0
|
10.2.1.0
|
10.0.1.0
|
9.2.3.0
|
Comments
|
|
Final Patch
|
January 2017
|
January 2015
|
January 2015
|
October 2013
|
|
Table
82 describes the availability of Critical Patch Updates
for WebLogic Portal. See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
WebLogic Portal patches are
cumulative to include all the prior published advisories. For more
information, see My Oracle Support Note
1355929.1, October 2011 Updates
Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session
ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled
with WebLogic Server 9.2.3.0, which is out of error correction. Contact
Oracle support for security patches needed for WebLogic Server 9.2.3.0
Table 82 Critical
Patch Update Availability for WebLogic Portal
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
10.3.2.0
|
CPU Patch 12388715
|
Released October 2011
|
WebLogic Portal patch for WebLogic Portal 10.3.2.0
home
|
|
10.3.2.0
|
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 13583186
CPU Patch 10625676
CPU Patch 13442902
|
Released October 2011
Released October 2011
Released October 2011
CVE-2011-5035
Released January 2011
Released January 2012
|
WLS 10.3.2.0 JMS patch (Smart Update Patch IDs: 9ZW7)
WLS 10.3.2.0 WebServices patch (Smart Update Patch
IDs: L8DT)
WLS 10.3.2.0 Security patch (Smart Update Patch IDs:
VHAC, R4P6)
WLS 10.3.2.0 WebApp patch (Smart Update Patch IDs:
AYDB, 8IWX)
WLS 10.3.2.0 Core patch (Smart Update Patch IDs:
H3QP, Y3IR)
WLS 10.3.2.0 Console patch (Smart Update Patch IDs:
1MVX, PAIS)
|
|
10.2.1.0
|
CPU Patch 12388715
|
Released October 2011
|
WebLogic Portal patch for WebLogic Portal 10.2.1.0
home
|
|
10.2.1.0
|
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 13583186
CPU Patch 10625676
CPU Patch 13442902
|
Released October 2011
Released October 2011
Released October 2011
CVE-2011-5035
Released January 2011
Released January 2012
|
WLS 10.0.2.0 JMS patch (Smart Update Patch IDs: 1G6S)
WLS 10.0.2.0 WebServices patch (Smart Update Patch
IDs: YQ8T)
WLS 10.0.2.0 Security patch (Smart Update Patch IDs:
H9QB, W4G5)
WLS 10.0.2.0 WebApp patch (Smart Update Patch IDs:
6CRM, 1J9G, KEFR, FVXN)
WLS 10.0.2.0 Core patch (Smart Update Patch IDs:
I4UY, 1ULW)
WLS 10.0.2.0 Console patch (Smart Update Patch IDs:
288U, ES1
|
|
10.0.1.0
|
CPU Patch 12388715
|
Released October 2011
|
WebLogic Portal patch for WebLogic Portal 10.0.1.0
home
|
|
10.0.1.0
|
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 13583186
CPU Patch 10625676
CPU Patch 13442902
CPU Patch 12818102
|
Released October 2011
Released October 2011
Released October 2011
CVE-2011-5035
Released January 2011
Released January 2012
Released October 2011
|
WLS 10.0.1.0 JMS patch (Smart Update Patch IDs: XTNC)
WLS 10.0.1.0 WebServices patch (Smart Update Patch
IDs: 4CM9, 6E46, GP9Y)
WLS 10.0.1.0 Security patch (Smart Update Patch IDs:
7IVR, 3HBG)
WLS 10.0.1.0 WebApp patch (Smart Update Patch IDs:
E8IH, 1CJH, AFQT, GY9R, QND8, 3Y15, 2J89, VFLA, DITI)
WLS 10.0.1.0 Core patch (Smart Update Patch IDs:
ZYSL, 3PPG)
WLS 10.0.1.0 Console patch (Smart Update Patch IDs:
WTXU, 4KH5)
WebLogic Server patch for WebLogic Server 10.0.1.0
home
|
|
9.2.3.0
|
Patch 13705391
|
CVE-2011-5035
|
WebLogic Server 9.2.3.0 one-off patch that needs to
be applied to WebLogic Server home
|
|
9.2.3.0
|
CPU Patch 12388715
|
Released October 2011
|
WebLogic Portal patch for WebLogic Portal 9.2.3.0
home
|
|
9.2.3.0
|
CPU Patch 12839749
|
Released October 2011
|
WebLogic Server patch for WebLogic Server 9.2.3.0
home
|
3.4.27 Oracle WebLogic
Server and WebLogic Express
Table
83 describes the Error Correction information for Oracle
WebLogic Server and WebLogic Express.
Table 83 Error
Correction information for Oracle WebLogic Server and WebLogic Express
|
Patch
Information
|
10.0.2.0
|
9.2.4.0
|
Comments
|
|
Final Patch
|
January 2015
|
October 2013
|
|
Table
84 describes the availability of security patches for
WebLogic Server and WebLogic Express. See also the underlying product stack
tables (JRockit) for any applicable patches. These versions of WebLogic
Server may receive PSU support in upcoming releases, and at that time, will
be moved under Section
3.4.28, "Oracle WebLogic Server Patch Set Update (PSU)." For CPUApr2012, these security patches are one-off
patches for these releases.
Table 84 Security Patch
Availability for Oracle WebLogic Server
Table
85 describes the availability of Critical Patch Updates
for WebLogic Server and WebLogic Express. See also the underlying product
stack tables (JRockit) for any applicable patches.
For WebLogic Server releases 10.3.2
and later that are part of the Oracle Fusion Middleware 11g R1 releases, see Section
3.4.13, "Oracle Fusion Middleware."
Table 85 Critical
Patch Update Availability for Oracle WebLogic Server and WebLogic Express
|
Product
Home
|
Patch
|
Advisory
Number
|
Smart
Update Patch Set ID
|
Smart
Update Patch IDs
|
Comments
|
|
Oracle Java SE home
|
See Oracle Java SE Critical
Patch Update
|
See Oracle Java SE Critical
Patch Update
|
|
|
|
|
Oracle JRockit 28.x home
|
See Section
3.4.19, "Oracle JRockit"
|
See Section
3.4.19, "Oracle JRockit"
|
|
|
|
|
Oracle WebLogic Server Plug-ins
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
See Section
3.4.29, "Oracle WebLogic Server Plug-ins"
|
|
|
See Note
1111903.1, WebLogic Server 10gR3
(10.3.0) and 11gR1 (10.3.x) - Web Server Plug-In Support
|
|
10.0.2.0
|
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 13583186
CPU Patch 10625676
CPU Patch 13442902
|
Released October 2011
Released October 2011
Released October 2011
CVE-2011-5035
Released January 2011
Released January 2012
|
NA
NA
SPN1
IJ9E
YG16
Z7VC
|
1G6S
YQ8T
H9QB, W4G5
6CRM, 1J9G, KEFR, FVXN
I4UY, 1ULW
288U, ES1Z
|
JMS patch
WebServices patch
Security patch
WebApp patch
Core patch
Console patch
|
|
9.2.4.0
|
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 13583186
CPU Patch 10625676
CPU Patch 13442902
|
Released October 2011
Released October 2011
Released October 2011
CVE-2011-5035
Released January 2011
Released January 2012
|
NA
NA
NA
UYPQ
YCI8
6G3Q
|
GNSG
MFVW
8D9U
DVTI, 581S
V4MI
NNFB, XZYH
|
JMS patch
WebServices patch
Security patch
WebApp patch
Core patch
Console patch
|
3.4.28 Oracle WebLogic
Server Patch Set Update (PSU)
Table
86 describes the Patch Set Update information for Oracle
WebLogic Server.
Table 86 Error
Correction information for Oracle WebLogic Server Patch Set Update
|
Patch
Information
|
10.3.5.0
|
10.3.4.0
|
Comments
|
|
Final Patch
|
-
|
April 2012
|
|
Table
87 describes the Patch Set Update availability for Oracle
WebLogic Server.
Table 87 Patch Set
Update Availability for Oracle WebLogic Server
3.4.29 Oracle WebLogic
Server Plug-ins
Table
88 describes the availability of Critical Patch Updates
for Oracle WebLogic Server Plug-ins (Apache/IIS/iPlanet).
The WebLogic plug-ins include all
cumulative bug fixes and thus include fixes for all previously released
advisories. For more information, see My Oracle Support Note
1111903.1.
Table 88 Critical
Patch Update Availability for Oracle WebLogic Server Plug-ins
3.4.30 Oracle WebLogic SIP
Server
Table
89 describes the availability of Security Alert Patch
updates for Oracle WebLogic SIP Server. See also the underlying product
stack tables for any applicable patches. See the Comments column on how to
apply the patch to the product home.
Table 89 Patch
Availability for Oracle WebLogic SIP Server
|
Oracle
WebLogic SIP Server
|
Patch
|
Advisory
Number
|
Comments
|
|
3.1.1.0
|
Patch 13705098
|
CVE-2011-5035
|
WebLogic Server 9.2.3.0 one-off patch that needs to
be applied to WebLogic Server home
|
|
3.1.0.0
|
Patch 13705098
|
CVE-2011-5035
|
WebLogic Server 9.2.1.0 one-off patch that needs to be
applied to WebLogic Server home
|
|
3.0.0.0
|
Patch 13705098
|
CVE-2011-5035
|
WebLogic Server 9.2.0.0 one-off patch that needs to
be applied to WebLogic Server home
|
|
2.2.0.0
|
Patch 13705098
|
CVE-2011-5035
|
WebLogic Server 8.1.5.0 one-off patch that needs to
be applied to WebLogic Server home
|
|
2.1.0.0
|
Patch 13705098
|
CVE-2011-5035
|
WebLogic Server 8.1.5.0 one-off patch that needs to
be applied to WebLogic Server home
|
|
2.0.2.0
|
Patch 13705098
|
CVE-2011-5035
|
WebLogic Server 8.1.4.0 one-off patch that needs to
be applied to WebLogic Server home
|
3.4.31 Oracle Workshop for
WebLogic
Table
90 describes the availability of Security Alert Patch
updates for Oracle Workshop for WebLogic. See also the underlying product
stack tables for any applicable patches. Refer to comments section and
apply the patch to the respective product home.
Table 90 Patch
Availability for Oracle Workshop for WebLogic
|
Oracle
Workshop for WebLogic
|
Patch
|
Advisory
Number
|
Comments
|
|
9.2.3.0
|
Patch 13705400
|
CVE-2011-5035
|
WebLogic Server 9.2.3.0 one-off patch that needs to
be applied to WebLogic Server home
|
3.5 Tools
This section contains the
following:
·
Section
3.5.1, "Oracle Opatch"
3.5.1 Oracle Opatch
Table
91 describes the minimum product requirements for Oracle
OPatch. The CPU security vulnerabilities are fixed in the listed release
and later releases. The Oracle OPatch downloads can be found at Patch 6880880.
Table 91 Minimum
Product Requirements for Oracle OPatch
|
Component
|
Release
|
Advisory
Number
|
Comments
|
|
Oracle OPatch
|
1.0.0.0.64
|
Announced July 2011
|
|
4 Final Patch History
Table
92 describes the final patch history.
The final patch is the last CPU/PSU
release for which the product release is under error correction. For more
information, see My Oracle Support Note
209768.1, Database, FMW, EM Grid
Control, and OCS Software Error Correction Support Policy.
Table 92 Final Patch
History
|
Release
|
Final
Patches
|
Comments
|
|
July 2012
|
Oracle Business Intelligence EE 10.1.3.4.1
Oracle Business Publisher 10.1.3.4.1
Oracle Outside In Technology 8.3.5
|
|
|
April 2012
|
Oracle Fusion Middleware 11.1.1.4
Oracle WebLogic Server 10.3.4.0
|
|
|
January 2012
|
Oracle Fusion Middleware 11.1.1.3
Oracle WebLogic Server 10.3.3.0
Secure Enterprise Search 10.1.8.4
Oracle Database 10.1.0.5
Oracle Enterprise Manager Grid Control 10.1.0.6
|
|
|
October 2011
|
Oracle Identity Management 10.1.4.3, except for
Oracle Single Sign-on and Delegated Administration Services working with
Oracle Internet Directory 11gR1 for user authentication of Portal 11gR1,
Forms 11gR1, Reports 11gR1 and Discoverer 11gR1 Middleware 11g PFRD
installations
Oracle Portal 10.1.4.2
Oracle Identity Management 10.1.4.0.1
Oracle Fusion Middleware 10.1.2.3
Oracle Identity Management 9.0.x
Oracle Workflow Server 2.6.3.5
|
|
|
July 2011
|
Oracle Beehive 1.5.1.x
Oracle Database 10.2.0.4
Oracle Database 11.2.0.1
Oracle Outside In Technology 8.3.2
|
Oracle Database 10.2.0.4 excludes Oracle Solaris x86
(32-bit), Apple Mac OS X, HP Open VMS-Alpha, and VMS-Itanium
|
|
April 2011
|
Oracle Fusion Middleware 11.1.1.2
Oracle Business Process Management 5.7.3
|
|
|
October 2010
|
Oracle Fusion Middleware 11.1.1.1
|
|
|
July 2010
|
Oracle Database 9.2.0.8
Oracle Database 9.2.0.8.1
Oracle Fusion Middleware 10.1.3.4
Oracle 9i Enterprise Manager
|
|
|
January 2010
|
Oracle Enterprise Manager Grid Control 10.2.0.4
|
|
|
July 2009
|
Oracle Database 11.1.0.6
Oracle Fusion Middleware 10.1.3.3
Oracle Identity Management 10.1.4.2
|
|
|
April 2009
|
Oracle Database 10.2.0.3 on HP Tru64 and Windows
Itanium
|
|
|
January 2009
|
Oracle Fusion Middleware 10.1.2.2
Oracle Database 10.2.0.3
Oracle Database 10.2.0.2 for VMS and VMS Itanium
|
Oracle Database 10.2.0.3 excludes IBM z/OS, HP Tru64
and Windows Itanium.
|
|
October 2008
|
Oracle Database 10.2.0.2 on Solaris x86
Oracle Fusion Middleware 9.0.4.3
Oracle Enterprise Manager Grid Control 10.2.0.3
|
|
|
July 2008
|
Oracle Identity Management 10.1.4.0.1
Oracle Fusion Middleware 10.1.3.1
|
Oracle Identity Management 10.1.4.0.1 excludes
Solaris x86.
|
|
April 2008
|
Oracle Fusion Middleware 10.1.2.0.2
|
|
|
January 2008
|
Oracle Fusion Middleware 10.1.3.0
Oracle Database 10.2.0.2
|
Oracle Database 10.2.0.2 excludes Solaris x86, VMS,
and VMS Itanium.
|
5 Sources of Additional Information
The following documents provide
additional information about Critical Patch Updates:
·
My
Oracle Support Note
1365205.1, Getting Started with Oracle
WebLogic Server: How to Make Sure that Recommended Patches are Applied
·
My
Oracle Support Note
1314535.1, Announcing Exalogic PSUs
(Patch Set Updates)
·
My
Oracle Support Note
1306505.1, Announcing Oracle WebLogic
Server PSUs (Patch Set Updates)
·
My
Oracle Support Note
1399148.1, Critical Patch Update April
2012 Database Patch Security Vulnerability Molecule Mapping
·
My
Oracle Support Note
1423616.1, Critical Patch Update April
2012 Known Issues for Oracle Enterprise Manager Grid Control.
·
My
Oracle Support Note
1399140.1, Critical Patch Update April
2012 Database Known Issues.
·
My
Oracle Support Note
1423583.1, Critical Patch Update April
2012 Oracle Fusion Middleware Known Issues.
·
My
Oracle Support Note
1227443.1, Patch Set Updates Known
Issues Notes
·
My
Oracle Support Note
854428.1, Patch Set Updates (PSUs) for
Oracle Products.
·
My
Oracle Support Note
605795.1, Introduction to
catbundle.sql.
·
My
Oracle Support Note
605398.1, How To Find The Version Of
The Main EM Components.
·
My
Oracle Support Note
559534.1, Applying Critical Patch
Updates to Collaboration Suite 10g.
·
My
Oracle Support Note
438314.1, Critical Patch Update -
Introduction to Database n-Apply CPU Patches.
·
My
Oracle Support Note
405972.1, Oracle Application Server
10g Examples for Critical Patch Updates.
·
My
Oracle Support Note
209768.1, Database, FMW, EM Grid
Control, and OCS Software Error Correction Support Policy.
·
My
Oracle Support Note
161549.1, Oracle Database Server and
Networking Patches for Microsoft Platforms.
6 Modification History
Table
93 describes the modification history for this document.
Table 93 Modification
History
7 Documentation Accessibility
For information about Oracle's
commitment to accessibility, visit the Oracle Accessibility Program website
athttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers have access to
electronic support through My Oracle Support. For information, visithttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=infoor visithttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=trsif you are hearing impaired.
Patch Set Update and Critical Patch
Update April 2012 Availability Document
Copyright © 2012, Oracle
and/or its affiliates. All rights reserved.
This software and related documentation
are provided under a license agreement containing restrictions on use and
disclosure and are protected by intellectual property laws. Except as
expressly permitted in your license agreement or allowed by law, you may
not use, copy, reproduce, translate, broadcast, modify, license, transmit,
distribute, exhibit, perform, publish, or display any part, in any form, or
by any means. Reverse engineering, disassembly, or decompilation of this
software, unless required by law for interoperability, is prohibited.
The information contained herein is
subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related
documentation that is delivered to the U.S. Government or anyone licensing
it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs,
software, databases, and related documentation and technical data delivered
to U.S. Government customers are "commercial computer software"
or "commercial technical data" pursuant to the applicable Federal
Acquisition Regulation and agency-specific supplemental regulations. As
such, the use, duplication, disclosure, modification, and adaptation shall
be subject to the restrictions and license terms set forth in the
applicable Government contract, and, to the extent applicable by the terms
of the Government contract, the additional rights set forth in FAR
52.227-19, Commercial Computer Software License (December 2007). Oracle
America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software or hardware is
developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently
dangerous applications, including applications that may create a risk of
personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate
fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle
Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered
trademarks of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners.
|