微信公众号:云库管 www.yunDBA.com

北京云库管科技有限公司（内部培训资料）返回上级


		Critical Patch Update (CPU) Program April 2019 Patch Availability Document (PAD) (Doc ID 2498664.1)

APPLIES TO:

Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Fusion Middleware - Version 11.1.1.7.0 and later
Oracle Database Cloud Exadata Service - Version N/A and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Information in this document applies to any platform.

PURPOSE

This document defines the patches and minimum releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates released on April 16, 2019.

SCOPE

The document is for Database Administrators and/or others tasked with Quarterly Security Patching.

DETAILS

Database, Fusion Middleware, and Enterprise Manager Critical Patch Update April 2019 Patch Availability Document

My Oracle Support Note 2498664.1

Released April 16, 2019

This document contains the following sections:

Critical Patch Update April 2019 Patch Availability Document (PAD)

1 Overview

2 What's New in April 2019

3 Patch Availability for Oracle Products

1 Overview

Oracle provides quarterly cumulative patches to address security vulnerabilities. The patches may include critical fixes in addition to the security fixes. The security vulnerabilities addressed are announced in the Advisory for April 2019, available at:

Oracle Technical Network Advisory

This document lists the Oracle Database, Fusion Middleware and Enterprise Manager CPU program cumulative patches for product releases under error correction. The April 2019 release supersedes earlier CPU program cumulative patches for the same product releases. This document is subject to continual update after the initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to ensure you have the latest version.

This section contains the following:

· Section 1.1 "How To Use This Document"

· Section 1.2 "Terminology in the Tables"

· Section 1.3 "On-Request Patches"

· Section 1.4 "CPU Program and My Oracle Support Patch Recommendations"

· Section 1.5 "My Oracle Support (MOS) Conflict Checker Tool"

1.1 How To Use This Document

The following steps explain how to use this document.

Step 1 Assess your Environments

Determine the Oracle product suites and products and their release numbers for each of your environments.

Step 2 Read Important Announcements

Review "What's New in April 2019," as it lists documentation and packaging changes along with important announcements such as upcoming final CPUs.

Step 3 Determine Patches to be Applied

For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control 12.1.0.5.

· The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite

· The patches are listed in the order released, with newest patches listed first

· For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes

· The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance

· Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

· When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."

Step 4 Apply the Patches

Download the patches, review the READMEs, and apply the patches according to the instructions.

Step 5 Planning for Future Critical Patch Updates

To help you plan for future Critical Patch Updates, this document includes Final CPU information based on Oracle's Lifetime Support Policy and error correction policies.

"Final CPU Information (Error Correction Policies)" in "What's New in April 2019," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU program patch for the product. Products that have reached the end of error correction are documented in "Final CPU History."

1.2 Terminology in the Tables

The following terminology is used in this patch availability document and in the subsequent tables.

· Update - Release Update

· Revision -Release Update Revision

· BP - Bundle Patch

· Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.

· NA Not Applicable.

· OR On-Request. The patch is made available through the On-Request program.

· PSU - Patch Set Update

· SPU - Security Patch Update. An iterative, cumulative patch consisting of security fixes.

· Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

1.3 On-Request Patches

Oracle does not proactively release patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

The following guidelines describe how to initiate an on-request (OR) patch.

A request may be made:

· At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.

· As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy.

· For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUOct2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

1.4 CPU Program and My Oracle Support Patch Recommendations

My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

1.5 My Oracle Support (MOS) Conflict Checker Tool

The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

For more information and a demonstration video, see Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict Checker Tool for Patches Installed with OPatch [Video].

2 What's New in April 2019

This section describes important changes in April 2019:

· Section 2.1 "Final CPU Information (Error Correction Policies)"

· Section 2.2 "Post Release Patches "

2.1 Final CPU Information (Error Correction Policies)

The final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. Final CPUs for upcoming releases, as well as newly scheduled final CPUs, are listed in the following sections.

Final CPUs scheduled for July 2019

Oracle Enterprise Manager Cloud Control 13.2
Oracle Enterprise Data Quality 8.1
Oracle Real Time Decisions Applications 3.2

Final CPUs scheduled for April 2019

Oracle Business Intelligence Enterprise Edition 12.2.1.3.0
Oracle Enterprise Manager Ops Center 12.2.x
Oracle GoldenGate Management Pack 11.1.1
Oracle Outside In Technology 8.5.3

2.2 Post Release Patches

Oracle strives to complete preparations and testing of each Quarterly Security Patch for each platform by the quarterly release date. Occasionally, circumstances beyond our control dictate that a particular patch be delayed and be released a few days after the quarterly release date. The following table lists any current patch delays and the estimated date of availability.

Patch	Patch Number	Platform	Availability
ADF Bundle Patch 12.2.1.3.190404	Patch 29620828	All	Available
ADF SPU 11.1.1.9.0 FOR APRCPU 2019	Patch 29669847	All	Available
OJVM PSU 11.2.0.4.190416	Patch 29251270	HP-UX PA-RISC	Available
OJVM PSU 11.2.0.4.190416	Patch 29251270	ZLinux	ETA: 01-Nov-2019
Combo OJVM + DBPSU 11.2.0.4.190416	Patch 29252186	HP-UX PA-RISC	Available
Combo OJVM + DBPSU 11.2.0.4.190416	Patch 29252186	ZLinux	ETA: 01-Nov-2019
Combo OJVM + GIPSU 11.2.0.4.190416	Patch 29252208	HP-UX PA-RISC	Available
Combo OJVM + GIPSU 11.2.0.4.190416	Patch 29252208	ZLinux	ETA: 01-Nov-2019
19.3.1 DB RUR	Patch 29799057	All	Available
19.3.1 GI RUR	Patch 29800658	All	Available
GI Update Revision 18.4.2	Patch 29230841	Solaris on x86-64	Available
Microsoft Windows BP 12.1.0.2.190416	Patch 29413116	All	Available
Microsoft Windows BP 11.2.0.4.190416	(Patch 29218820)	All	This April patch is being skipped. Instead use 11.2.0.4.190716 Bundles for Windows from MOS Note 2534806.1
OJVM Component Database PSU 11.2.0.4.190416 for Microsoft Windows	(Patch 29447971)	All	This April patch is being skipped. Instead use 11.2.0.4.190716 Bundles for Windows from MOS Note 2534806.1
19.3.0.0.190416 OJVM RU	Patch 29548437	All	Available
QFSDP for Exadata (May2019 - 11.2.0.4)	Patch 29775159	Linux.X64 and Solaris SPARC (64 Bit)	Available
QFSDP for Exadata (May2019 - 12.1.0.2)	Patch 29775177	Linux.X64 and Solaris SPARC (64 Bit)	Available
QFSDP for Exadata (May2019 - 12.2.0.1)	Patch 29775188	Linux.X64 and Solaris SPARC (64 Bit)	Available
QFSDP for Exadata (May2019 - 18.6.0)	Patch 29775195	Linux.X64 and Solaris SPARC (64 Bit)	Available
QFSDP for Exadata (Jun2019 - 19.3.1)	Patch 29865182	Linux.X64 and Solaris SPARC (64 Bit)	Available
QFSDP for Supercluster (Q2.2019)	Patch 29252451	Solaris SPARC (64 Bit)	Available

3 Patch Availability for Oracle Products

This section contains the following:

· Section 3.1 "Oracle Database"

· Section 3.2 "Oracle Enterprise Manager"

· Section 3.3 "Oracle Fusion Middleware"

· Section 3.4 "Oracle Sun Middleware"

· Section 3.5 "Tools"

3.1 Oracle Database

This section contains the following:

· Section 3.1.1 "Oracle REST Data Services (formally called Oracle APEX Listener)"

· Section 3.1.2 "Oracle Application Express"

· Section 3.1.3 "Oracle Big Data Spatial and Graph"

· Section 3.1.4 "Oracle Database"

· Section 3.1.5 "Oracle Database Mobile/Lite Server"

· Section 3.1.6 "Oracle GoldenGate"

· Section 3.1.7 "Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)"

· Section 3.1.8 "Oracle GoldenGate Veridata"

· Section 3.1.9 "Oracle Secure Backup"

3.1.1 Oracle REST Data Services (formally called Oracle APEX Listener)

Error Correction information for Oracle REST Data Services 3.0

Patch Information	3.0	Comments
Final CPU	-

Minimum Product Requirements for Oracle REST Data Services

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle REST Data Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.

Product	Release	Advisory Number	Comments
Oracle REST Data Services	3.0.10.25.02.36	Released July 2017

3.1.2 Oracle Application Express

Minimum Product Requirements for Oracle Application Express

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

Component	Release	Advisory Number	Comments
Oracle Application Express	5.1.4.00.08	Released January 2018

3.1.3 Oracle Big Data Spatial and Graph

Error Correction information for Oracle Big Data Spatial and Graph

Patch Information	2.0	1.2	Comments
Final CPU	-	-

Patch Availability for Oracle Big Data Spatial and Graph

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Big Data Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.

Product	Patch	Advisory Number	Comments
Oracle Big Data Spatial and Graph 2.0	Patch 28774674	Released October 2018
Oracle Big Data Spatial and Graph 2.1	Patch 28774701	Released October 2018
Oracle Big Data Spatial and Graph 2.1	Patch 28774764	Released October 2018

3.1.4 Oracle Database

This section contains the following:

· Section 3.1.4.1 "Patch Availability for Oracle Database"

· Section 3.1.4.2 "Oracle Database 19"

· Section 3.1.4.3 "Oracle Database 18"

· Section 3.1.4.4 "Oracle Database 12.2.0.1"

· Section 3.1.4.5 "Oracle Database 12.1.0.2"

Section 3.1.4.6 "Oracle Database 11.2.0.4"

3.1.4.1 Patch Availability for Oracle Database

For information regarding the different types of patches for Database, refer to Oracle Database - Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1

3.1.4.2 Oracle Database 19

Patch Information	19	Comments
Final CPU	-
On-Request platforms	32-bit client-only platforms

Patch Availability for Oracle Database 19

As of the Release date (16-Apr-2019) the only Oracle Database 19 software that is available is 19.2.0 for on-premise Exadata. Therefore, the following patches for Oracle Database 19 are only for on-premise Exadata systems that are running Oracle Database 19.2.0.

Product Home	Patch	Advisory Number	Comments
Oracle Database Server home	Combo OJVM Update 19.3.0 and Database Release Update Revision 19.3.1 Patch 29859737 for UNIX, or Combo OJVM Update 19.3.0 and GI Release Update Revision 19.3.1 Patch 29859771, or Quarterly Full Stack download for Exadata (Jun2019) 19.3.1 Patch 29865182 for Linux x86-64	Released April 2019	See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches. A regression in DB RU 19.3.0 has been identified for updated Exadata on-premise systems. New installations of 19.3.0 are not involved. The download of April 2019 patches that involve the DB RU 19.3.0 have been suspended. Oracle Database Development recommends that all customers who have installed DB RU 19.3.0 or GI RU 19.3.0 instead install DB RUR 19.3.1 or GI RUR 19.3.1 respectively.
Oracle Database Server home	Database Release Update Revision 19.3.1 Patch 29799057 for Unix, or GI Release Update Revision 19.3.1 Patch 29800658, or Quarterly Full Stack download for Exadata (Jun2019) 19.3.1 Patch 29865182 for Linux x86-64	Released April 2019	A regression in DB RU 19.3.0 has been identified for updated Exadata on-premise systems. New installations of 19.3.0 are not involved. The download of April 2019 patches that involve the DB RU 19.3.0 have been suspended. Oracle Database Development recommends that all customers who have installed DB RU 19.3.0 or GI RU 19.3.0 instead install DB RUR 19.3.1 or GI RUR 19.3.1 respectively.
Oracle Database Server home	OJVM Update 19.3.0 Patch 29548437 for UNIX	CVE-2019-2518	See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches OJVM Update Patches are not RAC Rolling installable
Oracle Database Server home	JDK Patch 29549154	Released April 2019
Oracle Database Server home	Perl Patch 29511771	Released April 2019
Oracle Database Client home	none for April 2019		no security-related content

3.1.4.3 Oracle Database 18

Patch Information	18	Comments
Final CPU	-
On-Request platforms	32-bit client-only platforms

Patch Availability for Oracle Database 18

Product Home	Patch	Advisory Number	Comments
Oracle Database Server home	Combo OJVM Update 18.6.0 and Database Update 18.6.0 Patch 29249695 for UNIX, or Combo OJVM Update 18.6.0 and GI Update 18.6.0 Patch 29251992, or Quarterly Full Stack download for Exadata (May2019) 18.6.0 Patch 29775195 for Linux x86-64, or Quarterly Full Stack download for SuperCluster (Q2.2019) Patch 29252451 for Solaris SPARC 64-Bit	CVE-2019-2571, CVE-2019-2582, CVE-2019-2517, CVE-2019-2516 + CVE-2019-2619 (GI Specific), CVE-2019-2518	OJVM Update patches from 18.4 onwards are RAC Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches
Oracle Database Server home	Database Update 18.6.0 Patch 29301631, or Database Update Revision 18.5.1 Patch 29230887, or Database Update Revision 18.4.2 Patch 29230809, or GI Update 18.6.0 Patch 29301682, or GI Update Revision 18.5.1 Patch 29231062, or GI Update Revision 18.4.2 Patch 29230841, or Microsoft Windows 32-Bit and x86-64 BP 18.6.0.0.190416 Patch 29589622 , or later; Quarterly Full Stack download for Exadata (May2019) 18.6.0 Patch 29775195 for Linux x86-64, or Quarterly Full Stack download for SuperCluster (Q2.2019) Patch 29252451 for Solaris SPARC 64-Bit	CVE-2019-2571, CVE-2019-2582, CVE-2019-2517, CVE-2019-2516 + CVE-2019-2619 (GI Specific)
Oracle Database Server home	OJVM Update 18.6.0 Patch 29249584 (All platforms)	CVE-2019-2518	OJVM Update patches from 18.4 onwards are RAC Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches
Oracle Database Client home	none for April 2019		no security-related content

3.1.4.4 Oracle Database 12.2.0.1

Patch Information	12.2.0.1	Comments
Final CPU	-
On-Request platforms	32-bit client-only platforms

Patch Availability for Oracle Database 12.2.0.1

Product Home	Patch	Advisory Number	Comments
Oracle Database Server home	Combo OJVM Update 12.2.0.1.190416 and Database Update 12.2.0.1.190416 Patch 29252035 for UNIX, or Combo OJVM Update 12.2.0.1.190416 and GI Update 12.2.0.1.190416 Patch 29252072, or Quarterly Full Stack download for Exadata (May2019) 12.2.0.1 Patch 29775188 for Linux x86-64 and Solaris x86-64, or Quarterly Full Stack download for SuperCluster (Q2.2019) Patch 29252451 for Solaris SPARC 64-Bit	CVE-2019-2571, CVE-2019-2582, CVE-2019-2517, CVE-2019-2516 + CVE-2019-2619 (GI Specific), CVE-2019-2518	OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details. Combos are for environments that take a single downtime to apply all patches See Note 1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM PSU and OJVM Update) Patches
Oracle Database Server home	Database Apr 2019 Update 12.2.0.1.190416 Patch 29314339 for UNIX, or Database Oct 2018 Revision 12.2.0.1.190416 Patch 29230821, or Database Jan 2019 Revision 12.2.0.1.190416 Patch 29230950, or GI Apr 2019 Update 12.2.0.1.190416 Patch 29301687, or GI Oct 2018 Revision 12.2.0.1.190416 Patch 29230829, or GI Jan 2019 Revision 12.2.0.1.190416 Patch 29231084, or Microsoft Windows 32-Bit and x86-64 RU 12.2.0.1.190416 Patch 29394003, or later; Quarterly Full Stack download for Exadata (May2019) 12.2.0.1 Patch 29775188 for Linux x86-64 and Solaris x86-64, or Quarterly Full Stack download for SuperCluster (Q2.2019) Patch 29252451 for Solaris SPARC 64-Bit	CVE-2019-2571, CVE-2019-2582, CVE-2019-2517, CVE-2019-2516 + CVE-2019-2619 (GI Specific)
Oracle Database Server home	OJVM Update 12.2.0.1.190416 Patch 29249637 for UNIX, or OJVM Microsoft Windows Bundle Patch 12.2.0.1.190416 Patch 29281550	CVE-2019-2518	OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details. See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
Oracle Database Client home	Database Update 12.2.0.1.170718 Patch 26123830	Released July 2017	The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

3.1.4.5 Oracle Database 12.1.0.2

Error Correction information for Oracle Database 12.1.0.2

Patch Information	12.1.0.2	Comments
Final CPU	July 2021
On-Request platforms	32-bit client-only platforms

Patch Availability for Oracle Database 12.1.0.2

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home	Patch	Advisory Number	Comments
Oracle Database Server home	Combo OJVM PSU 12.1.0.2.190416 and Database PSU 12.1.0.2.190416 Patch 29252146 for UNIX, or Combo OJVM PSU 12.1.0.2.190416 and GI PSU 12.1.0.2.190416 Patch 29252164, or Combo OJVM PSU 12.1.0.2.190416 and Database Proactive BP 12.1.0.2.190416 Patch 29252171 for UNIX, or Quarterly Full Stack download for Exadata (May2019) 12.1.0.2 Patch 29775177 for Linux x86-64 and Solaris x86-64, or Quarterly Full Stack download for SuperCluster (Q2.2019) Patch 29252451 for Solaris SPARC 64-Bit	CVE-2019-2571, CVE-2019-2516 + CVE-2019-2619 (GI Specific), CVE-2019-2518	OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details. Combos are for environments that take a single downtime to apply all patches See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
Oracle Database Server home	Database PSU 12.1.0.2.190416 Patch 29141015 for UNIX, or GI PSU 12.1.0.2.190416 Patch 29176115, or Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.190416 Patch 29413116, or later; Database Proactive Bundle Patch 12.1.0.2.190416 Patch 29176139 or Quarterly Full Stack download for Exadata (May2019) 12.1.0.2 Patch 29775177 for Linux x86-64 and Solaris x86-64, or Quarterly Full Stack download for SuperCluster (Q2.2019) Patch 29252451 for Solaris SPARC 64-Bit	CVE-2019-2571, CVE-2019-2516 + CVE-2019-2619 (GI Specific)
Oracle Database Server home	Oracle JavaVM Component Database PSU 12.1.0.2.190416 Patch 29251241 for UNIX, or Oracle JavaVM Component Microsoft Windows Bundle Patch 12.1.0.2.190416 Patch 29447962	CVE-2019-2518	OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details. All OJVM PSU since 12.1.0.2.161018 includes Generic JDBC Patch 23727148 See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
Oracle Database Server home	Oracle JavaVM Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148	Released July 2016
Oracle Database Client home	Database Patch Set Update 12.1.0.2.170418 Patch 25171037	Released April 2017	The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

3.1.4.6 Oracle Database 11.2.0.4

Error Correction information for Oracle Database 11.2.0.4

Patch Information	11.2.0.4	Comments
Final CPU	October 2020
On-Request platforms	HP-UX PA RISC IBM: Linux on System Z 32-bit client-only platforms except Linux x86
On-Request platforms	32-bit client-only platforms except Linux x86

Patch Availability for Oracle Database 11.2.0.4

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home	Patch	Advisory Number	Comments
Oracle Database Server home	Combo OJVM PSU 11.2.0.4.190416 and Database PSU 11.2.0.4.190416 Patch 29252186 for UNIX, or Combo OJVM PSU 11.2.0.4.190416 and GI PSU 11.2.0.4.190416 Patch 29252208, or Combo OJVM PSU 11.2.0.4.190416 and Exadata BP 11.2.0.4.190416 Patch 29252222	CVE-2019-2571, CVE-2019-2516 + CVE-2019-2619 (GI Specific), CVE-2019-2518	From Jan2019 onwards the OJVM now only supports JDK7 for security compliance. Please ensure that if there are applications with an OJVM dependency that they are compatible with JDK7. OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details. Combos are for environments that take a single downtime to apply all patches See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches There is no Database SPU for 11.2.0.4 for the April 2019 cycle as there are no new CPU security vulnerabilities applicable. Future patches are planned until end of Error Correction listed in the table above.
Oracle Database Server home	Database PSU 11.2.0.4.190416 Patch 29141056 for UNIX, or GI PSU 11.2.0.4.190416 Patch 29255947 for UNIX, or Database SPU 11.2.0.4.181016 Patch 28364007 for UNIX, or Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.190416 (Patch 29218820), or later; Quarterly Database Patch for Exadata BP 11.2.0.4.190416 Patch 29257245 for UNIX, or Quarterly Full Stack download for Exadata (May2019) 11.2.0.4 Patch 29775159, or Quarterly Full Stack download for SuperCluster (Q2.2019) Patch 29252451 for Solaris SPARC 64-Bit	CVE-2019-2571, CVE-2019-2516 + CVE-2019-2619 (GI Specific)	There is no Database SPU for 11.2.0.4 for the April 2019 cycle as there are no new CPU security vulnerabilities applicable. Future patches are planned until end of Error Correction listed in the table above. The Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.190416 patch is being skipped. Instead use 11.2.0.4.190716 Bundles for Windows from MOS Note <="" a="">
Oracle Database Server home	Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.190416 Patch 29251270 for UNIX, or Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.190416 (Patch 29447971) for Microsoft Windows	CVE-2019-2518	From Jan2019 onwards the OJVM now only supports JDK7 for security compliance. Please ensure that if there are applications with an OJVM dependency that they are compatible with JDK7. OJVM PSU 11.2.0.4.161018 and greater includes Generic JDBC Patch 23727132 See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches The Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.190416 patch is being skipped. Instead use 11.2.0.4.190716 Bundles for Windows from MOS Note<="" a="">
Oracle Database Server home	Oracle JavaVM Component Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132	Released July 2016	For RAC deployments, this patch should be applied to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
Oracle Database Client home	Database Patch Set Update 11.2.0.4.170418 Patch 24732075	Released April 2017	The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

3.1.5 Oracle Database Mobile/Lite Server

Error Correction Information for Oracle Database Mobile Server

Patch Information	12.1 (Mobile Server)	11.3 (Mobile Server)	Comments
Final CPU	-	October 2021

Patch Availability for Oracle Database Mobile Server 12.1.x

Product Home	Patch	Advisory Number	Comments
12.1	12.1.0.0 BP Patch 21974980	Released October 2015

Patch Availability for Oracle Database Mobile Server 11.3.x

Product Home	Patch	Advisory Number	Comments
11.3	11.3.0.2 BP Patch 21950285	Released October 2015

3.1.6 Oracle GoldenGate

Error Correction information for Oracle GoldenGate

Component	12.3.0.1	12.2.0.2	12.1.2.1	11.2.1.0	Comments
Final CPU	July 2025	October 2023	October 2021	January 2020

Patch Availability for Oracle GoldenGate

Product Home	Patch	Advisory Number	Comments
12.3.0.1	Install 12.3.0.1.4 Path Set (Available on edelivery/OTN)	Released October 2018	Refer to Note 1645495.1 for the latest release and additional platforms.
12.2.0.2	Oracle GoldenGate 12.2.0.2.181009 for Oracle 12c, Patch 28651610 Oracle GoldenGate 12.2.0.2.181009 for Oracle 11g, Patch 28651607	Released October 2018	Refer to Note 1645495.1 for the latest release and additional platforms.
12.1.2.1	Oracle GoldenGate 12.1.2.1.181016 for Oracle 12c, Patch 28696813 Oracle GoldenGate 12.1.2.1.181016 for Oracle 11g, Patch 28696808	Released October 2018	Refer to Note 1645495.1 for the latest release and additional platforms.
11.2.1.0	Upgrade to OGG 12.1.2.1 or later and apply the applicable Security patches listed above	-	Refer to Note 1645495.1 for the latest release and additional platforms.

3.1.7 Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)

Error Correction information for Oracle GoldenGate for Big Data

Component	12.3.1.1.0	12.3.0.1.0	12.2.0.1.0	Comments
Final CPU	December 2019	December 2019	December 2018

Patch Availability for Oracle GoldenGate for Big Data

Product Home	Patch	Advisory Number	Comments
12.3.1.1	Oracle GoldenGate for Big Data 12.3.1.1.6 Patch 28577949	Released October 2018	Refer to Note 1645495.1 for the latest release and additional platforms
12.3.2.1	Oracle GoldenGate for Big Data 12.3.2.1.0 Release	Released January 2019	Download the release from OTN
12.2.0.1	Oracle GoldenGate Application Adapters Patch 28330342	Released October 2018	Refer to Note 1645495.1 for the latest release and additional platforms

3.1.8 Oracle GoldenGate Veridata

Error Correction information for Oracle GoldenGate Veridata

Component	11.2.1.0	Comments
Final CPU	October 2020

Patch Availability for Oracle GoldenGate Veridata

Product Home

Patch

Advisory Number

Comments

11.2.1.0

oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665

oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668

Released April 2018

Golden Gate Veridata Patch

3.1.9 Oracle Secure Backup

Error Correction information for Oracle Secure Backup

Patch Information	12.1.x	Comments
Final CPU	January 2020

Minimum Product Requirements for Oracle Secure Backup

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Secure Backup downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html

Product	Release	Advisory Number	Comments
Oracle Secure Backup	12.1.0.3	Released April 2017

3.2 Oracle Enterprise Manager

This section contains the following:

· Section 3.2.1 "Oracle Application Performance Management"

· Section 3.2.2 "Oracle Application Testing Suite"

· Section 3.2.3 "Oracle Business Transaction Management"

· Section 3.2.4 "Oracle Enterprise Manager Cloud Control"

· Section 3.2.5 "Oracle Enterprise Manager Ops Center"

· Section 3.2.6 "OSS Support Tools"

· Section 3.2.7 "Oracle Configuration Manager"

3.2.1 Oracle Application Performance Management

Error Correction information for Oracle Application Performance Management

Patch Information	12.1.0.7	Comments
Final CPU	-
On-Request platforms	-

Minimum Product Requirements for Oracle Application Performance Management

Critical Patch Update security vulnerabilities are fixed in the listed releases. For more information on Oracle Application Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.

Product Version	Patch	Advisory Number	Comments
12.1.0.7	12.1.0.7.11 Release Patch 25244272	Released July 2017

3.2.2 Oracle Application Testing Suite

Error Correction information for Oracle Application Testing Suite

Patch Information	13.3.0.1	13.2.0.1	13.1.0.1	12.5.0.3	Comments
Final CPU	-	-	-	April 2020

Patch Availability for Oracle Application Testing Suite

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.

Product Home	UNIX	Advisory Number	Comments
Base Platform Fusion Middleware home	See "Oracle WebLogic Server" (Version 12.1.3.0)	Released January 2019	See "Oracle WebLogic Server" (Version 12.1.3.0.0)
13.3.0.1	BP Patch 29610230	CVE-2019-2557
13.2.0.1	BP Patch 29172233	Released January 2019
13.1.0.1	BP Patch 29172239	Released January 2019
12.5.0.3	Please upgrade to 13.x version of OATS	Released January 2019

3.2.3 Oracle Business Transaction Management

Error Correction Information for Oracle Business Transaction Management

Component	12.1.0.7	Comments
Final CPU	-

Patch Availability for Oracle Business Transaction Management

Product Home	Patch	Advisory Number	Comment
BTM Home	BTM Patch 12.1.0.7.15 Patch 29135901	CVE-2018-1000180

3.2.4 Oracle Enterprise Manager Cloud Control

If your plans include updating the JDK version, please be sure that the JDK version that you choose is certified with your OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM Cloud Control Component.

Error Correction information for Oracle Enterprise Manager Cloud Control

Patch Information	13.3.0.0	13.2.0.0	12.1.0.5	Comments
Final CPU	-	July 2019	October 2019
On-Request platforms	-	-	-

Availability for Oracle Enterprise Manager Cloud Control 13c Release 2 (13.3.0.0)

Product Home	Patches	Advisory Number	Comments
Base Platform Repository home	See "Oracle Database"
Base Platform Fusion Middleware home	See "Oracle WebLogic Server" (Version 12.1.3.0)
Base Platform OMS home	Base Release 13.3	CVE-2018-1656	Fix is included in the Base release itself
Base Platform OMS home	PSU 13.3.0.0.190416 Patch 29433931	CVE-2018-0734
Base Platform Agent home	EM VT Plugin Bundle Patch 13.3.1.0.181231 (Agent Monitoring) Patch 29046797	Released January 2019
EM Cloud Control Connectors	See Announcement on MOSC	CVE-2018-1258

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.2.0.0)

Product Home	Patches	Advisory Number	Comments
Base Platform Repository home	See "Oracle Database"	See "Oracle Database"
Base Platform Fusion Middleware home	See "Oracle WebLogic Server" (Version 12.1.3.0)	See "Oracle WebLogic Server" (Version 12.1.3.0.0)
Base Platform OMS home	Base Release 13.2	CVE-2018-1656	Fix is included in the Base release itself
Base Platform OMS home	PSU 13.2.0.0.190416 Patch 29433916	CVE-2018-0734
EM Cloud Control Connectors	See Announcement on MOSC	CVE-2018-1258
Base Platform OMS home	EM for OMS Plugins 13.2.3.0.180630 Patch 28170938 or later EM for OMS Plugins 13.2.2.0.180630 Patch 28170918 or later	Released July 2018
Base Platform Agent home	EM VT Plugin Bundle Patch 13.2.3.0.181231 (Agent Monitoring) Patch 29047624 Patch 28195767	Released January 2019
Base Platform Agent Home	EM for OMS Plugins 13.2.3.0.180731 Patch 28347358 or later EM for OMS Plugins 13.2.2.0.180731 Patch 28347355 or later	Released July 2018
Base Platform Agent home	EM VT Plugin Bundle Patch 13.2.2.0.181231 (Agent Monitoring) Patch 29048312	Released January 2019
Base Platform Agent home	EM for PeopleSoft 13.2.1.1.0 Patch 28243206 or EM for PeopleSoft 13.1.1.1.0 Patch 28243212	Released July 2018
Base Platform Agent home	EM for MYSQL Database 13.2.4.0.0 Patch 28788540	Released October 2018
Base Platform OMS home	OHS SPU for Jan2018CPU Patch 27244723	Released July 2018	OHS 12.1.3 patch
Base Platform OMS home	SPU Patch 25322055	Released in January 2017	Oracle ADF Patch 12.1.3.0 This patch is necessary for any co-located installations where ADF exists.

Patch Availability for Oracle Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5)

Product Home	Patches	Advisory Number	Comments
Base Platform Repository home	See "Oracle Database"	See "Oracle Database"
Base Platform Fusion Middleware home	See "Oracle WebLogic Server" (Version 10.3.6.0)	See "Oracle WebLogic Server" (Version 10.3.6.0)
Base Platform Fusion Middleware home	CPU Patch 23703041	Released July 2016	Oracle Business Intelligence Publisher BP 11.1.1.7.160719 patch for BIP home in Enterprise Manager
Base Platform OMS home	PSU 12.1.0.5.190416 Patch 29433895	CVE-2018-0734
Base Platform Fusion Middleware home	JSP 11.1.1.7.0 SPU for EM 12.1.0.5 (CPUAPR2018) Patch 27872862	Released April 2018	JSP 11.1.1.7.0 SPU patch
Base Platform Agent home	BP Patch 22317311	Released January 2016	Apply to Agent core Oracle Home, after applying agent patch 25456449, 22342358
Base Platform Agent home	BP Patch 22342358	Released January 2016	Apply 22342358 to Agent sbin Oracle Home after applying agent Patch 28193486. Then apply Patch 22317311. If patches 22342358 and 22317311 were applied earlier, no need to reapply.
Base Platform Fusion Middleware home	SPU Patch 22013598	Released January 2016	Web Cache Patch Apply to Oracle_WT Post installation steps are not applicable for Enterprise Manager
Plugin home	BP Patch 28347732	Released July 2018
Base Platform Agent home	BP Patch 28193486	Released July 2018
Base Platform Fusion Middleware home	OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885	Released January 2018	Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates See Note 2400141.1 before applying this patch Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH
Base Platform Fusion Middleware home	CPU Patch 19345576	Released January 2015	Oracle Process Management and Notification (OPMN) Patch for Oracle_WT OH See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS
Base Platform Fusion Middleware home	SPU Patch 17337741	Released October 2013	Oracle Security Service (SSL/Network) Patch for Oracle_WT OH

3.2.5 Oracle Enterprise Manager Ops Center

Error Correction information for Oracle Enterprise Manager Ops Center

Patch Information	12.3.x	12.2.x	Comments
Final CPU	Jun 2020	Feb 2019

Patch Availability for Oracle Enterprise Manager Ops Center

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.

Product Home	UNIX	Advisory Number	Comments
12.3.3	OpsCenter UI and other patches for CPU Apr 2019 Patch 29623898	CVE-2016-1000031, CVE-2018-1258, CVE-2018-11763, CVE-2018-0734, CVE-2018-0161 (In Base Release)
12.3.3	OpsCenter UCE patches for CPU Apr 2019 Patch 29623885	CVE-2016-1000031, CVE-2018-1258, CVE-2018-11763, CVE-2018-0734, CVE-2018-0161 (In Base Release)

3.2.6 OSS Support Tools

Error Correction information for OSS Support Tools

Patch Information	8.11.x	Comments
Final CPU	-

Patch Availability for OSS Support Tools

Product Home	Solaris	Advisory Number	Comments
8.11.16.3.8	BP Patch 22783063	March 2016	See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT

3.2.7 Oracle Configuration Manager

Minimum Product Requirements for Oracle Configuration Manager

Critical Patch Update security vulnerabilities are fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com). Customer can use collector tab to down the Oracle Configuration Manager Collector.

Component	Release	Advisory Number	Comments
Oracle Configuration Manager	12.1.2.0.6	Released October 2018

3.3 Oracle Fusion Middleware

This section contains the following:

· Section 3.3.1 "Management Pack For Oracle GoldenGate"

· Section 3.3.2 "NetBeans IDE"

· Section 3.3.3 "Oracle API Gateway"

· Section 3.3.4 "Oracle Big Data Discovery"

· Section 3.3.5 "Oracle Business Intelligence Enterprise Edition"

· Section 3.3.6 "Oracle Business Intelligence Publisher"

· Section 3.3.7 "Oracle Complex Event Processing"

· Section 3.3.8 "Oracle Data Quality for Oracle Data Integrator"

· Section 3.3.9 "Oracle Data Visualization Desktop"

· Section 3.3.10 "Oracle Endeca Server"

· Section 3.3.11 "Oracle Endeca Information Discovery Integrator"

· Section 3.3.12 "Oracle Endeca Information Discovery Studio"

· Section 3.3.13 "Oracle Enterprise Data Quality"

· Section 3.3.14 "Oracle Enterprise Repository"

· Section 3.3.15 "Oracle Exalogic Patch Set Update (PSU)"

· Section 3.3.16 "Oracle Fusion Middleware"

· Section 3.3.17 "Oracle Hyperion Analytic Provider Services"

· Section 3.3.18 "Oracle Hyperion BI+"

· Section 3.3.19 "Oracle Hyperion Common Security"

· Section 3.3.20 "Oracle Hyperion Data Relationship Management"

· Section 3.3.21 "Oracle Hyperion Enterprise Performance Management Architect"

· Section 3.3.22 "Oracle Hyperion Essbase"

· Section 3.3.23 "Oracle Hyperion Financial Management"

· Section 3.3.24 "Oracle Hyperion Financial Reporting"

· Section 3.3.25 "Oracle Hyperion Planning"

· Section 3.3.26 "Oracle Hyperion Strategic Finance"

· Section 3.3.27 "Oracle Identity Access Management"

· Section 3.3.28 "Oracle Identity Analytics"

· Section 3.3.29 "Oracle Identity Management"

· Section 3.3.30 "Oracle Identity Management Connector"

· Section 3.3.31 "Oracle JDeveloper and Oracle ADF"

· Section 3.3.32 "Oracle Map Viewer"

· Section 3.3.33 "Reserved for Future Use"

· Section 3.3.34 "Oracle Outside In Technology"

· Section 3.3.35 "Oracle Real Time Decisions Applications"

· Section 3.3.36 "Oracle Real Time Decisions Platform"

· Section 3.3.37 "Oracle Service Architecture Leveraging Tuxedo (SALT)"

· Section 3.3.38 "Oracle SOA Suite"

· Section 3.3.39 "Oracle Traffic Director"

· Section 3.3.40 "Oracle Tuxedo"

· Section 3.3.41 "Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)"

· Section 3.3.42 "Oracle Web-Tier 11g Utilities"

· Section 3.3.43 "Oracle WebCenter"

· Section 3.3.44 "Oracle WebCenter Content (Formerly Oracle Universal Content Management)"

· Section 3.3.45 "Oracle WebCenter Portal"

· Section 3.3.46 "Oracle WebCenter Sites (Formerly FatWire Content Server)"

· Section 3.3.47 "Oracle WebCenter Sites Community"

· Section 3.3.48 "Oracle WebCenter Suite"

· Section 3.3.49 "Oracle WebGate"

· Section 3.3.50 "Oracle WebLogic Portal"

· Section 3.3.51 "Oracle WebLogic Server"

3.3.1 Management Pack For Oracle GoldenGate

Error Correction information for Management Pack For Oracle GoldenGate

Patch Information	12.1.3.x	Comments
Final CPU	July 2022

Patch Availability for Management Pack For Oracle GoldenGate

Product Home	Patch	Advisory Number	Comments
11.2.1.0	Oracle Goldengate Monitor v11.2.1.0.13 or later Patch 27221310	Released April 2018	Oracle GoldenGate Monitor patch

3.3.2 NetBeans IDE

Minimum Product Requirements for NetBeans IDE

Critical Patch Update security vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/

Product Home	Release	Advisory Number	Comments
NetBeans IDE	8.2	Released October 2016

3.3.3 Oracle API Gateway

Error Correction information for Oracle API Gateway

Patch Information	11.1.2.4.0	Comments
Final CPU	March 2021

Patch Availability for Oracle API Gateway

Product Home	Patch	Advisory Number	Comments
11.1.2.4.0	OAG 11.1.2.4.0 SPU for AprCPU2019 Patch 29494469	CVE-2018-1000180, CVE-2018-0734, CVE-2016-1000031

3.3.4 Oracle Big Data Discovery

Minimum Product Requirements for Oracle Big Data Discovery

Critical Patch Update security vulnerabilities are fixed in the listed release only and installations with any prior versions will need to move to the listed version. For Oracle Big Data Discovery downloads, see https://edelivery.oracle.com and search for "Oracle Big Data Discovery".

Product	Release	Advisory Number	Comments
Oracle Big Data Discovery	Big Data Discovery 1.6 SPU for October Patch 28780089	Released October 2018

3.3.5 Oracle Business Intelligence Enterprise Edition

Error Correction information for Oracle Business Intelligence Enterprise Edition

Patch Information	12.2.1.4.0	12.2.1.3.0	11.1.1.9	Comments
Final CPU	-	April 2019	October 2021	11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

Patch Availability for Oracle Business Intelligence Enterprise Edition

Product Home	Patch	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home Oracle JRockit 28.x home	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
Oracle WebLogic Server home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
FMW 12c home	See "Oracle Fusion Middleware 12c"	See "Oracle Fusion Middleware 12c"	For Fusion Middleware patches applicable to OBI home
12.2.1.4 Oracle Business Intelligence Enterprise Edition	OBI Bundle Patch 12.2.1.4.190416 Patch 28952857	CVE-2019-2605, CVE-2019-2595, CVE-2019-2588, CVE-2019-2601, CVE-2019-2616
12.2.1.3 Oracle Business Intelligence Enterprise Edition	OBI Bundle Patch 12.2.1.3.190416 Patch 29112070	CVE-2019-2605, CVE-2019-2595, CVE-2019-2588, CVE-2019-2601, CVE-2019-2616	OBI 12c patch has both OIBEE and BIP bug fixes in single patch
12.2.1.3/12.2.1.4 Oracle Business Intelligence Enterprise Edition	OSS security patch update 12.2.1.3.0 Patch 27210544 or later	Released April 2018
11.1.1.9	Oracle BI Suite BP 11.1.1.9.190416 Patch 29492717	CVE-2019-2605
11.1.1.9	Oracle Business Intelligence Enterprise Edition Third Party BP 11.1.1.9.1 Patch 21235195 or higher	Released July 2015	BIEE Third Party Bundle Patch
DAC 11.1.1.6.4 home	Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU for apr2018cpu	Released April 2018	Patch can be installed in any home

3.3.6 Oracle Business Intelligence Publisher

Error Correction information for Oracle Business Intelligence Publisher

Patch Information	12.2.1.4	12.2.1.3	11.1.1.9	Comments
Final CPU	-	April 2019	October 2021

Patch Availability for Oracle Business Intelligence Publisher

Product Home	Patch	Advisory Number	Comments
11.1.1.9	Oracle BI Suite BP 11.1.1.9.190416 Patch 29492717	CVE-2019-2595, CVE-2019-2588, CVE-2019-2601, CVE-2019-2616
11.1.1.9	BP Patch 24580895	Released October 2016	Webservice BP
11.1.1.9	11.1.1.9 Interim Patch 17081528	Released October 2016	XDK Interim Patch
11.1.1.9	WLS 10.3.6.0.181016 Patch 28343311 SU Patch [GENM] or Later	Released October 2018	WLS 10.3.6 Interim Patch or WLS PSU

3.3.7 Oracle Complex Event Processing

Error Correction information for Oracle Complex Event Processing

Patch Information	CEP 12.1.3	Comments
Final CPU	December 2019

Patch Availability for Oracle Complex Event Processing

See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

Product Home	Patch	Advisory Number	Comments
12.1.3.0	SPU Patch 21071699	Released July 2015

3.3.8 Oracle Data Quality for Oracle Data Integrator

Error Correction information for Oracle Data Quality for Oracle Data Integrator

Patch Information	ODIDQ 11.1.x	Comments
Final CPU	-

Patch Availability for Oracle Data Quality for Oracle Data Integrator

Product Home	Patch	Advisory Number	Comments
11.1.1.3.0	CPU Patch 21418574	Released July 2015

3.3.9 Oracle Data Visualization Desktop

Error Correction information for Oracle Data Visualization Desktop

Patch Information	12.2.4.1.1	Comments
Final CPU	-

Patch availability for Oracle Data Visualization Desktop

Product Home	Patch	Advisory Number	Comments
Oracle Data Visualization Desktop 12.2.4.1.1	Patch is available on http://www.oracle.com/technetwork/middleware/oracle-data-visualization/index.html	Released April 2018

3.3.10 Oracle Endeca Server

Error Correction information for Oracle Endeca Server

Patch Information	7.7	Comments
Final CPU	January 2021

Patch availability for Oracle Endeca Server

Product Home	Patch	Advisory Number	Comments
Oracle Endeca Server 7.7 home	Oracle Endeca Server 7.7 SPU January 2019 CPU Patch 28964244	Released January 2019

3.3.11 Oracle Endeca Information Discovery Integrator

Error Correction information for Oracle Endeca Information Discovery Studio Integrator

Patch Information	3.2	Comments
Final CPU	January 2021

Patch availability for Oracle Endeca Information Discovery Studio Integrator

Product Home	Patch	Advisory Number	Comments
Oracle Endeca Information Discovery Integrator 3.2 home	Oracle Endeca Information Discovery Integrator 3.2 CPU APRIL 2019 Patch 29490923	CVE-2016-1000031	All Patches are cumulative of prior fixes

3.3.12 Oracle Endeca Information Discovery Studio

Error Correction information for Oracle Endeca Information Discovery Studio

Patch Information	3.2	Comments
Final CPU	January 2021

Patch availability for Oracle Endeca Information Discovery Studio

Product Home	Patch	Advisory Number	Comments
Oracle Endeca Information Discovery Studio 3.2 home	Endeca Information Discovery Studio 3.2 SPU for OctCPU2018 Patch 28771368	Released October 2018

3.3.13 Oracle Enterprise Data Quality

Error Correction information for Oracle Enterprise Data Quality

Patch Information	11.1.1.x	9.0	8.1	Comments
Final CPU	October 2021	October 2019	July 2019

Patch Availability for Oracle Enterprise Data Quality

Product Home	Patch	Advisory Number	Comments
12c home	See "Oracle Fusion Middleware 12c"	See "Oracle Fusion Middleware 12c"
11.1.1.9	Patch 25084186 Patch 25534288 (EDQ-CDS)	Released April 2017	Install prior to Java CPUApr2017 JDK/JRE or later version
9.0	EDQ 9.0.11 Patch 19320253	Released October 2014	See Note 1595538.1, How To Upgrade The Apache Tomcat Version Installed By The EDQ (Enterprise Data Quality) Windows Installer
8.1	EDQ 8.1.13 Patch 25510229	Released July 2017	See Note 1595538.1, How To Upgrade The Apache Tomcat Version Installed By The EDQ (Enterprise Data Quality) Windows Installer

3.3.14 Oracle Enterprise Repository

Error Correction information for Oracle Enterprise Repository

Patch Information	12.1.3	Comments
Final CPU	October 2019

Patch Availability for Oracle Enterprise Repository

Product Home	Patch	Advisory Number	Comments
12.1.3.0.0	Security Patch for OER 12.1.3 Patch 28890137	Released January 2019	Patch Released in July CPU Patch. CVE announced in Oct CPU.

3.3.15 Oracle Exalogic Patch Set Update (PSU)

Error Correction information for Oracle Exalogic Patch Set Update (PSU)

Patch Information	2.x	1.x	Comments
Final CPU	-	-

Patch Set Update Availability for Oracle Exalogic

Oracle Exalogic	Patch	Advisory Number	Comments
2.x Physical	2.0.6.3.181016 Physical (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 28428820	Released in Oct 2018	See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
2.x Virtual	2.0.6.3.181016 virtual (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 28428820	Released in Oct 2018	See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
1.x	Upgrade to 2.x based on information in the Comments column. Then apply the patches listed above.	Released March 2012 (13795376) Released Februrary 2013 (15931901)	See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0) See Patch 14834860 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit) See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

3.3.16 Oracle Fusion Middleware

For more information on how to identify the components in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or Oracle home?.

This section contains the following:

· Section 3.3.16.1 "Oracle Fusion Middleware 12c"

o Section 3.3.16.1.1 "Oracle Fusion Middleware 12.2.1.3"

o Section 3.3.16.1.2 "Oracle Fusion Middleware 12.1.3.0"

· Section 3.3.16.2 "Oracle Fusion Middleware 11.1.1.9"

· Section 3.3.16.3 "Oracle Identity Access Management 11.1.2.3"

3.3.16.1 Oracle Fusion Middleware 12c

The sections below cover Oracle Fusion Middleware version 12.2.x and 12.1.x

· Section 3.3.16.1.1 "Oracle Fusion Middleware 12.2.1.3"

· Section 3.3.16.1.2 "Oracle Fusion Middleware 12.1.3.0"

3.3.16.1.1 Oracle Fusion Middleware 12.2.1.3

Error Correction information for Oracle Fusion Middleware 12.2.1.3

Patch Information	12.2.1.3	Comments
Final CPU	-	See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
On-Request platforms	-
Determine Components in an Oracle Home	-	See Note 1591483.1, What is Installed in My Middleware or Oracle home?

Patch Availability for Oracle Fusion Middleware 12.2.1.3

Distribution	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g/12c Products
ALL 12.2.1.3 Fusion Middleware Distributions & WebLogic home	OPatch 13.9.4.x for FMW/WLS 12.2.1.3.x Patch 28186730	Released in January 2019	Apply Opatch 13.9.4.x before applying WLS PSU. (Re download the patch if used older patch before Feb 8 2019)
Oracle WebLogic Server and Coherence Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW) Oracle HTTP Server Oracle Forms and Reports (Standalone Forms Builder) Oracle Internet Directory	WLS PATCH SET UPDATE 12.2.1.3.190416 Patch 29016089	CVE-2018-1258, CVE-2019-2615, CVE-2019-2650, CVE-2019-2648, CVE-2019-2645, CVE-2019-2646, CVE-2019-2568, CVE-2019-2647, CVE-2019-2649, CVE-2019-2618	WLS PSU should also be applied to all homes with a WLS full or standalone domain See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
Oracle WebLogic Server and Coherence Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)	WEBLOGIC SAMPLES SPU 12.2.1.3.190115 Patch 28927298	Released January 2019	This patch is a cumulative patch for all Struts 2 CVEs to date. See Note 2255054.1, Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
Oracle HTTP Server Oracle Traffic Director Oracle Forms and Reports	OAM Webgate Bundle Patch 12.2.1.3.180622 Patch 28243743 or later	Released July 2018
Identity and Access Management	Oracle Access Manager Bundle Patch 12.2.1.3.180622 Patch 28305164 or later	Released July 2018	See Note 2386496.1, OAM CVE-2018-2879
Oracle HTTP Server Oracle Forms and Reports	Oracle HTTP Server Bundle Patch 12.2.1.3.190310 Patch 29407043 or later	CVE-2019-3822	Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates
Identity and Access Management Oracle Unified Directory	Oracle Identity Manager Bundle Patch 12.2.1.3.180920 Patch 28682376 or later or IDM Suite Bundle Patch 12.2.1.3.181016 Patch 28492345 or later	Released January 2019
Oracle Service Bus	OSB BUNDLE PATCH 12.2.1.3.181006 Patch 28757972	CVE-2019-2576	The fix was delivered to 12.2.1.3 in Jan2019, but we are announcing it in April as 11.1.1.9 patch was delayed to April.
Oracle HTTP Server Oracle Forms and Reports (Standalone Forms Builder) Oracle Internet Directory	OSS security patch update 12.2.1.3.0 Patch 27210544 or later	Released April 2018
Oracle WebCenter Portal	WebCenter Portal Bundle Patch 12.2.1.3.190416 Patch 29510069 or Later AND WebCenter Core Bundle Patch 12.2.1.3.180910 Patch 28633811 or later	CVE-2016-1000031, CVE-2018-19362
Oracle WebCenter Sites	Webcenter Sites Bundle Patch 12.2.1.3.190415 Patch 29454018 or later	CVE-2019-2579,CVE-2019-2578
Oracle WebCenter Content	WebCenter Content Bundle Patch 12.2.1.3.180417 Patch 27393392 or later	Released April 2018
Oracle Internet Directory	Oracle Internet Directory Bundle Patch 12.2.1.3.180116 Patch 27396651 or later	Released January 2018
Oracle SOA Suite and Business Process	SOA BUNDLE PATCH 12.2.1.3.190321 Patch 29521081	CVE-2018-19362 , CVE-2018-11761 , CVE-2018-1305, CVE-2018-1000180
Oracle Data Integrator	ODI Bundle Patch 12.2.1.3.190415 Patch 29205229	CVE-2018-8013 ,CVE-2019-2720
Oracle MapViewer	MAPVIEWER 12.2.1.3.0 MAR 2019 SPU Patch 29456345	CVE-2015-9251
Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)	ADF Bundle Patch 12.2.1.3.190404 Patch 29620828	CVE-2018-14718, CVE-2017-5645, CVE-2015-9251	Apply to all Oracle homes installed with an FMW Infrastructure
Oracle Enterprise Data Quality	EDQ 12.2.1.3.0 SPU Patch 28263628	Released July 2018
Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW) Oracle HTTP Server	FMW Platform 12.2.1.3.0 SPU FOR APRCPU2019 Patch 29650702	CVE-2018-1305	Apply to all Oracle Fusion Middleware homes
Oracle HTTP Server Oracle WebLogic Server Proxy Plug-In (Apache, IIS, iPlanet) Oracle Forms and Reports	ONS 12.2.1.3.0 SPU Patch Patch 27323998	Released July 2018

3.3.16.1.2 Oracle Fusion Middleware 12.1.3.0

Error Correction information for Oracle Fusion Middleware 12.1.3.0

Patch Information	12.1.3.0	Comments
Final CPU	October 2019
On-Request platforms	-

Patch Availability for Oracle Fusion Middleware 12.1.3.0

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g/12c Products
12.1.3.0.0 home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	Oracle WebLogic Server patch
12.1.3.0.0 home	ADF Bundle Patch 12.1.3.0.190416 Patch 29348040	CVE-2018-14718 ,CVE-2017-5645 ,CVE-2015-9251	Oracle JDeveloper (ADF) Patch
12.1.3 home	Patch 27369653 - OSS security patch update 12.1.3.0.0	Released April 2018	Oracle Security Service (SSL/Network) Patch
12.1.3.0.0 home	SOA Bundle Patch 12.1.3.0.190416 Patch 29422187	CVE-2018-19362, CVE-2018-1305 , CVE-2018-1000180, CVE-2018-11761	SOA Patch
12.1.3.0.0 home	OHS SPU for Jan2018CPU Patch 27244723	Released January 2018 (includes CVE-2018-2760)	Oracle HTTP Server Patch Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates
12.1.3.0.0 home	OER 12.1.3.0.0 SPU for July2018CPU Patch 28076713	Released October 2018
12.1.3.0.0 home	EDQ BP 12.1.3.0.1 Patch 24672265	Released April 2017	Enterprise Data Quality patch Install prior to Java CPUApr2017 JDK/JRE or later version
12.1.3.0.0 home	ODI BP 12.1.3.0.170418 Patch 25774021	Released July 2017	Oracle Data Integrator Patch Install prior to Java CPUApr2017 JDK/JRE or later version.
12.1.3.0.0 home	Patch 25375317	Released April 2017	Oracle Stream Analytics Patch Install prior to Java CPUApr2017 JDK/JRE or later version
12.1.3.0.0 home	OSB Bundle Patch 12.1.3.0.190115 Patch 28730845	CVE-2019-2576	OSB patch
12.1.3.0.0 home	BP Patch 27074880, or later	Released January 2018	Platform Security for Java patch
12.1.3.0.0 home	SPU Patch 24327938	Released July 2016	Oracle TopLink patch
12.1.3.0.0 home	See Note 1936300.1	Released October 2014	SSL V3.0 "Poodle" Advisory

3.3.16.2 Oracle Fusion Middleware 11.1.1.9

Error Correction information for Oracle Fusion Middleware 11.1.1.9

Patch Information	11.1.1.9	Comments
Final CPU	October 2021	Oracle Fusion Middleware 11.1.1.9
On-Request platforms	AIX, HPUX, and Windows are on request.

Patch Availability for Oracle Fusion Middleware 11.1.1.9

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home Oracle JRockit 28.x home	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
Oracle WebLogic Server home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
SOA 11.1.1.9 home	SOA Bundle Patch 11.1.1.9.181218 Patch 29123005	Released January 2019	SOA Patch
Oracle Identity Management 11.1.1.9 home	OVD 11.1.1.9.0 spu for October 18 Patch 28761794	Released October 2018	Oracle Virtual Directory (OVD) Patch
Oracle Identity Management 11.1.1.9 home	OID Bundle Patch 11.1.1.9.180709 Patch 28125308, or later	Released October 2018	Oracle Internet Directory Patch See Note 2420947.1 for additional information about Oracle Internet Directory Vulnerability CVE-2015-0204
Oracle Identity Management 11.1.1.9 home (with OID) Oracle Web Tier 11.1.1.9 home	OSS SPU Patch 27369643	Released April 2018	Oracle Security Service (OSS) Patch
Oracle Web Tier 11.1.1.9 home Identity Management 11.1.1.9 home	OHS 11.1.1.9.0 SPU for JanCPU2018 Patch 27301611	Released January 2018	Oracle HTTP Server 11.1.1.9 Patch Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates
OSB 11.1.1.9 home	OSB Bundle Patch 11.1.1.9.190115 Patch 29123137	CVE-2019-2576	Please apply WLS 10.3.6 XMLBeans Patch 28512369
ODI 11.1.1.9 Home	ODI BP 11.1.1.9.190118 Patch 29194561	CVE-2015-3253, CVE-2019-2720	Oracle Data Integrator Patch
Oracle WebCenter 11.1.1.9 home	WCC BP 11.1.1.9.180226 Patch 27393411	Released April 2018	WebCenter Content Patch
OSB 11.1.1.9 home	Patch 24847885	Released April 2017	OSB Patch Install prior to Java CPUApr2017 JDK/JRE or later version
Oracle FMW 11.1.1.9 ORACLE_COMMON home	JRF BP 11.1.1.9.160905 Patch 23243563 or later	Released January 2017	JRF BP
Oracle Identity Management 11.1.1.9 home Oracle Web Tier 11.1.1.9 home	BP Patch 24580895	Released October 2016	Web Services BP
Oracle Web Tier 11.1.1.9 home	Oracle Web Cache SPU 11.1.1.9.0 CPUJan2019 Patch 28855717	Released January 2019	Web Cache Patch See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January 2016 and Note 2494468.1, How to Disable ESI in Oracle Web Cache
Oracle Web Tier 11.1.1.9 home Identity Management 11.1.1.9 home	DB PSU Patch 22290164 for Unix DB BP Patch 22607089 for Windows 32-Bit DB BP Patch 22607090 for Windows x64	Release January 2016	Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only
Oracle WebCenter 11.1.1.9 home	WebCenter Portal Bundle Patch 11.1.1.9.181008 Patch 28538855	Released October 2018	Oracle WebCenter Portal 11.1.1.9 Patch See Note 2029169.1, Changes to Portlet standards request dispatching of Resource Requests
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home	SPU Patch 22567790	Released in July 2016	FMW Control Patch applies to oracle_common OH for 11.1.1.9.0

3.3.16.3 Oracle Identity Access Management 11.1.2.3

Error Correction information for Oracle Identity Access Management 11.1.2.3

Patch Information	11.1.2.3	Comments
Final CPU	-
On-Request platforms	-

Patch Availability for Oracle Identity Access Management 11.1.2.3

Product Home	Patches	Advisory Number	Comments
Oracle Database home	See "Oracle Database"	See "Oracle Database"	Patch any Database Server associated to a Fusion Middleware installation
Oracle Java SE home Oracle JRockit 28.x home	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
Oracle WebLogic Server home	See "Oracle WebLogic Server"	See "Oracle WebLogic Server"	See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
Oracle Identity Access Management 11.1.1.7 home	Oracle Identity Federation SPU 1 (11.1.1.7.1) Patch 22321057 or later	Released January 2016	Oracle Identity Federation (OIF 11.1.1.7.1) Patch
Oracle Identity Management 11.1.2.3 home	OIM Bundle Patch 11.1.2.3.180920 Patch 28768324 or DM Suite Bundle Patch 11.1.2.3.181016 Patch 28492339	Released October 2018	Oracle Identity Manager Patch Install prior to Java CPUApr2017 JDK/JRE or later version
Oracle Identity Access Management 11.1.2.3 home	Patch 28116779 - IDM Suite Bundle Patch 11.1.2.3.180717 OR Patch 27897816 - OAM bundle patch 11.1.2.3.180717	Released July 2018	OAM Webgates BP April 2018 or later has to be applied. Also refer to the MOS Note 2386496.1. Included few additional fixes delivered as one offs post April CPU.
Oracle Identity Access Management 11.1.2.3.0 home	OAAM Server 11.1.2.3.0 SPU for October18 Patch 28750460	Released October 2018	Oracle Adaptive Access Manager Patch

3.3.17 Oracle Hyperion Analytic Provider Services

Error Correction information for Oracle Hyperion Analytic Provider Services

Patch Information	11.1.2.x	Comments
Final CPU	April 2021

Patch Availability for Oracle Hyperion Analytic Provider Services

Product Home	Patch	Advisory Number	Comments
11.1.2.3	SPU Patch 20184072 SPU Patch 20184082	Released October 2015
11.1.2.2	SPU Patch 18148649	Released July 2014

3.3.18 Oracle Hyperion BI+

Error Correction information for Oracle Hyperion BI+

Patch Information	11.1.2.x	Comments
Final CPU	October 2021

Patch Availability for Oracle Hyperion BI+

Product Home	Patch	Advisory Number	Comments
11.1.2 Home	11.1.2.4.009 SPU Patch 29115044	CVE-2019-2415	R&A Framework Patch

3.3.19 Oracle Hyperion Common Security

Error Correction information for Oracle Hyperion Common Security

Patch Information	11.1.2.x	Comments
Final CPU	April 2018

Patch Availability for Oracle Hyperion Common Security

Product Home	Patch	Advisory Number	Comments
11.1.2.4	SPU Patch 20876722	Released July 2015
11.1.2.3	SPU Patch 20675028	Released July 2015
11.1.2.2	SPU Patch 21052487	Released July 2015

3.3.20 Oracle Hyperion Data Relationship Management

Error Correction information for Oracle Hyperion Data Relationship Management

Patch Information	11.1.2.x	Comments
Final CPU	October 2021

Patch Availability for Oracle Hyperion Data Relationship Management

Product Home	Patch	Advisory Number	Comments
11.1.2.4	Hyperion Data Relationship Management 11.1.2.4.346 Patch 28367949	Released October 2018

3.3.21 Oracle Hyperion Enterprise Performance Management Architect

Error Correction information for Oracle Hyperion Enterprise Performance Management Architect

Patch Information	11.1.2.x	Comments
Final CPU	April 2021

Patch Availability for Oracle Hyperion Enterprise Performance Management Architect

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 19466859

SPU Patch 20929659

Released July 2015

11.1.2.2

SPU On-Request

Released July 2015

3.3.22 Oracle Hyperion Essbase

Error Correction information for Oracle Hyperion Essbase

Patch Information	11.1.2.x	Comments
Final CPU	April 2021

Patch Availability for Oracle Hyperion Essbase

Product Home	Patch	Advisory Number	Comments
11.1.2.4	11.1.2.4.025 PSU Patch 27797123 (Essbase RTC) 11.1.2.4.025 PSU Patch 27797126 (Essbase Client) 11.1.2.4.025 PSU Patch 27797117 (Essbase Client MSI) 11.1.2.4.025 PSU Patch 27797131 (Essbase Server) 11.1.2.4.025 PSU Patch 27797138 (ANALYTIC PROVIDER SERVICES) 11.1.2.4.016 PSU Patch 25225889 (Studio Server) 11.1.2.4.016 PSU Patch 25225885 (Studio Console) 11.1.2.4.0.025 PSU Patch 28285151 (ESSBASE ADMINISTRATION SERVICES SERVER) 11.1.2.4.025 PSU Patch 28285134 (ESSBASE ADMIN SERVICES CONSOLE)	Released October 2018	Install prior to Java CPUApr2017 JDK/JRE or later version
11.1.2.3	11.1.2.3.508 PSU Patch 22347375 (RTC) 11.1.2.3.508 PSU Patch 22347367 (Client) 11.1.2.3.508 PSU Patch 22314799 (Server)	Released April 2017
11.1.2.2	Upgrade to Hyperion Essbase 11.1.2.3, then apply the patches listed above	Released July 2015

3.3.23 Oracle Hyperion Financial Management

Error Correction information for Oracle Hyperion Financial Management

Patch Information	11.1.2.0	Comments
Final CPU	October 2021

Patch Availability for Oracle Hyperion Financial Management

Product Home	Patch	Advisory Number	Comments
11.1.2.0	SPU Patch Patch 28314691	Released October 2018	Hyperion Shared Service Patch for Common Events Service used by Hyperion Financial Management

3.3.24 Oracle Hyperion Financial Reporting

Error Correction information for Oracle Hyperion Financial Reporting

Patch Information	11.1.2.x	Comments
Final CPU	October 2021

Patch Availability for Oracle Hyperion Financial Reporting

Product Home	Patch	Advisory Number	Comments
11.1.2	Jdev 11.1.1.7.1 SPU Patch 27457998	Released July 2018	Jdev ADF Patch needs to be applied to Hyperion Financial Reporting Home. To download this patch please contact support to get the password.

3.3.25 Oracle Hyperion Planning

Error Correction information for Oracle Hyperion Planning

Patch Information	11.1.2.x	Comments
Final CPU	April 2018

Patch Availability for Oracle Hyperion Planning

Product Home	Patch	Advisory Number	Comments
11.1.2.4	SPU Patch 27177721	Released January 2018

3.3.26 Oracle Hyperion Strategic Finance

Error Correction information for Oracle Hyperion Strategic Finance

Patch Information	11.1.2.x	Comments
Final CPU	October 2021

Patch Availability for Oracle Hyperion Strategic Finance

Product Home	Patch	Advisory Number	Comments
11.1.2.2	CPU Patch 14593946	Released April 2014
11.1.2.1	CPU Patch 17636270	Released April 2014

3.3.27 Oracle Identity Access Management

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Identity Access Management installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Identity Access Management

Product Home	Patches	Comments
Oracle Identity Access Management 11.1.2.3 home	See "Oracle Identity Access Management 11.1.2.3"
Oracle Identity Access Management 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"

3.3.28 Oracle Identity Analytics

Error Correction Information for Oracle Identity Analytics

Patch Information	11.1.1.5.0	Comments
Final CPU	December 2019

Patch Availability for Oracle Identity Analytics

Product Home	Patch	Advisory Number	Comments
11.1.1.5.0	OIA SPU for April 19 Patch 29470723	CVE-2016-1000031	Install prior to Java CPUApr2017 JDK/JRE or later version

3.3.29 Oracle Identity Management

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Identity Management installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Identity Management

Product Home	Patches	Comments
Oracle Identity Management 11.1.1.9 home	See Section "Oracle Fusion Middleware 11.1.1.9"

3.3.30 Oracle Identity Management Connector

Error Correction information for Oracle Identity Management Connector

Patch Information	9.1.1.5	Comments
Final CPU	-

Patch Availability for Oracle Identity Management Connector

Product Version	Patch	Advisory Number	Comments
Microsoft AD connector 9.1.1.5	OIM Connector 9.1.1.5.15 Patch 25028999	Released October 2017
ca top secret connector 9.0.4.20.6	OIM Connector 9.0.4.20.6 Patch 26566700	Released January 2018
RACF adv connector 9.0.4.25.4	OIM Connector 9.0.4.20.6 Patch 26599074	Released January 2018
acf2 connector 9.0.4.21	OIM Connector 9.0.4.21 bpl Patch 26615477	Released January 2018

3.3.31 Oracle JDeveloper and Oracle ADF

Error Correction information for Oracle JDeveloper and Oracle ADF

Patch Information	12.2.1.3	12.1.3.0	11.1.2.4	11.1.1.9	Comments
Final CPU	-	October 2019	October 2021	October 2021

Critical Patch Update Availability for Oracle JDeveloper and Oracle ADF

Release	Patch	Advisory Number	Comments
12.2.1.3.0	ADF Bundle Patch 12.2.1.3.190404 Patch 29620828	CVE-2018-14718, CVE-2017-5645, CVE-2015-9251	Please refer to Post Release section
12.1.3.0.0	ADF Bundle Patch 12.1.3.0.190416 Patch 29348040	CVE-2018-14718, CVE-2017-5645, CVE-2015-9251	Install prior to Java CPUApr2017 JDK/JRE or later version
11.1.2.4.0	ADF SPU 11.1.2.4.0 for JanCPU2018 Patch 27213077	Released January 2018	Install prior to Java CPUApr2017 JDK/JRE or later version
11.1.1.9.0	ADF SPU 11.1.1.9.0 FOR APRCPU2019 Patch 29669847	CVE-2017-5645, CVE-2015-9251	Please refer to Post Release section

3.3.32 Oracle Map Viewer

Error Correction information for Oracle Map Viewer

Patch Information	11.1.1.9	Comments
Final CPU	October 2021

Patch Availability for Oracle Map Viewer

Product Home	Patch	Advisory Number	Comments
12.1.3	Mapviewer 12.1.3 SPU for CPUOct2018 Patch 28794663	Released October 2018	Install prior to Java CPUApr2017 JDK/JRE or later version
11.1.1.9	SPU Patch 27534923	Released April 2018

3.3.33 Reserved for Future Use

Error Correction information for Reserved for Future Use

Patch Information	x.x.xx	Comments
Final CPU	-

Patch Availability for Reserved for Future Use

Product Home	Patch	Advisory Number	Comments

3.3.34 Oracle Outside In Technology

Error Correction information for Oracle Outside In Technology

Patch Information	8.5.4	8.5.3	Comments
Final CPU	-	April 2019

Patch Availability for Oracle Outside In Technology

Product Home	Patch	Advisory Number	Comments
Oracle Outside In Technology 8.5.4	OIT BP 8.5.4 Apr 2019 Patch 29634711	CVE-2019-2609, CVE-2019-2611, CVE-2019-2705, CVE-2019-2612, CVE-2019-2608, CVE-2019-2610, CVE-2019-2613
Oracle Outside In Technology 8.5.3	OIT BP 8.5.3 Apr 2019 Patch 29157364	CVE-2019-2613, CVE-2019-2608, CVE-2019-2610, CVE-2019-2611, CVE-2019-2609, CVE-2019-2705, CVE-2019-2612, CVE-2017-8287, CVE-2017-8105

3.3.35 Oracle Real Time Decisions Applications

Error Correction information for Oracle Real Time Decisions Applications

Patch Information	3.2	Comments
Final CPU	July 2019

Patch Availability for Oracle Real Time Decisions Applications

Product Home	Patch	Advisory Number	Comments
Oracle Real Time Decisions (RTD) Application 3.2 home	RTD applications 3.2 SPU for April 2018 Patch 27860903	Released April 2018

3.3.36 Oracle Real Time Decisions Platform

Error Correction information for Oracle Real Time Decisions Platform

Describes the Error Correction information for Oracle Real Time Decisions Platform.

Patch Information	3.2	Comments
Final CPU	July 2022

Patch Availability for Oracle Real Time Decisions Platform

Describes the available patches for Oracle Real Time Decisions Platform.

Product Home	Patch	Advisory Number	Comments
Oracle Real Time Decisions Platform 3.2 home	RTD Platform 3.2.1 SPU for October CPU 2018 Patch 28722658	Released October 2018

3.3.37 Oracle Service Architecture Leveraging Tuxedo (SALT)

Error Correction information for Oracle Service Architecture Leveraging Tuxedo (SALT)

Patch Information	12.2.2.0.x	12.1.3	Comments
Final CPU	Oct 2024	Oct 2019

Patch Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)

Product Home	Patch	Advisory Number	Comments
Oracle Service Architecture Leveraging Tuxedo (SALT) 12.2.2.0.x home	Oracle SALT 12.2.2.0.0 SPU FOR CPUJan2019 Patch 29169314	Released January 2019
Oracle Service Architecture Leveraging Tuxedo (SALT) 12.1.3.0.x home	Oracle SALT 12.1.3.0.0 SPU FOR CPUJan2019 Patch 29169322	Released January 2019

3.3.38 Oracle SOA Suite

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle SOA Suite installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle SOA Suite

Product Home	Patches	Comments
Oracle SOA Suite 12c home	See "Oracle Fusion Middleware 12c"
Oracle SOA Suite 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"

3.3.39 Oracle Traffic Director

Error Correction information for Oracle Traffic Director

Patch Information	11.1.1.9	Comments
Final CPU	October 2021

Patch Availability for Oracle Traffic Director

Product Home	Patch	Advisory Number	Comments
11.1.1.9	Oracle Traffic Director SPU Patch 29340480	CVE-2018-0495

3.3.40 Oracle Tuxedo

Error Correction information for Oracle Tuxedo

Patch Information	12.2.2.0	12.1.3.0	12.1.1.0	Comments
Final CPU	April 2024	April 2022	July 2020

Patch Availability for Oracle Tuxedo

Product Home	Patches	Advisory Number	Comments
12.2.2.0	rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 Linux Patch 28090531 rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-64 with vs2015 Patch 28124771 rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-32 with vs2015 Patch 28124779	Released July 2018	For CVE-2017-10269, see extra settings required with these cumulative patches in Note 2326009.1
12.1.3.0	rp108 oracle tuxedo 12.1.3 SPU for JULCPU2018 Linux Patch 28005865 rp108 oracle tuxedo 12.1.3 SPU for JULCPU2018 (win vs2013/32bit) Patch 28060108 rp108 oracle tuxedo 12.1.3 SPU for JULCPU2018 (win vs2012/64bit) Patch 28058873 rp108 oracle tuxedo 12.1.3 SPU for JULCPU2018 (win x64 vs2010/64-bit) Patch 28060030	Released July 2018	For CVE-2017-10269, see extra settings required with these cumulative patches in Note 2326009.1
12.1.1.0	RP099 Oracle Tuxedo 12.1.1.0 SPU for CPU Apr2019 Patch 29387615 RP099 Oracle Tuxedo 12.1.1.0 SPU (Windows vs2010) for CPU Apr2019Patch 29202243 RP099 Oracle Tuxedo 12.1.1.0 SPU (Windows vs2012) for CPU Apr2019Patch 29202255	CVE-2018-0734

3.3.41 Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Error Correction Information for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Patch Information	12.2.2	12.1.3	12.1.1.1	Comments
Final CPU	April 2024	April 2022	July 2020

Patch Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Product Home	Patches	Advisory Number	Comments
TSAM Plus 12.2.2	RP002 Patch 25389632	Released July 2017
TSAM Plus 12.1.3	RP019 FOR LINUX 64-BIT X86 Patch 27379436	Released January 2018
TSAM Plus 12.1.1.1	RP025 Patch 23707307	Released July 2017

3.3.42 Oracle Web-Tier 11g Utilities

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Web-Tier 11g Utilities installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Web-Tier 11g Utilities

Product Home	Patches	Comments
FMW 12c home	See "Oracle Fusion Middleware 12c"
Oracle Web-Tier 11g Utilities 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"

3.3.43 Oracle WebCenter

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle WebCenter

Product Home	Patches	Comments
FMW 12c home	See "Oracle Fusion Middleware 12c"
Oracle WebCenter 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"

3.3.44 Oracle WebCenter Content (Formerly Oracle Universal Content Management)

Patch Availability for Oracle WebCenter Content

Component	Patch	Advisory Number	Comments
Oracle WebCenter Content 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"	See "Oracle Fusion Middleware 11.1.1.9"
Oracle WebCenter Content 11.1.1.8 home	See "Oracle WebCenter 11.1.1.8"	See "Oracle WebCenter 11.1.1.8"

3.3.45 Oracle WebCenter Portal

Error Correction information for Oracle WebCenter Portal

Patch Information	11.1.1.9	Comments
Final CPU	-

Patch Availability for Oracle WebCenter Portal

Product Home	Patches	Comments
Oracle WebCenter 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"

3.3.46 Oracle WebCenter Sites (Formerly FatWire Content Server)

Error Correction information for Oracle WebCenter Sites (formerly FatWire Content Server)

Patch Information	12.2.1.3.0	11.1.1.8	Comments
Final CPU	-	October 2021

Patch Availability for Oracle WebCenter Sites

Product Home	Patch	Advisory Number	Comments
12c home	See "Oracle Fusion Middleware 12c"	See "Oracle Fusion Middleware 12c"
11.1.1.8 home	Oracle WebCenter Sites 11.1.1.8.0 Patch 21 Patch 29118979	Released January 2019

3.3.47 Oracle WebCenter Sites Community

Error Correction information for Oracle WebCenter Sites Community

Patch Information	11.1.1.8	Comments
Final CPU	-

Patch Availability for Oracle WebCenter Sites Community

Product Home	Patch	Advisory Number	Comments
11.1.1.8 home	11.1.1.8.0 Patch 5 SPU Patch 26951713 or later	Released January 2018	See "Oracle WebCenter 11.1.1.8"

3.3.48 Oracle WebCenter Suite

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter Suite installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle WebCenter Suite

Product Home	Patches	Comments
Oracle WebCenter Suite 11.1.1.9 home	See "Oracle Fusion Middleware 11.1.1.9"

3.3.49 Oracle WebGate

Error Correction information for Oracle WebGate

Patch Information	11.1.2.3	Comments
Final CPU
On-Request platforms	Platform and Server combinations that are historically inactive for patching are available on-request. If the patch is not available for a particular platform, see Section 1.3, "On-Request Patches" on how to request them.	Post-Release on-Request patches will be documented on My Oracle Support Note 1563072.1

Patch Availability for Oracle WebGate

See also the underlying product stack tables for any applicable patches. Refer to comments section and apply the patch to the respective product home.

Oracle WebGate	Patch	Advisory Number	Comments
11.1.2.3 Home	Patch 27953548 - OAM webgate bundle patch 11.1.2.3.180717 or Later	Released July 2018

3.3.50 Oracle WebLogic Portal

Error Correction information for Oracle WebLogic Portal

Patch Information	10.3.7.0	10.3.6.0	Comments
Final CPU	October 2021	October 2018

Critical Patch Update Availability for WebLogic Portal

See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

WebLogic Portal patches are cumulative to include all the prior published advisories. For more information, see My Oracle Support Note 1355929.1, October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session ID and SSL Filters.

WebLogic Portal 9.2.3.0 is bundled with WebLogic Server 9.2.3.0, which is out of error correction. Contact Oracle support for security patches needed for WebLogic Server 9.2.3.0

Product Home	Patch	Advisory Number	Comments
WebLogic Portal 10.3.6.0 home	Patch 27820719 - Oracle WebLogic Portal 10.3.6.0.0 SPU for April2018CPU	Released April 2018

3.3.51 Oracle WebLogic Server

Error Correction information for Oracle WebLogic Server Patch Set Update

Patch Information	12.2.1.3.0	12.1.3.0	10.3.6.0	Comments
Final CPU	-	October 2019	October 2021

Patch Set Update Availability for Oracle WebLogic Server

For more information, see MyOracleSupport Note 1470197.1, Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS). See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

Product Home	Patch	Advisory Number	Comments
Oracle Java SE home Oracle JRockit 28.x home	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE	See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
Oracle WebLogic Server 12.2.1.3 home	OPatch 13.9.4.x for FMW/WLS 12.2.1.3.x Patch 28186730	Released in January 2019	Apply Opatch 13.9.4.2 before applying WLS PSU. (Re download the patch if used older patch before Feb 8 2019)
Oracle WebLogic Server and Coherence	WLS PATCH SET UPDATE 12.2.1.3.190416 Patch 29016089	CVE-2018-1258, CVE-2019-2615, CVE-2019-2650, CVE-2019-2648, CVE-2019-2645, CVE-2019-2646, CVE-2019-2568, CVE-2019-2647, CVE-2019-2649, CVE-2019-2618	CVE-2018-3213 Is addressed in Docker Images published after September 13, 2018. Latest docker image at https://container-registry.oracle.com. See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
WebLogic Server 12.1.3.0 home	WLS PATCH SET UPDATE 12.1.3.0.190416 Patch 29204657	CVE-2019-2615, CVE-2019-2650, CVE-2019-2648, CVE-2019-2645, CVE-2019-2646, CVE-2019-2658, CVE-2019-2568, CVE-2019-2647, CVE-2019-2649, CVE-2019-2618	See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628 See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
WebLogic Server 10.3.6.0 home	WLS PATCH SET UPDATE 10.3.6.0.190416 Patch 29204678	CVE-2019-2615, CVE-2019-2650, CVE-2019-2648, CVE-2019-2645, CVE-2019-2646, CVE-2019-2658, CVE-2019-2568, CVE-2019-2647, CVE-2019-2649, CVE-2019-2618	See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628 See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
WebLogic Server 12.1.3.0 home WebLogic Server 10.3.6.0 home	WLS 12.1.3 JDBC Patch 20741228 WLS 10.3.6 JDBC Patch 29605706	Released January 2018	Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c
WebLogic Server 12.2.1.3.0 home WebLogic Server 12.1.3.0.0 home WebLogic Server 10.3.6.0.0 home	WEBLOGIC SAMPLES SPU 12.2.1.3.190115 Patch 28927298 WEBLOGIC SAMPLES SPU 12.1.3.0.190115 Patch 28927303 Weblogic Samples SPU 10.3.6.0.181016 Patch 28483404	Released January 2019	This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities
WebLogic Server 12.1.3.0 home	SPU Patch 24327938	Released July 2016	TopLink JPA-RS patch See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
WebLogic Server 12.1.3.0 home WebLogic Server 10.3.6.0 home	See Note 1936300.1	Released October 2014	SSL V3.0 "Poodle" Advisory See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

3.4 Oracle Sun Middleware

This section contains the following:

· Section 3.4.1 "Directory Server Enterprise Edition"

· Section 3.4.2 "Reserved for Future Use"

3.4.1 Directory Server Enterprise Edition

Error Correction information for Directory Server Enterprise Edition

Patch Information	11.1.1.7.0	Comments
Final CPU (Premier Support)	October 2019
Final CPU (Extended Support)	October 2022

Patch Availability for Directory Server Enterprise Edition

Product Home	Patch	Advisory Number	Comments
ODSEE 11.1.1.7 home	ODSEE BP 11.1.1.7.181016 Patch 28773949	Released October 2018
11.1.1.7.0	ODSEE BP 11.1.1.7.181016 Patch 28773949	Released October 2018

3.4.2 Reserved for Future Use

Error Correction information for Reserved for Future Use

Patch Information	1.0	Comments
Final CPU	-

Patch Availability for Reserved for Future Use

Product Home	Patch	Advisory Number	Comments
1.0	Reserved for Future Use	-

3.5 Tools

This section contains the following:

· Section 3.5.1 "Oracle OPatch"

3.5.1 Oracle OPatch

Minimum Product Requirements for Oracle OPatch

The CPU security vulnerabilities are fixed in the listed release and later releases. The Oracle OPatch downloads can be found at Patch 6880880.

Component	Release	Advisory Number	Comments
Oracle OPatch	1.0.0.0.64	Announced July 2011

4 Final CPU History

Final CPU History

The Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. For more information, see My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.

Release	Final CPUs	Comments
January 2019	Oracle Application Performance Management 11.1.x Oracle GlassFish Server 3.1.2 Oracle Mobile Security Suite 3.0
October 2018	Oracle Business Intelligence App Mobile Designer Oracle Business Intelligence Enterprise Edition 11.1.1.7 Oracle Business Intelligence Mobile Oracle Business Intelligence Publisher 11.1.1.7 Oracle Communications Converged Application Server 5.x Oracle Complex Event Processing 11.1.7 Oracle Data Integrator 11.1.1.7.0 Oracle Endeca Server 7.6 Oracle Endeca Server 7.6.1 Oracle Endeca Information Discovery Integrator 3.1 Oracle Endeca Information Discovery Studio 3.1 Oracle Enterprise Repository 11.1.1.7 Oracle Forms and Reports 11.1.2.2 Oracle Fusion Middleware 11.1.1.7 Oracle Hyperion BI+ 11.1.2.x Oracle JDeveloper and Oracle ADF 11.1.1.7 Oracle Mapviewer 11.1.1.7.0 Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 Oracle Real Time Decisions Server 11.1.1.7 Oracle Service Bus 11.1.1.7.0 Oracle SOA Suite 11.1.1.7.0 Oracle Traffic Director 11.1.1.7 Oracle WebCenter Suite 11.1.1.7 Oracle WebGate 10.1.4.3 Oracle WebLogic Server Plug-in 11.1.1.7 Oracle Web-Tier 11g Utilities 11.1.1.7
July 2018	Oracle Business Intelligence Enterprise Edition 12.2.1.2.0 Oracle Communications Converged Application Server 5.0 Oracle Fusion Middleware 12.2.1.2 Oracle JDeveloper and Oracle ADF 12.2.1.2.0 Oracle WebCenter Sites 12.2.1.2.0 (Formerly FatWire Content Server 12.2.1.2.0) Oracle WebLogic Server 12.2.1.2.0 FMW 12.2.1.2 all components
April 2018	Oracle Endeca Server 7.5 home Oracle Enterprise Manager Grid Control 11.1.0.1 Oracle Hyperion BI+ 11.1.2.x Oracle Hyperion Common Admin 11.1.2.x Oracle Hyperion EAS 11.1.2.x Oracle Hyperion Financial Reporting 11.1.2.x Oracle Hyperion Installation Technology 11.1.2.x Oracle Hyperion Smart View For Office 11.1.2.x Oracle Service Architecture Leveraging Tuxedo (SALT) 11.1.1.2.x Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 11.1.1.2.x WebLogic Server 12.2.1.0 home WebLogic Server 12.1.2.0 home WebLogic Server 12.1.1.0 home WLS Plugin 12c (12.1.2.0) WLS Plugin 1.0 (10.3.4 and older)
January 2018	Oracle Endeca Information Discovery Studio 3.1, 3.0, 2.4 Oracle Endeca Information Discovery Studio Integrator 3.1, 3.0, 2.4 Oracle Secure Enterprise Search 11.2.2.2 iPlanet Web Server 7.0
October 2017	Directory Server Enterprise Edition 7.0 Oracle Fusion Middleware 12.2.1.1 Oracle GlassFish Communications Server 2.0 Oracle GlassFish Server 3.0.1 Oracle JDeveloper and Oracle ADF 12.2.1.1.0 Oracle Map Viewer 12.2.1.1 Oracle OpenSSO Agents 3.0 Oracle Waveset 8.1.1.0 Oracle WebLogic Server 12.2.1.1.0 Sun Role Manager 5.0.3.2
July 2017	Oracle Endeca Server 7.4 Oracle Enterprise Manager Cloud Control 13.1.0.0
April 2017	Oracle TimesTen 11.2.1.x Oracle Business Intelligence Enterprise Edition 12.2.1.0.0 Business Intelligence Publisher 12.2.1.0.0 Oracle Fusion Middleware 12.2.1.0 Oracle Fusion Middleware 10.1.3.5 Oracle Identity Management Connector 9.1.0.4 Oracle JDeveloper and Oracle ADF 12.2.1.0.0 Oracle JDeveloper and Oracle ADF 10.1.3.5 Oracle WebLogic Server 12.2.1.0.0
January 2017	Oracle Business Process Management 10.3.2 Oracle Data Service Integrator 10.3.0 Oracle Outside In Technology 8.5.2 Oracle Service Architecture Leveraging Tuxedo (SALT) 10.3 Oracle WebCenter Interaction 10.3.3.0 Oracle WebLogic Integration 10.3.1.0 iPlanet Web Server 7.0 iPlanet Web Proxy Server 4.0 Oracle GlassFish Server 2.1.1
October 2016	Oracle Endeca Server 7.3 Oracle Access Manager 10gR3 (10.1.4.x) Oracle Access Manager 10g WebGates / ASDK working with OAM 10gR3 (10.1.4.x) Oracle WebLogic Server Proxy Plug-In 10gR3 (formerly known as WebLogic Server Proxy Plug-In 1.0) Oracle Outside In Technology 8.5.1 Oracle Audit Vault 10.3 Oracle Secure Backup 10.4.x
July 2016	Oracle Outside In Technology 8.5.0 Oracle Database 12.1.0.1 (See MOS Note 742060.1)
April 2016	AquaLogic Data Services Platform 3.2 AquaLogic Data Services Platform 3.0.1 Oracle Business Intelligence Enterprise Edition 11.1.1.7 Oracle Endeca Information Discovery 2.3 Oracle Endeca Information Discovery 2.2.2 (Formerly Latitude) Oracle Enterprise Manager Cloud Control 12.1.0.4 Oracle Fusion Middleware 12.1.2.0 Oracle Identity Access Management 11.1.2.2 Oracle Tuxedo 11.1.1 Oracle WebCenter 11.1.1.8 Oracle WebCenter Portal 11.1.1.8 Oracle WebCenter Sites 7.6.2
January 2016	Oracle Real Time Decisions Server 3.0.0.1 Oracle WebCenter Interaction 6.5.1
July 2015	Oracle API Gateway 11.1.2.2.0 Oracle Business Intelligence EE and Publisher 10.1.3.4.2 Oracle Communications Converged Application Server 4.0 Oracle Database 11.2.0.3 Oracle Database 11.1.0.7 Oracle Fusion Middleware 12.1.1.0.0 Oracle Identity and Access Management 11.1.1.5.0 Oracle iPlanet Web Server 6.1.x Oracle iPlanet Web Server (Java System Web Server 6.1.x) Oracle WebLogic Server 12.1.1.0

5 Sources of Additional Information

The following documents provide additional information about Critical Patch Updates:

· My Oracle Support Note 756671.1, Master Note for Database Proactive Patch Program

· My Oracle Support Note 822485.1, Master Note for Enterprise Manager Proactive Patch Program

· My Oracle Support Note 1494151.1, Master Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs)

My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy

6 Modification History

Modification History

Date	Modification
April 16, 2019	Released Removed CPU COMBO from section 3.1.4.6 Updated table in section 3.3.16.1.1 for Patch 28757972 Updated table in section 3.3.16.1.2 for Patch 28730845 Added comment for Patch 29123137 in section 3.3.16.2 Updated availability in section 2.2
April 17, 2019	Updated availability in section 2.2 Modified the platform for Patch 29413116 in table 2.2 Added comment for Patch 28757972 is section 3.3.16.1.1
April 23, 2019	Updated availability in section 2.2 Updated comments for Patch 29016089 in sections 3.3.16.1.1 and 3.3.51. Updated distribution and comments for Patch 28186730 in section 3.3.16.1.1 Updated product home for Patch 28186730 in secton 3.3.51 Comments concerning Patch 29549154 and Patch 29511771 in section 3.1.4.2 were moved to their own rows for clarity. COMBO patch comments in section 3.1.4.2 were added.
April 25, 2019	Updated availability in section 2.2
April 26, 2019	Updated availability in section 2.2
April 30, 2019	Updated availability in section 2.2 Updated Patch number for ADF SPU 11.1.1.9.0 for APRCPU2019 in sections 2.2 and 3.3.31
May 14, 2019	Updated availability in section 2.2 Updated references to "Exadata (Apr2019) 19.3.0 (Patch 29626115)" to "Exadata (May2019) 19.3.0 (Patch 29775201)" throughout the Document. Updated references to "Exadata (Apr2019) 18.6.0 (Patch 29252444)" to "Exadata (May2019) 18.6.0 (Patch 29775195)" throughout the Document. Updated references to "Exadata (Apr2019) 12.2.0.1 (Patch 29252428)" to "Exadata (May2019) 12.2.0.1 (Patch 29775188)" throughout the Document. Updated references to "Exadata (Apr2019) BP 12.1.0.2 (Patch 29252416)" to "Exadata (May2019) 12.1.0.2 (Patch 29775177)" throughout the Document. Updated references to "Exadata (Apr2019) BP 11.2.0.4 Patch 29252384" to "Exadata (May2019) 11.2.0.4 Patch 29775159" throughout the Document.
May 15, 2019	Updated availability in section 2.2
May 21, 2019	Updated availability in section 2.2
May 28, 2019	Updated details for 19.3.0 DB and GI RU patches in section 3.1.4.2 Updated details for 19.3.1 DB and GI RUR patches in section 3.1.4.2 Updated details for OID bundle patch 11.1.1.9.171127 in section 3.3.16.2 Updated patch availability details in section 2.2
June 04, 2019	Modified section 3.1.4.2 and 2.2 for DB RUR 19.3.1 and GI RUR 19.3.1
June 05, 2019	Updated availability in section 2.2
June 06, 2019	Updated availability in section 2.2
June 10, 2019	Added Extended Support information in section 3.4.1 Removed row for ADF Bundle Patch 12.2.1.3.180607 from section 3.3.31 Changed ADF Bundle Patch 12.2.1.3.180607 (Patch 28151020) to ADF Bundle Patch 12.2.1.3.190404 (Patch 29620828) in section 3.3.16.1.1
June 19, 2019	Corrected typo of 12.2.1.3.0404 to 12.2.1.3.190404 in section 2.2 Updated availability in section 2.2
June 25, 2019	Minor text edit to Patch Information column in section 3.4.1
July 03, 2019	Updated availability in section 2.2
July 09, 2019	Updated availability in section 2.2
July 14, 2019	Simplified the 'Product Home' column for Patch 27369643 in section 3.3.16.2 Updated availability in section 2.2
July 22, 2019	Updated availability in section 2.2
July 29, 2019	Added Patch 27210544 in section 3.3.5 Removed 'Oracle WebLogic Server and Coherence' and 'Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)' from section 3.3.16.1.1 Added link for Patch 28952857 in section 3.3.5
July 30, 2019	Updated availability in section 2.2
August 07, 2019	Updated Patch 27541896 to Patch 29605706 in section 3.3.51 Updated availability in section 2.2
August 08, 2019	Updated availability in section 2.2
August 13, 2019	Updated availability in section 2.2
August 14, 2019	Updated availability in section 2.2
August 15, 2019	Updated availability in section 2.2
August 20, 2019	Updated availability in section 2.2
August 23, 2019	Updated availability in section 2.2
August 27, 2019	Updated availability in section 2.2
September 10, 2019	Updated patch availability in section 2.2 Added comment on JDK7 to section 3.1.4.6 Updated the SPU row in section 3.1.4.6
October 02, 2019	Updated availability in section 2.2
October 18, 2019	Updated availability in section 2.2

7 Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

Critical Patch Update Availability Document April 2019

This software and related documentation are provided under a lice