微信公众号:云库管    www.yunDBA.com

北京云库管科技有限公司 (内部培训资料) 返回上级

 

PDF文档下载

 

 

Critical Patch Update (CPU) Program Jan 2020 Patch Availability Document (PAD) (Doc ID 2602410.1)

 

 


APPLIES TO:

Oracle Database Cloud Exadata Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Oracle Database - Enterprise Edition - Version 11.2.0.4 and later
Oracle Fusion Middleware - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

PURPOSE

This document defines the patches and minimum releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates released on January 14, 2020.

SCOPE

 The document is for Database Administrators and/or others tasked with Quarterly Security Patching.

DETAILS

 

Database, Fusion Middleware, and Enterprise Manager Critical Patch Update January 2020 Patch Availability Document

My Oracle Support Note 2602410.1

Released January 14, 2020

This document contains the following sections:

1 Overview

Oracle provides quarterly cumulative patches to address security vulnerabilities. The patches may include critical fixes in addition to the security fixes. The security vulnerabilities addressed are announced in the Advisory for January 2020, available at:

Oracle Technical Network Advisory

This document lists the Oracle Database, Fusion Middleware and Enterprise Manager CPU program cumulative patches for product releases under error correction. The January 2020 release supersedes earlier CPU program cumulative patches for the same product releases. This document is subject to continual update after the initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to ensure you have the latest version.

This section contains the following:

·         Section 1.1 "How To Use This Document"

·         Section 1.2 "Terminology in the Tables"

·         Section 1.3 "On-Request Patches"

·         Section 1.4 "CPU Program and My Oracle Support Patch Recommendations"

·         Section 1.5 "My Oracle Support (MOS) Conflict Checker Tool"

1.1 How To Use This Document

The following steps explain how to use this document.

Step 1   Assess your Environments

Determine the Oracle product suites and products and their release numbers for each of your environments.

Step 2   Read Important Announcements

Review "What's New in January 2020," as it lists documentation and packaging changes along with important announcements such as upcoming final CPUs.

Step 3   Determine Patches to be Applied

For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control 12.1.0.5.

·         The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite

·         The patches are listed in the order released, with newest patches listed first

·         For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes

·         The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance

·         Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

·         When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."

Step 4   Apply the Patches

Download the patches, review the READMEs, and apply the patches according to the instructions.

Step 5   Planning for Future Critical Patch Updates

To help you plan for future Critical Patch Updates, this document includes Final CPU information based on Oracle's Lifetime Support Policy and error correction policies.

"Final CPU Information (Error Correction Policies)" in "What's New in January 2020," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU program patch for the product. Products that have reached the end of error correction are documented in "Final CPU History."

1.2 Terminology in the Tables

The following terminology is used in this patch availability document and in the subsequent tables.

·         Update - Release Update

·         Revision -Release Update Revision

·         BP - Bundle Patch

·         Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.

·         NA Not Applicable.

·         OR On-Request. The patch is made available through the On-Request program.

·         PSU - Patch Set Update

·         SPU - Security Patch Update. An iterative, cumulative patch consisting of security fixes.

·         Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

1.3 On-Request Patches

Oracle does not proactively release patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

The following guidelines describe how to initiate an on-request (OR) patch.

A request may be made:

o    At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.

o    As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy.

o    For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUOct2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

1.4 CPU Program and My Oracle Support Patch Recommendations

My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

1.5 My Oracle Support (MOS) Conflict Checker Tool

The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

For more information and a demonstration video, see Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict Checker Tool for Patches Installed with OPatch [Video].

2 What's New in January 2020

This section describes important changes in January 2020:

·         Section 2.1 "Final CPU Information (Error Correction Policies)"

·         Section 2.2 "Post Release Patches"

2.1 Final CPU Information (Error Correction Policies)

The final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. Final CPUs for upcoming releases, as well as newly scheduled final CPUs, are listed in the following sections.

Final CPUs scheduled for Apr 2020

  • Management Pack For Oracle GoldenGate 11.2.1.0

Final CPUs scheduled for Jan 2020

  • Oracle Enterprise Repository 12.1.3
  • Oracle GoldenGate 11.2.1.0
  • Oracle Secure Backup 12.1.0.3

2.2 Post Release Patches

Oracle strives to complete preparations and testing of each Quarterly Security Patch for each platform by the quarterly release date. Occasionally, circumstances beyond our control dictate that a particular patch be delayed and be released a few days after the quarterly release date. The following table lists any current patch delays and the estimated date of availability.

Patch

Patch Number

Platform

Availability

WLS PATCH SET UPDATE 10.3.6.0.200114

Patch 30463097

Generic

Available

WLS PATCH SET UPDATE 12.1.3.0.200114

Patch 30463093

Generic

Available

Opatch Patch 13.9.4.2.2 (for Oracle Fusion Middleware)

Patch 28186730

All

Available

OHS 12.1.3 SPU FOR JANCPU2020

Patch 30748483

Windows x86-64

Available

OHS 11.1.1.9.0 SPU FOR JANCPU2020

Patch 30654519

Linux x86-32

Available

OSS SECURITY PATCH UPDATE 12.1.3.0.0 (CPUJAN2020)

Patch 30692958

Windows x86-64

Available

OSS BUNDLE PATCH 11.1.1.9.200114

Patch 30332467

Linux x86-32

Available

Database Release Update 19.6.0.0.200114

Patch 30557433

Solaris x86-64

Available

Combo OJVM Release Update 19.6.0.0.200114 and Database Release Update 19.6.0.0.200114

Patch 30463595

Solaris x86-64

Available

GI Release Update 19.6.0.0.200114

Patch 30501910

Solaris x86-64

Available

Combo OJVM Release Update 19.6.0.0.200114 and GI Release Update 19.6.0.0.200114

Patch 30463609

Solaris x86-64

Available

Database Release Update Revision 19.5.1.0.200114

Patch 30446054

All

Available

GI Release Update Revision 19.5.1.0.200114

Patch 30464035

AIX, HP-UX Itanium

Available

Database Release Update Revision 19.4.2.0.200114

Patch 30446228

All

Available

GI Release Update Revision 19.4.2.0.200114

Patch 30463911

HP-UX Itanium

Available

Database Release Update 18.9.0.0.200114

Patch 30480385

Solaris x86-64

Available

GI Release Update 18.9.0.0.200114

Patch 30480702

Solaris x86-64

Available

Combo OJVM Release Update 18.9.0.0.200114 and Database Release Update 18.9.0.0.200114

Patch 30463620

Solaris x86-64

Available

Combo OJVM Release Update 18.9.0.0.200114 and GI Release Update 18.9.0.0.200114

Patch 30463635

All

Available

Database Release Update Revision 18.8.1.0.200114

Patch 30445895

Solaris x86-64

Available

GI Release Update Revision 18.8.1.0.200114

Patch 30463999

Solaris x86-64

Available

Database Release Update Revision 18.7.2.0.200114

Patch 30446239

Solaris x86-64

Available

GI Release Update Revision 18.7.2.0.200114

Patch 30463931

Solaris x86-64

Available

Combo OJVM Release Update 12.2.0.1.200114 and Database Release Update 12.2.0.1.200114

Patch 30463660

HP-UX Itanium

Available

Database Jan 2020 Release Update 12.2.0.1.200114

Patch 30593149

AIX, HP-UX Itanium

Available

Combo OJVM Release Update 12.2.0.1.200114 and GI Release Update 12.2.0.1.200114

Patch 30463673

HP-UX Itanium

Available

GI Jan 2020 Release Update 12.2.0.1.200114

Patch 30501932

AIX

Available

Database Jul 2019 Release Update Revision 12.2.0.1.200114

Patch 30446254

AIX

Available

GI Jul 2019 Release Update Revision 12.2.0.1.200114

Patch 30463942

AIX, HP-UX Itanium

Available

Database Proactive Bundle Patch 12.1.0.2.200114

Patch 30464171

AIX

Available

Combo OJVM PSU 11.2.0.4.200114 and Database PSU 11.2.0.4.200114

Patch 30463718

HP-UX PA-RISC

Available

Database PSU 11.2.0.4.200114

Patch 30298532

HP-UX PA-RISC

Available

Combo OJVM PSU 11.2.0.4.200114 and GI PSU 11.2.0.4.200114

Patch 30463729

HP-UX PA-RISC

Available

GI PSU 11.2.0.4.200114

Patch 30501155

HP-UX PA-RISC

Available

OJVM Release Update 19.6.0.0.200114

Patch 30484981

All

Available

OJVM Release Update 18.9.0.0.200114

Patch 30501926

Windows x86-64

Available

Microsoft Windows BP 19.6.0.0.200114

Patch 30445947

All

Available

Microsoft Windows BP 18.9.0.0.200114

Patch 30445951

Windows x86-64

Available

Microsoft Windows BP 12.2.0.1.200114

Patch 30446296

Windows 32-Bit and x86-64

Available

Microsoft Windows BP 12.1.0.2.200114

Patch 30455401

All

Available

OJVM Component Microsoft Windows Bundle Patch 12.2.0.1.200114

Patch 30525838

All

Available

OJVM Component Microsoft Windows Bundle Patch 12.1.0.2.200114

Patch 30671054

All

Available

Quarterly Full Stack download for Exadata (Jan2020) 19.6.0.0.200114

Patch 30463800

All

Available

Quarterly Full Stack download for Exadata (Jan2020) 18.9.0.0.200114

Patch 30463789

All

Available

Quarterly Full Stack download for Exadata (Jan2020) 12.2.0.1

Patch 30463781

All

Available

Quarterly Full Stack download for Exadata (Jan2020) 12.1.0.2

Patch 30463764

All

Available

Quarterly Full Stack download for Exadata (Jan2020) 11.2.0.4

Patch 30463761

All

Available

Microsoft Windows BP 18.9.0.0.200114

Patch 30445951

Windows 32-Bit

18-Feb-2020

OJVM Release Update 18.9.0.0.200114

Patch 30501926

Windows 32-Bit

18-Feb-2020

Microsoft Windows BP 11.2.0.4.200114

Patch 30502376

Windows 64-Bit and 32-Bit

28-Feb-2020

OJVM Component Database PSU 11.2.0.4.200114

Patch 30671044

Windows 64-Bit

28-Feb-2020

Quarterly Full Stack download for SuperCluster (Q1.2020)

Patch 30463811

Solaris SPARC (64-Bit)

28-Feb-2020

3 Patch Availability for Oracle Products

This section contains the following:

·         Section 3.1 "Oracle Database"

·         Section 3.2 "Oracle Enterprise Manager"

·         Section 3.3 "Oracle Fusion Middleware"

·         Section 3.4 "Oracle Sun Middleware"

·         Section 3.5 "Tools"

3.1 Oracle Database

This section contains the following:

·         Section 3.1.1 "Oracle REST Data Services (formally called Oracle APEX Listener)"

·         Section 3.1.2 "Oracle Application Express"

·         Section 3.1.3 "Oracle Big Data Spatial and Graph"

·         Section 3.1.4 "Oracle Database"

·         Section 3.1.5 "Oracle Database Mobile/Lite Server"

·         Section 3.1.6 "Oracle GoldenGate"

·         Section 3.1.7 "Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)"

·         Section 3.1.8 "Oracle GoldenGate Veridata"

·         Section 3.1.9 "Oracle Secure Backup"

3.1.1 Oracle REST Data Services (formally called Oracle APEX Listener)

Error Correction information for Oracle REST Data Services 3.0

Patch Information

3.0

Comments

Final CPU

-

 

Minimum Product Requirements for Oracle REST Data Services

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle REST Data Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.

Product

Release

Advisory Number

Comments

Oracle REST Data Services

3.0.10.25.02.36

Released July 2017

 

3.1.2 Oracle Application Express

Minimum Product Requirements for Oracle Application Express

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

Component

Release

Advisory Number

Comments

Oracle Application Express

19.1.0.00.15

Released July 2019

 

3.1.3 Oracle Big Data Spatial and Graph

Error Correction information for Oracle Big Data Spatial and Graph

Patch Information

2.0

1.2

Comments

Final CPU

-

-

 

Patch Availability for Oracle Big Data Spatial and Graph

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Big Data Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.

Product

Patch

Advisory Number

Comments

Oracle Big Data Spatial and Graph 2.0

Patch 28774674

Released October 2018

 

Oracle Big Data Spatial and Graph 2.1

Patch 28774701

Released October 2018

 

Oracle Big Data Spatial and Graph 2.1

Patch 28774764

Released October 2018

 

3.1.4 Oracle Database

This section contains the following:

·         Section 3.1.4.1 "Patch Availability for Oracle Database"

·         Section 3.1.4.2 "Oracle Database 19"

·         Section 3.1.4.3 "Oracle Database 18"

·         Section 3.1.4.4 "Oracle Database 12.2.0.1"

·         Section 3.1.4.5 "Oracle Database 12.1.0.2"

3.1.4.1 Patch Availability for Oracle Database

For information regarding the different types of patches for Database, refer to Oracle Database - Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1

3.1.4.2 Oracle Database 19

Patch Information

19

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 19

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Release Update 19.6.0.0.200114 and Database Release Update 19.6.0.0.200114 Patch 30463595 for UNIX, or

Combo OJVM Release Update 19.6.0.0.200114 and GI Release Update 19.6.0.0.200114 Patch 30463609, or

Quarterly Full Stack download for Exadata (Jan2020) 19.6.0.0.200114 Patch 30463800 for Linux x86-64

CVE-2020-2510, CVE-2020-2511, CVE-2020-2512, CVE-2020-2515, CVE-2020-2516, CVE-2020-2517, CVE-2020-2527, CVE-2020-2731, CVE-2020-2568, CVE-2020-2569, CVE-2019-10072, CVE-2018-11784, CVE-2019-0199, CVE-2019-0221, CVE-2019-0232, CVE-2020-2518

For patch availability, see section 2.2 Post Release Patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.

Oracle Database Server home

Database Release Update 19.6.0.0.200114 Patch 30557433 for UNIX, or

Database Release Update Revision 19.5.1.0.200114 Patch 30446054 for UNIX, or

Database Release Update Revision 19.4.2.0.200114 Patch 30446228 for UNIX, or

GI Release Update 19.6.0.0.200114 Patch 30501910, or

GI Release Update Revision 19.5.1.0.200114 Patch 30464035, or

GI Release Update Revision 19.4.2.0.200114 Patch 30463911, or

Microsoft Windows 32-Bit and x86-64 BP 19.6.0.0.200114 Patch 30445947, or later;

Quarterly Full Stack download for Exadata (Jan2020) 19.6.0.0.200114 Patch 30463800 for Linux x86-64, or

Quarterly Full Stack download for SuperCluster (Q1.2020) Patch 30463811 for Solaris SPARC 64-Bit

CVE-2020-2510, CVE-2020-2511, CVE-2020-2512, CVE-2020-2515, CVE-2020-2516, CVE-2020-2517, CVE-2020-2527, CVE-2020-2731, CVE-2020-2568, CVE-2020-2569, CVE-2019-10072, CVE-2018-11784, CVE-2019-0199, CVE-2019-0221, CVE-2019-0232

For patch availability, see section 2.2 Post Release Patches

From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

OJVM Release Update 19.6.0.0.200114 Patch 30484981 for all platforms

CVE-2020-2518

For patch availability, see section 2.2 Post Release Patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

JDK8u241 Patch 30533132

CVE-2020-2604, CVE-2019-16168, CVE-2019-13117, CVE-2019-13118, CVE-2020-2601, CVE-2020-2585, CVE-2020-2593, CVE-2020-2654, CVE-2020-2590, CVE-2020-2659, CVE-2020-2583

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

Oracle Database Server home

Perl Patch 29511771

Released April 2019

 

Oracle Database Client home

Database Release Update 19.4.0.0.190716 Patch 29834717 for UNIX

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.3 Oracle Database 18

Patch Information

18

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 18

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Release Update 18.9.0.0.200114 and Database Release Update 18.9.0.0.200114 Patch 30463620 for UNIX, or

Combo OJVM Release Update 18.9.0.0.200114 and GI Release Update 18.9.0.0.200114 Patch 30463635, or

Quarterly Full Stack download for Exadata (Jan2020) 18.9.0.0.200114 Patch 30463789

CVE-2020-2510, CVE-2020-2511, CVE-2020-2512, CVE-2020-2515, CVE-2020-2516, CVE-2020-2517, CVE-2020-2527, CVE-2020-2731, CVE-2020-2568, CVE-2020-2569, CVE-2019-10072, CVE-2018-11784, CVE-2019-0199, CVE-2019-0221, CVE-2019-0232, CVE-2020-2518

For patch availability, see section 2.2 Post Release Patches

OJVM Update patches from 18.4 onwards are RAC Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches

Oracle Database Server home

Database Release Update 18.9.0.0.200114 Patch 30480385, or

Database Release Update Revision 18.8.1.0.200114 Patch 30445895, or

Database Release Update Revision 18.7.2.0.200114 Patch 30446239, or

GI Release Update 18.9.0.0.200114 Patch 30480702, or

GI Release Update Revision 18.8.1.0.200114 Patch 30463999, or

GI Release Update Revision 18.7.2.0.200114 Patch 30463931, or

Microsoft Windows 32-Bit and x86-64 BP 18.9.0.0.200114 Patch 30445951, or later;

Quarterly Full Stack download for Exadata (Jan2020) 18.9.0.0.200114 Patch 30463789, or

Quarterly Full Stack download for SuperCluster (Q1.2020) Patch 30463811 for Solaris SPARC 64-Bit

CVE-2020-2510, CVE-2020-2511, CVE-2020-2512, CVE-2020-2515, CVE-2020-2516, CVE-2020-2517, CVE-2020-2527, CVE-2020-2731, CVE-2020-2568, CVE-2020-2569, CVE-2019-10072, CVE-2018-11784, CVE-2019-0199, CVE-2019-0221, CVE-2019-0232

For patch availability, see section 2.2 Post Release Patches

From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

OJVM Release Update 18.9.0.0.200114 Patch 30501926 for all platforms

CVE-2020-2518

For patch availability, see section 2.2 Post Release Patches

OJVM Update patches from 18.4 onwards are RAC Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches

Oracle Database Server home

JDK8u241 Patch 30533172

CVE-2020-2604, CVE-2019-16168, CVE-2019-13117, CVE-2019-13118, CVE-2020-2601, CVE-2020-2585, CVE-2020-2593, CVE-2020-2654, CVE-2020-2590, CVE-2020-2659, CVE-2020-2583

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

Oracle Database Client home

Database Release Update 18.7.0.0.190716 Patch 29757256, or

Database Release Update Revision 18.6.1.0.190716 Patch 29708235, or

Database Release Update Revision 18.5.2.0.190716 Patch 29708437 or

Microsoft Windows 32-Bit and x86-64 BP 18.7.0.0.190716 Patch 29859180

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.4 Oracle Database 12.2.0.1

Patch Information

12.2.0.1

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 12.2.0.1

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Release Update 12.2.0.1.200114 and Database Release Update 12.2.0.1.200114 Patch 30463660 for UNIX, or

Combo OJVM Release Update 12.2.0.1.200114 and GI Release Update 12.2.0.1.200114 Patch 30463673, or

Quarterly Full Stack download for Exadata (Jan2020) 12.2.0.1 Patch 30463781, or

Quarterly Full Stack download for SuperCluster (Q1.2020) Patch 30463811 for Solaris SPARC 64-Bit

CVE-2020-2510, CVE-2020-2511, CVE-2020-2512, CVE-2020-2515, CVE-2020-2516, CVE-2020-2517, CVE-2020-2527, CVE-2020-2731, CVE-2020-2568, CVE-2020-2569, CVE-2019-10072, CVE-2018-11784, CVE-2019-0199, CVE-2019-0221, CVE-2019-0232, CVE-2020-2518

For patch availability, see section 2.2 Post Release Patches

OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM PSU and OJVM Update) Patches

Oracle Database Server home

Database Jan 2020 Release Update 12.2.0.1.200114 Patch 30593149 for UNIX, or

Database Jul 2019 Release Update Revision 12.2.0.1.200114 Patch 30446254, or

Database Oct 2019 Release Update Revision 12.2.0.1.200114 Patch 30445968, or

GI Jan 2020 Release Update 12.2.0.1.200114 Patch 30501932, or

GI Jul 2019 Release Update Revision 12.2.0.1.200114 Patch 30463942, or

GI Oct 2019 Release Update Revision 12.2.0.1.200114 Patch 30464069, or

BS2000 Database BP 12.2.0.1.200114 Patch 30612081

Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.200114 Patch 30446296, or later;

Quarterly Full Stack download for Exadata (Jan2020) 12.2.0.1 Patch 30463781, or

Quarterly Full Stack download for SuperCluster (Q1.2020) Patch 30463811 for Solaris SPARC 64-Bit

CVE-2020-2510, CVE-2020-2511, CVE-2020-2512, CVE-2020-2515, CVE-2020-2516, CVE-2020-2517, CVE-2020-2527, CVE-2020-2731, CVE-2020-2568, CVE-2020-2569, CVE-2019-10072, CVE-2018-11784, CVE-2019-0199, CVE-2019-0221, CVE-2019-0232

For patch availability, see section 2.2 Post Release Patches

From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

OJVM Release Update 12.2.0.1.200114 Patch 30502018 for UNIX, or

OJVM Microsoft Windows Bundle Patch 12.2.0.1.200114 Patch 30525838

CVE-2020-2518

OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

JDK8u241 Patch 30533198

CVE-2020-2604, CVE-2019-16168, CVE-2019-13117, CVE-2019-13118, CVE-2020-2601, CVE-2020-2585, CVE-2020-2593, CVE-2020-2654, CVE-2020-2590, CVE-2020-2659, CVE-2020-2583

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

Oracle Database Client home

Database Jul 2019 Release Update 12.2.0.1.190716 Patch 29757449 for UNIX, or

Database Jan 2019 Release Update Revision 12.2.0.1.190716 Patch 29708478, or

Database Apr 2019 Release Update Revision 12.2.0.1.190716 Patch 29708381, or

Microsoft Windows 32-Bit and x86-64 RU 12.2.0.1.190716 Patch 29832062, or later

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.5 Oracle Database 12.1.0.2

Error Correction information for Oracle Database 12.1.0.2

Patch Information

12.1.0.2

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

 32-bit client-only platforms

 

Patch Availability for Oracle Database 12.1.0.2

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM PSU 12.1.0.2.200114 and Database PSU 12.1.0.2.200114 Patch 30463684 for UNIX, or

Combo OJVM PSU 12.1.0.2.200114 and GI PSU 12.1.0.2.200114 Patch 30463691, or

Combo OJVM PSU 12.1.0.2.200114 and Database Proactive BP 12.1.0.2.200114  Patch 30463708 for UNIX, or

Quarterly Full Stack download for Exadata (Jan2020) BP 12.1.0.2 Patch 30463764, or

Quarterly Full Stack download for SuperCluster (Q1.2020) Patch 30463811 for Solaris SPARC 64-Bit

CVE-2020-2510, CVE-2020-2511, CVE-2020-2512, CVE-2020-2515, CVE-2020-2516, CVE-2020-2517, CVE-2020-2527, CVE-2020-2731, CVE-2020-2568, CVE-2020-2569, CVE-2020-2518

OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

Database PSU 12.1.0.2.200114 Patch 30340202 for UNIX, or

GI PSU 12.1.0.2.200114 Patch 30464119, or

Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.200114 Patch 30455401, or later;

Database Proactive Bundle Patch 12.1.0.2.200114 Patch 30464171 or

Quarterly Full Stack download for Exadata (Jan2020) BP 12.1.0.2 Patch 30463764, or

Quarterly Full Stack download for SuperCluster (Q1.2020) Patch 30463811 for Solaris SPARC 64-Bit

CVE-2020-2510, CVE-2020-2511, CVE-2020-2512, CVE-2020-2515, CVE-2020-2516, CVE-2020-2517, CVE-2020-2527, CVE-2020-2731, CVE-2020-2568, CVE-2020-2569

For patch availability, see section 2.2 Post Release Patches

For JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

Oracle JavaVM Component Database PSU 12.1.0.2.200114 Patch 30502041 for UNIX, or

Oracle JavaVM Component Microsoft Windows Bundle Patch 12.1.0.2.200114 Patch 30671054

CVE-2020-2518

OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

All OJVM PSU since 12.1.0.2.161018 includes Generic JDBC Patch 23727148

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

JDK7u251 Patch 30533230

CVE-2020-2604, CVE-2020-2601, CVE-2020-2593, CVE-2020-2654, CVE-2020-2590, CVE-2020-2659, CVE-2020-2583

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

Oracle Database Server home

Oracle JavaVM Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148

Released July 2016

 

Oracle Database Client home

Database PSU 12.1.0.2.190716 Patch 29494060 for UNIX, or

Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.190716 Patch 29831650

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.6 Oracle Database 11.2.0.4

Error Correction information for Oracle Database 11.2.0.4

Patch Information

11.2.0.4

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

HP-UX PA-RISC

IBM: Linux on System Z

32-bit client-only platforms except Linux x86

 

On-Request platforms

32-bit client-only platforms except Linux x86

 

Patch Availability for Oracle Database 11.2.0.4

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM PSU 11.2.0.4.200114 and Database SPU 11.2.0.4.200114 Patch 30463749 for UNIX, or

Combo OJVM PSU 11.2.0.4.200114 and Database PSU 11.2.0.4.200114 Patch 30463718 for UNIX, or 

Combo OJVM PSU 11.2.0.4.200114 and GI PSU 11.2.0.4.200114 Patch 30463729 for UNIX, or

Combo OJVM PSU 11.2.0.4.200114 and Exadata BP 11.2.0.4.200114 Patch 30463739

CVE-2020-2510, CVE-2020-2512, CVE-2020-2515, CVE-2020-2517, CVE-2020-2569, CVE-2020-2518

For patch availability, see section 2.2 Post Release Patches

From Jan2019 onwards the OJVM now only supports JDK7 for security compliance. Please ensure that if there are applications with an OJVM dependency that they are compatible with JDK7.

OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

Database PSU 11.2.0.4.200114 Patch 30298532 for UNIX, or

GI PSU 11.2.0.4.200114 Patch 30501155 for UNIX, or

Database SPU 11.2.0.4.200114 Patch 30559616 for UNIX, or

Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.200114 Patch 30502376, or later;

Quarterly Database Patch for Exadata BP 11.2.0.4.200114 Patch 30501894 for UNIX, or

Quarterly Full Stack download for Exadata (Jan2020) BP 11.2.0.4 Patch 30463761, or

Quarterly Full Stack download for SuperCluster (Q1.2020) Patch 30463811 for Solaris SPARC 64-Bit

CVE-2020-2510, CVE-2020-2512, CVE-2020-2515, CVE-2020-2517, CVE-2020-2569

For patch availability, see section 2.2 Post Release Patches

For JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.200114 Patch 30503372 for UNIX, or

Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.200114 Patch 30671044 for Microsoft Windows

CVE-2020-2518

For patch availability, see section 2.2 Post Release Patches

From Jan2019 onwards the OJVM now only supports JDK7 for security compliance. Please ensure that if there are applications with an OJVM dependency that they are compatible with JDK7.

OJVM PSU 11.2.0.4.161018 and greater includes Generic JDBC Patch 23727132

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

JDK7u251 Patch 30533259

CVE-2020-2604, CVE-2020-2601, CVE-2020-2593, CVE-2020-2654, CVE-2020-2590, CVE-2020-2659, CVE-2020-2583

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

Oracle Database Server home

Oracle JavaVM Component Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132

Released July 2016

For RAC deployments, this patch should be applied to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Client home

Database PSU 11.2.0.4.190716 Patch 29497421 for UNIX, or

Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.190716 Patch 29596609, or later

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

3.1.5 Oracle Database Mobile/Lite Server

Error Correction Information for Oracle Database Mobile Server

Patch Information

12.1 (Mobile Server)

11.3 (Mobile Server)

Comments

Final CPU

-

October 2021

 

Patch Availability for Oracle Database Mobile Server 12.1.x

Product Home

Patch

Advisory Number

Comments

12.1

12.1.0.0 BP Patch 21974980

Released October 2015

 

Patch Availability for Oracle Database Mobile Server 11.3.x

Product Home

Patch

Advisory Number

Comments

11.3

11.3.0.2 BP Patch 21950285

Released October 2015

 

3.1.6 Oracle GoldenGate

Error Correction information for Oracle GoldenGate

Component

12.3.0.1

12.2.0.2

12.1.2.1

11.2.1.0

Comments

Final CPU

July 2025

October 2023

October 2021

January 2020

 

Patch Availability for Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

12.3.0.1

Install 12.3.0.1.4 Path Set (Available on edelivery/OTN)

Released October 2018

Refer to Note 1645495.1 for the latest release and additional platforms.

12.2.0.2

Oracle GoldenGate 12.2.0.2.181009 for Oracle 12c, Patch 28651610
Oracle GoldenGate 12.2.0.2.181009 for Oracle 11g, Patch 28651607

Released October 2018

Refer to Note 1645495.1 for the latest release and additional platforms.

12.1.2.1

Oracle GoldenGate 12.1.2.1.181016 for Oracle 12c, Patch 28696813
Oracle GoldenGate 12.1.2.1.181016 for Oracle 11g, Patch 28696808

Released October 2018

Refer to Note 1645495.1 for the latest release and additional platforms.

11.2.1.0

Upgrade to OGG 12.1.2.1 or later and apply the applicable Security patches listed above

-

Refer to Note 1645495.1 for the latest release and additional platforms.

3.1.7 Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)

Error Correction information for Oracle GoldenGate for Big Data

Component

12.3.2.1.0

Comments

Final CPU

-

 

Patch Availability for Oracle GoldenGate for Big Data

Product Home

Patch

Advisory Number

Comments

12.3.2.1

Oracle GoldenGate for Big Data 12.3.2.1.5 Patch 30207616

Released October 2019

Download the release from OTN

3.1.8 Oracle GoldenGate Veridata

Error Correction information for Oracle GoldenGate Veridata

Component

11.2.1.0

Comments

Final CPU

October 2020

 

Patch Availability for Oracle GoldenGate Veridata

Product Home

Patch

Advisory Number

Comments

11.2.1.0

oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665

oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668

Released April 2018

Golden Gate Veridata Patch

3.1.9 Oracle Secure Backup

Error Correction information for Oracle Secure Backup

Patch Information

12.1.x

Comments

Final CPU

January 2020

 

Minimum Product Requirements for Oracle Secure Backup 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Secure Backup downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html

Product

Release

Advisory Number

Comments

Oracle Secure Backup

12.1.0.3

Released April 2017

 

3.2 Oracle Enterprise Manager

This section contains the following:

·         Section 3.2.1 "Oracle Application Performance Management"

·         Section 3.2.2 "Oracle Application Testing Suite"

·         Section 3.2.3 "Oracle Business Transaction Management"

·         Section 3.2.4 "Oracle Enterprise Manager Cloud Control"

·         Section 3.2.5 "Oracle Enterprise Manager Ops Center"

·         Section 3.2.6 "OSS Support Tools"

·         Section 3.2.7 "Oracle Configuration Manager"

3.2.1 Oracle Application Performance Management

Error Correction information for Oracle Application Performance Management

Patch Information

12.1.0.7

Comments

Final CPU

-

 

On-Request platforms

-

 

Minimum Product Requirements for Oracle Application Performance Management

Critical Patch Update security vulnerabilities are fixed in the listed releases. For more information on Oracle Application Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.

Product Version

Patch

Advisory Number

Comments

12.1.0.7

12.1.0.7.11 Release Patch 25244272

Released July 2017

 

3.2.2 Oracle Application Testing Suite

Error Correction information for Oracle Application Testing Suite

Patch Information

13.3.0.1

13.2.0.1

Comments

Final CPU

June 2025

June 2025

 

Patch Availability for Oracle Application Testing Suite

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.

Product Home

UNIX

Advisory Number

Comments

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.1.3.0)

Released January 2019

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

13.3.0.1

EM BP Application Testing Suite CPU January 2020 Patch 30733044

CVE-2019-2904, CVE-2017-12626, CVE-2017-14735, CVE-2019-12415

 

13.3.0.1

EM BP Application Testing Suite OFB CPU January 2020 Patch 30733056

CVE-2016-4000, CVE-2020-2673, CVE-2017-12626, CVE-2019-11358, CVE-2017-14735

OFB is Oracle Flow Builder

13.2.0.1

EM BP Application Testing Suite CPU January 2020. 13.2.0.1 customers must upgrade to 13.3.0.1.

CVE-2019-2904, CVE-2017-12626, CVE-2017-14735, CVE-2019-12415

 

13.2.0.1

EM BP Application Testing Suite OFB CPU January 2020. 13.2.0.1 customers must upgrade to 13.3.0.1.

CVE-2016-4000, CVE-2020-2673, CVE-2017-12626, CVE-2019-11358, CVE-2017-14735

 

 

3.2.3 Oracle Business Transaction Management

Error Correction Information for Oracle Business Transaction Management

Component

12.1.0.7

Comments

Final CPU

-

 

Patch Availability for Oracle Business Transaction Management

Product Home

Patch

Advisory Number

Comment

BTM Home

BTM Patch 12.1.0.7.15 Patch 29135901

Released April 2019

 

 

3.2.4 Oracle Enterprise Manager Cloud Control

If your plans include updating the JDK version, please be sure that the JDK version that you choose is certified with your OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM Cloud Control Component.

Error Correction information for Oracle Enterprise Manager Cloud Control

Patch Information

13.3.0.0

13.2.0.0

12.1.0.5

Comments

Final CPU

-

Jan2020

October 2020

 

On-Request platforms

-

-

-

 

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 2 (13.3.0.0)

Product Home

Patches

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

 

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.1.3.0)

 

 

Base Platform OMS home

Base Release 13.3

Released April 2019

Fix is included in the Base release itself

Base Platform OMS home

EM BP Patch Set Update 13.3.0.0.200114 Patch 30592540

CVE-2020-2626, CVE-2020-2634, CVE-2020-2624, CVE-2020-2633, CVE-2020-2645, CVE-2020-2617, CVE-2020-2616, CVE-2020-2629, CVE-2020-2630, CVE-2020-2622, CVE-2020-2623, CVE-2020-2613, CVE-2020-2628, CVE-2020-2639, CVE-2020-2642, CVE-2020-2625, CVE-2020-2643, CVE-2020-2631, CVE-2020-2636, CVE-2020-2615, CVE-2020-2644, CVE-2020-2608, CVE-2020-2632, CVE-2020-2635, CVE-2020-2609, CVE-2020-2610, CVE-2020-2611, CVE-2020-2612, CVE-2020-2618, CVE-2020-2619, CVE-2020-2620, CVE-2020-2621, CVE-2020-2646

 

Base Platform OMS home

OSS SECURITY PATCH UPDATE 12.1.3.0.0 (CPUJAN2020) Patch 30692958

CVE-2018-11058, CVE-2020-2545

For patch availability, see section 2.2 Post Release Patches

Oracle Security Service (SSL/Network) Patch for Oracle HTTP server (OHS)

CVE-2018-11058 announced in July 2019, Patch is released Jan 2020.

Base Platform OMS home

OHS 12.1.3 SPU FOR JANCPU2020 Patch 30748483

CVE-2020-2530 CVE-2020-2545

For patch availability, see section 2.2 Post Release Patches

Note 2572758.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.1.3 Critical Patch Update

Base Platform Agent home

EM-AGENT Bundle Patch 13.3.0.0.191015 Patch 30206738

Released October 2019

Patch 30563582 or Later

EM Cloud Control Connectors

See Announcement on MOSC

Released April 2019

 

EM for Fusion Middleware

EM for OMS plugin 13.3.2.0.191231 Patch 30666123

EM for OMS plugin 13.3.1.0.191231 Patch 30666063

CVE-2020-2615, CVE-2020-2644

For patch availability, see section 2.2 Post Release Patches

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.2.0.0)

Product Home

Patches

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.1.3.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

 

Base Platform OMS home

Base Release 13.2

Released April 2019

Fix is included in the Base release itself

Base Platform OMS home

EM BP Patch Set Update 13.2.0.0.200114 Patch 30592558

CVE-2020-2626, CVE-2020-2634, CVE-2020-2624, CVE-2020-2633, CVE-2020-2645, CVE-2020-2617, CVE-2020-2616, CVE-2020-2629, CVE-2020-2630, CVE-2020-2622, CVE-2020-2623, CVE-2020-2613, CVE-2020-2628, CVE-2020-2639, CVE-2020-2642, CVE-2020-2625, CVE-2020-2643, CVE-2020-2631, CVE-2020-2636, CVE-2020-2615, CVE-2020-2644, CVE-2020-2608, CVE-2020-2632, CVE-2020-2635, CVE-2020-2609, CVE-2020-2610, CVE-2020-2611, CVE-2020-2612, CVE-2020-2618, CVE-2020-2619, CVE-2020-2620, CVE-2020-2621, CVE-2020-2646

 

EM Cloud Control Connectors

See Announcement on MOSC

Released April 2019

 

Base Platform OMS home

EM for OMS Plugins 13.2.3.0.180630 Patch 28170938 or later

EM for OMS Plugins 13.2.2.0.180630 
Patch 28170918 or later

Released July 2018

 

Base Platform Agent home

EM VT Plugin Bundle Patch 13.2.3.0.181231 (Agent Monitoring) Patch 29047624Patch 28195767

Released January 2019

 

Base Platform Agent Home

EM for OMS plugin 13.2.3.0.191231 Patch 30694790

EM for OMS plugin 13.2.2.0.191231 Patch 30694785

CVE-2020-2615, CVE-2020-2644

For patch availability, see section 2.2 Post Release Patches

Base Platform Agent home

EM-AGENT Bundle Patch 13.2.0.0.190930 Patch 30206958

Released October 2019

 

Base Platform Agent home

EM VT Plugin Bundle Patch 13.2.2.0.190630 (Agent Monitoring) Patch 29893650

Released July 2019

 

Base Platform Agent home

EM for PeopleSoft 13.2.1.1.0 Patch 28243206 or EM for PeopleSoft 13.1.1.1.0 Patch 28243212

Released July 2018

 

Base Platform Agent home

EM for MYSQL Database 13.2.4.0.0 Patch 28788540

Released October 2018

 

Base Platform OMS home

OSS SECURITY PATCH UPDATE 12.1.3.0.0 (CPUJAN2020) Patch 30692958

CVE-2018-11058, CVE-2020-2545

For patch availability, see section 2.2 Post Release Patches

Oracle Security Service (SSL/Network) Patch for Oracle HTTP server (OHS)

CVE-2018-11058 announced in July 2019, Patch is released Jan 2020.

Base Platform OMS home

OHS 12.1.3 SPU FOR JANCPU2020 Patch 30748483

CVE-2020-2530 CVE-2020-2545

For patch availability, see section 2.2 Post Release Patches

Note 2572758.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.1.3 Critical Patch Update

Base Platform OMS home

SPU Patch 25322055

Released in January 2017

Oracle ADF Patch 12.1.3.0
This patch is necessary for any co-located installations where ADF exists.

Patch Availability for Oracle Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5)

Product Home

Patches

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 10.3.6.0)

See "Oracle WebLogic Server" (Version 10.3.6.0)

 

Base Platform Fusion Middleware home

CPU Patch 23703041

Released July 2016

Oracle Business Intelligence Publisher BP 11.1.1.7.160719 patch for BIP home in Enterprise Manager

Base Platform Agent Home

EM for OMS plugin 12.1.0.5.191231 Patch 30699112

CVE-2020-2615, CVE-2020-2644

 

Base Platform OMS home

EM BP Patch Set Update 12.1.0.5.200114 Patch 30592609

CVE-2020-2626, CVE-2020-2634, CVE-2020-2624, CVE-2020-2633, CVE-2020-2645, CVE-2020-2617, CVE-2020-2616, CVE-2020-2629, CVE-2020-2630, CVE-2020-2622, CVE-2020-2623, CVE-2020-2613, CVE-2020-2628, CVE-2020-2639, CVE-2020-2642, CVE-2020-2625, CVE-2020-2643, CVE-2020-2631, CVE-2020-2636, CVE-2020-2615, CVE-2020-2644, CVE-2020-2608, CVE-2020-2632, CVE-2020-2635, CVE-2020-2609, CVE-2020-2610, CVE-2020-2611, CVE-2020-2612, CVE-2020-2618, CVE-2020-2619, CVE-2020-2620, CVE-2020-2621, CVE-2020-2646

 

Base Platform Fusion Middleware home

JSP 11.1.1.7.0 SPU for EM 12.1.0.5 (CPUAPR2018) Patch 27872862

Released April 2018

JSP 11.1.1.7.0 SPU patch

Base Platform Agent home

BP Patch 22317311

Released January 2016

Apply to Agent core Oracle Home, after applying agent patch 25456449, 22342358

Base Platform Agent home

BP Patch 22342358

Released January 2016

Apply 22342358 to Agent sbin Oracle Home after applying agent Patch 28193486. Then apply Patch 22317311.
If patches 22342358 and 22317311 were applied earlier, no need to reapply.

Base Platform Fusion Middleware home

SPU Patch 22013598

Released January 2016

Web Cache Patch

Apply to Oracle_WT

Post installation steps are not applicable for Enterprise Manager

Plugin home

BP Patch 28347732

Released July 2018

 

Base Platform Agent home

BP Patch 28193486

Released July 2018

 

Base Platform Fusion Middleware home

OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885

Released January 2018

Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates

Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates

See Note 2400141.1 before applying this patch

Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH

Base Platform Fusion Middleware home

CPU Patch 19345576

Released January 2015

Oracle Process Management and Notification (OPMN) Patch for Oracle_WT OH

See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

Base Platform Fusion Middleware home

SPU Patch 17337741

Released October 2013

Oracle Security Service (SSL/Network) Patch for Oracle_WT OH

3.2.5 Oracle Enterprise Manager Ops Center

Error Correction information for Oracle Enterprise Manager Ops Center

Patch Information

12.4.x

12.3.x

Comments

Final CPU

-

Jun 2020

 

Patch Availability for Oracle Enterprise Manager Ops Center

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.

Product Home

UNIX

Advisory Number

Comments

12.4.0

OpsCenter UCE patches for CPU Jan 2020 Patch 30670627

CVE-2018-11058, CVE-2019-5482, CVE-2019-1547

 

12.4.0

OpsCenter UI and other patches for CPU October 2019 Patch 30295450

Released October 2019

 

12.3.3

OpsCenter UI and other patches for CPU October 2019 Patch 30295446

Released October 2019

 

12.3.3

OpsCenter UCE patches for CPU Jan 2020 Patch 30670631

CVE-2018-11058, CVE-2019-5482, CVE-2019-1547

 

3.2.6 OSS Support Tools

Error Correction information for OSS Support Tools

Patch Information

8.11.x

Comments

Final CPU

-

 

Patch Availability for OSS Support Tools

Product Home

Solaris

Advisory Number

Comments

8.11.16.3.8

BP Patch 22783063

March 2016

See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT

3.2.7 Oracle Configuration Manager

Minimum Product Requirements for Oracle Configuration Manager

Critical Patch Update security vulnerabilities are fixed in the listed releases.  
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com). Customer can use collector tab to down the Oracle Configuration Manager Collector.

Component

Release

Advisory Number

Comments

Oracle Configuration Manager

12.1.2.0.6

Released October 2018

 

3.3 Oracle Fusion Middleware

This section contains the following:

·         Section 3.3.1 "Management Pack For Oracle GoldenGate"

·         Section 3.3.2 "NetBeans IDE"

·         Section 3.3.3 "Oracle API Gateway"

·         Section 3.3.4 "Oracle Big Data Discovery"

·         Section 3.3.5 "Oracle Business Intelligence Enterprise Edition"

·         Section 3.3.6 "Oracle Business Intelligence Publisher"

·         Section 3.3.7 "Oracle Complex Event Processing"

·         Section 3.3.8 "Oracle Data Quality for Oracle Data Integrator"

·         Section 3.3.9 "Oracle Data Visualization Desktop"

·         Section 3.3.10 "Oracle Endeca Server"

·         Section 3.3.11 "Oracle Endeca Information Discovery Integrator"

·         Section 3.3.12 "Oracle Endeca Information Discovery Studio"

·         Section 3.3.13 "Oracle Enterprise Data Quality"

·         Section 3.3.14 "Oracle Enterprise Repository"

·         Section 3.3.15 "Oracle Exalogic Patch Set Update (PSU)"

·         Section 3.3.16 "Oracle Fusion Middleware"

·         Section 3.3.17 "Oracle Hyperion Analytic Provider Services"

·         Section 3.3.18 "Oracle Hyperion Data Relationship Management"

·         Section 3.3.19 "Oracle Hyperion Enterprise Performance Management Architect"

·         Section 3.3.20 "Oracle Hyperion Essbase"

·         Section 3.3.21 "Oracle Hyperion Financial Close Management"

·         Section 3.3.22 "Oracle Hyperion Financial Management"

·         Section 3.3.23 "Oracle Hyperion Financial Reporting"

·         Section 3.3.24 "Oracle Hyperion Planning"

·         Section 3.3.25 "Oracle Hyperion Profitability and Cost Management"

·         Section 3.3.26 "Oracle Hyperion Strategic Finance"

·         Section 3.3.27 "Oracle Hyperion Workspace"

·         Section 3.3.28 "Oracle Identity and Access Management"

·         Section 3.3.29 "Oracle Identity Management Connector"

·         Section 3.3.30 "Oracle JDeveloper and Oracle ADF"

·         Section 3.3.31 "Oracle Map Viewer"

·         Section 3.3.32 "Oracle Outside In Technology"

·         Section 3.3.33 "Oracle Real Time Decisions Platform"

·         Section 3.3.34 "Oracle Service Architecture Leveraging Tuxedo (SALT)"

·         Section 3.3.35 "Oracle SOA Suite"

·         Section 3.3.36 "Oracle Traffic Director"

·         Section 3.3.37 "Oracle Tuxedo"

·         Section 3.3.38 "Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)"

·         Section 3.3.39 "Oracle Web-Tier 11g Utilities"

·         Section 3.3.40 "Oracle WebCenter"

·         Section 3.3.41 "Oracle WebCenter Content (Formerly Oracle Universal Content Management)"

·         Section 3.3.42 "Oracle WebCenter Portal"

·         Section 3.3.43 "Oracle WebCenter Sites (Formerly FatWire Content Server)"

·         Section 3.3.44 "Oracle WebCenter Sites Community"

·         Section 3.3.45 "Oracle WebCenter Suite"

·         Section 3.3.46 "Oracle WebLogic Portal"

·         Section 3.3.47 "Oracle WebLogic Server"

3.3.1 Management Pack For Oracle GoldenGate

Error Correction information for Management Pack For Oracle GoldenGate

Patch Information

12.1.3.x

11.2.1.0

Comments

Final CPU

July 2022

April 2020

 

 

Patch Availability for Management Pack For Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

11.2.1.0

Oracle Goldengate Monitor v11.2.1.0.13 or later Patch 27221310

Released April 2018

Oracle GoldenGate Monitor patch


3.3.2 NetBeans IDE

Minimum Product Requirements for NetBeans IDE

Critical Patch Update security vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/

Product Home

Release

Advisory Number

Comments

NetBeans IDE

8.2

Released October 2016

 


3.3.3 Oracle API Gateway

Error Correction information for Oracle API Gateway

Patch Information

11.1.2.4.0

Comments

Final CPU

March 2021

 

Patch Availability for Oracle API Gateway

Product Home

Patch

Advisory Number

Comments

11.1.2.4.0

OAG 11.1.2.4.0 SPU FOR OCTCPU2019 Patch 30192594

Released October 2019

 

 

3.3.4 Oracle Big Data Discovery

Minimum Product Requirements for Oracle Big Data Discovery

Critical Patch Update security vulnerabilities are fixed in the listed release only and installations with any prior versions will need to move to the listed version. For Oracle Big Data Discovery downloads, see https://edelivery.oracle.com and search for "Oracle Big Data Discovery".

Product

Release

Advisory Number

Comments

Oracle Big Data Discovery

BIG DATA DISCOVERY 1.6 SPU FOR JAN2020 BP Patch 30737640

CVE-2019-0227

 

 

3.3.5 Oracle Business Intelligence Enterprise Edition

Error Correction information for Oracle Business Intelligence Enterprise Edition

Patch Information

12.2.1.4.0

12.2.1.3

11.1.1.9

Comments

Final CPU

-

July 2020

October 2021

11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

Patch Availability for Oracle Business Intelligence Enterprise Edition

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

12.2.1.4 Oracle Business Intelligence Enterprise Edition

and

12.2.1.3 Oracle Business Intelligence Enterprise Edition

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

Apply all 12.2.1.3 patches listed for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)"

12.2.1.4 Oracle Business Intelligence Enterprise Edition

and

12.2.1.3 Oracle Business Intelligence Enterprise Edition

OSS BUNDLE PATCH 12.2.1.3.200114 Patch 30146266

CVE-2020-2545

Oracle Security Service (SSL/Network) Patch

12.2.1.4 Oracle Business Intelligence Enterprise Edition

OBI Bundle Patch 12.2.1.4.200114 3 Patch 30499026

CVE-2019-1559 CVE-2020-2531 CVE-2019-1559 CVE-2020-2537 CVE-2020-2535

 

12.2.1.3 Oracle Business Intelligence Enterprise Edition

OBI Bundle Patch 12.2.1.3.200114 Patch 30499022

CVE-2019-1559,CVE-2020-2531,CVE-2019-1559,CVE-2020-2537,CVE-2020-2535

 

11.1.1.9

BI Suite Bundle Patch 11.1.1.9.200114 Patch 30677050

CVE-2019-1559, CVE-2019-1559

 

DAC 11.1.1.6.4 home

Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU for apr2018cpu

Released April 2018

Patch can be installed in any home

3.3.6 Oracle Business Intelligence Publisher

Error Correction information for Oracle Business Intelligence Publisher

Patch Information

12.2.1.4

12.2.1.3

11.1.1.9

Comments

Final CPU

-

July 2020

October 2021

 

Patch Availability for Oracle Business Intelligence Publisher

Product Home

Patch

Advisory Number

Comments

12.2.1.3 and 12.2.1.4 Business Intelligence Publisher

See "Oracle Business Intelligence Enterprise Edition"

See "Oracle Business Intelligence Enterprise Edition"

BIP is part of OBI Patch in 12c

11.1.1.9

BI Suite Bundle Patch 11.1.1.9.200114 Patch 30677050

Released October 2019

 

11.1.1.9

BP Patch 24580895

Released October 2016

Webservice BP

11.1.1.9

11.1.1.9 Interim Patch 17081528

Released October 2016

XDK Interim Patch

3.3.7 Oracle Complex Event Processing

Error Correction information for Oracle Complex Event Processing

Patch Information

CEP 12.1.3

Comments

Final CPU

October 2020

 

Patch Availability for Oracle Complex Event Processing

See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

Product Home

Patch

Advisory Number

Comments

12.1.3.0

SPU Patch 21071699

Released July 2015

 

3.3.8 Oracle Data Quality for Oracle Data Integrator

Error Correction information for Oracle Data Quality for Oracle Data Integrator

Patch Information

ODIDQ 11.1.x

Comments

Final CPU

-

 

Patch Availability for Oracle Data Quality for Oracle Data Integrator

Product Home

Patch

Advisory Number

Comments

11.1.1.3.0

CPU Patch 21418574

Released July 2015

 

3.3.9 Oracle Data Visualization Desktop

Error Correction information for Oracle Data Visualization Desktop

Patch Information

12.2.4.1.1

Comments

Final CPU

-

 

Patch availability for Oracle Data Visualization Desktop

Product Home

Patch

Advisory Number

Comments

Oracle Data Visualization Desktop 12.2.4.1.1

Patch is available on http://www.oracle.com/technetwork/middleware/oracle-data-visualization/index.html

Released April 2018

 

3.3.10 Oracle Endeca Server

Error Correction information for Oracle Endeca Server

Patch Information

7.7

Comments

Final CPU

January 2021

 

Patch availability for Oracle Endeca Server

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Server 7.7 home

ORACLE ENDECA SERVER 7.7 CPU JULY 2019 Patch 29632403

Released July 2019

 

3.3.11 Oracle Endeca Information Discovery Integrator

Error Correction information for Oracle Endeca Information Discovery Studio Integrator

Patch Information

3.2

Comments

Final CPU

January 2021

 

 

Patch availability for Oracle Endeca Information Discovery Studio Integrator

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Information Discovery Integrator 3.2 home

ORACLE ENDECA INFORMATION DISCOVERY INTEGRATOR 3.2 SPU JAN 2020 Patch 30472013

CVE-2019-10247

All Patches are cumulative of prior fixes

3.3.12 Oracle Endeca Information Discovery Studio

Error Correction information for Oracle Endeca Information Discovery Studio

Patch Information

3.2

Comments

Final CPU

January 2021

 

Patch availability for Oracle Endeca Information Discovery Studio

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Information Discovery Studio 3.2 home

Endeca Information Discovery Studio 3.2 SPU for JANCPU2020 Patch 30758934

CVE-2019-0227 CVE-2019-12415 CVE-2017-12626

 

3.3.13 Oracle Enterprise Data Quality

Error Correction information for Oracle Enterprise Data Quality

Patch Information

11.1.1.x

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Enterprise Data Quality

Product Home

Patch

Advisory Number

Comments

12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

11.1.1.9

Patch 25084186

Patch 25534288 (EDQ-CDS)

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

 

3.3.14 Oracle Enterprise Repository

Error Correction information for Oracle Enterprise Repository

Patch Information

12.1.3

Comments

Final CPU

January 2020

 

Patch Availability for Oracle Enterprise Repository

Product Home

Patch

Advisory Number

Comments

12.1.3.0.0

Security Patch for OER 12.1.3 Patch 30533895

CVE-2019-12415

 

 

3.3.15 Oracle Exalogic Patch Set Update (PSU)

Error Correction information for Oracle Exalogic Patch Set Update (PSU)

Patch Information

2.x

1.x

Comments

Final CPU

-

-

 

Patch Set Update Availability for Oracle Exalogic

Oracle Exalogic

Patch

Advisory Number

Comments

2.x Physical

2.0.6.3.191015 Physical Linux (for all X2-2, X3-2, X4-2, X5-2, and X6-2) PSU Patch 30151539

2.0.6.3.191015 Physical Solaris (for all X2-2, X3-2, X4-2, and X5-2) PSU Patch 30151539

2.0.6.4.190716 Physical Linux (for all X3-2, X4-2, X5-2, and X6-2) PSU Patch 29709318

Released in October 2019

Released in October 2019

Released in Jul 2019

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

2.x Virtual

2.0.6.3.191015 Virtual (for all X2-2, X3-2, X4-2, X5-2, and X6-2) PSU Patch 30151541

2.0.6.4.190716 Virtual (for all X3-2, X4-2, X5-2, and X6-2) PSU Patch 29709319

Released in October 2019

Released in Jul 2019

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

1.x

Upgrade to 2.x based on information in the Comments column. Then apply the patches listed above.

Released March 2012 (13795376)

Released Februrary 2013 (15931901)

See Patch 13795376 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)

See Patch 15931901 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

3.3.16 Oracle Fusion Middleware

For more information on how to identify the components in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or Oracle home?.

This section contains the following:

·         Section 3.3.16.1 "Oracle Fusion Middleware 12c"

o    Section 3.3.16.1.1 "Oracle Fusion Middleware 12.2.1.4"

o    Section 3.3.16.1.2 "Oracle Fusion Middleware 12.2.1.3"

o    Section 3.3.16.1.3 "Oracle Fusion Middleware 12.1.3.0"

·         Section 3.3.16.2 "Oracle Fusion Middleware 11.1.1.9"

·         Section 3.3.16.3 "Oracle Identity Access Management 11.1.2.3"

3.3.16.1 Oracle Fusion Middleware 12c

The sections below cover Oracle Fusion Middleware version 12.2.x and 12.1.x

·         Section 3.3.16.1.1 "Oracle Fusion Middleware 12.2.1.4"

·         Section 3.3.16.1.2 "Oracle Fusion Middleware 12.2.1.3"

·         Section 3.3.16.1.3 "Oracle Fusion Middleware 12.1.3.0"

3.3.16.1.1 Oracle Fusion Middleware 12.2.1.4

Error Correction information for Oracle Fusion Middleware 12.2.1.4

Patch Information

12.2.1.4

Comments

Final CPU

Dec 2025

See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

-

 

Determine Components in an Oracle Home

-

See Note 1591483.1, What is Installed in My Middleware or Oracle home?

Understanding Patch Release Versions

-

See Note 1494151.1, understanding Fusion Middleware Bundle Patch (BP) Release Versions
See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

Patch Availability for Oracle Fusion Middleware 12.2.1.4

Distribution

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

All 12.2.1.4 Fusion Middleware Distributions & WebLogic home

OPatch 13.9.4.2.2 Patch 28186730

Released in January 2020

Update OPatch before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory

WLS Patch Set Update 12.2.1.4.191220 Patch 30689820 + Patch 30761841

CVE-2020-2550, CVE-2020-2551, CVE-2020-6950, CVE-2020-2544, CVE-2020-2547, CVE-2020-2519, CVE-2019-17359, CVE-2019-2888

CVE-2019-2888 announced in Oct 2019 Advisory is included in the Jan2020 patch.

WLS PSU should also be applied to all homes with a WLS full or standalone domain.

Patch 30761841 is for CVE-2019-17359

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Coherence 12.2.1.4.3 Cumulative Patch using OPatch Patch 30729380

CVE-2020-2555

 

Oracle Forms and Reports

Oracle Reports Developer 12.2.1.4.0 SPU Patch 30731161

CVE-2020-2534 , CVE-2020-2533

 

3.3.16.1.2 Oracle Fusion Middleware 12.2.1.3

Error Correction information for Oracle Fusion Middleware 12.2.1.3

Patch Information

12.2.1.3

Comments

Final CPU

July 2020

See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

-

 

Determine Components in an Oracle Home

-

See Note 1591483.1, What is Installed in My Middleware or Oracle home?

Understanding Patch Release Versions

-

See Note 1494151.1, understanding Fusion Middleware Bundle Patch (BP) Release Versions

See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

Patch Availability for Oracle Fusion Middleware 12.2.1.3

Distribution

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

All 12.2.1.3 Fusion Middleware Distributions & WebLogic home

OPatch 13.9.4.2.2 Patch 28186730

Released in January 2020

Update OPatch before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory 

WLS PATCH SET UPDATE 12.2.1.3.0(ID:191217.1425) Patch 30675853

CVE-2020-2550, CVE-2020-2551, CVE-2020-6950, CVE-2020-2544, CVE-2020-2547, CVE-2020-2519, CVE-2019-17359

Refer to Note 2566635.1 for Patch Conflict issue.

WLS PSU should also be applied to all homes with a WLS full or standalone domain

See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

See Note 2076338.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

WEBLOGIC SAMPLES SPU 12.2.1.3.191015 Patch 30170398

Released October 2019

This patch is a cumulative patch for all Struts 2 CVEs to date.

See Note 2255054.1, Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Coherence 12.2.1.3.5 Cumulative Patch using OPatch Patch 30564174

CVE-2020-2555

 

Oracle HTTP Server

Oracle Traffic Director

Oracle Forms and Reports

OAM Webgate Bundle Patch 12.2.1.3.180622 Patch 28243743 or later

Released July 2018

 

Identity and Access Management

OAM BUNDLE PATCH 12.2.1.3.0(ID:180706.1103.S) Patch 28305164 or later

Released July 2018

See Note 2386496.1, OAM CVE-2018-2879

Oracle HTTP Server

Oracle Forms and Reports

OHS (NATIVE) BUNDLE PATCH 12.2.1.3.0 (ID:191219.2319) Patch 30687404

CVE-2020-2530 CVE-2020-2545

Note 2568225.1Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches

Identity and Access Management

Oracle Unified Directory

OIM BUNDLE PATCH 12.2.1.3.0 (ID:200108.2108) Patch 30735905

CVE-2020-2728, CVE-2020-2729

 

Oracle Service Bus

OSB BUNDLE PATCH 12.2.1.3.190716 (ID:190716.1831) Patch 30059259 or later

Released October 2019

 

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory

OSS BUNDLE PATCH 12.2.1.3.200114 Patch 30146266 or later

CVE-2020-2545

 

Oracle WebCenter Portal

WebCenter Portal Bundle Patch 12.2.1.3.191015 Patch 30251723 or later

AND

WebCenter Core Bundle Patch 12.2.1.3.0 (ID:191002.2131.S) Patch 30387597 or later

Released October 2019

 

Oracle WebCenter Sites

Webcenter Sites Bundle Patch 12.2.1.3.190715 Patch 29957990

Released July 2019

 

Oracle WebCenter Sites

Support Tools 4.4.2 for Oracle WebCenter Sites 12.2.1.3.0 Patch 30505173

CVE-2020-2538 ,CVE-2020-2539

Support Tools for Webcenter Sites Patch

Oracle WebCenter Content

WebCenter Content Bundle Patch 12.2.1.3.180417 Patch 27393392 or later

Released April 2018

 

Oracle Internet Directory

OID BUNDLE PATCH 12.2.1.3.0 (ID:180116.1256) Patch 27396651 or later

Released January 2018

Oracle Internet Directory (OID) Version 12c Bundle Patch (BP) (Including Directory Integration Platform / DIP) / Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers Note 2355090.1

Oracle SOA Suite and Business Process

SOA Bundle Patch 12.2.1.3.0 (ID:191004.0212.0107) Patch 30386734

Released October 2019

 

Oracle Data Integrator

ODI Bundle Patch 12.2.1.3.190708 Patch 29778645

Released October 2019

Patch is released in July 2019, CVE-2019-2943 is announced in Oct CPU.

Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)

ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629

Released October 2019

Apply to all Oracle homes installed with an FMW Infrastructure

Oracle Enterprise Data Quality

EDQ 12.2.1.3.0 SPU Patch 28263628

Released July 2018

 

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Oracle HTTP Server

FMW Platform 12.2.1.3.0 SPU FOR APRCPU2019 Patch 29650702

Released April 2019

Apply to all Oracle Fusion Middleware homes

Oracle HTTP Server

Oracle WebLogic Server Proxy Plug-In
(Apache, IIS, iPlanet)

ONS 12.2.1.3.0 SPU Patch Patch 27323998

Released July 2018

 

Oracle Forms and Reports

Forms 12.2.1.3.0 SPU Patch 30410629

Released October 2019

 

Oracle Forms and Reports

Oracle Reports Developer 12.2.1.3 SPU Patch 30731147

CVE-2020-2534 , CVE-2020-2533

 

3.3.16.1.3 Oracle Fusion Middleware 12.1.3.0

Error Correction information for Oracle Fusion Middleware 12.1.3.0

Patch Information

12.1.3.0

Comments

Final CPU

December 2020 / December 2019

December 2020 "Weblogic Server and Coherence Only" 
Other FMW 12.1.3 components Dec 2019

Note 1933372.1 Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

-

For details, see section 1.3 On-Request Patches

Patch Availability for Oracle Fusion Middleware 12.1.3.0

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

12.1.3.0.0 home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

Oracle WebLogic Server patch

Oracle WebLogic Server and Coherence

Coherence 12.1.3.0.7 Cumulative Patch using OPatch Patch 30575273

CVE-2020-2555

 

12.1.3.0.0 home

ADF Bundle Patch 12.1.3.0.191015 Patch 30100252

Released October 2019

Apply to all Oracle homes installed with an FMW Infrastructure

12.1.3.0.0 home

OSS SECURITY PATCH UPDATE 12.1.3.0.0 (CPUJAN2020) Patch 30692958

CVE-2018-11058, CVE-2020-2545

For patch availability, see section 2.2 Post Release Patches

Oracle Security Service (SSL/Network) Patch

CVE-2018-11058 announced in July 2019, Patch is released Jan 2020.

12.1.3.0.0 home

SOA Bundle Patch 12.1.3.0.190416 Patch 29422187

Released April 2019

SOA Patch

12.1.3.0.0 home

OHS 12.1.3 SPU FOR JANCPU2020 Patch 30748483

CVE-2020-2530 CVE-2020-2545

Oracle HTTP Server Patch

For patch availability, see section 2.2 Post Release Patches

Note 2572758.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.1.3 Critical Patch Update

12.1.3.0.0 home

OER 12.1.3.0.0 SPU for July2018CPU Patch 28076713

Released October 2018

 

12.1.3.0.0 home

EDQ BP 12.1.3.0.1 Patch 24672265

Released April 2017

Enterprise Data Quality patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.1.3.0.0 home

ODI BP 12.1.3.0.170418 Patch 25774021

Released July 2017

Oracle Data Integrator Patch

Install prior to Java CPUApr2017 JDK/JRE or later version.

12.1.3.0.0 home

Patch 25375317

Released April 2017

Oracle Stream Analytics Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.1.3.0.0 home

OSB BUNDLE PATCH 12.1.3.0.191015 Patch 29229615

Released October 2019

OSB patch

12.1.3.0.0 home

BP Patch 27074880, or later

Released January 2018

Platform Security for Java patch

12.1.3.0.0 home

SPU Patch 24327938

Released July 2016

Oracle TopLink patch

12.1.3.0.0 home

See Note 1936300.1

Released October 2014

SSL V3.0 "Poodle" Advisory

 

3.3.16.2 Oracle Fusion Middleware 11.1.1.9

Error Correction information for Oracle Fusion Middleware 11.1.1.9

Patch Information

11.1.1.9

Comments

Final CPU

October 2021

Note 1290894.1 Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)

On-Request platforms

AIX, HP-UX Itanium, and Windows are on request.

 

Understanding Patch Release Versions

-

See Note 1494151.1, Understanding Fusion Middleware Bundle Patch (BP) Release Versions.

Patch Availability for Oracle Fusion Middleware 11.1.1.9

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home

ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663

Released October 2019

 

SOA 11.1.1.9 home

SOA Bundle Patch 11.1.1.9.0 (ID:181218.1300) Patch 29123005 or later

Released January 2019

SOA Patch

Oracle Identity Management 11.1.1.9 home

OVD 11.1.1.9.0 SPU for October 19 Patch 30281334

Released October 2019

Oracle Virtual Directory (OVD) Patch

OVD 11g: Oracle Virtual Directory SPU (Security Patch Update) Patches Note 2318003.1

Oracle Identity Management 11.1.1.9 home

OID bundle patch 11.1.1.9.171127 Patch 26850241, or later

Released January 2018

Oracle Internet Directory Patch

See Note 2420947.1 for additional information about Oracle Internet Directory Vulnerability CVE-2015-0204

Oracle Internet Directory (OID) Version 11g Bundle Patch (BP) (Including Directory Integration Platform / DIP) / Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers Note 1614114.1

Oracle Identity Management 11.1.1.9 home (with OID)

Oracle Web Tier 11.1.1.9 home

OSS BUNDLE PATCH 11.1.1.9.200114 Patch 30332467

CVE-2020-2545

For patch availability, see section 2.2 Post Release Patches

Note 2572809.1 Steps to Evaluate and Update SSL Wallet

Oracle Identity Management 11.1.1.9 home (with OID)

Oracle Web Tier 11.1.1.9 home

OPMN Patch 23716938

N/A

OPMN 11.1.1.9 required patch for integration with OSS

Note 2566042.1 SSL Configuration Required to Secure OPMN 11.1.1.9

Oracle Web Tier 11.1.1.9 home

Identity Management 11.1.1.9 home

OHS 11.1.1.9.0 SPU FOR JANCPU2020 Patch 30654519

CVE-2020-2530 CVE-2020-2545

Oracle HTTP Server 11.1.1.9 Patch

For Linux 32 bit patch availability, see section 2.2 Post Release Patches

Note 2626956.1 Cumulative README Post-Install Steps for Oracle HTTP Server 11.1.1.9 Critical Patch Update

OSB 11.1.1.9 home

OSB Bundle Patch 11.1.1.9.191015 Patch 30002341

Released October 2019

OSB Patch

ODI 11.1.1.9 Home

ODI BP 11.1.1.9.190118 Patch 29194561

Released April 2019

Oracle Data Integrator Patch

Oracle WebCenter 11.1.1.9 home

WCC BP 11.1.1.9.180226 Patch 27393411

Released April 2018

WebCenter Content Patch

OSB 11.1.1.9 home

Patch 24847885

Released April 2017

OSB Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

Oracle FMW 11.1.1.9 ORACLE_COMMON home

JRF BP 11.1.1.9.160905 Patch 23243563 or later

Released January 2017

JRF BP

Oracle Identity Management 11.1.1.9 home

Oracle Web Tier 11.1.1.9 home

BP Patch 24580895

Released October 2016

Web Services BP

Oracle Web Tier 11.1.1.9 home

Oracle Web Cache SPU 11.1.1.9.0 CPUJan2019 Patch 28855717

Released January 2019

Web Cache Patch

See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January 2016 and Note 2494468.1, How to Disable ESI in Oracle Web Cache

Oracle Web Tier 11.1.1.9 home

Identity Management 11.1.1.9 home

DB PSU Patch 22290164 for Unix

DB BP Patch 22607089 for Windows 32-Bit

DB BP Patch 22607090 for Windows x64

Release January 2016

Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only

Oracle WebCenter 11.1.1.9 home

WebCenter Portal Bundle Patch 11.1.1.9.181008 Patch 28538855

Released October 2018

Oracle WebCenter Portal 11.1.1.9 Patch

See Note 2029169.1, Changes to Portlet standards request dispatching of Resource Requests

Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home

SPU Patch 22567790

Released in July 2016

FMW Control Patch applies to oracle_common OH for 11.1.1.9.0

 

3.3.16.3 Oracle Identity Access Management 11.1.2.3

Error Correction information for Oracle Identity Access Management 11.1.2.3

Patch Information

11.1.2.3

Comments

Final CPU

-

Note 1290894.1 Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)

On-Request platforms

-

 

Understanding Patch Release Versions

-

See Note 1494151.1, Understanding Fusion Middleware Bundle Patch (BP) Release Versions.

Patch Availability for Oracle Identity Access Management 11.1.2.3

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

Oracle Identity Management 11.1.2.3 home

OIM BUNDLE PATCH 11.1.2.3.0(ID:190922.2323) Patch 30338509 or later

OR

IDM SUITE BUNDLE PATCH 11.1.2.3.191015 < 30292098>

CVE-2020-2729

 

 

Oracle Identity Access Management 11.1.2.3 home

Patch 28116779 - IDM Suite Bundle Patch 11.1.2.3.180717

OR

Patch 27897816 - OAM bundle patch 11.1.2.3.180717

Released July 2018

OAM Webgates BP April 2018 or later has to be applied. Also refer to the MOS Note 2386496.1. Included few additional fixes delivered as one offs post April CPU.

Oracle Identity Access Management 11.1.2.3.0 home

OAAM Server 11.1.2.3.0 SPU for October18 Patch 28750460

Released October 2018

Oracle Adaptive Access Manager Patch

Oracle WebGate 11.1.2.3 Home

Patch 27953548 - OAM webgate bundle patch 11.1.2.3.180717 or later

Released July 2018

 




3.3.17 Oracle Hyperion Analytic Provider Services

Error Correction information for Oracle Hyperion Analytic Provider Services

Patch Information

11.1.2.x

Comments

Final CPU

April 2021

 

Patch Availability for Oracle Hyperion Analytic Provider Services

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 20184072
SPU Patch 20184082

Released October 2015

 

11.1.2.2

SPU Patch 18148649

Released July 2014

 

 

3.3.18 Oracle Hyperion Data Relationship Management

Error Correction information for Oracle Hyperion Data Relationship Management

Patch Information

11.1.2.x

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Hyperion Data Relationship Management

Product Home

Patch

Advisory Number

Comments

11.1.2.4

Hyperion Data Relationship Management 11.1.2.4.347 PSU; Patch 28818149

Released October 2019

 

3.3.19 Oracle Hyperion Enterprise Performance Management Architect

Error Correction information for Oracle Hyperion Enterprise Performance Management Architect

Patch Information

11.1.2.x

Comments

Final CPU

April 2021

 

Patch Availability for Oracle Hyperion Enterprise Performance Management Architect

Product Home

Patch

Advisory Number

Comments

11.1.2.3

SPU Patch 19466859

SPU Patch 20929659

Released July 2015

 

11.1.2.2

SPU On-Request

Released July 2015

 

3.3.20 Oracle Hyperion Essbase

Error Correction information for Oracle Hyperion Essbase

Patch Information

11.1.2.x

Comments

Final CPU

April 2021

 

Patch Availability for Oracle Hyperion Essbase

Product Home

Patch

Advisory Number

Comments

11.1.2.4

11.1.2.4.025 PSU Patch 27797123 (Essbase RTC)
11.1.2.4.025 PSU Patch 27797126 (Essbase Client)
11.1.2.4.025 PSU Patch 27797117 (Essbase Client MSI)
11.1.2.4.025 PSU Patch 27797131 (Essbase Server)
11.1.2.4.025 PSU Patch 27797138 (ANALYTIC PROVIDER SERVICES)
11.1.2.4.016 PSU Patch 25225889 (Studio Server)
11.1.2.4.016 PSU Patch 25225885 (Studio Console)
11.1.2.4.0.025 PSU Patch 28285151 (ESSBASE ADMINISTRATION SERVICES SERVER)
11.1.2.4.025 PSU Patch 28285134 (ESSBASE ADMIN SERVICES CONSOLE)

Released October 2018

Install prior to Java CPUApr2017 JDK/JRE or later version

11.1.2.3

11.1.2.3.508 PSU Patch 22347375 (RTC)
11.1.2.3.508 PSU Patch 22347367 (Client)
11.1.2.3.508 PSU Patch 22314799 (Server)

Released April 2017

 

11.1.2.2

Upgrade to Hyperion Essbase 11.1.2.3, then apply the patches listed above

Released July 2015

 

3.3.21 Oracle Hyperion Financial Close Management

Error Correction details for Oracle Hyperion Financial Close Management

Patch Information

11.1.2..x

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Hyperion Financial Close Management

Product Home

Patch

Advisory Number

Comments

11.1.2.4

PSU 11.1.2.4.253 Patch 29060830

Released July 2019

 

3.3.22 Oracle Hyperion Financial Management

Error Correction information for Oracle Hyperion Financial Management

Patch Information

11.1.2.0

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Hyperion Financial Management

Product Home

Patch

Advisory Number

Comments

11.1.2.0

SPU Patch Patch 28314691

Released October 2018

Hyperion Shared Service Patch for Common Events Service used by Hyperion Financial Management

3.3.23 Oracle Hyperion Financial Reporting

Error Correction information for Oracle Hyperion Financial Reporting

Patch Information

11.1.2.x

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Hyperion Financial Reporting

Product Home

Patch

Advisory Number

Comments

11.1.2

Jdev 11.1.1.7.1 SPU Patch 27457998

Released July 2018

Jdev ADF Patch needs to be applied to Hyperion Financial Reporting Home. To download this patch please contact support to get the password.

11.1.2.4

11.1.2.4; 11.1.2.4.711 PSU Patch 29712951

Released October 2019

 

3.3.24 Oracle Hyperion Planning

Error Correction information for Oracle Hyperion Planning

Patch Information

11.1.2.x

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Hyperion Planning

Product Home

Patch

Advisory Number

Comments

11.1.2.4

PSU Patch 29889455

Released July 2019

 

11.1.2.4

JDev 11.1.1.7.1 SPU Patch 30378046

Released October 2019

JDev ADF Patch needs to be applied to Hyperion Planning. To download this patch please contact Support to get the password.

3.3.25 Oracle Hyperion Profitability and Cost Management

Error Correction information for Oracle Hyperion Profitability and Cost Management

Patch Information

11.1.2.4

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Hyperion Profitability and Cost Management

Product Home

Patch

Advisory Number

Comments

11.1.2.4

11.1.2.4.130 PSU; Patch 29461894

Released October 2019

 

 

3.3.26 Oracle Hyperion Strategic Finance

Error Correction information for Oracle Hyperion Strategic Finance

Patch Information

11.1.2.x

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Hyperion Strategic Finance

Product Home

Patch

Advisory Number

Comments

11.1.2.2

CPU Patch 14593946

Released April 2014

 

11.1.2.1

CPU Patch 17636270

Released April 2014

 

3.3.27 Oracle Hyperion Workspace

Error Correction information for Oracle Hyperion Workspace

Patch Information

11.1.2.x

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Hyperion Workspace

Product Home

Patch

Advisory Number

Comments

11.1.2 Home

11.1.2.4.009 SPU Patch 29115044

apply Weblogic 10.3.6 Latest PSU. See "Oracle WebLogic Server" Section

Released July 2019

R&A Framework Patch

 

3.3.28 Oracle Identity and Access Management

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Identity Access Management installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Identity Access Management

Product Home

Patches

Comments

Oracle Identity and Access Management

See "Oracle Fusion Middleware 12c"

 

Oracle Identity Access Management 11.1.2.3 home

See "Oracle Identity Access Management 11.1.2.3"

IAM products listed in Note 1510284.1, Announcing Oracle Identity Access Management 11g Release 2 (11.1.2)

Oracle Identity Management 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

FMW 11.1.1.9 table for IDM products listed in Note 2003468.1, Announcing Oracle Fusion Middleware 11g Release 1 (11.1.1.9.0)

 

3.3.29 Oracle Identity Management Connector

Error Correction information for Oracle Identity Management Connector

Patch Information

9.1.1.5

Comments

Final CPU

-

 

Patch Availability for Oracle Identity Management Connector

Product Version

Patch

Advisory Number

Comments

Microsoft AD connector 9.1.1.5

OIM Connector 9.1.1.5.15 Patch 25028999

Released October 2017

 

ca top secret connector 9.0.4.20.6

OIM Connector 9.0.4.20.6 Patch 26566700

Released January 2018

 

RACF adv connector 9.0.4.25.4

OIM Connector 9.0.4.20.6 Patch 26599074

Released January 2018

 

acf2 connector 9.0.4.21

OIM Connector 9.0.4.21 bpl Patch 26615477

Released January 2018

 

3.3.30 Oracle JDeveloper and Oracle ADF

Error Correction information for Oracle JDeveloper and Oracle ADF

Patch Information

12.2.1.3

12.1.3.0

11.1.2.4

11.1.1.9

Comments

Final CPU

-

October 2020

October 2021

October 2021

 

Understanding Patch Release Versions

-

-

-

-

See Note 1494151.1, Understanding Fusion Middleware Bundle Patch (BP) Release Versions.

Critical Patch Update Availability for Oracle JDeveloper and Oracle ADF

Release

Patch

Advisory Number

Comments

12.2.1.3.0

ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629

Released October 2019

 

12.1.3.0.0

ADF Bundle Patch 12.1.3.0.191015 Patch 30100252

Released October 2019

Install prior to Java CPUApr2017 JDK/JRE or later version

11.1.2.4.0

ADF SPU 11.1.2.4.0 for OctCPU2019 Patch 30380494

Released October 2019

 

11.1.1.9.0

ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663

Released October 2019

 

3.3.31 Oracle Map Viewer

Error Correction information for Oracle Map Viewer

Patch Information

12.2.1.4

12.2.1.3

12.1.3.0

11.1.1.9

Comments

Final CPU

December 2025

July 2020

December 2019

October 2021

 

Patch Availability for Oracle Map Viewer

Product Home

Patch

Advisory Number

Comments

12.2.1.3

Mapviewer 12.2.1.3.0 MAR 2019 SPU Patch 29456345

Released April 2019

 

12.1.3.0

Mapviewer 12.1.3 SPU for CPUOct2018 Patch 28794663

Released October 2018

Install prior to Java CPUApr2017 JDK/JRE or later version

11.1.1.9

SPU Patch 27534923

Released April 2018

 

3.3.32 Oracle Outside In Technology

Error Correction information for Oracle Outside In Technology

Patch Information

8.5.4

Comments

Final CPU

-

 

Patch Availability for Oracle Outside In Technology

Product Home

Patch

Advisory Number

Comments

Oracle Outside In Technology 8.5.4

ORACLE OUTSIDE IN TECHNOLOGY (OIT) DECEMBER 2019 8.5.4 BUNDLE PATCH #7 Patch 30620565

CVE-2020-2536, CVE-2020-2543, CVE-2020-2542, CVE-2020-2541, CVE-2020-2540, CVE-2020-2576

 

3.3.33 Oracle Real Time Decisions Platform

Error Correction information for Oracle Real Time Decisions Platform

Describes the Error Correction information for Oracle Real Time Decisions Platform.

Patch Information

3.2

Comments

Final CPU

July 2022

 

Patch Availability for Oracle Real Time Decisions Platform

Describes the available patches for Oracle Real Time Decisions Platform.

Product Home

Patch

Advisory Number

Comments

Oracle Real Time Decisions Platform 3.2 home

RTD Platform 3.2.1 SPU for October CPU 2018 Patch 28722658

Released October 2018

 

 

3.3.34 Oracle Service Architecture Leveraging Tuxedo (SALT)

Error Correction information for Oracle Service Architecture Leveraging Tuxedo (SALT)

Patch Information

12.2.2.0.x

12.1.3

Comments

Final CPU

Oct 2024

Oct 2020

 

Patch Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)

Product Home

Patch

Advisory Number

Comments

Oracle Service Architecture Leveraging Tuxedo (SALT) 12.2.2.0.x home

Oracle SALT 12.2.2.0.0 SPU FOR CPUJan2019 Patch 29169314

Released January 2019

 

Oracle Service Architecture Leveraging Tuxedo (SALT) 12.1.3.0.x home

Oracle SALT 12.1.3.0.0 SPU FOR CPUJan2019 Patch 29169322

Released January 2019

 

 

3.3.35 Oracle SOA Suite

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle SOA Suite installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle SOA Suite

Product Home

Patches

Comments

Oracle SOA Suite 12c home

See "Oracle Fusion Middleware 12c"

 

Oracle SOA Suite 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

3.3.36 Oracle Traffic Director

Error Correction information for Oracle Traffic Director

Patch Information

11.1.1.9

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Traffic Director

Product Home

Patch

Advisory Number

Comments

11.1.1.9

Oracle Traffic Director SPU Patch 29340480

Released April 2019

 

3.3.37 Oracle Tuxedo

Error Correction information for Oracle Tuxedo

Patch Information

12.2.2.0

12.1.3.0

12.1.1.0

Comments

Final CPU

April 2024

April 2022

July 2020

 

Patch Availability for Oracle Tuxedo

Product Home

Patches

Advisory Number

Comments

12.2.2.0

rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 Linux Patch 28090531

rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-64 with vs2015 Patch 28124771

rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-32 with vs2015 Patch 28124779

Released July 2018

For CVE-2017-10269, see extra settings required with these cumulative patches in Note 2326009.1

12.1.3.0

RP117 TUXEDO 12.1.3.0 SPU FOR CPUJAN2020 Patch 30596495

RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2013) FOR CPUJAN2020 Patch 30601651

RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2012) FOR CPUJAN2020 Patch 30601637

CVE-2019-0227

For CVE-2017-10269, see extra settings required with these cumulative patches in Note 2326009.1

12.1.1.0

RP100 TUXEDO 12.1.1.0 SPU FOR CPUJAN2020 Patch 30471168

RP100 TUXEDO 12.1.1.0 SPU (WINDOWS VS2010) FOR CPUJAN2020 Patch 30471706

RP100 TUXEDO 12.1.1.0 SPU (WINDOWS VS2012) FOR CPUJAN2020 Patch 30487619

CVE-2019-0227

 

3.3.38 Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Error Correction Information for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Patch Information

12.2.2

12.1.3

12.1.1.1

Comments

Final CPU

April 2024

April 2022

July 2020

 

Patch Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Product Home

Patches

Advisory Number

Comments

TSAM Plus 12.2.2

RP002 Patch 25389632

Released July 2017

 

TSAM Plus 12.1.3

RP019 FOR LINUX 64-BIT X86 Patch 27379436

Released January 2018

 

TSAM Plus 12.1.1.1

RP025 Patch 23707307

Released July 2017

 

3.3.39 Oracle Web-Tier 11g Utilities

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Web-Tier 11g Utilities installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Web-Tier 11g Utilities

Product Home

Patches

Comments

FMW 12c home

See "Oracle Fusion Middleware 12c"

 

Oracle Web-Tier 11g Utilities 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

3.3.40 Oracle WebCenter

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter installation. Only the relevant homes from those tables need to be patched.

3.3.41 Oracle WebCenter Content (Formerly Oracle Universal Content Management)

Patch Availability for Oracle WebCenter Content

Component

Patch

Advisory Number

Comments

FMW 12c home

See "Oracle Fusion Middleware 12c"

 

 

Oracle WebCenter Content 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

See "Oracle Fusion Middleware 11.1.1.9"

 

3.3.42 Oracle WebCenter Portal

Error Correction information for Oracle WebCenter Portal

Patch Information

12.2.1.4

12.2.1.3

11.1.1.9

Comments

Final CPU

October 2025

July 2020

December 2021

 

Patch Availability for Oracle WebCenter Portal

Product Home

Patches

Comments

FMW 12c home

See "Oracle Fusion Middleware 12c"

 

Oracle WebCenter 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

3.3.43 Oracle WebCenter Sites (Formerly FatWire Content Server)

Error Correction information for Oracle WebCenter Sites (formerly FatWire Content Server)

Patch Information

12.2.1.4

12.2.1.3.0

11.1.1.8

Comments

Final CPU

October 2025

July 2020

October 2021

 

Patch Availability for Oracle WebCenter Sites

Product Home

Patch

Advisory Number

Comments

12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

11.1.1.8 home

Oracle WebCenter Sites 11.1.1.8.0 Patch 21 Patch 29118979

Released January 2019

for FMW 11.1.1.7.0 patches, refer to the Final CPU section

3.3.44 Oracle WebCenter Sites Community

Error Correction information for Oracle WebCenter Sites Community

Patch Information

11.1.1.8

Comments

Final CPU

-

 

Patch Availability for Oracle WebCenter Sites Community

Product Home

Patch

Advisory Number

Comments

11.1.1.8 home

11.1.1.8.0 Patch 5 SPU Patch 26951713 or later

Released January 2018

See "Oracle WebCenter 11.1.1.8"

3.3.45 Oracle WebCenter Suite

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter Suite installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle WebCenter Suite

Product Home

Patches

Comments

Oracle WebCenter Suite 11.1.1.9 home

See "Oracle Fusion Middleware 11.1.1.9"

 

3.3.46 Oracle WebLogic Portal

Error Correction information for Oracle WebLogic Portal

Patch Information

10.3.7.0

Comments

Final CPU

October 2021

Note 1308963.1 Error Correction Policy as it applies to Oracle WebLogic Portal (WLP)

Critical Patch Update Availability for WebLogic Portal

See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

WebLogic Portal patches are cumulative to include all the prior published advisories. For more information, see My Oracle Support Note 1355929.1, October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session ID and SSL Filters.

WebLogic Portal 9.2.3.0 is bundled with WebLogic Server 9.2.3.0, which is out of error correction. Contact Oracle support for security patches needed for WebLogic Server 9.2.3.0

Product Home

Patch

Advisory Number

Comments

WebLogic Portal 10.3.7.0 home

There are no CPU patches to document on 10.3.7.0

none

 

3.3.47 Oracle WebLogic Server

Error Correction information for Oracle WebLogic Server Patch Set Update

Patch Information

12.2.1.4.0

12.2.1.3.0

12.1.3.0

10.3.6.0

Comments

Final CPU

-

-

October 2020

October 2021

Note 950131.1 Error Correction Support Dates for Oracle WebLogic Server

Understanding Patch Release Versions

-

-

-

-

See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

Patch Set Update Availability for Oracle WebLogic Server

For more information, see MyOracleSupport Note 1470197.1, Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS). See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

Product Home

Patch

Advisory Number

Comments

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 2617684.1, Critical Patch Update Jan 2020 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server 12.2.1.3/12.2.1.4 home

OPatch 13.9.4.2.2 Patch 28186730

Released in January 2020

Update OPatch before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c

WebLogic Server 12.2.1.4 home

WLS Patch Set Update 12.2.1.4.191220 Patch 30689820 + Patch 30761841

CVE-2020-2550, CVE-2020-2551, CVE-2020-6950, CVE-2020-2544, CVE-2020-2547, CVE-2020-2519, CVE-2019-17359, CVE-2019-2888

CVE-2019-2888 announced in Oct 2019 Advisory is included in the Jan2020 patch.

Patch 30761841 is for CVE-2019-17359

WebLogic Server 12.2.1.3 home

WLS PATCH SET UPDATE 12.2.1.3.0(ID:191217.1425) Patch 30675853

CVE-2020-2550, CVE-2020-2551, CVE-2020-6950, CVE-2020-2544, CVE-2020-2547, CVE-2020-2519, CVE-2019-17359

Refer to Note 2566635.1 for Patch Conflict issue.

CVE-2018-3213 Is addressed in Docker Images published after September 13, 2018. Latest docker image at https://container-registry.oracle.com.

See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

WebLogic Server 12.1.3.0 home

WLS PATCH SET UPDATE 12.1.3.0.200114 Patch 30463093

CVE-2020-2546 CVE-2020-2552 CVE-2020-2547 CVE-2020-2551 CVE-2020-2550 CVE-2020-2519 CVE-2020-2544

Refer to Note 2566635.1 for Overlay Patch Conflict issue

See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933

See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

WebLogic Server 10.3.6.0 home

WLS PATCH SET UPDATE 10.3.6.0.200114 Patch 30463097 Refer to 2.2 Post Release Patches for patch availability.

 

CVE-2020-2550, CVE-2020-2551, CVE-2020-2546, CVE-2020-2552, CVE-2020-2548, CVE-2020-2549, CVE-2020-2544, CVE-2020-2547, CVE-2020-2519

See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher

See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

WebLogic Server 12.1.3.0 home

WebLogic Server 10.3.6.0 home

WLS 12.1.3 JDBC Patch 20741228

WLS 10.3.6 JDBC Patch 27541896

Released January 2018

Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c

Oracle WebLogic Server and Coherence 12.2.1.4 home

Oracle WebLogic Server and Coherence 12.2.1.3 home

Oracle WebLogic Server and Coherence 12.1.3.0 home

Coherence 12.2.1.4.3 Cumulative Patch using OPatch Patch 30729380

Coherence 12.2.1.3.5 Cumulative Patch using OPatch Patch 30564174

Coherence 12.1.3.0.7 Cumulative Patch using OPatch Patch 30575273

Coherence 3.7.1 Patch 17 (3.7.1.17) Full Distribution Patch 30663022

CVE-2020-2555

Coherence Patch

WebLogic Server 12.2.1.3.0 home

WebLogic Server 12.1.3.0.0 home

WebLogic Server 10.3.6.0.0 home

WEBLOGIC SAMPLES SPU 12.2.1.3.191015 Patch 30170398

and

WEBLOGIC SAMPLES SPU 12.1.3.0.191015 Patch 30170397

Released October 2019

This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities

WebLogic Server 12.1.3.0 home

SPU Patch 24327938

Released July 2016

TopLink JPA-RS patch

WebLogic Server 12.1.3.0 home

WebLogic Server 10.3.6.0 home

See Note 1936300.1

Released October 2014

SSL V3.0 "Poodle" Advisory

 

3.4 Oracle Sun Middleware

This section contains the following:

·         Section 3.4.1 "Directory Server Enterprise Edition"

·         Section 3.4.2 "Reserved for Future Use"

3.4.1 Directory Server Enterprise Edition

Error Correction information for Directory Server Enterprise Edition

Patch Information

11.1.1.7.0

Comments

Final CPU (Premier Support)

October 2019

 

Final CPU (Extended Support)

October 2022

 

Patch Availability for Directory Server Enterprise Edition

Product Home

Patch