|
APPLIES TO:
Oracle
Database Cloud Service - Version N/A and later
Gen 1 Exadata Cloud at
Customer (Oracle Exadata Database Cloud Machine) -
Version N/A and later
Oracle Database Cloud Exadata
Service - Version N/A and later
Oracle Database - Enterprise Edition - Version 11.2.0.4
and later
Oracle Fusion Middleware - Version 11.1.1.7.0 and later
Information in this document applies to any platform.
This document
defines the patches and minimum releases for the Database Product Suite,
Fusion Middleware Product Suite, Exalogic, and
Enterprise Manager Suite Critical Patch Updates and Patch Set Updates
released on April 14, 2020.
The
document is for Database Administrators and/or others tasked with Quarterly
Security Patching.
Database, Fusion Middleware, and Enterprise Manager Critical
Patch Update April 2020 Patch Availability Document
My Oracle Support Note 2633852.1
Released April 14, 2020
This document contains the following
sections:
1 Overview
Oracle provides quarterly cumulative
patches to address security vulnerabilities. The patches may include critical
fixes in addition to the security fixes. The security vulnerabilities
addressed are announced in the Advisory for April 2020, available at:
Oracle Technical Network Advisory
This document lists the Oracle
Database, Fusion Middleware and Enterprise Manager CPU program cumulative
patches for product releases under error correction. The April 2020 release
supersedes earlier CPU program cumulative patches for the same product
releases. This document is subject to continual update after the initial
release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to
ensure you have the latest version.
This section contains the following:
·
Section 1.1 "How To Use This Document"
·
Section 1.2 "Terminology in the Tables"
·
Section 1.3 "On-Request Patches"
·
Section 1.4 "CPU Program and My Oracle Support
Patch Recommendations"
·
Section 1.5 "My Oracle Support (MOS) Conflict
Checker Tool"
1.1 How To Use This Document
The following steps explain how to
use this document.
Step
1 Assess your Environments
Determine
the Oracle product suites and products and their release numbers for each of
your environments.
Step
2 Read Important Announcements
Review "What's New in April 2020," as it lists documentation and packaging changes along
with important announcements such as upcoming final CPUs.
Step
3 Determine Patches to be Applied
For each
environment, determine which patches need to be applied by using the tables
in "Patch Availability for Oracle Products." There is one availability table for each product suite
release, such as Oracle Database 12.2.0.1, Oracle Identity Access Management
11.1.2.3, and Enterprise Manager Cloud Control 12.1.0.5.
·
The table
lists the patches to be applied either to the product or to the appropriate
product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For some
patches, multiple Oracle homes are listed. Apply the patch to all of the
homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The table
lists only product releases that are under Premier Support or Extended
Support and are under error correction as defined in My Oracle Support Note 209768.1, Database, FMW,
Enterprise Manager, TimesTen In-Memory Database,
and OCS Software Error Correction Support Policy. Patches are
provided only for these releases. If you do not see the release that you have
installed, then check "Final CPU History" and contact Oracle Support for further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's CPU
Advisory, list the vulnerability CVE numbers in the Advisory Number column.
If you are interested in the risk matrix for the vulnerabilities fixed in the
patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly
releases, or the current one without any security fixes, the column indicates
"Released MMM YYYY"
·
When a
section is referenced in a table, follow the link to determine which patches
to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that
is installed, and find the patches to apply in the table for that Oracle
Database release in "Oracle Database."
Step
4 Apply the Patches
Download
the patches, review the READMEs, and apply the patches according to the
instructions.
Step
5 Planning for Future Critical Patch Updates
To help you
plan for future Critical Patch Updates, this document includes Final CPU
information based on Oracle's Lifetime Support Policy and error correction
policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in April 2020," documents product releases for which final Critical Patch
Updates are upcoming or are being announced. In each product section, there
is also an Error Correction Information Table that documents the final CPU
program patch for the product. Products that have reached the end of error
correction are documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used in
this patch availability document and in the subsequent tables.
·
Update - Release Update
·
Revision -Release Update Revision
·
BP - Bundle Patch
·
Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended Support
policies. http://www.oracle.com/us/support/lifetime-support/index.html.
·
NA Not Applicable.
·
OR On-Request. The patch is made available through the
On-Request program.
·
PSU - Patch Set Update
·
SPU - Security Patch Update. An iterative, cumulative patch
consisting of security fixes.
·
Overlay SPU patch provided as an overlay on top of a PSU
or BP instead of a base/patch set release.
1.3 On-Request Patches
Oracle does not proactively release
patches for historically inactive platforms. However, Oracle will deliver
these patches when requested.
The following guidelines describe how
to initiate an on-request (OR) patch.
A request may be made:
o At any time. However, a patch for a specific
quarterly release, such as CPUOct2012, cannot be requested. Depending on when
the request is received and processed, either the patch for the current
quarterly release or the next quarterly release will be provided. Your
Service Request (SR) will provide you the planned availability date for the
patch.
o As long as the version is in either Premier
Support or Extended Support and error correction support has not expired. For
example, if a product release is under Extended Support through the release
of CPUJan2013 on January 15, 2013, then you can file a request for the
product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW,
Enterprise Manager, TimesTen In-Memory Database,
and OCS Software Error Correction Support Policy.
o For a platform-version combination when a
major release or patch set is released on a platform after a quarterly
release date. Oracle will provide the next patch for that platform-version
combination, however you may request the current patch by following the
on-request process. For example, if a patch is released for a platform on
August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform.
You may request a CPUOct2012 patch for the platform, and Oracle will review
the request and determine whether to provide CPUJul2012 or CPUOct2012.
A patch
that is marked as on-request (OR) may already have been requested by another
customer and be available on My Oracle Support. Before you file a Service
Request (SR), check on My Oracle Support to see if the patch is already
available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch
recommendation features are available on the Patches & Update tab. The
patches announced in this document as part of the CPU program are classified
as "Security" patch recommendations in My Oracle Support. If a new
patch is being announced in this document, then the classification on any
earlier patch is changed to "General", causing it to be removed
from the My Oracle Support patch recommendations. If a patch has a
"Security" classification, and a subsequent bundle, SPU, or PSU is
released with a recommendation classification, then it will be classified as
a "Security" recommendation in My Oracle Support.
Once a product release is no longer
in error correction, its CPU patch information is removed from this document,
but the last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle Support (MOS) Conflict
Checker tool is available as of July 21, 2014.
You can access MOS Conflict Checker
at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search
results screen ("Analyze with OPatch"
button).
The MOS Conflict Checker Tool allows
you to upload an OPatch inventory to check for
conflicts with patches to apply to your environment. If no conflicts are
found, you can download the patches. If conflicts are found, the tool finds
an existing resolution to download. If no resolution is found, you can
request a solution, and monitor your request in the Plans region.
For more information and a
demonstration video, see Knowledge Document Note 1091294.1, How to Use the
My Oracle Support Conflict Checker Tool for Patches Installed with OPatch [Video].
2 What's New in April 2020
This section describes important
changes in April 2020:
·
Section 2.1 "Final CPU Information (Error
Correction Policies)"
·
Section 2.2 "Post Release Patches"
2.1
Final CPU Information (Error Correction Policies)
The final CPU is the last quarter
that a product is supported in the CPU program as per the Premier Support and
Extended Support policies. Final CPUs for upcoming releases, as well as newly
scheduled final CPUs, are listed in the following sections.
Final CPUs
scheduled for Jul 2020
- Oracle Outside In Technology
8.5.4
- Oracle Tuxedo 12.1.1.0
- Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus) 12.1.1.1
Final CPUs
scheduled for Apr 2020
- Management Pack For Oracle GoldenGate 11.2.1.0
2.2 Post Release Patches
Oracle strives to complete
preparations and testing of each Quarterly Security Patch for each platform
by the quarterly release date. Occasionally, circumstances beyond our control
dictate that a particular patch be delayed and be released a few days after
the quarterly release date. The following table lists any current patch
delays and the estimated date of availability.
|
Patch
|
Patch Number
|
Platform
|
Availability
|
|
EM BP Patch Set Update 13.3.0.0.200414
|
Patch 31035765
|
All
|
April-21-2020
|
|
Oracle Outside In Technology 8.5.5
|
Patch TBD
|
All
|
30-Apr-2020
|
|
Database Release Update 19.7.0.0.200414
|
Patch 30869156
|
AIX
|
Available
|
|
Combo OJVM RU 19.7.0.0.200414 and DB RU
19.7.0.0.200414
|
Patch 30783543
|
All
|
Available
|
|
Database Release Update Revision
19.6.1.0.200414
|
Patch 30797938
|
All except Linux x86-64
|
21-Apr-2020
|
|
Database Release Update Revision
19.5.2.0.200414
|
Patch 30830913
|
All except Linux x86-64
|
21-Apr-2020
|
|
GI Release Update 19.7.0.0.200414
|
Patch 30899722
|
AIX, HP-UX Itanium
|
21-Apr-2020
|
|
Combo OJVM RU 19.7.0.0.200414 and GI RU
19.7.0.0.200414
|
Patch 30783556
|
AIX, HP-UX Itanium
|
21-Apr-2020
|
|
GI Release Update Revision
19.6.1.0.200414
|
Patch 30923276
|
All except Linux x86-64
|
21-Apr-2020
|
|
GI Release Update Revision
19.5.2.0.200414
|
Patch 30923448
|
All except Linux x86-64
|
21-Apr-2020
|
|
DB Release Update Revision
18.9.1.0.200414
|
Patch 30798089
|
AIX, HP-UX Itanium
|
21-Apr-2020
|
|
DB Release Update Revision
18.8.2.0.200414
|
Patch 30830887
|
AIX
|
21-Apr-2020
|
|
GI Release Update Revision
18.9.1.0.200414
|
Patch 30923313
|
AIX, HP-UX Itanium, Solaris SPARC (64-Bit)
|
21-Apr-2020
|
|
GI Release Update Revision
18.8.2.0.200414
|
Patch 30923359
|
AIX
|
21-Apr-2020
|
|
GI Apr 2020 Release Update
12.2.0.1.200414 (& associated COMBO)
|
Patch 30920127 (& Patch 30783652)
|
HP-UX Itanium
|
21-Apr-2020
|
|
GI Oct 2019 Release Update Revision
12.2.0.1.200414
|
Patch 30820785
|
All except Linux x86-64
|
21-Apr-2020
|
|
GI Jan 2020 Release Update Revision
12.2.0.1.200414
|
Patch 30820944
|
All except Linux x86-64, AIX
|
21-Apr-2020
|
|
Database PSU 12.1.0.2.200414
|
Patch 30700212
|
AIX
|
Available
|
|
Combo OJVM PSU 12.1.0.2.200414 and DB
PSU 12.1.0.2.200414
|
Patch 30783658
|
All
|
Available
|
|
GI PSU 12.1.0.2.200414
|
Patch 30805421
|
AIX
|
21-Apr-2020
|
|
Combo OJVM PSU 12.1.0.2.200414 and GI
PSU 12.1.0.2.200414
|
Patch 30783882
|
AIX
|
21-Apr-2020
|
|
Database Proactive Bundle Patch
12.1.0.2.200414
|
Patch 30805478
|
AIX, HP-UX
Itanium
|
21-Apr-2020
|
|
Combo OJVM PSU 12.1.0.2.200414 and DBBP
12.1.0.2.200414
|
Patch 30783885
|
All
|
21-Apr-2020
|
|
Combo OJVM PSU 11.2.0.4.200414 and GI
PSU 11.2.0.4.200414
|
Patch 30783890
|
HP-UX PA-RISC
|
Available
|
|
Microsoft Windows BP 19.7.0.0.200414
|
Patch 30901317
|
Windows 64-Bit and 32-Bit
|
24-Apr-2020
|
|
OJVM Component Database RU
19.7.0.0.200414
|
Patch 30805684
|
Windows 64-Bit
|
21-Apr-2020
|
|
Microsoft Windows BP 18.10.0.0.200414
|
Patch 30901451
|
Windows 64-Bit and 32-Bit
|
21-Apr-2020
|
|
OJVM Component Database RU
18.10.0.0.200414
|
Patch 30805598
|
Windows 64-Bit
|
21-Apr-2020
|
|
Microsoft Windows BP 12.2.0.1.200414
|
Patch 30861472
|
Windows 64-Bit and 32-Bit
|
30-Apr-2020
|
|
OJVM Microsoft Windows Bundle Patch
12.2.0.1.200414
|
Patch 31035002
|
Windows 64-Bit
|
21-Apr-2020
|
|
Microsoft Windows BP 12.1.0.2.200414
|
Patch 30861721
|
Windows 64-Bit and 32-Bit
|
30-Apr-2020
|
|
OJVM Microsoft Windows Bundle Patch
12.1.0.2.200414
|
Patch 31037459
|
Windows 64-Bit
|
21-Apr-2020
|
|
Microsoft Windows BP 11.2.0.4.200414
|
Patch 31169916
|
Windows 64-Bit and 32-Bit
|
30-Jun-2020
|
|
OJVM Component Database PSU
11.2.0.4.200414
|
Patch 31169933
|
Windows 64-Bit
|
30-Jun-2020
|
|
Quarterly Full Stack download for Exadata (Apr2020) 19.7.0.0.200414
|
Patch 30783929
|
All
|
21-Apr-2020
|
|
Quarterly Full Stack download for Exadata (Apr2020) 18.10.0.0.200414
|
Patch 30783928
|
All
|
21-Apr-2020
|
|
Quarterly Full Stack download for Exadata (Apr2020) 12.2.0.1
|
Patch 30783925
|
All
|
21-Apr-2020
|
|
Quarterly Full Stack download for Exadata (Apr2020) 12.1.0.2
|
Patch 30783920
|
All
|
21-Apr-2020
|
|
Quarterly Full Stack download for Exadata (Apr2020) 11.2.0.4
|
Patch 30783910
|
All
|
21-Apr-2020
|
|
Quarterly Full Stack download for SuperCluster (Q2.2020)
|
Patch 30783930
|
All
|
12-May-2020
|
3 Patch Availability for Oracle Products
This section contains the following:
·
Section 3.1 "Oracle Database"
·
Section 3.2 "Oracle Enterprise Manager"
·
Section 3.3 "Oracle Fusion Middleware"
·
Section 3.4 "Oracle Sun Middleware"
·
Section 3.5 "Tools"
3.1 Oracle Database
This section contains the following:
·
Section 3.1.1 "Oracle REST Data Services (formally
called Oracle APEX Listener)"
·
Section 3.1.2 "Oracle Application Express"
·
Section 3.1.3 "Oracle Big Data Spatial and
Graph"
·
Section 3.1.4 "Oracle Database"
·
Section 3.1.5 "Oracle Database Mobile/Lite
Server"
·
Section 3.1.6 "Oracle GoldenGate"
·
Section 3.1.7 "Oracle GoldenGate for Big Data
(Formerly known as Oracle GoldenGate Application Adapters)"
·
Section 3.1.8 "Oracle GoldenGate Veridata"
·
Section 3.1.9 "Oracle Secure Backup"
3.1.1 Oracle REST Data Services (formally
called Oracle APEX Listener)
Error
Correction information for Oracle REST Data Services 3.0
|
Patch Information
|
3.0
|
Comments
|
|
Final CPU
|
-
|
|
Minimum
Product Requirements for Oracle REST Data Services
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle REST Data
Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
3.0.10.25.02.36
|
Released July 2017
|
|
3.1.2 Oracle
Application Express
Minimum
Product Requirements for Oracle Application Express
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Application
Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Application Express
|
19.2.0.00.18
|
|
|
3.1.3 Oracle Big
Data Spatial and Graph
Error Correction
information for Oracle Big
Data Spatial and Graph
|
Patch Information
|
2.0
|
1.2
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Availability for
Oracle Big Data Spatial and Graph
Critical
Patch Update security vulnerabilities are fixed in the listed releases. For Oracle
Big Data Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.
|
Product
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Big Data Spatial and Graph 2.0
|
Patch 28774674
|
Released October 2018
|
|
|
Oracle Big Data Spatial and Graph 2.1
|
Patch 28774701
|
Released October 2018
|
|
|
Oracle Big Data Spatial and Graph 2.1
|
Patch 28774764
|
Released October 2018
|
|
3.1.4 Oracle
Database
This section contains the following:
·
Section 3.1.4.1 "Patch Availability for Oracle
Database"
·
Section 3.1.4.2 "Oracle Database 19"
·
Section 3.1.4.3 "Oracle Database 18"
·
Section 3.1.4.4 "Oracle Database 12.2.0.1"
·
Section 3.1.4.5 "Oracle Database 12.1.0.2"
3.1.4.1 Patch Availability for Oracle
Database
For information regarding the
different types of patches for Database, refer to Oracle Database - Overview
of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch Delivery
Methods for 12.2.0.1 and greater, Note 2337415.1
3.1.4.2 Oracle Database 19
|
Patch Information
|
19
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 19
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 19.7.0.0.200414 and Database
Release Update 19.7.0.0.200414 Patch 30783543 for UNIX, or
Combo OJVM Release Update 19.7.0.0.200414 and GI
Release Update 19.7.0.0.200414 Patch 30783556, or
Quarterly Full Stack download for Exadata
(Apr2020) 19.7.0.0.200414 Patch 30783929 for Linux x86-64
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2019-12418, CVE-2019-17563,
CVE-2020-2734, CVE-2020-2737, CVE-2020-2735
|
For patch availability, see section 2.2 Post Release Patches
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches.
|
|
Oracle Database Server home
|
Database Release Update 19.7.0.0.200414 Patch 30869156 for UNIX, or
Database Release Update Revision 19.6.1.0.200414 Patch 30797938 for UNIX, or
Database Release Update Revision 19.5.2.0.200414 Patch 30830913 for UNIX, or
GI Release Update 19.7.0.0.200414 Patch 30899722, or
GI Release Update Revision 19.6.1.0.200414 Patch 30923276, or
GI Release Update Revision 19.5.2.0.200414 Patch 30923448, or
Microsoft Windows 32-Bit and x86-64 BP 19.7.0.0.200414 Patch 30901317, or
later;
Quarterly Full Stack download for Exadata
(Apr2020) 19.7.0.0.200414 Patch 30783929 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster
(Q2.2020) Patch 30783930 for Solaris SPARC 64-Bit
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2019-12418, CVE-2019-17563,
CVE-2020-2734, CVE-2020-2737
|
For patch availability, see section 2.2 Post Release Patches
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For the
most recent JDK fixes a separate patch is available (see below) and needs
to be installed in addition to the Database and GI patches.
|
|
Oracle Database Server home
|
OJVM Release Update 19.7.0.0.200414 Patch 30805684 for all platforms
|
CVE-2020-2735
|
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches
|
|
Oracle Database Server home
|
JDK8u251 Patch 30980733
|
CVE-2020-2803, CVE-2020-2805,
CVE-2019-18197, CVE-2020-2781, CVE-2020-2830, CVE-2020-2800, CVE-2020-2754,
CVE-2020-2755, CVE-2020-2773, CVE-2020-2756, CVE-2020-2757
|
See Note 2584628.1, "JDK and PERL Patches
for Oracle Database Home and Grid Home" for information on
availability and prior patches.
|
|
Oracle Database Server home
|
Perl Patch 29511771
|
Released April 2019
|
|
|
Oracle Database Client home
|
Database Release Update 19.4.0.0.190716 Patch 29834717 for UNIX
|
Released July 2019
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.3 Oracle Database 18
|
Patch Information
|
18
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 18
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 18.10.0.0.200414 and Database
Release Update 18.10.0.0.200414 Patch 30783603 for UNIX, or
Combo OJVM Release Update 18.10.0.0.200414 and GI
Release Update 18.10.0.0.200414 Patch 30783607, or
Quarterly Full Stack download for Exadata
(Apr2020) 18.10.0.0.200414 Patch 30783928
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2019-12418, CVE-2019-17563,
CVE-2020-2734, CVE-2020-2737, CVE-2020-2735
|
For patch availability, see section 2.2 Post Release Patches
OJVM Update patches from 18.4 onwards are RAC Rolling
installable. Please see Note 2217053.1, RAC Rolling Install
Process for the "Oracle JavaVM Component
Database PSU/RU" (OJVM PSU/RU) Patches
|
|
Oracle Database Server home
|
Database Release Update 18.10.0.0.200414 Patch 30872794, or
Database Release Update Revision 18.9.1.0.200414 Patch 30798089, or
Database Release Update Revision 18.8.2.0.200414 Patch 30830887, or
GI Release Update 18.10.0.0.200414 Patch 30899645, or
GI Release Update Revision 18.9.1.0.200414 Patch 30923313, or
GI Release Update Revision 18.8.2.0.200414 Patch 30923359, or
Microsoft Windows 32-Bit and x86-64 BP 18.10.0.0.200414 Patch 30901451, or
later;
Quarterly Full Stack download for Exadata
(Apr2020) 18.10.0.0.200414 Patch 30783928, or
Quarterly Full Stack download for SuperCluster
(Q2.2020) Patch 30783930 for Solaris SPARC 64-Bit
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2019-12418, CVE-2019-17563,
CVE-2020-2734, CVE-2020-2737
|
For patch availability, see section 2.2 Post Release Patches
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For the
most recent JDK fixes a separate patch is available (see below) and needs
to be installed in addition to the Database and GI patches.
|
|
Oracle Database Server home
|
OJVM Release Update 18.10.0.0.200414 Patch 30805598 for all platforms
|
CVE-2020-2735
|
OJVM Update patches from 18.4 onwards are RAC Rolling
installable. Please see Note 2217053.1, RAC Rolling Install
Process for the "Oracle JavaVM Component
Database PSU/RU" (OJVM PSU/RU) Patches
|
|
Oracle Database Server home
|
JDK8u251 Patch 31019767
|
CVE-2020-2803, CVE-2020-2805,
CVE-2019-18197, CVE-2020-2781, CVE-2020-2830, CVE-2020-2800, CVE-2020-2754,
CVE-2020-2755, CVE-2020-2773, CVE-2020-2756, CVE-2020-2757
|
See Note 2584628.1, "JDK and PERL Patches
for Oracle Database Home and Grid Home" for information on
availability and prior patches.
|
|
Oracle Database Client home
|
Database Release Update 18.7.0.0.190716 Patch 29757256, or
Database Release Update Revision 18.6.1.0.190716 Patch 29708235, or
Database Release Update Revision 18.5.2.0.190716 Patch 29708437 or
Microsoft Windows 32-Bit and x86-64 BP 18.7.0.0.190716 Patch 29859180
|
Released July 2019
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.4 Oracle Database 12.2.0.1
|
Patch Information
|
12.2.0.1
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 12.2.0.1
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 12.2.0.1.200414 and Database
Release Update 12.2.0.1.200414 Patch 30783641 for UNIX, or
Combo OJVM Release Update 12.2.0.1.200414 and GI
Release Update 12.2.0.1.200414 Patch 30783652, or
Quarterly Full Stack download for Exadata
(Apr2020) 12.2.0.1 Patch 30783925, or
Quarterly Full Stack download for SuperCluster
(Q2.2020) Patch 30783930 for Solaris SPARC 64-Bit
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2019-12418, CVE-2019-17563,
CVE-2020-2734, CVE-2020-2737, CVE-2020-2735
|
For patch availability, see section 2.2 Post Release Patches
OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations
where the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the NOTE
for more details.
Combos are for environments that take a single downtime
to apply all patches
See Note 1929745.1, Oracle Recommended Patches
-- "Oracle JavaVM Component Database PSU and
Update" (OJVM PSU and OJVM Update) Patches
|
|
Oracle Database Server home
|
Database Apr 2020 Release Update 12.2.0.1.200414 Patch 30886680 for UNIX, or
Database Oct 2019 Release Update Revision
12.2.0.1.200414 Patch 30831066, or
Database Jan 2020 Release Update Revision
12.2.0.1.200414 Patch 30799484, or
GI Apr 2020 Release Update 12.2.0.1.200414 Patch 30920127, or
GI Oct 2019 Release Update Revision 12.2.0.1.200414 Patch 30820785, or
GI Jan2020 Release Update Revision 12.2.0.1.200414 Patch 30820944, or
BS2000 Database BP 12.2.0.1.200414 Patch 31001150
Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.200414 Patch 30861472, or
later;
Quarterly Full Stack download for Exadata
(Apr2020) 12.2.0.1 Patch 30783925, or
Quarterly Full Stack download for SuperCluster
(Q2.2020) Patch 30783930 for Solaris SPARC 64-Bit
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2019-12418, CVE-2019-17563,
CVE-2020-2734, CVE-2020-2737
|
For patch availability, see section 2.2 Post Release Patches
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For the
most recent JDK fixes a separate patch is available (see below) and needs
to be installed in addition to the Database and GI patches.
|
|
Oracle Database Server home
|
OJVM Release Update 12.2.0.1.200414 Patch 30805580 for UNIX, or
OJVM Microsoft Windows Bundle Patch 12.2.0.1.200414 Patch 31035002
|
CVE-2020-2735
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations
where the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the NOTE
for more details.
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches
|
|
Oracle Database Server home
|
JDK8u251 Patch 30980615
|
CVE-2020-2803, CVE-2020-2805,
CVE-2019-18197, CVE-2020-2781, CVE-2020-2830, CVE-2020-2800, CVE-2020-2754,
CVE-2020-2755, CVE-2020-2773, CVE-2020-2756, CVE-2020-2757
|
See Note 2584628.1, "JDK and PERL Patches
for Oracle Database Home and Grid Home" for information on
availability and prior patches.
|
|
Oracle Database Client home
|
Database Jul 2019 Release Update 12.2.0.1.190716 Patch 29757449 for UNIX, or
Database Jan 2019 Release Update Revision 12.2.0.1.190716 Patch 29708478, or
Database Apr 2019 Release Update Revision 12.2.0.1.190716 Patch 29708381, or
Microsoft Windows 32-Bit and x86-64 RU 12.2.0.1.190716 Patch 29832062, or
later
|
Released July 2019
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.5 Oracle Database 12.1.0.2
Error
Correction information for Oracle Database 12.1.0.2
|
Patch Information
|
12.1.0.2
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed
in the first row are applied, then the patches listed in Rows 2 and 3 do not
need to be applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 12.1.0.2.200414 and Database PSU
12.1.0.2.200414 Patch 30783658 for UNIX, or
Combo OJVM PSU 12.1.0.2.200414 and GI PSU 12.1.0.2.200414 Patch 30783882, or
Combo OJVM PSU 12.1.0.2.200414 and Database Proactive
BP 12.1.0.2.200414 Patch 30783885 for UNIX, or
Quarterly Full Stack download for Exadata
(Apr2020) BP 12.1.0.2 Patch 30783920, or
Quarterly Full Stack download for SuperCluster
(Q2.2020) Patch 30783930 for Solaris SPARC 64-Bit
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2020-2734, CVE-2020-2737, CVE-2016-10251,
CVE-2020-2735
|
For patch availability, see section 2.2 Post Release Patches
OJVM PSU Patches are not RAC Rolling
installable. However, NOTE 2217053.1 defines a few specific situations
where the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the NOTE
for more details.
Combos are for environments that take a single downtime
to apply all patches
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 12.1.0.2.200414 Patch 30700212 for UNIX, or
GI PSU 12.1.0.2.200414 Patch 30805421, or
Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.200414 Patch 30861721, or
later;
Database Proactive Bundle Patch 12.1.0.2.200414 Patch 30805478 or
Quarterly Full Stack download for Exadata
(Apr2020) BP 12.1.0.2 Patch 30783920, or
Quarterly Full Stack download for SuperCluster
(Q2.2020) Patch 30783930 for Solaris SPARC 64-Bit
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2020-2734, CVE-2020-2737, CVE-2016-10251
|
For patch availability, see section 2.2 Post Release Patches
For JDK fixes a separate patch is available (see below)
and needs to be installed in addition to the Database and GI patches.
|
|
Oracle Database Server home
|
Oracle JavaVM Component
Database PSU 12.1.0.2.200414 Patch 30805558 for UNIX, or
Oracle JavaVM Component
Microsoft Windows Bundle Patch 12.1.0.2.200414 Patch 31037459
|
CVE-2020-2735
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations
where the OJVM PSU patchset can be postinstalled into each database while the database remains
in unrestricted "startup" mode. Please refer to the NOTE for more
details.
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended Patches
-- Oracle JavaVM Component Database PSU (OJVM PSU)
Patches
|
|
Oracle Database Server home
|
JDK7u261 Patch 30942294
|
CVE-2020-2803, CVE-2020-2805,
CVE-2020-2781, CVE-2020-2830, CVE-2020-2800, CVE-2020-2773, CVE-2020-2756,
CVE-2020-2757
|
See Note 2584628.1, "JDK and PERL Patches
for Oracle Database Home and Grid Home" for information on
availability and prior patches.
|
|
Oracle Database Server home
|
Oracle JavaVM
Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database PSU 12.1.0.2.190716 Patch 29494060 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.190716 Patch 29831650
|
Released July 2019
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.6 Oracle Database 11.2.0.4
Error
Correction information for Oracle Database 11.2.0.4
|
Patch Information
|
11.2.0.4
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
HP-UX PA-RISC
IBM: Linux on System Z
32-bit client-only platforms except Linux x86
|
|
|
On-Request platforms
|
32-bit client-only platforms except
Linux x86
|
|
Patch
Availability for Oracle Database 11.2.0.4
If the Combo patches that are listed
in the first row are applied, then the patches listed in Rows 2 and 3 do not
need to be applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 11.2.0.4.200414 and Database SPU 11.2.0.4.200414 Patch 30783899 for UNIX, or
Combo OJVM PSU 11.2.0.4.200414 and Database PSU
11.2.0.4.200414 Patch 30783889 for UNIX, or
Combo OJVM PSU 11.2.0.4.200414 and GI PSU
11.2.0.4.200414 Patch 30783890 for UNIX, or
Combo OJVM PSU 11.2.0.4.200414 and Exadata
BP 11.2.0.4.200414 Patch 30783893
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2020-2734, CVE-2020-2737, CVE-2020-2735
|
For patch availability, see section 2.2 Post Release Patches
From Jan2019 onwards the OJVM now only supports JDK7
for security compliance. Please ensure that if there are applications with
an OJVM dependency that they are compatible with JDK7.
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations
where the OJVM PSU patchset can be postinstalled into each database while the database
remains in unrestricted "startup" mode. Please refer to the NOTE
for more details.
Combos are for environments that take a single downtime
to apply all patches
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component Database
PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 11.2.0.4.200414 Patch 30670774 for UNIX, or
GI PSU 11.2.0.4.200414 Patch 30805461 for UNIX, or
Database SPU 11.2.0.4.200414 Patch 31010960 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP
11.2.0.4.200414 Patch 31169916, or
later;
Quarterly Database Patch for Exadata
BP 11.2.0.4.200414 Patch 30805507 for UNIX, or
Quarterly Full Stack download for Exadata
(Apr2020) BP 11.2.0.4 Patch 30783910, or
Quarterly Full Stack download for SuperCluster
(Q2.2020) Patch 30783930 for Solaris SPARC 64-Bit
|
CVE-2019-2756, CVE-2019-2759,
CVE-2019-2852, CVE-2019-2853, CVE-2020-2734, CVE-2020-2737
|
For patch availability, see section 2.2 Post Release Patches
For JDK fixes a separate patch is available (see below)
and needs to be installed in addition to the Database and GI patches.
|
|
Oracle Database Server home
|
Oracle JavaVM (OJVM)
Component Database PSU 11.2.0.4.200414 Patch 30805543 for UNIX, or
Oracle JavaVM (OJVM) Component
Database PSU 11.2.0.4.200414 Patch 31169933 for Microsoft Windows
|
CVE-2020-2735
|
From Jan2019 onwards the OJVM now only supports JDK7
for security compliance. Please ensure that if there are applications with
an OJVM dependency that they are compatible with JDK7.
OJVM PSU 11.2.0.4.161018 and greater includes Generic
JDBC Patch 23727132
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
JDK7u261 Patch 30980574
|
CVE-2020-2803, CVE-2020-2805,
CVE-2020-2781, CVE-2020-2830, CVE-2020-2800, CVE-2020-2773, CVE-2020-2756,
CVE-2020-2757
|
See Note 2584628.1, "JDK and PERL Patches
for Oracle Database Home and Grid Home" for information on
availability and prior patches.
|
|
Oracle Database Server home
|
Oracle JavaVM Component
Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied to
Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
Database PSU 11.2.0.4.190716 Patch 29497421 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.190716 Patch 29596609, or
later
|
Released July 2019
|
The Instant Client installation is not
the same as the client-only Installation. For additional information about
Instant Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.5 Oracle
Database Mobile/Lite Server
Error
Correction Information for Oracle Database Mobile Server
|
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
|
Final CPU
|
-
|
October 2021
|
|
Patch
Availability for Oracle Database Mobile Server 12.1.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch
Availability for Oracle Database Mobile Server 11.3.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle GoldenGate
Error
Correction information for Oracle GoldenGate
|
Component
|
12.3.0.1
|
12.2.0.2
|
12.1.2.1
|
Comments
|
|
Final CPU
|
July 2025
|
October 2023
|
October 2021
|
|
Patch
Availability for Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.3.0.1
|
Install 12.3.0.1.4 Path Set (Available on edelivery/OTN)
|
Released October 2018
|
Refer to Note 1645495.1 for the latest release and additional
platforms.
|
|
12.2.0.2
|
Oracle GoldenGate
12.2.0.2.181009 for Oracle 12c, Patch 28651610
Oracle GoldenGate 12.2.0.2.181009 for Oracle 11g, Patch 28651607
|
Released October 2018
|
Refer to Note 1645495.1 for the latest release and
additional platforms.
|
|
12.1.2.1
|
Oracle GoldenGate
12.1.2.1.181016 for Oracle 12c, Patch 28696813
Oracle GoldenGate 12.1.2.1.181016 for Oracle 11g, Patch 28696808
|
Released October 2018
|
Refer to Note 1645495.1 for the latest release and
additional platforms.
|
3.1.7 Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)
Error
Correction information for Oracle GoldenGate for
Big Data
|
Component
|
12.3.2.1.0
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle GoldenGate for Big Data
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.3.2.1
|
Oracle GoldenGate
for Big Data 12.3.2.1.5 Patch 30207616
|
Released October 2019
|
Download the release from OTN
|
3.1.8 Oracle GoldenGate Veridata
Error
Correction information for Oracle GoldenGate Veridata
|
Component
|
11.2.1.0
|
Comments
|
|
Final CPU
|
October 2020
|
|
Patch
Availability for Oracle GoldenGate Veridata
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2.1.0
|
oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665
oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668
|
Released April 2018
|
Golden Gate Veridata
Patch
|
3.1.9 Oracle
Secure Backup
Error
Correction information for Oracle Secure Backup
|
Patch Information
|
18.1
|
Comments
|
|
Final CPU
|
January 2024
|
|
Minimum
Product Requirements for Oracle Secure Backup
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Secure Backup
downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Secure Backup
|
18.1
|
CVE-2018-5712, CVE-2018-5711
|
|
3.2 Oracle Enterprise Manager
This section contains the following:
·
Section 3.2.1 "Oracle Real User Experience
Insight"
·
Section 3.2.2 "Oracle Application Testing
Suite"
·
Section 3.2.3 "Oracle Business Transaction
Management"
·
Section 3.2.4 "Oracle Enterprise Manager Cloud
Control"
·
Section 3.2.5 "Oracle Enterprise Manager Ops
Center"
·
Section 3.2.6 "OSS Support Tools"
·
Section 3.2.7 "Oracle Configuration Manager"
3.2.1 Oracle Real User Experience
Insight
Error
Correction information for Oracle Real User Experience Insight
|
Patch Information
|
13.3.1.0
|
13.2.3.1
|
13.1.2.1
|
Comments
|
|
Final CPU
|
October 2023
|
October 2023
|
October 2023
|
|
|
On-Request platforms
|
-
|
-
|
-
|
|
Minimum
Product Requirements for Oracle Real User Experience Insight
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For more information on
Oracle Real User Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
13.1.2.1 13.2.3.1 13.3.1.0
|
See Note 2652917.1 for details
|
CVE-2018-11058
|
Real User Experience Insight (RUEI)
|
3.2.2 Oracle Application
Testing Suite
Error
Correction information for Oracle Application Testing Suite
|
Patch Information
|
13.3.0.1
|
13.2.0.1
|
Comments
|
|
Final CPU
|
June 2025
|
June 2025
|
|
Patch
Availability for Oracle Application Testing Suite
These patches contain Critical Patch
Update security vulnerabilities fixes for this release. All previous versions
will need to be upgraded to the minimum version. Then, apply the following
patches to fix the announced security vulnerabilities. For Oracle Application
Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic
Server" (Version 12.2.1.4)
|
Released January 2019
|
See "Oracle WebLogic
Server" (Version 12.2.1.4)
|
|
13.3.0.1
|
EM BP Application Testing Suite CPU
January 2020 Patch 30733044
|
CVE-2019-0227
|
Jan 2020 Patch includes this CVE fix
|
|
13.3.0.1
|
EM BP Application Testing Suite OFB CPU
January 2020 Patch 30733056
|
CVE-2019-0227
|
OFB is Oracle Flow Builder. Jan 2020
Patch includes this CVE fix
|
|
13.2.0.1
|
EM BP Application Testing Suite CPU
January 2020. 13.2.0.1 customers must upgrade to 13.3.0.1.
|
CVE-2019-0227
|
Jan 2020 Patch includes this CVE fix
|
|
13.2.0.1
|
EM BP Application Testing Suite OFB CPU
January 2020. 13.2.0.1 customers must upgrade to 13.3.0.1.
|
CVE-2019-0227
|
Jan 2020 Patch includes this CVE fix
|
3.2.3 Oracle
Business Transaction Management
Error
Correction Information for Oracle Business Transaction Management
|
Component
|
12.1.0.7
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Business Transaction Management
|
Product Home
|
Patch
|
Advisory Number
|
Comment
|
|
BTM Home
|
BTM Patch 12.1.0.7.15 Patch 29135901
|
Released April 2019
|
|
3.2.4 Oracle
Enterprise Manager Cloud Control
If your plans include updating the
JDK version, please be sure that the JDK version that you choose is certified
with your OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM Cloud
Control Component.
Error
Correction information for Oracle Enterprise Manager Cloud Control
|
Patch Information
|
13.4.0.0
|
13.3.0.0
|
13.2.0.0
|
12.1.0.5
|
Comments
|
|
Final CPU
|
-
|
January 2021
|
April 2020
|
October 2020
|
|
|
On-Request platforms
|
-
|
-
|
-
|
-
|
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 2
(13.4.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
|
|
|
Oracle Java SE home
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 2241358.1 , or upgrading the JDK Component
related to OEM Cloud Control Component.
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.2.1.3.0)
|
See "Oracle WebLogic Server" (Version 12.2.1.3.0)
|
|
|
Base Platform OMS home
|
Base Release 13.4
|
CVE-2018-18311, CVE-2019-11358
|
CVE fixes in 13.4 Base Released in Jan
2020
|
|
Base Platform Fusion Middleware home
|
ADF BUNDLE PATCH 12.2.1.3.0
(ID:190924.2139.S) Patch 30347629
|
Released October 2019
|
Apply to all Oracle homes installed
with an FMW Infrastructure
|
|
Base Platform Fusion Middleware home
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.3.0
(ID:191219.2319) Patch 30687404
|
Released January 2020
|
Note 2568225.1Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Base Platform Fusion Middleware home
|
OSS BUNDLE PATCH 12.2.1.3.200114 Patch 30146266 or later
|
Released January 2020
|
Oracle Security Service (SSL/Network)
Patch for Oracle HTTP server (OHS)
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 2
(13.3.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.1.3.0)
|
|
|
|
Base Platform OMS home
|
Base Release 13.3
|
Released April 2019
|
|
|
Base Platform OMS home
|
EM BP Patch Set Update 13.3.0.0.200414 Patch 31035765
|
CVE-2019-1543, CVE-2018-18311, CVE-2019-11358
|
For CVE-2018-18311 and CVE-2019-11358 Upgrade to 13.4
Release
For patch availability, see section 2.2 Post Release Patches
|
|
Base Platform OMS home
|
OSS SECURITY PATCH UPDATE 12.1.3.0.0
(CPUJAN2020) Patch 30692958
|
Released January 2020
|
Oracle Security Service (SSL/Network) Patch for Oracle
HTTP server (OHS)
|
|
Base Platform OMS home
|
OHS 12.1.3 for EM APR 2020 SPU Patch 31046788
|
CVE-2020-2961
|
Note 2572758.1 Cumulative README Post-Install
Steps for Oracle HTTP Server 12.1.3 Critical Patch Update
|
|
Base Platform Agent home
|
EM-AGENT Bundle Patch 13.3.0.0.191015 Patch 30206738
|
Released October 2019
|
|
|
EM Cloud Control Connectors
|
See Announcement on MOSC
|
Released April 2019
|
|
|
EM for Fusion Middleware
|
EM for OMS plugin 13.3.2.0.191231 Patch 30666123
EM for OMS plugin 13.3.1.0.200331 Patch 31058360
|
CVE-2020-2946
|
|
|
Base Platform OMS home
|
SPU Patch 25322055
|
Released in January 2017
|
Oracle ADF Patch 12.1.3.0, This patch
is necessary for any co-located installations where ADF exists.
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 1
(13.2.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.1.3.0)
|
See "Oracle WebLogic Server" (Version 12.1.3.0.0)
|
|
|
Base Platform OMS home
|
Base Release 13.2
|
Released April 2019
|
|
|
Base Platform OMS home
|
EM BP Patch Set Update 13.2.0.0.200414 Patch 30990499
|
CVE-2019-1543,
CVE-2018-18311,CVE-2019-11358
|
For CVE-2018-18311 and CVE-2019-11358
Upgrade to 13.4 Release
|
|
Base Platform OMS Home
|
EM for OMS plugin 13.2.3.0.200331 Patch 31142429
EM for OMS plugin 13.2.2.0.200331 Patch 31142373
|
CVE-2020-2946
|
|
|
EM Cloud Control Connectors
|
See Announcement on MOSC
|
Released April 2019
|
|
|
Base Platform OMS home
|
EM for OMS Plugins 13.2.3.0.180630 Patch 28170938 or later
EM for OMS Plugins 13.2.2.0.180630
Patch 28170918 or later
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM VT Plugin Bundle Patch 13.2.3.0.181231
(Agent Monitoring) Patch 29047624 Patch 28195767
|
Released January 2019
|
|
|
Base Platform Agent home
|
EM-AGENT Bundle Patch 13.2.0.0.190930 Patch 30206958
|
Released October 2019
|
|
|
Base Platform Agent home
|
EM VT Plugin Bundle Patch
13.2.2.0.190630 (Agent Monitoring) Patch 29893650
|
Released July 2019
|
|
|
Base Platform Agent home
|
EM for PeopleSoft 13.2.1.1.0 Patch 28243206 or EM for PeopleSoft 13.1.1.1.0 Patch 28243212
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM for MYSQL Database 13.2.4.0.0 Patch 28788540
|
Released October 2018
|
|
|
Base Platform OMS home
|
OSS SECURITY PATCH UPDATE 12.1.3.0.0
(CPUJAN2020) Patch 30692958
|
Released January 2020
|
Oracle Security Service (SSL/Network) Patch for Oracle
HTTP server (OHS)
CVE-2018-11058 announced in July 2019, Patch is
released Jan 2020.
|
|
Base Platform OMS home
|
OHS 12.1.3 for EM APR 2020 SPU Patch 31046788
|
CVE-2020-2961
|
Note 2572758.1 Cumulative README Post-Install
Steps for Oracle HTTP Server 12.1.3 Critical Patch Update
|
|
Base Platform OMS home
|
SPU Patch 25322055
|
Released in January 2017
|
Oracle ADF Patch 12.1.3.0
This patch is necessary for any co-located installations where ADF exists.
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 12c Release 5
(12.1.0.5)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
See "Oracle WebLogic Server" (Version 10.3.6.0)
|
|
|
Base Platform Fusion Middleware home
|
CPU Patch 23703041
|
Released July 2016
|
Oracle Business Intelligence Publisher
BP 11.1.1.7.160719 patch for BIP home in Enterprise Manager
|
|
Base Platform Agent home
|
EM for OMS plugin 12.1.0.5.200331 Patch 31129450
|
CVE-2020-2946
|
|
|
Base Platform OMS home
|
EM BP Patch Set Update 12.1.0.5.200414 Patch 31035728
|
|
|
|
Base Platform Fusion Middleware home
|
JSP 11.1.1.7.0 SPU for EM 12.1.0.5
(CPUAPR2018) Patch 27872862
|
Released April 2018
|
JSP 11.1.1.7.0 SPU patch
|
|
Base Platform Agent home
|
BP Patch 22317311
|
Released January 2016
|
Apply to Agent core Oracle Home, after
applying agent patch 25456449, 22342358
|
|
Base Platform Agent home
|
BP Patch 22342358
|
Released January 2016
|
Apply 22342358 to Agent sbin
Oracle Home after applying agent Patch 28193486. Then apply Patch 22317311.
If patches 22342358 and 22317311 were applied earlier, no need to reapply.
|
|
Base Platform Fusion Middleware home
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
Apply to Oracle_WT
Post installation steps are not applicable for
Enterprise Manager
|
|
Plugin home
|
BP Patch 28347732
|
Released July 2018
|
|
|
Base Platform Agent home
|
BP Patch 28193486
|
Released July 2018
|
|
|
Base Platform Fusion Middleware home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
Released January 2018
|
Note 2314658.1 SSL Configuration Required to
Secure Oracle HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying
Security Patch Updates
See Note 2400141.1 before applying this patch
Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH
|
|
Base Platform Fusion Middleware home
|
CPU Patch 19345576
|
Released January 2015
|
Oracle Process Management and Notification (OPMN) Patch
for Oracle_WT OH
Note 1905314.1
|
|
Base Platform Fusion Middleware home
|
SPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network)
Patch for Oracle_WT OH
|
|
Base Platform Fusion Middleware home
|
SPU Patch 25297048
|
Released January 2017
|
Oracle ADF Patch 11.1.1.7.1. This patch
is necessary for any co-located installations where ADF exists
|
3.2.5 Oracle
Enterprise Manager Ops Center
Error
Correction information for Oracle Enterprise Manager Ops Center
|
Patch Information
|
12.4.x
|
12.3.x
|
Comments
|
|
Final CPU
|
-
|
Jun 2020
|
|
Patch
Availability for Oracle Enterprise Manager Ops Center
These patches contain Critical Patch
Update security vulnerabilities fixes for this release. All previous versions
will need to be upgraded to the minimum version. Then, apply the following
patches to fix the announced security vulnerabilities. For Oracle Enterprise
Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
12.4.0
|
OpsCenter UCE patches for CPU Jan 2020 Patch 30670627
|
Released January 2020
|
|
|
12.4.0
|
OpsCenter UI and other patches for CPU October 2019 Patch 30295450
|
Released October 2019
|
|
|
12.3.3
|
OpsCenter UI and other patches for CPU October 2019 Patch 30295446
|
Released October 2019
|
|
|
12.3.3
|
OpsCenter UCE patches for CPU Jan 2020 Patch 30670631
|
Released January 2020
|
|
3.2.6 OSS
Support Tools
Error
Correction information for OSS Support Tools
|
Patch Information
|
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for OSS Support Tools
|
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
|
|
Patch 22783063
|
|
See My Oracle Support Note 1153444.1, Oracle
Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT
|
3.2.7 Oracle
Configuration Manager
Minimum
Product Requirements for Oracle Configuration Manager
Critical Patch Update security
vulnerabilities are fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com).
Customer can use collector tab to down the Oracle Configuration Manager
Collector.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Configuration Manager
|
12.1.2.0.6
|
Released October 2018
|
|
3.3 Oracle Fusion Middleware
This section contains the following:
·
Section 3.3.1 "Management Pack For Oracle
GoldenGate"
·
Section 3.3.2 "NetBeans IDE"
·
Section 3.3.3 "Oracle API Gateway"
·
Section 3.3.4 "Oracle Big Data Discovery"
·
Section 3.3.5 "Oracle Business Intelligence
Enterprise Edition"
·
Section 3.3.6 "Oracle Business Intelligence
Publisher"
·
Section 3.3.7 "Oracle Complex Event
Processing"
·
Section 3.3.8 "Oracle Data Quality for Oracle Data
Integrator"
·
Section 3.3.9 "Oracle Data Visualization
Desktop"
·
Section 3.3.10 "Oracle Endeca Server"
·
Section 3.3.11 "Oracle Endeca Information
Discovery Integrator"
·
Section 3.3.12 "Oracle Endeca Information
Discovery Studio"
·
Section 3.3.13 "Oracle Enterprise Data
Quality"
·
Section 3.3.14 "Reserved for Future Use"
·
Section 3.3.15 "Oracle Exalogic Patch Set Update
(PSU)"
·
Section 3.3.16 "Oracle Fusion Middleware"
·
Section 3.3.17 "Oracle Hyperion Analytic Provider
Services"
·
Section 3.3.18 "Oracle Hyperion Data Relationship
Management"
·
Section 3.3.19 "Oracle Hyperion Enterprise
Performance Management Architect"
·
Section 3.3.20 "Oracle Hyperion Essbase"
·
Section 3.3.21 "Oracle Hyperion Financial Close
Management"
·
Section 3.3.22 "Oracle Hyperion Financial
Management"
·
Section 3.3.23 "Oracle Hyperion Financial
Reporting"
·
Section 3.3.24 "Oracle Hyperion Planning"
·
Section 3.3.25 "Oracle Hyperion Profitability and
Cost Management"
·
Section 3.3.26 "Oracle Hyperion Strategic
Finance"
·
Section 3.3.27 "Oracle Hyperion Workspace"
·
Section 3.3.28 "Oracle Identity and Access
Management"
·
Section 3.3.29 "Oracle Identity Management
Connector"
·
Section 3.3.30 "Oracle JDeveloper and Oracle
ADF"
·
Section 3.3.31 "Oracle Map Viewer"
·
Section 3.3.32 "Oracle Outside In Technology"
·
Section 3.3.33 "Oracle Real Time Decisions
Platform"
·
Section 3.3.34 "Oracle Service Architecture
Leveraging Tuxedo (SALT)"
·
Section 3.3.35 "Oracle SOA Suite"
·
Section 3.3.36 "Oracle Traffic Director"
·
Section 3.3.37 "Oracle Tuxedo"
·
Section 3.3.38 "Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)"
·
Section 3.3.39 "Oracle Web-Tier 11g Utilities"
·
Section 3.3.40 "Oracle WebCenter"
·
Section 3.3.41 "Oracle WebCenter Content (Formerly
Oracle Universal Content Management)"
·
Section 3.3.42 "Oracle WebCenter Portal"
·
Section 3.3.43 "Oracle WebCenter Sites (Formerly
FatWire Content Server)"
·
Section 3.3.44 "Oracle WebCenter Sites
Community"
·
Section 3.3.45 "Oracle WebCenter Suite"
·
Section 3.3.46 "Oracle WebLogic Portal"
·
Section 3.3.47 "Oracle WebLogic Server"
3.3.1 Management Pack For Oracle GoldenGate
Error
Correction information for Management Pack For Oracle GoldenGate
|
Patch Information
|
12.1.3.x
|
11.2.1.0
|
Comments
|
|
Final CPU
|
July 2022
|
April 2020
|
|
Patch
Availability for Management Pack For Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2.1.0
|
Oracle Goldengate Monitor
v11.2.1.0.13 or later Patch 27221310
|
Released April 2018
|
Oracle GoldenGate Monitor
patch
|
3.3.2 NetBeans
IDE
Minimum
Product Requirements for NetBeans IDE
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For NetBeans
IDE downloads, see https://netbeans.org/downloads/
|
Product Home
|
Release
|
Advisory Number
|
Comments
|
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle API Gateway
Error
Correction information for Oracle API Gateway
|
Patch Information
|
11.1.2.4.0
|
Comments
|
|
Final CPU
|
March 2021
|
|
Patch
Availability for Oracle API Gateway
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4.0
|
OAG 11.1.2.4.0 SPU FOR APRCPU2020 Patch 30901960
|
CVE-2019-1547
|
|
3.3.4 Oracle Big Data Discovery
Minimum Product Requirements for
Oracle Big Data Discovery
Critical Patch Update security
vulnerabilities are fixed in the listed release only and installations with
any prior versions will need to move to the listed version. For Oracle Big
Data Discovery downloads, see https://edelivery.oracle.com and search for "Oracle Big Data Discovery".
|
Product
|
Release
|
Advisory
Number
|
Comments
|
|
Oracle Big Data Discovery
|
ORACLE BIG DATA DISCOVERY 1.6 SPU FOR APR2020 BP Patch 31136945
|
CVE-2019-11358, CVE-2019-12415
|
|
3.3.5 Oracle
Business Intelligence Enterprise Edition
Error Correction
information for Oracle Business Intelligence Enterprise Edition
|
Patch Information
|
12.2.1.4.0
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
July 2020
|
|
11.1.1.9.0 End of Error Correction for
Extended Support Customer only beyond Dec 2018
|
Patch
Availability for Oracle Business Intelligence Enterprise Edition 12c
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 1492980.1, How to
Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set
Update (PSU) Administration Guide for Oracle WebLogic
Server (WLS)
|
|
12.2.1.4 Oracle Business Intelligence
Enterprise Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise Edition
|
See "Oracle Fusion Middleware 12c"
|
See "Oracle Fusion Middleware 12c"
|
Apply all 12.2.1.3 patches listed for
"Oracle Fusion Middleware Infrastructure (WebLogic
Server for FMW)"
|
|
12.2.1.4 Oracle Business Intelligence Enterprise
Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise
Edition
|
OSS BUNDLE PATCH 12.2.1.3.200114 Patch 30146266
|
Released January 2020
|
Oracle Security Service (SSL/Network) Patch
|
|
OAS 5.5.0.0.0
|
OAS 5.5.0.0.0 SPU FOR APR 2020 Patch 31137429
|
CVE-2020-2950
|
Oracle Business Intelligence is
rebranded as Oracle Analytics Server
|
|
12.2.1.4 Oracle Business Intelligence
Enterprise Edition
|
OBI Bundle Patch 12.2.1.4.200414 Patch 30768593
|
CVE-2015-7940, CVE-2016-1000031,
CVE-2020-2950
|
|
|
12.2.1.3 Oracle Business Intelligence
Enterprise Edition
|
OBI Bundle Patch 12.2.1.3.200414 Patch 30768584
|
CVE-2015-7940, CVE-2016-1000031,
CVE-2020-2950
|
|
Patch
Availability for Oracle Business Intelligence Enterprise Edition 11.1.1.9
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 1492980.1, How to
Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set
Update (PSU) Administration Guide for Oracle WebLogic
Server (WLS)
|
|
11.1.1.9
|
OSS BUNDLE PATCH 11.1.1.9.200114 Patch 30332467
|
Released January 2020
|
Note 2572809.1 Steps to Evaluate and Update SSL
Wallet
|
|
11.1.1.9
|
OPMN Patch 23716938
|
Released October 2017
|
|
|
11.1.1.9
|
BI Suite Bundle Patch 11.1.1.9.200414 Patch 31094216
|
CVE-2015-7940, CVE-2016-1000031, CVE-2020-2950
|
|
|
DAC 11.1.1.6.4 home
|
Patch 27825965- DAC
11.1.1.6.4 / OBI application 7.9.6.4 SPU for apr2018cpu
|
Released April 2018
|
Patch can be installed in any home
|
3.3.6 Oracle
Business Intelligence Publisher
Error
Correction information for Oracle Business Intelligence Publisher
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
July 2020
|
|
11.1.1.9.0 End of Error Correction for
Extended Support Customer only beyond Dec 2018
|
Patch
Availability for Oracle Business Intelligence Publisher
3.3.7 Oracle
Complex Event Processing
Error
Correction information for Oracle Complex Event Processing
|
Patch Information
|
CEP 12.1.3
|
Comments
|
|
Final CPU
|
October 2020
|
|
Patch
Availability for Oracle Complex Event Processing
See also the underlying product stack
tables (JRockit and WLS) for any applicable
patches.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.3.0
|
SPU Patch 21071699
|
Released July 2015
|
|
3.3.8 Oracle
Data Quality for Oracle Data Integrator
Error
Correction information for Oracle Data Quality for Oracle Data Integrator
|
Patch Information
|
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Data Quality for Oracle Data Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.9 Oracle
Data Visualization Desktop
Error
Correction information for Oracle Data Visualization Desktop
|
Patch Information
|
12.2.4.1.1
|
Comments
|
|
Final CPU
|
-
|
|
Patch
availability for Oracle Data Visualization Desktop
3.3.10 Oracle Endeca Server
Error
Correction information for Oracle Endeca Server
|
Patch Information
|
7.7
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch
availability for Oracle Endeca Server
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca
Server 7.7 home
|
ORACLE ENDECA SERVER 7.7 SPU APRIL 2020 Patch 30507959
|
CVE-2019-1547
|
|
3.3.11 Oracle Endeca Information Discovery Integrator
Error
Correction information for Oracle Endeca
Information Discovery Studio Integrator
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch
availability for Oracle Endeca Information
Discovery Studio Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca
Information Discovery Integrator 3.2 home
|
ORACLE ENDECA INFORMATION DISCOVERY
INTEGRATOR 3.2 CPU APRIL 2020 Patch 30696395
|
CVE-2017-12626, CVE-2019-10247
|
All Patches are cumulative of prior
fixes
|
|
Oracle Endeca
Information Discovery Integrator 3.2 home
|
ORACLE ENDECA INFORMATION DISCOVERY
INTEGRATOR AQUISITION SYSTEM 3.2 SPU JAN 2020 Patch 30472013
|
Released in January 2020
|
|
3.3.12 Oracle Endeca Information Discovery Studio
Error
Correction information for Oracle Endeca
Information Discovery Studio
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch
availability for Oracle Endeca Information
Discovery Studio
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca
Information Discovery Studio 3.2 home
|
Endeca Information Discovery Studio 3.2 SPU for JANCPU2020 Patch 30758934
|
Released January 2020
|
|
3.3.13 Oracle
Enterprise Data Quality
Error
Correction information for Oracle Enterprise Data Quality
|
Patch Information
|
11.1.1.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Enterprise Data Quality
3.3.14 Reserved
for Future Use
3.3.15 Oracle Exalogic Patch Set Update (PSU)
Error
Correction information for Oracle Exalogic Patch
Set Update (PSU)
|
Patch Information
|
2.x
|
1.x
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Set
Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.3.200414 Physical Linux (for all X2-2, X3-2,
X4-2, X5-2, and X6-2) Patch 30888005
2.0.6.3.200414 Physical Solaris (for all X2-2, X3-2,
X4-2, X5-2, and X6-2) Patch 30888005
|
Released in April 2020
Released in April 2020
|
Note 1314535.1
|
|
2.x Virtual
|
2.0.6.3.200414 Virtual (for all X2-2, X3-2, X4-2, X5-2,
and X6-2) Patch 30888006
|
Released in April 2020
|
Note 1314535.1
|
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013
(15931901)
|
See Patch 13795376 EECS 2.0 PHYSICAL INFRASTRUCTURE
UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 15931901 Oracle Exalogic
2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64
(64 bit)
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
3.3.16 Oracle
Fusion Middleware
For more information on how to
identify the components in an Oracle home, see Note 1591483.1, What is
Installed in My Middleware or Oracle home?.
This section contains the following:
·
Section 3.3.16.1 "Oracle Fusion Middleware
12c"
o Section 3.3.16.1.1 "Oracle Fusion Middleware
12.2.1.4"
o Section 3.3.16.1.2 "Oracle Fusion Middleware
12.2.1.3"
·
Section 3.3.16.2 "Oracle Fusion Middleware
11.1.1.9"
·
Section 3.3.16.3 "Oracle Identity Access
Management 11.1.2.3"
3.3.16.1 Oracle
Fusion Middleware 12c
The sections below cover Oracle
Fusion Middleware version 12.2.x and 12.1.x
·
Section 3.3.16.1.1 "Oracle Fusion Middleware
12.2.1.4"
·
Section 3.3.16.1.2 "Oracle Fusion Middleware
12.2.1.3"
3.3.16.1.1 Oracle
Fusion Middleware 12.2.1.4
Error
Correction information for Oracle Fusion Middleware 12.2.1.4
|
Patch Information
|
12.2.1.4
|
Comments
|
|
Final CPU
|
|
See Note 1933372.1, Error Correction Support
Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
-
|
|
|
Determine Components in an Oracle Home
|
-
|
See Note 1591483.1, What is Installed in My
Middleware or Oracle home?
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, understanding Fusion
Middleware Bundle Patch (BP) Release Versions
See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions
|
Patch
Availability for Oracle Fusion Middleware 12.2.1.4
|
Distribution
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 1492980.1, How to
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
All 12.2.1.4 Fusion Middleware
Distributions & WebLogic home
|
OPatch 13.9.4.2.2 Patch 28186730 + Patch 31101362
|
CVE-2019-16943
|
Update OPatch (Patch 28186730
Patch 31101362) before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen
OPatch 13 for Oracle Fusion Middleware 12c.
|
|
Oracle WebLogic Server and
Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
WLS PATCH SET UPDATE 12.2.1.4.200228 Patch 30970477 + Patch 30761841 + Patch 31101341
|
CVE-2020-2883, CVE-2019-16943,
CVE-2020-2869, CVE-2020-2766, CVE-2020-2884, CVE-2020-2801, CVE-2020-2867,
CVE-2020-2811, CVE-2020-2798
|
CVE-2019-2888 announced in Oct 2019 Advisory is
included in the Jan2020 patch.
WLS PSU should also be applied to all homes with a WLS
full or standalone domain.
Patch 30761841 is for CVE-2019-17359
Patch 31101341 is for CVE-2019-16943
|
|
Oracle WebLogic Server and
Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
Coherence 12.2.1.4.4 Patch 31030896
|
CVE-2020-2915, CVE-2020-2949
|
|
|
Oracle Unified Directory
|
OUD BUNDLE PATCH 12.2.1.4.200204 Patch 30851280
|
CVE-2019-10247
|
|
|
Oracle WebCenter
Portal
|
WebCenter Portal Bundle Patch 12.2.1.4.200408 Patch 31163075
|
CVE-2019-17359, CVE-2019-16943
|
|
|
Oracle Forms and Reports
|
Oracle Reports Developer 12.2.1.4.0 SPU Patch 30731161
|
Released January 2020
|
|
|
Oracle Webcenter
Sites
|
Patch 31101341
|
CVE-2019-16943
|
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.4.200304 Patch 30995852
|
CVE-2019-17359, CVE-2019-10088
|
|
3.3.16.1.2 Oracle
Fusion Middleware 12.2.1.3
Error
Correction information for Oracle Fusion Middleware 12.2.1.3
|
Patch Information
|
12.2.1.3
|
Comments
|
|
Final CPU
|
|
See Note 1933372.1, Error Correction Support
Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
-
|
|
|
Determine Components in an Oracle Home
|
-
|
See Note 1591483.1, What is Installed in My
Middleware or Oracle home?
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, understanding Fusion
Middleware Bundle Patch (BP) Release Versions
See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions
|
Patch
Availability for Oracle Fusion Middleware 12.2.1.3
|
Distribution
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 2648984.1, Oracle Critical Patch
Update (CPU) April 2020 for Oracle Java SE
|
See Note 1492980.1, How to
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
All 12.2.1.3 Fusion Middleware
Distributions & WebLogic home
|
OPatch 13.9.4.2.2 Patch 28186730 + Patch 31101362
|
CVE-2019-16943
|
Update OPatch (Patch 28186730
Patch 31101362) before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen
OPatch 13 for Oracle Fusion Middleware 12c.
|
|
Oracle WebLogic Server and
Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
WLS PATCH SET UPDATE
12.2.1.3.0(ID:200227.1409) Patch 30965714
|
CVE-2020-2883, CVE-2019-16943,
CVE-2020-2869, CVE-2020-2766, CVE-2020-2884, CVE-2020-2801, CVE-2020-2867,
CVE-2019-17571, CVE-2020-2811, CVE-2020-2798
|
Refer to Note 2566635.1 for Patch Conflict issue.
WLS PSU should also be applied to all homes with a WLS
full or standalone domain
See Note 2395745.1, April 2018 Critical Patch
Update: Additional Information about the Oracle WebLogic
Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch
Update: Additional information about the Oracle WebLogic
Server Vulnerability CVE-2018-2933.
See Note 2076338.1, July 2018 Critical Patch
Update: Additional information about the Oracle WebLogic
Server Vulnerability CVE-2015-4852
|
|
Identity and Access Management
|
OAM BUNDLE PATCH
12.2.1.3.191201(ID:191201.0123.S) Patch 30609442 or later
|
CVE-2020-2740, CVE-2020-2745,
CVE-2020-2747
|
|
|
Identity and Access Management Oracle
Unified Directory
|
OUD BUNDLE PATCH
12.2.1.3.191219(ID:191219.0108) Patch 30683109
|
CVE-2019-10247
|
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.3.0
(ID:200304.0214.0135) Patch 30991249
|
CVE-2019-17359
|
|
|
Oracle WebCenter
Portal
|
WEBCENTER PORTAL BUNDLE PATCH 12.2.1.3.200414 Patch 30534416
|
CVE-2019-17359, CVE-2019-16943
|
|
|
Oracle Webcenter
Sites
|
Webcenter Sites 12.2.1.3.190715 Patch 29957990
|
CVE-2020-2739, CVE-2019-11358,
CVE-2019-16943
|
For CVE-2019-16943 WLS 12.2.1.3 Apr PSU
to be applied. See "Oracle WebLogic Server"
|
|
Oracle WebLogic Server and
Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
Coherence 12.2.1.3.7 Cumulative Patch 31030882
|
CVE-2020-2915, CVE-2020-2949
|
|
|
Oracle WebLogic Server and
Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
WEBLOGIC SAMPLES SPU 12.2.1.3.191015 Patch 30170398
|
Released October 2019
|
This patch is a cumulative patch for all Struts 2 CVEs
to date.
See Note 2255054.1, Oracle WebLogic
Server Requirements for Apache Struts 2 Vulnerabilities
|
|
Oracle HTTP Server
Oracle Forms and Reports
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.3.0 (ID:191219.2319) Patch 30687404
|
Released January 2020
|
Note 2568225.1Cumulative README
Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle Forms and Reports
|
Oracle Reports Developer 12.2.1.3 SPU Patch 30731147
|
Released January 2020
|
|
|
Identity and Access Management
|
OIM BUNDLE PATCH 12.2.1.3.0 (ID:200108.2108) Patch 30735905
|
Released January 2020
|
|
|
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
OSS BUNDLE PATCH 12.2.1.3.200114 Patch 30146266 or later
|
Released January 2020
|
|
|
Oracle WebCenter
Sites
|
Support Tools 4.4.2 for Oracle WebCenter Sites 12.2.1.3.0 Patch 30505173
|
Released January 2020
|
Support Tools for Webcenter
Sites Patch
|
|
Oracle Data Integrator
|
ODI Bundle Patch 12.2.1.3.190708 Patch 29778645
|
Released October 2019
|
Patch is released in July 2019,
CVE-2019-2943 is announced in Oct CPU.
|
|
Oracle Forms and Reports
|
Forms 12.2.1.3.0 SPU Patch 30410629
|
Released October 2019
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629
|
Released October 2019
|
Apply to all Oracle homes installed with an FMW
Infrastructure
|
|
Oracle Service Bus
|
OSB BUNDLE PATCH 12.2.1.3.190716
(ID:190716.1831) Patch 30059259 or later
|
Released October 2019
|
|
|
Oracle WebCenter
Sites
|
Webcenter Sites Bundle Patch 12.2.1.3.190715 Patch 29957990
|
Released July 2019
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
|
FMW Platform 12.2.1.3.0 SPU FOR
APRCPU2019 Patch 29650702
|
Released April 2019
|
Apply to all Oracle Fusion Middleware homes
|
|
Oracle HTTP Server
Oracle Traffic Director
Oracle Forms and Reports
|
OAM Webgate
Bundle Patch 12.2.1.3.180622 Patch 28243743 or later
|
Released July 2018
|
|
|
Oracle Enterprise Data Quality
|
EDQ 12.2.1.3.0 SPU Patch 28263628
|
Released July 2018
|
|
|
Oracle HTTP Server
Oracle WebLogic Server Proxy
Plug-In
(Apache, IIS, iPlanet)
|
ONS 12.2.1.3.0 SPU Patch Patch 27323998
|
Released July 2018
|
|
|
Oracle WebCenter Content
|
WebCenter Content
Bundle Patch 12.2.1.3.180417 Patch 27393392 or later
|
Released April 2018
|
|
|
Oracle Internet Directory
|
OID BUNDLE PATCH 12.2.1.3.0 (ID:180116.1256) Patch 27396651 or later
|
Released January 2018
|
Oracle Internet Directory (OID) Version 12c Bundle
Patch (BP) (Including Directory Integration Platform / DIP) / Bundle
Patches For Non-Fusion Applications (NonFA /
NonP4FA) Customers Note 2355090.1
|
3.3.16.2 Oracle Fusion Middleware 11.1.1.9
Error Correction
information for Oracle Fusion Middleware 11.1.1.9
Patch
Availability for Oracle Fusion Middleware 11.1.1.9
3.3.16.3 Oracle Identity Access Management 11.1.2.3
Error Correction information for Oracle Identity Access Management
11.1.2.3
Patch
Availability for Oracle Identity Access Management 11.1.2.3
3.3.17 Oracle Hyperion Analytic Provider Services
Error Correction information for Oracle Hyperion Analytic Provider
Services
Patch Availability for Oracle Hyperion Analytic Provider Services
3.3.18 Oracle Hyperion Data Relationship Management
Error Correction information for Oracle Hyperion Data
Relationship Management
Patch Availability for Oracle Hyperion Data
Relationship Management
3.3.19 Oracle Hyperion Enterprise Performance Management
Architect
Error Correction information for Oracle Hyperion Enterprise Performance
Management Architect
Patch Availability for Oracle Hyperion Enterprise Performance
Management Architect
3.3.20 Oracle Hyperion Essbase
Error Correction information for Oracle Hyperion Essbase
Patch Availability for Oracle Hyperion Essbase
3.3.21 Oracle Hyperion Financial Close Management
Error Correction details for Oracle Hyperion Financial Close Management
Patch Availability for Oracle Hyperion Financial Close Management
3.3.22 Oracle Hyperion Financial Management
Error Correction information for Oracle Hyperion Financial Management
Patch Availability for Oracle Hyperion Financial Management
3.3.23 Oracle Hyperion Financial Reporting
Error Correction information for Oracle Hyperion Financial Reporting
Patch Availability for Oracle Hyperion Financial Reporting
3.3.24 Oracle Hyperion Planning
Error Correction information for Oracle Hyperion Planning
Patch Availability for Oracle Hyperion Planning
3.3.25 Oracle Hyperion Profitability and Cost Management
Error Correction information for Oracle Hyperion Profitability and Cost
Management
Patch Availability for Oracle Hyperion Profitability and Cost
Management
3.3.26 Oracle Hyperion Strategic Finance
Error Correction information for Oracle Hyperion Strategic Finance
Patch Availability for Oracle Hyperion Strategic Finance
3.3.27 Oracle Hyperion Workspace
Error Correction information for Oracle Hyperion Workspace
Patch Availability for Oracle Hyperion Workspace
3.3.28 Oracle Identity and Access Management
For the
appropriate product versions listed below, refer to the corresponding Oracle
Fusion Middleware patch availability sections that contain information on
Error Correction, and for the patches to apply. Not all homes that are listed
in those sections might be present in the Oracle Identity Access Management
installation. Only the relevant homes from those tables need to be patched.
Patch
Availability for Oracle Identity Access Management
3.3.29 Oracle Identity Management Connector
Error Correction information for
Oracle Identity Management Connector
Patch Availability for Oracle
Identity Management Connector
3.3.30 Oracle JDeveloper and Oracle ADF
Error Correction
information for Oracle JDeveloper and Oracle ADF
Comments
Critical Patch
Update Availability for Oracle JDeveloper and
Oracle ADF
3.3.31 Oracle Map Viewer
Error Correction information for Oracle Map Viewer
Patch Availability for Oracle Map Viewer
3.3.32 Oracle Outside In Technology
Error Correction information for Oracle Outside In Technology
Patch Availability for Oracle Outside In Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Outside In Technology 8.5.5
|
ORACLE OUTSIDE IN TECHNOLOGY (OIT) APRIL 2020 8.5.5
BUNDLE PATCH #1 Patch TBD
|
CVE-2020-2783, CVE-2019-16168, CVE-2020-2785,
CVE-2020-2787, CVE-2020-2786, CVE-2019-15903, CVE-2018-20622,
CVE-2016-10328
|
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Outside In Technology 8.5.4
|
ORACLE
OUTSIDE IN TECHNOLOGY (OIT) APRIL 2020 8.5.4 BUNDLE PATCH #8 Patch 31083998
|
CVE-2020-2784, CVE-2020-2785, CVE-2020-2786,
CVE-2020-2787, CVE-2019-16168, CVE-2016-10328, CVE-2018-20622,
CVE-2018-20843, CVE-2020-2783, CVE-2019-15903
|
|
3.3.33 Oracle Real Time Decisions Platform
Error Correction information for Oracle Real Time Decisions Platform
Describes the Error Correction information for Oracle Real Time
Decisions Platform.
Patch Availability for Oracle Real Time Decisions Platform
Describes the available patches for Oracle Real Time Decisions
Platform.
3.3.34 Oracle Service Architecture Leveraging Tuxedo
(SALT)
Error Correction information for Oracle Service Architecture Leveraging
Tuxedo (SALT)
Patch Availability for Oracle Service Architecture Leveraging Tuxedo
(SALT)
3.3.35 Oracle SOA Suite
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
SOA Suite installation. Only the relevant homes from those tables need to be
patched.
Patch Availability for Oracle SOA Suite
3.3.36 Oracle Traffic Director
Error Correction
information for Oracle Traffic Director
Patch
Availability for Oracle Traffic Director
3.3.37 Oracle Tuxedo
Error Correction information for Oracle Tuxedo
Patch Availability for Oracle Tuxedo
3.3.38 Oracle Tuxedo System and Applications Monitor Plus
(TSAM Plus)
Error Correction Information for Oracle Tuxedo System and Applications
Monitor Plus (TSAM Plus)
Patch Availability for Oracle Tuxedo System and Applications Monitor
Plus (TSAM Plus)
3.3.39 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Web-Tier 11g Utilities installation. Only the
relevant homes from those tables need to be patched.
Patch Availability for Oracle Web-Tier 11g Utilities
3.3.40 Oracle WebCenter
For the
appropriate product versions listed below, refer to the corresponding Oracle
Fusion Middleware patch availability sections that contain information on
Error Correction, and for the patches to apply. Not all homes that are listed
in those sections might be present in the Oracle WebCenter
installation. Only the relevant homes from those tables need to be patched.
3.3.41 Oracle WebCenter Content (Formerly Oracle
Universal Content Management)
Patch
Availability for Oracle WebCenter Content
3.3.42 Oracle WebCenter Portal
Error Correction
information for Oracle WebCenter Portal
Patch
Availability for Oracle WebCenter Portal
3.3.43 Oracle WebCenter Sites (Formerly FatWire Content Server)
Error Correction
information for Oracle WebCenter Sites (formerly FatWire Content Server)
Patch
Availability for Oracle WebCenter Sites
3.3.44 Oracle WebCenter Sites Community
Error Correction
information for Oracle WebCenter Sites Community
Patch
Availability for Oracle WebCenter Sites Community
3.3.45 Oracle WebCenter Suite
For the
appropriate product versions listed below, refer to the corresponding Oracle
Fusion Middleware patch availability sections that contain information on
Error Correction, and for the patches to apply. Not all homes that are listed
in those sections might be present in the Oracle WebCenter
Suite installation. Only the relevant homes from those tables need to be
patched.
Patch
Availability for Oracle WebCenter Suite
3.3.46 Oracle WebLogic Portal
Error Correction
information for Oracle WebLogic Portal
Critical Patch
Update Availability for WebLogic Portal
See also the
underlying product stack tables (JRockit and WLS)
for any applicable patches.
WebLogic Portal patches are cumulative to include all the prior
published advisories. For more information, see My Oracle Support Note 1355929.1, October 2011
Updates Introduce New WebLogic Portal (WLP)
Configuration Options for SSL Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled with WebLogic
Server 9.2.3.0, which is out of error correction. Contact Oracle support for
security patches needed for WebLogic Server 9.2.3.0
3.3.47 Oracle WebLogic Server
Error Correction
information for Oracle WebLogic Server Patch Set
Update
Patch Set Update
Availability for Oracle WebLogic Server
For more
information, see MyOracleSupport Note 1470197.1, Patch Set
Update (PSU) Release Listing for Oracle WebLogic
Server (WLS). Note 1306505.1
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Java SE home
Oracle JRockit 28.x home
|
See Note 2648984.1, Oracle Critical
Patch Update (CPU) April 2020 for Oracle Java SE
|
See Note 2648984.1, Oracle Critical
Patch Update (CPU) April 2020 for Oracle Java SE
|
See Note 1492980.1, How to
Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle WebLogic Server 12.2.1.3/12.2.1.4 home
|
OPatch 13.9.4.2.2 Patch 28186730 + Patch 31101362
|
CVE-2019-16943
|
Update OPatch (Patch
28186730 Patch 31101362) before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen
OPatch 13 for Oracle Fusion Middleware 12c.
|
|
WebLogic Server 12.2.1.4 home
|
WLS PATCH
SET UPDATE 12.2.1.4.200228 Patch 30970477 + Patch 30761841 + Patch 31101341
|
CVE-2020-2883, CVE-2019-16943, CVE-2020-2869,
CVE-2020-2766, CVE-2020-2884, CVE-2020-2801, CVE-2020-2867, CVE-2020-2811,
CVE-2020-2798
|
CVE-2019-2888 announced in Oct 2019 Advisory is
included in the Jan2020 patch.
Patch 30761841 is for CVE-2019-17359
Patch 31101341 is for CVE-2019-16943
|
|
WebLogic Server
12.2.1.3 home
|
WLS PATCH SET UPDATE 12.2.1.3.0(ID:200227.1409) Patch 30965714
|
CVE-2020-2883, CVE-2019-16943, CVE-2020-2869, CVE-2020-2766,
CVE-2020-2884, CVE-2020-2801, CVE-2020-2867, CVE-2019-17571, CVE-2020-2811,
CVE-2020-2798
|
Refer to Note 2566635.1 for Patch Conflict issue.
CVE-2018-3213
Is addressed in Docker Images published after
September 13, 2018. Latest docker image at https://container-registry.oracle.com.
See Note 2395745.1, April 2018 Critical
Patch Update: Additional Information about the Oracle WebLogic
Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical
Patch Update: Additional information about the Oracle WebLogic
Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic
Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
|
WLS PATCH
SET UPDATE 12.1.3.0.200414 Patch 30857795
|
CVE-2020-2883, CVE-2020-2869, CVE-2020-2766,
CVE-2020-2884, CVE-2020-2801, CVE-2020-2867, CVE-2019-17571, CVE-2020-2811,
CVE-2020-2798
|
Refer to Note 2566635.1 for Overlay Patch Conflict issue
See Note 2395745.1, April 2018 Critical
Patch Update: Additional Information about the Oracle WebLogic
Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical
Patch Update: Additional information about the Oracle WebLogic
Server Vulnerability CVE-2018-2933
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic
Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 10.3.6.0 home
|
WLS PATCH
SET UPDATE 10.3.6.0.200414 Patch 30857748
|
CVE-2020-2883, CVE-2020-2869, CVE-2020-2766,
CVE-2020-2884, CVE-2020-2801, CVE-2020-2828, CVE-2019-17571, CVE-2020-2811,
CVE-2020-2798, CVE-2020-2829
|
See Note 1607170.1, SSL Authentication
Problem Using WebLogic 10.3.6 and 12.1.1 With
JDK1.7.0_40 or Higher
See Note 2395745.1, April 2018 Critical
Patch Update: Additional Information about the Oracle WebLogic
Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical
Patch Update: Additional information about the Oracle WebLogic
Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic
Server Vulnerability CVE-2015-4852
|
|
WebLogic Server 12.1.3.0 home
WebLogic Server 10.3.6.0 home
|
WLS
12.1.3 JDBC Patch 20741228
WLS 10.3.6 JDBC Patch 27541896
|
Released January 2018
|
Please refer to Note 1970437.1 How To Update the JDBC and UCP
Drivers Bundled with WebLogic Server 10.3.6 and
12c
|
|
Oracle WebLogic Server and Coherence 12.2.1.4 home
Oracle WebLogic Server and Coherence 12.2.1.3 home
Oracle WebLogic Server and Coherence 12.1.3.0 home
Oracle WebLogic Server and Coherence 10.3.6.0 home
|
Coherence
12.2.1.4.4 Patch 31030896
Coherence 12.2.1.3.7 Patch 31030882
Coherence 12.1.3.0.8 Patch 31030870
Coherence 3.7.1.18 Patch 31030847
|
CVE-2020-2915, CVE-2020-2949
|
Coherence Patch
|
|
WebLogic Server
12.2.1.3.0 home
WebLogic Server
12.1.3.0.0 home
WebLogic Server
10.3.6.0.0 home
|
WEBLOGIC SAMPLES SPU 12.2.1.3.191015 Patch 30170398
and
WEBLOGIC SAMPLES SPU 12.1.3.0.191015 Patch 30170397
|
Released October 2019
|
This patch is a cumulative patch for all Struts 2 CVEs
to date. For more information, see: Note 2255054.1 Oracle WebLogic
Server Requirements for Apache Struts 2 Vulnerabilities
|
|
WebLogic Server 12.1.3.0 home
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS
patch
|
|
WebLogic Server
12.1.3.0 home
WebLogic Server
10.3.6.0 home
|
See Note 1936300.1
|
Released
October 2014
|
SSL V3.0
"Poodle" Advisory
|
This section
contains the following:
·
Section 3.4.1 "Directory Server Enterprise
Edition"
·
Section 3.4.2 "Reserved for Future Use"
3.4.1 Directory Server Enterprise Edition
Error Correction
information for Directory Server Enterprise Edition
Patch
Availability for Directory Server Enterprise Edition
3.4.2 Reserved for Future Use
Error Correction
information for Reserved for Future Use
Patch
Availability for Reserved for Future Use
This section
contains the following:
·
Section 3.5.1 "Oracle OPatch"
3.5.1 Oracle OPatch
Minimum Product
Requirements for Oracle OPatch
The CPU security
vulnerabilities are fixed in the listed release and later releases. The
Oracle OPatch downloads can be found at Patch 6880880.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle OPatch
|
11.2.0.3.23, 12.2.0.1.19
|
CVE-2019-20330, CVE-2016-4000, CVE-2016-4463,
CVE-2018-1000873, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-1320,
CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721,
CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2019-12086,
CVE-2019-12384, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540,
CVE-2019-16335 and CVE-2020-8840
|
Download the latest versions available to install
Database Patches
|
Final CPU History
The Final CPU is the last quarter that a product is supported in the
CPU program as per the Premier Support and Extended Support policies. For
more information, see My Oracle Support Note 209768.1, Database, FMW,
EM Grid Control, and OCS Software Error Correction Support Policy.
The following
documents provide additional information about Critical Patch Updates:
·
My Oracle Support Note 756671.1, Master Note for Database Proactive Patch Program
·
My Oracle Support Note 822485.1, Master Note for Enterprise Manager Proactive Patch
Program
·
My Oracle Support Note 1494151.1, Master Note on Fusion Middleware
Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs)
Modification
History
|