微信公众号:云库管 www.yunDBA.com

北京云库管科技有限公司 (内部培训资料) 返回上级

 

PDF文档下载

 

 

 

Critical Patch Update (CPU) Program Oct 2020 Patch Availability Document (PAD) (Doc ID 2694898.1)

 

 


APPLIES TO:

Oracle WebLogic Server - Version 10.3.6 and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) - Version N/A and later
Information in this document applies to any platform.

PURPOSE

This document defines the patches and minimum releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates released on October 20, 2020.

SCOPE

 The document is for Database Administrators and/or others tasked with Quarterly Security Patching.

DETAILS

 

Database, Fusion Middleware, and Enterprise Manager Critical Patch Update October 2020 Patch Availability Document

My Oracle Support Note 2694898.1

Released October 20, 2020

This document contains the following sections:

Quick Links:   Read Me First    DB 19c    EM Cloud Control    FMW    WLS

1 Overview

Oracle provides quarterly cumulative patches to address security vulnerabilities. The patches may include critical fixes in addition to the security fixes. The security vulnerabilities addressed are announced in the Advisory for October 2020, available at:

Oracle Technical Network Advisory

This document lists the Oracle Database, Fusion Middleware and Enterprise Manager CPU program cumulative patches for product releases under error correction. The October 2020 release supersedes earlier CPU program cumulative patches for the same product releases. This document is subject to continual update after the initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to ensure you have the latest version.

This section contains the following:

1.1 How To Use This Document

The following steps explain how to use this document.

Step 1   Assess your Environments

Determine the Oracle product suites and products and their release numbers for each of your environments.

Step 2   Read Important Announcements

Review "What's New in October 2020," as it lists documentation and packaging changes along with important announcements such as upcoming final CPUs.

Step 3   Determine Patches to be Applied

For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control 12.1.0.5.

·         The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite

·         The patches are listed in the order released, with newest patches listed first

·         For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes

·         The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance

·         Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

·         When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."

Step 4   Apply the Patches

Download the patches, review the READMEs, and apply the patches according to the instructions.

Step 5   Planning for Future Critical Patch Updates

To help you plan for future Critical Patch Updates, this document includes Final CPU information based on Oracle's Lifetime Support Policy and error correction policies.

"Final CPU Information (Error Correction Policies)" in "What's New in October 2020," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU program patch for the product. Products that have reached the end of error correction are documented in "Final CPU History."

1.2 Terminology in the Tables

The following terminology is used in this patch availability document and in the subsequent tables.

  • Update - Release Update
  • Revision -Release Update Revision
  • BP - Bundle Patch
  • Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
  • NA Not Applicable.
  • OR On-Request. The patch is made available through the On-Request program.
  • PSU - Patch Set Update
  • SPU - Security Patch Update. An iterative, cumulative patch consisting of security fixes.
  • Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

1.3 On-Request Patches

Oracle does not proactively release patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

The following guidelines describe how to initiate an on-request (OR) patch.

A request may be made:

    • At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.
    • As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy.
    • For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUOct2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

1.4 CPU Program and My Oracle Support Patch Recommendations

My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

1.5 My Oracle Support (MOS) Conflict Checker Tool

The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

For more information and a demonstration video, see Knowledge Document Note 1091294.1How to Use the My Oracle Support Conflict Checker Tool for Patches Installed with OPatch [Video].

2 What's New in October 2020

This section describes important changes in October 2020:

2.1 Final CPU Information (Error Correction Policies)

The final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. Final CPUs for upcoming releases, as well as newly scheduled final CPUs, are listed in the following sections.

Final CPUs scheduled for Jan 2021

  • Oracle Endeca Server
  • Oracle Endeca Information Discovery Integrator
  • Oracle Endeca Information Discovery Studio

Final CPUs scheduled for Oct 2020

  • Oracle Enterprise Data Quality for Product Data 11.1.1.6.0
  • Oracle Enterprise Manager Cloud Control 12.1.0.5

 

2.2 Post Release Patches

Oracle strives to complete preparations and testing of each Quarterly Security Patch for each platform by the quarterly release date. Occasionally, circumstances beyond our control dictate that a particular patch be delayed and be released a few days after the quarterly release date. The following table lists any current patch delays and the estimated date of availability.

Patch

Patch Number

Platform

Availability

EM BP Patch Set Update 13.3.0.0.201020

Patch 31899771

All

Available

Enterprise Manager for OMS Plugins 13.3.1.0.201031

Patch 32019093

All

Available

OAM WEBGATE BUNDLE PATCH 11.1.2.3.200804

Patch 31710235

Solaris Sparc64

Available

Combo OJVM Release Update 19.9.0.0.201020 & Database Release Update 19.9.0.0.201020

Patch 31720396

All

Available

DB RU 19.9.0.0.201020

Patch 31771877

All

Available

Combo OJVM Release Update 19.9.0.0.201020 & GI Release Update 19.9.0.0.201020

Patch 31720429

All

Available

GI RU 19.9.0.0.201020

Patch 31750108

All

Available

DB RUR 19.8.1.0.201020

Patch 31666885

All

Available

GI RUR 19.8.1.0.201020

Patch 31719890

All except Linux x86-64 & zLinux

Available

DB RUR 19.7.2.0.201020

Patch 31667176

All

Available

GI RUR 19.7.2.0.201020

Patch 31719845

All

Available

DB RU 18.12.0.0.201020 (& associated COMBO)

Patch 31730250 (& Patch 31720435)

All

Available

GI RU 18.12.0.0.201020 (& associated COMBO)

Patch 31748523 (& Patch 31720457)

All

Available

DB RUR 18.11.1.0.201020

Patch 31666917

All

Available

GI RUR 18.11.1.0.201020

Patch 31719758

All

Available

DB RUR 18.10.2.0.201020

Patch 31667173

All

Available

GI RUR 18.10.2.0.201020

Patch 31719777

All

Available

DB Oct2020 RU 12.2.0.1.201020 (& associated COMBO)

Patch 31741641 (& Patch 31720473)

All

Available

GI Oct2020 RU 12.2.0.1.201020 (& associated COMBO)

Patch 31750094 (& Patch 31720486)

All

Available

DB Jul2020 RUR 12.2.0.1.201020

Patch 31666944

All

Available

GI Jul2020 RUR 12.2.0.1.201020

Patch 31716471

All

Available

DB Apr2020 RUR 12.2.0.1.201020

Patch 31667168

All

Available

GI Apr2020 RUR 12.2.0.1.201020

Patch 31718774

All

Available

DB Proactive Bundle Patch 12.1.0.2.201020 (& associated COMBO)

Patch 31718813 (& Patch 31720769)

All

Available

Oracle JavaVM Component Database PSU 12.1.0.2.201020

Patch 31668915

All

Available

DB PSU 11.2.0.4.201020 (& associated COMBO)

Patch 31537677 (& Patch 31720776)

HP-UX PA-RISC

ETA 20-Nov-2020

GI PSU 11.2.0.4.201020 (& associated COMBO)

Patch 31718723 (& Patch 31720783)

HP-UX PA-RISC

ETA 20-Nov-2020

DB SPU 11.2.0.4.201020 (& associated COMBO)

Patch 31834759 (& Patch 31720810)

All except AIX

Available

DB SPU 11.2.0.4.201020 (& associated COMBO)

Patch 31834759 (& Patch 31720810)

AIX

ETA 20-Nov-2020

Microsoft Windows BP 19.9.0.0.201020 (& associated OJVM)

Patch 31719903 (& Patch 31668882)

Windows 32-Bit and 64-Bit

ETA 20-Nov-2020

Microsoft Windows BP 18.12.0.0.201020 (& associated OJVM)

Patch 31629682 (& Patch 31668892)

Windows 32-Bit and 64-Bit

ETA 20-Nov-2020

QFSDP for Exadata (Oct2020)

Various (See Section 3.1)

Linux x86-64, Solaris x86-64

Available

Quarterly Full Stack download for SuperCluster (Q4.2020)

Patch 31721198

All

ETA 20-Nov-2020

3 Patch Availability for Oracle Products

This section contains the following:

3.1 Oracle Database

This section contains the following:

3.1.1 Oracle REST Data Services (formally called Oracle APEX Listener)

Minimum Product Requirements for Oracle REST Data Services

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle REST Data Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.

Product

Release

Advisory Number

Comments

Oracle REST Data Services

20.2.1

CVE-2020-14744, CVE-2020-11023, CVE-2020-14745

 

3.1.2 Oracle Application Express

Minimum Product Requirements for Oracle Application Express

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

Component

Release

Advisory Number

Comments

Oracle Application Express

20.2

CVE-2020-11023, CVE-2020-9281, CVE-2020-14763, CVE-2020-14898, CVE-2020-14899, CVE-2020-14900, CVE-2020-14762

Customer on 20.1.0.00.13 should apply Patch 30990551 to be secure.

 

3.1.3 Oracle Big Data Spatial and Graph

Minimum Product Requirements for Oracle Big Data Spatial and Graph

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Big Data Spatial and Graph downloads and installation instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html

Component

Release

Advisory Number

Comments

Big Data Spatial and Graph

20.2

CVE-2019-0192, CVE-2015-9251, CVE-2020-9546, CVE-2019-10744, CVE-2017-5645

 

 

3.1.4 Oracle Database

This section contains the following:

3.1.4.1 Patch Availability for Oracle Database

For information regarding the different types of patches for Database, refer to Oracle Database - Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1

3.1.4.2 Oracle Database 19

Patch Information

19

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 19

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Release Update 19.9.0.0.201020 and Database Release Update 19.9.0.0.201020 Patch 31720396 for UNIX, or

Combo OJVM Release Update 19.9.0.0.201020 and GI Release Update 19.9.0.0.201020 Patch 31720429, or

Quarterly Full Stack download for Exadata (Oct2020) 19.9.0.0.200814 Patch 31721191 for Linux x86-64

CVE-2020-14901, CVE-2020-14735, CVE-2020-14734, CVE-2020-9488, CVE-2020-11022, CVE-2020-14742, CVE-2019-17543, CVE-2019-11922, CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14743, CVE-2020-11023

For patch availability, see section 2.2 Post Release Patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.

Oracle Database Server home

Database Release Update 19.9.0.0.201020 Patch 31771877 for UNIX, or

Database Release Update Revision 19.8.1.0.201020 Patch 31666885 for UNIX, or

Database Release Update Revision 19.7.2.0.201020 Patch 31667176 for UNIX, or

GI Release Update 19.9.0.0.201020 Patch 31750108, or

GI Release Update Revision 19.8.1.0.201020 Patch 31719890, or

GI Release Update Revision 19.7.2.0.201020 Patch 31719845, or

Microsoft Windows 32-Bit and x86-64 BP 19.9.0.0.201020 Patch 31719903, or later;

Quarterly Full Stack download for Exadata (Oct2020) 19.9.0.0.200814 Patch 31721191 for Linux x86-64, or

Quarterly Full Stack download for SuperCluster (Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit

CVE-2020-14901, CVE-2020-14735, CVE-2020-14734, CVE-2020-9488, CVE-2020-11022, CVE-2020-14742, CVE-2019-17543, CVE-2019-11922, CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-11023

For patch availability, see section 2.2 Post Release Patches

From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

OJVM Release Update 19.9.0.0.201020 Patch 31668882 for all platforms

CVE-2020-14743

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server and Client home

JDK8u271Patch 31743771

CVE-2020-14792, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798

JDK patches for 32 bit clients would be build on demand basis.

Oracle Database Server home

Perl Patch 29511771

Released April 2019

Perl Patch listed also includes CVE-2018-20843 announced in CPUOct2020.

Oracle Database Client home

Database Release Update 19.4.0.0.190716 Patch 29834717 for UNIX

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.3 Oracle Database 18

Patch Information

18

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 18

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Release Update 18.12.0.0.201020 and Database Release Update 18.12.0.0.201020 Patch 31720435 for UNIX, or

Combo OJVM Release Update 18.12.0.0.201020 and GI Release Update 18.12.0.0.201020 Patch 31720457, or

Quarterly Full Stack download for Exadata (Oct2020) 18.12.0.0.200814 Patch 31721185

CVE-2020-14735, CVE-2020-14734, CVE-2020-9488, CVE-2020-11022, CVE-2020-14742, CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359, CVE-2020-14743, CVE-2020-11023

For patch availability, see section 2.2 Post Release Patches

OJVM Update patches from 18.4 onwards are RAC Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches.

Oracle Database Server home

Database Release Update 18.12.0.0.201020 Patch 31730250, or

Database Release Update Revision 18.11.1.0.201020 Patch 31666917, or

Database Release Update Revision 18.10.2.0.201020 Patch 31667173, or

GI Release Update 18.12.0.0.201020 Patch 31748523, or

GI Release Update Revision 18.11.1.0.201020 Patch 31719758, or

GI Release Update Revision 18.10.2.0.201020 Patch 31719777, or

Microsoft Windows 32-Bit and x86-64 BP 18.12.0.0.201020 Patch 31629682, or later;

Quarterly Full Stack download for Exadata (Oct2020) 18.12.0.0.200814 Patch 31721185, or

Quarterly Full Stack download for SuperCluster (Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit

CVE-2020-14735, CVE-2020-14734, CVE-2020-9488, CVE-2020-11022, CVE-2020-14742, CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359, CVE-2020-11023

For patch availability, see section 2.2 Post Release Patches

From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

OJVM Release Update 18.12.0.0.201020 Patch 31668892 for all platforms

CVE-2020-14743

OJVM Update patches from 18.4 onwards are RAC Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches

Oracle Database Server and Client home

JDK8u271 Patch 31749759

CVE-2020-14792, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

JDK patches for 32 bit clients would be build on demand basis

Oracle Database Server home

Perl Patch 31225444

Released July 2020

Perl Patch listed also includes CVE-2018-20843 announced in CPUOct2020.

Oracle Database Client home

Database Release Update 18.7.0.0.190716 Patch 29757256, or

Database Release Update Revision 18.6.1.0.190716 
Patch 29708235, or

Database Release Update Revision 18.5.2.0.190716 
Patch 29708437 or

Microsoft Windows 32-Bit and x86-64 BP 18.7.0.0.190716 Patch 29859180

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.4 Oracle Database 12.2.0.1

Patch Information

12.2.0.1

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 12.2.0.1

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Release Update 12.2.0.1.201020 and Database Release Update 12.2.0.1.201020 Patch 31720473 for UNIX, or

Combo OJVM Release Update 12.2.0.1.201020 and GI Release Update 12.2.0.1.201020 Patch 31720486, or

Quarterly Full Stack download for Exadata (Oct2020) 12.2.0.1 Patch 31721177, or

Quarterly Full Stack download for SuperCluster (Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit

CVE-2020-14735, CVE-2020-14734, CVE-2020-9488, CVE-2020-11022, CVE-2020-14736, CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359, CVE-2020-14743, CVE-2020-11023, CVE-2018-2765

For patch availability, see section 2.2 Post Release Patches

OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM PSU and OJVM Update) Patches.

Oracle Database Server home

Database Oct2020 Release Update 12.2.0.1.201020 Patch 31741641 for UNIX, or

Database Apr2020 Release Update Revision 12.2.0.1.201020 Patch 31667168, or

Database Jul2020 Release Update Revision 12.2.0.1.201020 Patch 31666944, or

GI Oct2020 Release Update 12.2.0.1.201020 Patch 31750094, or

GI Apr2020 Release Update Revision 12.2.0.1.201020 Patch 31718774, or

GI Jul2020 Release Update Revision 12.2.0.1.201020 Patch 31716471, or

BS2000 Database BP 12.2.0.1.201020 Patch 31784375

Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.201020 Patch 31654782, or later;

Quarterly Full Stack download for Exadata (Oct2020) 12.2.0.1 Patch 31721177, or

Quarterly Full Stack download for SuperCluster (Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit

CVE-2020-14735, CVE-2020-14734, CVE-2020-9488, CVE-2020-11022, CVE-2020-14736, CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359, CVE-2020-11023, CVE-2018-2765

For patch availability, see section 2.2 Post Release Patches

From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

OJVM Release Update 12.2.0.1.201020 Patch 31668898 for UNIX, or

OJVM Microsoft Windows Bundle Patch 12.2.0.1.201020 Patch 31740064

CVE-2020-14743

OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server and Client home

JDK8u271 Patch 31749740

CVE-2020-14792, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

JDK patches for 32 bit clients would be build on demand basis.

Oracle Database Server home

Perl Patch 30508161

Released July 2020

Perl Patch listed also includes CVE-2018-20843 announced in CPUOct2020.

Oracle Database Client home

Database Oct2019 Release Update 12.2.0.1.190716 Patch 29757449 for UNIX, or

Database Jan2019 Release Update Revision 12.2.0.1.190716 
Patch 29708478, or

Database Apr2019 Release Update Revision 12.2.0.1.190716 
Patch 29708381, or

Microsoft Windows 32-Bit and x86-64 RU 12.2.0.1.190716 
Patch 29832062, or later

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.5 Oracle Database 12.1.0.2

Error Correction information for Oracle Database 12.1.0.2

Patch Information

12.1.0.2

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

 32-bit client-only platforms

 

Patch Availability for Oracle Database 12.1.0.2

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM PSU 12.1.0.2.201020 and Database PSU 12.1.0.2.201020 Patch 31720729 for UNIX, or

Combo OJVM PSU 12.1.0.2.201020 and GI PSU 12.1.0.2.201020 Patch 31720761, or

Combo OJVM PSU 12.1.0.2.201020 and Database Proactive BP 12.1.0.2.201020  Patch 31720769 for UNIX, or

Quarterly Full Stack download for Exadata (Oct2020) BP 12.1.0.2 Patch 31721169, or

Quarterly Full Stack download for SuperCluster (Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit

CVE-2020-14735, CVE-2020-14734, CVE-2020-14736, CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359, CVE-2020-14743, CVE-2020-11023, CVE-2018-2765

For patch availability, see section 2.2 Post Release Patches

OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.

Oracle Database Server home

Database PSU 12.1.0.2.201020 Patch 31550110 for UNIX, or

GI PSU 12.1.0.2.201020 Patch 31718737, or

Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.201020 Patch 31658987, or later;

Database Proactive Bundle Patch 12.1.0.2.201020 Patch 31718813 or

Quarterly Full Stack download for Exadata (Oct2020) BP 12.1.0.2 Patch 31721169, or

Quarterly Full Stack download for SuperCluster (Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit

CVE-2020-14735, CVE-2020-14734, CVE-2020-14736, CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359, CVE-2020-11023, CVE-2018-2765

For patch availability, see section 2.2 Post Release Patches

For JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

Oracle JavaVM Component Database PSU 12.1.0.2.201020 Patch 31668915 for UNIX, or

Oracle JavaVM Component Microsoft Windows Bundle Patch 12.1.0.2.201020 Patch 31740134

CVE-2020-14743

OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

All OJVM PSU since 12.1.0.2.161018 includes Generic JDBC Patch 23727148

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server and Client home

JDK7u281 Patch 31749725

CVE-2020-14792, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

JDK patches for 32 bit clients would be build on demand basis.

Oracle Database Server home

Perl Patch 30508171

Released July 2020

Perl Patch listed also includes CVE-2018-20843 announced in CPUOct2020.

Oracle Database Server home

Oracle JavaVM Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148

Released July 2016

 

Oracle Database Client home

Database PSU 12.1.0.2.190716 Patch 29494060 for UNIX, or

Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.190716 
Patch 29831650

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.6 Oracle Database 11.2.0.4

Error Correction information for Oracle Database 11.2.0.4

Patch Information

11.2.0.4

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

HP-UX PA-RISC

IBM: Linux on System Z

32-bit client-only platforms except Linux x86

 

On-Request platforms

32-bit client-only platforms except Linux x86

 

Patch Availability for Oracle Database 11.2.0.4

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM PSU 11.2.0.4.201020 and Database SPU 11.2.0.4.201020 Patch 31720810 for UNIX, or

Combo OJVM PSU 11.2.0.4.201020 and Database PSU 11.2.0.4.201020 Patch 31720776 for UNIX, or 

Combo OJVM PSU 11.2.0.4.201020 and GI PSU 11.2.0.4.201020 Patch 31720783 for UNIX, or

Combo OJVM PSU 11.2.0.4.201020 and Exadata BP 11.2.0.4.201020 Patch 31720797

CVE-2020-14735, CVE-2020-14734, CVE-2020-14736, CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359, CVE-2020-14743, CVE-2020-11023, CVE-2018-2765

For patch availability, see section 2.2 Post Release Patches

From Jan2019 onwards the OJVM now only supports JDK7 for security compliance. Please ensure that if there are applications with an OJVM dependency that they are compatible with JDK7.

OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

Database PSU 11.2.0.4.201020 Patch 31537677 for UNIX, or

GI PSU 11.2.0.4.201020 Patch 31718723 for UNIX, or

Database SPU 11.2.0.4.201020 Patch 31834759 for UNIX, or

Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.200414 Patch 31659823, or later;

Quarterly Database Patch for Exadata BP 11.2.0.4.201020 Patch 31718644 for UNIX, or

Quarterly Full Stack download for Exadata (Oct2020) BP 11.2.0.4 Patch 31721158, or

Quarterly Full Stack download for SuperCluster (Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit

CVE-2020-14735, CVE-2020-14734, CVE-2020-14736, CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359, CVE-2020-11023, CVE-2018-2765

For patch availability, see section 2.2 Post Release Patches

For JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server home

Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.201020 Patch 31668908 for UNIX, or

Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.200414 Patch 31740195 for Microsoft Windows

CVE-2020-14743

From Jan2019 onwards the OJVM now only supports JDK7 for security compliance. Please ensure that if there are applications with an OJVM dependency that they are compatible with JDK7.

OJVM PSU 11.2.0.4.161018 and greater includes Generic JDBC Patch 23727132

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server and Client home

JDK7u281 Patch 31749197

CVE-2020-14792, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

JDK patches for 32 bit clients would be build on demand basis.

Oracle Database Server home

Perl Patch 30508206

Released July 2020

Perl Patch listed also includes CVE-2018-20843 announced in CPUOct2020.

Oracle Database Server home

Oracle JavaVM Component Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132

Released July 2016

For RAC deployments, this patch should be applied to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Client home

Database PSU 11.2.0.4.190716 Patch 29497421 for UNIX, or

Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.190716 
Patch 29596609, or later

Released July 2019

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

3.1.5 Oracle Database Mobile/Lite Server

Error Correction Information for Oracle Database Mobile Server

Patch Information

12.1 (Mobile Server)

11.3 (Mobile Server)

Comments

Final CPU

-

October 2021

 

Patch Availability for Oracle Database Mobile Server 12.1.x

Product Home

Patch

Advisory Number

Comments

12.1

12.1.0.0 BP Patch 21974980

Released October 2015

 

Patch Availability for Oracle Database Mobile Server 11.3.x

Product Home

Patch

Advisory Number

Comments

11.3

11.3.0.2 BP Patch 21950285

Released October 2015

 

3.1.6 Oracle GoldenGate

Error Correction information for Oracle GoldenGate

Component

19.1

18.1

12.3.0.1

12.2.0.2

12.1.2.1

Comments

Final CPU

July 2026

April 2021

April 2021

October 2023

October 2021

 

Patch Availability for Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

19.1

OGG 19.1.0.0.200714 for Oracle 19c Patch 31456601

OGG 19.1.0.0.200714 for Oracle 18c Patch 31456600

OGG 19.1.0.0.200714 for Oracle 12c Patch 31456597

OGG 19.1.0.0.200714 for Oracle 11g Patch 31456594

Released July 2020

Refer to Note 1645495.1 for the latest release and additional platforms.

18.1

OGG 18.1.0.0.191119 for Oracle 18c Patch 30058913

OGG 18.1.0.0.191119 for Oracle 12c Patch 30058910

OGG 18.1.0.0.191119 for Oracle 11g Patch 30058904

Released July 2020

Refer to Note 1645495.1 for the latest release and additional platforms.

12.3.0.1

OGG 12.3.0.1.190531 FOR Oracle 12c Patch 29791770

OGG 12.3.0.1.190531 FOR Oracle 11g Patch 29791759

Released July 2020

Refer to Note 1645495.1 for the latest release and additional platforms.

12.2.0.2

OGG 12.2.0.2.200218 for Oracle 12c Patch 30619259

OGG 12.2.0.2.200218 for Oracle 11g Patch 30619257

Released July 2020

Refer to Note 1645495.1 for the latest release and additional platforms.

12.1.2.1

On-Request

Released July 2020

Refer to Note 1645495.1 for the latest release and additional platforms.

3.1.7 Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)

Error Correction information for Oracle GoldenGate for Big Data

Component

19.1.0.0.x

12.3.2.1.0

Comments

Final CPU

July 2026

October 2021

 

Patch Availability for Oracle GoldenGate for Big Data

Product Home

Patch

Advisory Number

Comments

19.1.0.0.0

OGG for Big Data 19.1.0.0.6 Patch 31879447

CVE-2019-17531

 

12.3.2.1

Oracle GoldenGate for Big Data 12.3.2.1.9 Patch 31555782 or later

CVE-2018-8088, CVE-2018-11058

 

3.1.8 Oracle GoldenGate Veridata

Error Correction information for Oracle GoldenGate Veridata

Component

12.2.1

12.1.3

11.2.1.0

Comments

Final CPU

July 2025

July 2022

October 2020

 

Patch Availability for Oracle GoldenGate Veridata

Product Home

Patch

Advisory Number

Comments

12.2.1

OGG Veridata Bundle Patch 12.2.1.4.200714 (PS4 BP2) (Server+Agent) Patch 31044508

Released July 2020

 

12.1.3

ORACLE GOLDENGATE VERIDATA V12.1.3.0.180415 SERVER Patch 26424104

Released April, 2018

 

11.2.1.0

oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665

oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668

Released April 2018

Golden Gate Veridata Patch

3.1.9 Oracle Secure Backup

Error Correction information for Oracle Secure Backup

Patch Information

18.1

Comments

Final CPU

January 2024

 

Minimum Product Requirements for Oracle Secure Backup 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Secure Backup downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html

Product

Release

Advisory Number

Comments

Oracle Secure Backup

18.1

Released April 2020

 

 

3.1.10 Oracle Spatial Studio

Minimum Product Requirements for Oracle Spatial Studio 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Spatial Studio downloads and installation instructions can be found at
https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html

Product

Release

Advisory Number

Comments

Oracle Spatial Studio

19.2.1

Released July 2020

 

 

3.1.11 Oracle Stream Analytics

Minimum Product Requirements for Oracle Stream Analytics 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Stream Analytics downloads and installation instructions can be found at
https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html

Product

Patch

Advisory Number

Comments

Oracle Stream Analytics

19.1.0.0.1 Patch 30629903

Released July 2020

 

 

3.1.12 Oracle TimesTen In-Memory Database

Error Correction information for Oracle TimesTen In-Memory Database

Describes Error Correction information for Oracle TimesTen In-Memory Database.

Patch Information

18.1

Comments

Final Patch

April 2026

 

Minimum Product Requirements for Oracle TimesTen In-Memory Database

Describes the minimum product requirements for Oracle TimesTen In-Memory Database. The CPU security vulnerabilities are fixed in the listed release and later releases.

Product

Release

Advisory Number

Comments

Oracle TimesTen In-Memory Database

18.1.4.1.0 or later version

CVE-2018-11058, CVE-2017-5645, CVE-2019-1010239, CVE-2019-0201

 

 

3.2 Oracle Enterprise Manager

This section contains the following:

3.2.1 Oracle Real User Experience Insight

Error Correction information for Oracle Real User Experience Insight

Patch Information

13.4.1.0

13.3.1.0

Comments

Final CPU

October 2023

April 2021

 

On-Request platforms

-

-

 

Minimum Product Requirements for Oracle Real User Experience Insight

Critical Patch Update security vulnerabilities are fixed in the listed releases. For more information on Oracle Real User Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.

Product Version

Patch

Advisory Number

Comments

Real User Experience Insight 13.3.1.0

Patch 31595030

Released July 2020

 

3.2.2 Oracle Application Testing Suite

Error Correction information for Oracle Application Testing Suite

Patch Information

13.3.0.1

Comments

Final CPU

June 2025

 

Patch Availability for Oracle Application Testing Suite

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.

Product Home

Patches

Advisory Number

Comments

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.2.1.4)

Released January 2019

See "Oracle WebLogic Server" (Version 12.2.1.4)

13.3.0.1

EM BP Application Testing Suite CPU October 2020 Patch 31996548

CVE-2019-17638, CVE-2018-11058, CVE-2020-5398

 

13.3.0.1

EM BP Application Testing Suite OFB CPU October 2020 Patch 31996632

CVE-2019-17638, CVE-2018-11058, CVE-2020-5398

 

 

3.2.3 Oracle Business Transaction Management

Error Correction Information for Oracle Business Transaction Management

Component

12.1.0.7

Comments

Final CPU

-

 

Patch Availability for Oracle Business Transaction Management

Product Home

Patch

Advisory Number

Comment

BTM Home

BTM Patch 12.1.0.7.15 Patch 29135901

Released April 2019

 

 

3.2.4 Oracle Enterprise Manager Cloud Control

If your plans include updating the JDK version, please be sure that the JDK version that you choose is certified with your OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM Cloud Control Component.

Error Correction information for Oracle Enterprise Manager Cloud Control

Patch Information

13.4.0.0

13.3.0.0

12.1.0.5

Comments

Final CPU

-

January 2021

October 2020

 

On-Request platforms

-

-

-

 

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 4 (13.4.0.0)

Product Home

Patches

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

 

 

Oracle Java SE home

See Note 2653847.1 EM 13.4: How to Use the Latest Certified JDK 8 Update with OMS 13.4

See Note 2653847.1 EM 13.4: How to Use the Latest Certified JDK 8 Update with OMS 13.4

 

Base Platform Fusion Middleware home

NGINST SPU FOR 13.9.4.2.2 FOR JACKSON-DATABIND UPDATE TO 2.10.2 Patch 31101362 or later

Released July 2020

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.2.1.3.0)

See "Oracle WebLogic Server" (Version 12.2.1.3.0)

For EM 13.4 customers, Oracle recommends that you delay applying Opatch 13.9.4.2.4 and Weblogic Server July PSU or later, as Certification is not complete. See Note 2693952.1 for details.

Base Platform Fusion Middleware home

OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 or later

Released July 2020

Oracle Security Service (SSL/Network) Patch for Oracle HTTP server (OHS)

Base Platform OMS home

Enterprise Manager for Peoplesoft 13.4.1.1.0 Patch for CPUOct2020 Patch 31795605

CVE-2020-9488

 

Base Platform Agent home

Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later

Released July 2020

 

Base Platform OMS home

Enterprise Manager 13c Release 4 Update 7 (13.4.0.7) for OMS Patch 31882382 or later

CVE-2020-1967, CVE-2019-3740, CVE-2019-2897

 

Base Platform Fusion Middleware home

ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629 or later

Released October 2019

Apply to all Oracle homes installed with an FMW Infrastructure

Base Platform Fusion Middleware home

OHS (NATIVE) BUNDLE PATCH 12.2.1.3.0 (ID:191219.2319) Patch 30687404 or later

Released January 2020

Note 2568225.1Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches

Base Platform Fusion Middleware home

REMOVE APACHE STRUTS FROM BI INSTALL 12.2.1.3 (EM 13.4) Patch 31254677 or later

Released July 2020

 

EM Cloud Control Connectors

See Announcement on MOSC

CVE-2020-1954, CVE-2020-5398

Connector 13.2.1.0 is applicable to EM 13.4

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 3 (13.3.0.0)

Product Home

Patches

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

 

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.1.3)

 

 

Base Platform Fusion Middleware home

Opatch SPU 13.8.0.0.0 Patch 31682991 or later

Released July 2020

 

Base Platform Fusion Middleware home

REMOVE APACHE STRUTS FROM BI INSTALL Patch 31076938 or later

Released July 2020

 

Base Platform OMS home

Base Release 13.3

Released April 2019

 

Base Platform OMS home

EM BP Patch Set Update 13.3.0.0.201020 Patch 31899771 or later

CVE-2019-2897

 

Base Platform OMS home

OSS SECURITY PATCH UPDATE 12.1.3.0.0 (CPUJAN2020) Patch 30692958 or later

Released January 2020

Oracle Security Service (SSL/Network) Patch for Oracle HTTP server (OHS)

Base Platform OMS home

OHS 12.1.3 for EM APR 2020 SPU Patch 31046788 or later

Released April 2020

Note 2572758.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.1.3 Critical Patch Update

Base Platform Agent home

EM-AGENT Bundle Patch 13.3.0.0.191015 Patch 30206738 or later

Released October 2019

 

Base Platform Agent home

EM-BEACON Plug-in Agent Bundle Patch 13.3.0.0.200731 (Patch canceled)

Released July 2020

For CVE-2019-12415, upgrade to 13.4 and apply Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later.

EM Cloud Control Connectors

See Announcement on MOSC

Released April 2019

 

EM Cloud Control Connectors

See Announcement on MOSC

CVE-2020-1954, CVE-2020-5398

Connector 13.2.1.0 is applicable to EM 13.3

Base Platform OMS home

Enterprise Manager for OMS Plugins 13.3.2.0.200630 Patch 31521484 or later

Released July 2020

 

Base Platform OMS home

EM for OMS plugin 13.3.1.0.201031 Patch 32019093 or later

CVE-2020-1967, CVE-2019-3740

 

Base Platform OMS home

SPU Patch 25322055 or later

Released in January 2017

Oracle ADF Patch 12.1.3.0, This patch is necessary for any co-located installations where ADF exists.

Patch Availability for Oracle Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5)

Product Home

Patches

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 10.3.6)

See "Oracle WebLogic Server" (Version 10.3.6)

 

Base Platform Fusion Middleware home

CPU Patch 23703041 or later

Released July 2016

Oracle Business Intelligence Publisher BP 11.1.1.7.160719 patch for BIP home in Enterprise Manager

Base Platform OMS home

EM for OMS plugin 12.1.0.5.200331 Patch 31129450 or later

Released April 2020

For CVE-2019-0227, upgrade to 13.1 or later release

Base Platform OMS home

EM BP Patch Set Update 12.1.0.5.200714 Patch 31250739 or later

Released July 2020

 

Base Platform Fusion Middleware home

JSP 11.1.1.7.0 SPU for EM 12.1.0.5 (CPUAPR2018) Patch 27872862 or later

Released April 2018

JSP 11.1.1.7.0 SPU patch

Base Platform Agent home

BP Patch 22317311 or later

Released January 2016

Apply to Agent core Oracle Home, after applying agent patch 25456449, 22342358

Base Platform Agent home

BP Patch 22342358 or later

Released January 2016

Apply 22342358 to Agent sbin Oracle Home after applying agent Patch 28193486. Then apply Patch 22317311.
If patches 22342358 and 22317311 were applied earlier, no need to reapply.

Base Platform Fusion Middleware home

SPU Patch 22013598 or later

Released January 2016

Web Cache Patch

Apply to Oracle_WT

Post installation steps are not applicable for Enterprise Manager

Plugin home

BP Patch 28347732 or later

Released July 2018

 

Base Platform Agent home

BP Patch 28193486 or later

Released July 2018

 

Base Platform Agent home

EM-BEACON Bundle Patch 12.1.0.5.200731 (Patch canceled)

Released July 2020

For CVE-2019-12415, upgrade to 13.4 and apply Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later.

Base Platform Fusion Middleware home

OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885 or later

Released January 2018

Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates

Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates

See Note 2400141.1 before applying this patch

Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH

Base Platform Fusion Middleware home

CPU Patch 19345576 or later

Released January 2015

Oracle Process Management and Notification (OPMN) Patch for Oracle_WT OH

See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

Base Platform Fusion Middleware home

SPU Patch 17337741 or later

Released October 2013

Oracle Security Service (SSL/Network) Patch for Oracle_WT OH

Base Platform Fusion Middleware home

SPU Patch 25297048 or later

Released January 2017

Oracle ADF Patch 11.1.1.7.1. This patch is necessary for any co-located installations where ADF exists

3.2.5 Oracle Enterprise Manager Ops Center

Error Correction information for Oracle Enterprise Manager Ops Center

Patch Information

12.4.0

Comments

Final CPU

April 2024

Premier Support ends

Patch Availability for Oracle Enterprise Manager Ops Center

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.

Product Home

UNIX

Advisory Number

Comments

12.4.0

Ops Center UCE patches for July 2020 Patch 31470600

Released July 2020

 

12.4.0

Ops Center UI/Other patches for October 2020 Patch 31955705

CVE-2020-11022, CVE-2019-13990

 

3.2.6 OSS Support Tools

Error Correction information for OSS Support Tools

Patch Information

8.11.x

Comments

Final CPU

-

 

Patch Availability for OSS Support Tools

Product Home

Solaris

Advisory Number

Comments

8.11.16.3.8

BP Patch 22783063

March 2016

See My Oracle Support Note 1153444.1Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT

3.2.7 Oracle Configuration Manager

Minimum Product Requirements for Oracle Configuration Manager

Critical Patch Update security vulnerabilities are fixed in the listed releases.  
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com). Customer can use collector tab to down the Oracle Configuration Manager Collector.

Component

Release

Advisory Number

Comments

Oracle Configuration Manager

OCM 12.1.2.0.7 Patch 5567658

Released July 2020

Upgrade to 12.1.2.0.7 Release

For patch availability, see section 2.2 Post Release Patches

3.3 Oracle Fusion Middleware

This section contains the following:

3.3.1 Oracle GoldenGate Monitor (aka Management Pack for Oracle GoldenGate)

Error Correction information for Oracle GoldenGate Monitor (aka Management Pack for Oracle GoldenGate)

Patch Information

12.2.1

12.1.3.x

Comments

Final CPU

July 2025

July 2022

 

 

Patch Availability for Management Pack For Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

12.2.1.2.0

Oracle GoldenGate Monitor 12.2.1.2.200930 (Server+Agent) Patch 31748559

CVE-2020-3235

 

12.1.3

Monitor Server 12.1.3.0.160628 Patch 23340597
Monitor Agent 12.1.3.0.160628 
Patch 23333295

Released June 2016

-


3.3.2 NetBeans IDE

Minimum Product Requirements for NetBeans IDE

Critical Patch Update security vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/

Product Home

Release

Advisory Number

Comments

NetBeans IDE

8.2

Released October 2016

 


3.3.3 Oracle API Gateway

Error Correction information for Oracle API Gateway

Patch Information

11.1.2.4.0

Comments

Final CPU

March 2021

 

Patch Availability for Oracle API Gateway

Product Home

Patch

Advisory Number

Comments

11.1.2.4.0

OAG 11.1.2.4.0 SPU FOR APRCPU2020 Patch 30901960

Released April 2020

 

 

3.3.4 Reserved for future use

 

3.3.5 Oracle Business Intelligence Enterprise Edition

Error Correction information for Oracle Business Intelligence Enterprise Edition

Patch Information

5.5.0.0.0

12.2.1.4.0

12.2.1.3

11.1.1.9

Comments

Final CPU

-

-

October 2021

October 2021

11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

Patch Availability for Oracle Analytics Server 5.5 (Formerly known as Oracle Business Intelligence)

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server home

See "Oracle WebLogic Server" (version 12.2.1.4.0)

See "Oracle WebLogic Server" (version 12.2.1.4.0)

See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

Oracle Analytics Server (OAS) 5.5.0.0.0

See "Oracle Fusion Middleware 12c" (12.2.1.4.)

See "Oracle Fusion Middleware 12c" (12.2.1.4.)

Apply all 12.2.1.4 patches listed for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)"

Oracle Analytics Server (OAS) 5.5.0.0.0

OAS BUNDLE PATCH 5.5.0.0.201012 Patch 32003790

CVE-2020-14879, CVE-2020-14880, CVE-2020-14842, CVE-2019-11358, CVE-2020-14780, CVE-2020-14815, CVE-2020-14843, CVE-2020-14766, CVE-2020-14864

Oracle Business Intelligence is rebranded as Oracle Analytics Server

Apply all 12.2.1.4 patches listed for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)". See "Oracle Fusion Middleware 12.2.1.4"

For patch availability, see section 2.2 Post Release Patches

Oracle Security Service

OSS BUNDLE PATCH 12.2.1.4.200616 Patch 31503472

Released July 2020

 

 

Patch Availability for Oracle Business Intelligence Enterprise Edition 12c

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

12.2.1.4 Oracle Business Intelligence Enterprise Edition

and

12.2.1.3 Oracle Business Intelligence Enterprise Edition

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

Apply all 12.2.1.3 patches listed for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)"

12.2.1.4 Oracle Business Intelligence Enterprise Edition

OBI Bundle Patch 12.2.1.4.201020 Patch 31690037

CVE-2020-14879, CVE-2020-14880, CVE-2020-14842, CVE-2019-11358, CVE-2020-14784, CVE-2020-14780, CVE-2020-14815, CVE-2020-14843, CVE-2020-14766, CVE-2020-14864

 

12.2.1.4 Oracle Business Intelligence Enterprise Edition

and

12.2.1.3 Oracle Business Intelligence Enterprise Edition

OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139

Released July 2020

Oracle Security Service (SSL/Network) Patch

12.2.1.3 Oracle Business Intelligence Enterprise Edition

OBI Bundle Patch 12.2.1.3.201020 Patch 31690029

CVE-2020-14879, CVE-2020-14880, CVE-2020-14842, CVE-2019-11358, CVE-2020-14784, CVE-2020-14780, CVE-2020-14815, CVE-2020-14843, CVE-2020-14766, CVE-2020-14864

 

Patch Availability for Oracle Business Intelligence Enterprise Edition 11.1.1.9

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

11.1.1.9

BI SUITE BUNDLE PATCH 11.1.1.9.201020 Patch 31943269

CVE-2020-14879, CVE-2020-14880, CVE-2020-14842, CVE-2020-14784, CVE-2020-14780, CVE-2020-14766

 

11.1.1.9

OSS BUNDLE PATCH 11.1.1.9.200714 Patch 31304503

Released July 2020

For patch availability, see section 2.2 Post Release Patches

Note 2572809.1 Steps to Evaluate and Update SSL Wallet

11.1.1.9

OPMN Patch 23716938

Released October 2017

 

DAC 11.1.1.6.4 home

Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU for apr2018cpu

Released April 2018

Patch can be installed in any home

3.3.6 Oracle Business Intelligence Publisher

Error Correction information for Oracle Business Intelligence Publisher

Patch Information

12.2.1.4

12.2.1.3

11.1.1.9

Comments

Final CPU

-

October 2021

October 2021

11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

Patch Availability for Oracle Business Intelligence Publisher

Product Home

Patch

Advisory Number

Comments

OAS 5.5.0.0.0, 12.2.1.3 and 12.2.1.4 Business Intelligence Publisher

See "Oracle Business Intelligence Enterprise Edition"

See "Oracle Business Intelligence Enterprise Edition"

BIP is part of OBI Patch in 12c

11.1.1.9

BI Suite Bundle Patch 11.1.1.9.200114 Patch 30677050

Released October 2019

 

11.1.1.9

BP Patch 24580895

Released October 2016

Webservice BP

11.1.1.9

11.1.1.9 Interim Patch 17081528

Released October 2016

XDK Interim Patch

3.3.7 Oracle Complex Event Processing

Error Correction information for Oracle Complex Event Processing

Patch Information

CEP 12.1.3

Comments

Final CPU

October 2020

 

Patch Availability for Oracle Complex Event Processing

See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

Product Home

Patch

Advisory Number

Comments

12.1.3.0

SPU Patch 21071699

Released July 2015

 

3.3.8 Oracle Data Quality for Oracle Data Integrator

Error Correction information for Oracle Data Quality for Oracle Data Integrator

Patch Information

ODIDQ 11.1.x

Comments

Final CPU

-

 

Patch Availability for Oracle Data Quality for Oracle Data Integrator

Product Home

Patch

Advisory Number

Comments

11.1.1.3.0

CPU Patch 21418574

Released July 2015

 

3.3.9 Oracle Data Visualization Desktop

Error Correction information for Oracle Data Visualization Desktop

Patch Information

12.2.4.1.1

Comments

Final CPU

-

 

Patch availability for Oracle Data Visualization Desktop

Product Home

Patch

Advisory Number

Comments

Oracle Data Visualization Desktop 12.2.4.1.1

Patch is available on http://www.oracle.com/technetwork/middleware/oracle-data-visualization/index.html

Released April 2018

 

3.3.10 Oracle Endeca Server

Error Correction information for Oracle Endeca Server

Patch Information

7.7

Comments

Final CPU

January 2021

 

Patch availability for Oracle Endeca Server

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Server 7.7 home

ORACLE ENDECA SERVER 7.7 SPU APRIL 2020 Patch 30507959

Released April 2020

 

3.3.11 Oracle Endeca Information Discovery Integrator

Error Correction information for Oracle Endeca Information Discovery Studio Integrator

Patch Information

3.2

Comments

Final CPU

January 2021

 

 

Patch availability for Oracle Endeca Information Discovery Studio Integrator

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Information Discovery Integrator 3.2 home

ORACLE ENDECA INFORMATION DISCOVERY INTEGRATOR 3.2 CPU OCTOBER 2020 Patch 31934960

CVE-2020-10683

 

Oracle Endeca Information Discovery Integrator 3.2 home

ORACLE ENDECA INFORMATION DISCOVERY INTEGRATOR AQUISITION SYSTEM 3.2 SPU JAN 2020 Patch 30472013

Released in January 2020

 

3.3.12 Oracle Endeca Information Discovery Studio

Error Correction information for Oracle Endeca Information Discovery Studio

Patch Information

3.2

Comments

Final CPU

January 2021

 

Patch availability for Oracle Endeca Information Discovery Studio

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Information Discovery Studio 3.2 home

ORACLE ENDECA INFORMATION DISCOVERY 3.2 STUDIO CPU OCT2020 Patch 31992470

CVE-2019-10173

 

3.3.13 Oracle Enterprise Data Quality

Error Correction information for Oracle Enterprise Data Quality

Patch Information

11.1.1.x

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Enterprise Data Quality

Product Home

Patch

Advisory Number

Comments

12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

11.1.1.9

Patch 25084186

Patch 25534288 (EDQ-CDS)

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

 

3.3.14 Oracle Enterprise Repository

Error Correction information for Oracle Enterprise Repository

Patch Information

11.1.1.7

Comments

Final CPU

October 2021

 

Patch Availability for Oracle Enterprise Repository

Product Home

Patch

Advisory Number

Comments

11.1.1.7.0

OER 11.1.1.7.0 CPU for October 2020 Patch 32014669

CVE-2019-2904

"CVE-2018-1000180, CVE-2018-8013, CVE-2018-1275, CVE-2017-5645" included in 11.1.1.7 patch are announced in previous CPUs.

3.3.15 Oracle Exalogic Patch Set Update (PSU)

Error Correction information for Oracle Exalogic Patch Set Update (PSU)

Patch Information

2.x

1.x

Comments

Final CPU

-

-

 

Patch Set Update Availability for Oracle Exalogic

Oracle Exalogic

Patch

Advisory Number

Comments

2.x Physical

2.0.6.4.200714 Physical Linux (for all X3-2, X4-2, X5-2, and X6-2) Patch 31347467

Released in July 2020

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

2.x Virtual

2.0.6.4.200714 Virtual (for all X3-2, X4-2, X5-2, and X6-2) Patch 31347468

Released in July 2020

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

1.x

Upgrade to 2.x based on information in the Comments column. Then apply the patches listed above.

Released March 2012 (13795376)

Released Februrary 2013 (15931901)

See Patch 13795376 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)

See Patch 15931901 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)

See Note 1314535.1Announcing Exalogic PSUs (Patch Set Updates)

3.3.16 Oracle Fusion Middleware

For more information on how to identify the components in an Oracle home, see Note 1591483.1What is Installed in My Middleware or Oracle home?.

This section contains the following:

3.3.16.1 Oracle Fusion Middleware 12c

The sections below cover Oracle Fusion Middleware version 12.2.x and 12.1.x

3.3.16.1.1 Oracle Fusion Middleware 12.2.1.4

Error Correction information for Oracle Fusion Middleware 12.2.1.4

Patch Information

12.2.1.4

Comments

Final CPU

July 2025

See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

-

 

Determine Components in an Oracle Home

-

See Note 1591483.1, What is Installed in My Middleware or Oracle home?

Understanding Patch Release Versions

-

See Note 1494151.1, understanding Fusion Middleware Bundle Patch (BP) Release Versions
See 
Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

Patch Availability for Oracle Fusion Middleware 12.2.1.4

Distribution

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

All 12.2.1.4 & 12.2.1.3 Fusion Middleware Distributions & WebLogic home

OPatch 13.9.4.2.4 Patch 28186730 or later

Released July 2020

Update OPatch 13.9.4.2.4 Patch 28186730 before applying the WLS PSU.

See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory

WLS PATCH SET UPDATE 12.2.1.4.201001 Patch 31960985 or later

CVE-2020-14841, CVE-2020-14825, CVE-2020-14859, CVE-2020-14820, CVE-2020-11022, CVE-2020-14883, CVE-2020-14882

See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server.

For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory

ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020 Patch 31544353 or later

CVE-2018-11058

ADR Patch

See Note 2703429.1 for details on ADR and Applicability of this patch

Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

WEBLOGIC SAMPLES SPU 12.2.1.4.200714 Patch 31384959 or later

Released July 2020

 

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

ADF BUNDLE PATCH 12.2.1.4.200817 Patch 31762739 or later

CVE-2020-11022

 

Oracle HTTP Server

OHS (NATIVE) BUNDLE PATCH 12.2.1.4.200826 Patch 31808404 or later

CVE-2020-1967, CVE-2019-10097, CVE-2019-5482

 

Oracle SOA Suite and Business Process

SOA Bundle Patch 12.2.1.4.200917 Patch 31903409 or later

CVE-2019-2904, CVE-2020-1951, CVE-2019-11358, CVE-2020-1945, CVE-2020-9484

 

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory

OSS BUNDLE PATCH 12.2.1.4.200616 Patch 31503472 or later

Released July 2020

 

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Coherence 12.2.1.4.5 Patch 31470730 or later

Released July 2020

 

Oracle Unified Directory

OUD BUNDLE PATCH 12.2.1.4.200526 Patch 31400392 or later

Released July 2020

 

Oracle WebCenter Portal

WebCenter Portal Bundle Patch 12.2.1.4.200903 Patch 31850623 or later

CVE-2020-2555, CVE-2020-10683, CVE-2020-9281

 

Oracle Forms and Reports

Oracle Reports Developer 12.2.1.4.0 SPU Patch 30731161 or later

Released January 2020

 

Oracle Webcenter Sites

Webcenter Sites 12.2.1.4.200714 Patch 31548912 or later

Released July 2020

 

3.3.16.1.2 Oracle Fusion Middleware 12.2.1.3

Error Correction information for Oracle Fusion Middleware 12.2.1.3

Patch Information

12.2.1.3

Comments

Final CPU

October 2021

See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

-

 

Determine Components in an Oracle Home

-

See Note 1591483.1, What is Installed in My Middleware or Oracle home?

Understanding Patch Release Versions

-

See Note 1494151.1, understanding Fusion Middleware Bundle Patch (BP) Release Versions

See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

Patch Availability for Oracle Fusion Middleware 12.2.1.3

Distribution

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020 for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

All 12.2.1.3 Fusion Middleware Distributions & WebLogic home

OPatch 13.9.4.2.4 Patch 28186730 or later

Released July 2020

Update OPatch 13.9.4.2.4 Patch 28186730 before applying the WLS PSU.

See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory 

WLS PATCH SET UPDATE 12.2.1.3.201001 Patch 31961038 or later

CVE-2020-14841, CVE-2020-14825, CVE-2020-14859, CVE-2020-14757, CVE-2020-14820, CVE-2020-11022, CVE-2020-14883, CVE-2019-17267, CVE-2020-14882

For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1

See Note 2421487.1, Oracle Strongly recommends applying minimum JDK version (JDK 8u181 or later) to make some of Weblogic Server Deserialization vulnerability fixes effective.

Refer to Note 2437460.1 for Patch Conflict issue.

WLS PSU should also be applied to all homes with a WLS full or standalone domain.

See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

See Note 2076338.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure WebLogic Server for FMW)

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory

ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340 or later

Released July 2020

ADR Patch

See Note 2703429.1 for details on ADR and Applicability of this patch.

Identity and Access Management

OAM BUNDLE PATCH 12.2.1.3.191201(ID:191201.0123.S) Patch 30609442 or later

Released April 2020

 

Identity and Access Management Oracle Unified Directory

OUD BUNDLE PATCH 12.2.1.3.200623 Patch 31529239 or later

Released July 2020

 

Oracle SOA Suite and Business Process

SOA Bundle Patch 12.2.1.3.200901 Patch 31834649 or later

CVE-2019-2904, CVE-2020-1951, CVE-2019-11358, CVE-2020-1945, CVE-2020-9484

 

Oracle WebCenter Portal

WebCenter Portal Bundle Patch 12.2.1.3.200905 Patch 31853298 or later

CVE-2019-10173, CVE-2020-9281, CVE-2020-10683,CVE-2020-2555

 

Oracle Webcenter Sites

Webcenter Sites 12.2.1.3.200714 Patch 31548911 or later

Released July 2020

 

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

WEBLOGIC SAMPLES SPU 12.2.1.3.200714 Patch 31384951 or later

Released July 2020

This patch is a cumulative patch for all Struts 2 CVEs to date.

See Note 2255054.1, Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities

Oracle WebLogic Server and Coherence

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

Coherence 12.2.1.3.10 Patch 31470751 or later

Released July 2020

 

Oracle HTTP Server

Oracle Forms and Reports

OHS (NATIVE) BUNDLE PATCH 12.2.1.3.200911 Patch 31876370 or later

CVE-2019-5482

Note 2568225.1Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches

Oracle Forms and Reports

Oracle Reports Developer 12.2.1.3 SPU Patch 30731147 or later

Released January 2020

 

Identity and Access Management

OIM BUNDLE PATCH 12.2.1.3.0 (ID:200108.2108) Patch 30735905 or later

Released January 2020

 

Oracle HTTP Server

Oracle Forms and Reports (Standalone Forms Builder)

Oracle Internet Directory

OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 or later

Released July 2020

 

Oracle WebCenter Sites

Support Tools 4.4.2 for Oracle WebCenter Sites 12.2.1.3.0 Patch 30505173 or later

Released January 2020

Support Tools for Webcenter Sites Patch

Oracle Data Integrator

ODI Bundle Patch 12.2.1.3.201020 Patch 31873854 or later

CVE-2017-9800, CVE-2016-2510

Patch is released in July 2019, CVE-2019-2943 is announced in Oct CPU.

Oracle Forms and Reports

Forms 12.2.1.3.0 SPU Patch 30410629 or later

Released October 2019

 

Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)

ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629 or later

Released October 2019

Apply to all Oracle homes installed with an FMW Infrastructure

Oracle Service Bus

OSB BUNDLE PATCH 12.2.1.3.190716 (ID:190716.1831) Patch 30059259 or later