|
Oracle WebLogic Server - Version
10.3.6 and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) -
Version N/A and later
Information in this document applies to any platform.
This document defines the patches and minimum
releases for the Database Product Suite, Fusion Middleware Product Suite,
Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set
Updates released on October 20, 2020.
The document is for Database Administrators
and/or others tasked with Quarterly Security Patching.
Database,
Fusion Middleware, and Enterprise Manager Critical Patch Update October
2020 Patch Availability Document
My Oracle Support Note 2694898.1
Released October 20, 2020
This document contains the following sections:
Quick Links: Read Me
First DB 19c EM Cloud
Control FMW WLS
1 Overview
Oracle provides quarterly cumulative patches to
address security vulnerabilities. The patches may include critical fixes in
addition to the security fixes. The security vulnerabilities addressed are
announced in the Advisory for October 2020, available at:
Oracle Technical Network Advisory
This document lists the Oracle Database, Fusion
Middleware and Enterprise Manager CPU program cumulative patches for
product releases under error correction. The October 2020 release
supersedes earlier CPU program cumulative patches for the same product
releases. This document is subject to continual update after the initial
release, and the changes are listed in "Modification History." If you print this document,
check My Oracle Support to ensure you have the latest version.
This section contains the following:
1.1 How To Use This Document
The following steps explain how to use this document.
Step 1 Assess your
Environments
Determine the Oracle product suites
and products and their release numbers for each of your environments.
Step 2 Read Important
Announcements
Review "What's New in October 2020," as it lists documentation and
packaging changes along with important announcements such as upcoming final
CPUs.
Step 3 Determine
Patches to be Applied
For each environment, determine which
patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table
for each product suite release, such as Oracle Database 12.2.0.1, Oracle
Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control
12.1.0.5.
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen
In-Memory Database, and OCS Software Error Correction Support Policy.
Patches are provided only for these releases. If you do not see the release
that you have installed, then check "Final CPU History" and contact Oracle Support for
further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from
previous quarterly releases, or the current one without any security fixes,
the column indicates "Released MMM YYYY"
·
When
a section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is referenced, determine the
Oracle Database release that is installed, and find the patches to apply in
the table for that Oracle Database release in "Oracle Database."
Step 4 Apply the
Patches
Download the patches, review the
READMEs, and apply the patches according to the instructions.
Step 5 Planning for
Future Critical Patch Updates
To help you plan for future Critical
Patch Updates, this document includes Final CPU information based on
Oracle's Lifetime Support Policy and error correction policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in October 2020," documents product releases for
which final Critical Patch Updates are upcoming or are being announced. In
each product section, there is also an Error Correction Information Table
that documents the final CPU program patch for the product. Products that
have reached the end of error correction are documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used in this patch
availability document and in the subsequent tables.
- Update - Release Update
- Revision -Release Update Revision
- BP - Bundle Patch
- Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
- NA Not Applicable.
- OR On-Request. The patch is made available
through the On-Request program.
- PSU - Patch Set Update
- SPU - Security Patch Update. An iterative,
cumulative patch consisting of security fixes.
- Overlay
SPU patch provided
as an overlay on top of a PSU or BP instead of a base/patch set
release.
1.3 On-Request Patches
Oracle does not proactively release patches for
historically inactive platforms. However, Oracle will deliver these patches
when requested.
The following guidelines describe how to initiate an
on-request (OR) patch.
A request may be made:
- At any time. However, a patch for a specific
quarterly release, such as CPUOct2012, cannot be requested. Depending
on when the request is received and processed, either the patch for
the current quarterly release or the next quarterly release will be
provided. Your Service Request (SR) will provide you the planned
availability date for the patch.
- As long as the version is in either Premier
Support or Extended Support and error correction support has not
expired. For example, if a product release is under Extended Support
through the release of CPUJan2013 on January 15, 2013, then you can
file a request for the product release through January 29, 2013. For
more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager,
TimesTen In-Memory Database, and OCS Software Error Correction
Support Policy.
- For a platform-version combination when a major
release or patch set is released on a platform after a quarterly
release date. Oracle will provide the next patch for that
platform-version combination, however you may request the current
patch by following the on-request process. For example, if a patch is
released for a platform on August 1, 2012, Oracle will provide the
CPUOct2012 patch for that platform. You may request a CPUOct2012
patch for the platform, and Oracle will review the request and
determine whether to provide CPUJul2012 or CPUOct2012.
A patch that is marked as on-request
(OR) may already have been requested by another customer and be available
on My Oracle Support. Before you file a Service Request (SR), check on My
Oracle Support to see if the patch is already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch recommendation features are
available on the Patches & Update tab. The patches announced in this
document as part of the CPU program are classified as "Security"
patch recommendations in My Oracle Support. If a new patch is being
announced in this document, then the classification on any earlier patch is
changed to "General", causing it to be removed from the My Oracle
Support patch recommendations. If a patch has a "Security"
classification, and a subsequent bundle, SPU, or PSU is released with a
recommendation classification, then it will be classified as a
"Security" recommendation in My Oracle Support.
Once a product release is no longer in error
correction, its CPU patch information is removed from this document, but
the last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle Support (MOS) Conflict Checker tool is
available as of July 21, 2014.
You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from
the Patch Search results screen ("Analyze with OPatch" button).
The MOS Conflict Checker Tool allows you to upload an
OPatch inventory to check for conflicts with patches to apply to your
environment. If no conflicts are found, you can download the patches. If
conflicts are found, the tool finds an existing resolution to download. If
no resolution is found, you can request a solution, and monitor your
request in the Plans region.
For more information and a demonstration video, see
Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict
Checker Tool for Patches Installed with OPatch [Video].
2 What's New in October 2020
This section describes important changes in October
2020:
2.1 Final CPU Information (Error
Correction Policies)
The final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. Final CPUs for upcoming releases, as well as newly
scheduled final CPUs, are listed in the following sections.
Final CPUs scheduled for Jan 2021
- Oracle
Endeca Server
- Oracle
Endeca Information Discovery Integrator
- Oracle
Endeca Information Discovery Studio
Final CPUs scheduled for Oct 2020
- Oracle
Enterprise Data Quality for Product Data 11.1.1.6.0
- Oracle
Enterprise Manager Cloud Control 12.1.0.5
2.2 Post Release Patches
Oracle strives to complete preparations and testing
of each Quarterly Security Patch for each platform by the quarterly release
date. Occasionally, circumstances beyond our control dictate that a
particular patch be delayed and be released a few days after the quarterly
release date. The following table lists any current patch delays and the
estimated date of availability.
3 Patch Availability for Oracle Products
This section contains the following:
3.1 Oracle Database
This section contains the following:
3.1.1 Oracle
REST Data Services (formally called Oracle APEX Listener)
Minimum Product Requirements for Oracle REST
Data Services
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle REST Data Services downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
20.2.1
|
CVE-2020-14744, CVE-2020-11023, CVE-2020-14745
|
|
3.1.2 Oracle Application Express
Minimum Product Requirements for Oracle Application
Express
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Application Express downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Application Express
|
20.2
|
CVE-2020-11023, CVE-2020-9281, CVE-2020-14763,
CVE-2020-14898, CVE-2020-14899, CVE-2020-14900, CVE-2020-14762
|
Customer on 20.1.0.00.13 should apply Patch 30990551 to be secure.
|
3.1.3 Oracle Big Data Spatial and
Graph
Minimum Product Requirements for Oracle Big Data
Spatial and Graph
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Big Data Spatial and Graph
downloads and installation instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Big Data Spatial and Graph
|
20.2
|
CVE-2019-0192, CVE-2015-9251, CVE-2020-9546,
CVE-2019-10744, CVE-2017-5645
|
|
3.1.4 Oracle Database
This section contains the following:
3.1.4.1 Patch
Availability for Oracle Database
For information regarding the different types of
patches for Database, refer to Oracle Database - Overview of Database Patch
Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database
Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1
3.1.4.2 Oracle
Database 19
|
Patch Information
|
19
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 19
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 19.9.0.0.201020 and
Database Release Update 19.9.0.0.201020 Patch 31720396 for UNIX, or
Combo OJVM Release Update 19.9.0.0.201020 and GI
Release Update 19.9.0.0.201020 Patch 31720429, or
Quarterly Full Stack download for Exadata (Oct2020)
19.9.0.0.200814 Patch 31721191 for Linux x86-64
|
CVE-2020-14901, CVE-2020-14735, CVE-2020-14734,
CVE-2020-9488, CVE-2020-11022, CVE-2020-14742, CVE-2019-17543,
CVE-2019-11922, CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031,
CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335,
CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14743,
CVE-2020-11023
|
For patch availability, see section 2.2 Post Release Patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches.
|
|
Oracle Database Server home
|
Database Release Update 19.9.0.0.201020 Patch 31771877 for UNIX, or
Database Release Update Revision
19.8.1.0.201020 Patch 31666885 for UNIX, or
Database Release Update Revision
19.7.2.0.201020 Patch 31667176 for UNIX, or
GI Release Update 19.9.0.0.201020 Patch 31750108, or
GI Release Update Revision 19.8.1.0.201020 Patch 31719890, or
GI Release Update Revision 19.7.2.0.201020 Patch 31719845, or
Microsoft Windows 32-Bit and x86-64 BP
19.9.0.0.201020 Patch 31719903, or later;
Quarterly Full Stack download for Exadata (Oct2020)
19.9.0.0.200814 Patch 31721191 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster
(Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit
|
CVE-2020-14901, CVE-2020-14735, CVE-2020-14734,
CVE-2020-9488, CVE-2020-11022, CVE-2020-14742, CVE-2019-17543,
CVE-2019-11922, CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031,
CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335,
CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-11023
|
For patch availability, see section 2.2 Post Release Patches
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
|
|
Oracle Database Server home
|
OJVM Release Update 19.9.0.0.201020 Patch 31668882 for all platforms
|
CVE-2020-14743
|
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server and Client home
|
JDK8u271Patch 31743771
|
CVE-2020-14792, CVE-2020-14781, CVE-2020-14782,
CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798
|
JDK patches for 32 bit clients would be build on
demand basis.
|
|
Oracle Database Server home
|
Perl Patch 29511771
|
Released April 2019
|
Perl Patch listed also includes CVE-2018-20843
announced in CPUOct2020.
|
|
Oracle Database Client home
|
Database Release Update 19.4.0.0.190716 Patch 29834717 for UNIX
|
Released July 2019
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.3 Oracle
Database 18
|
Patch Information
|
18
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 18
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 18.12.0.0.201020 and
Database Release Update 18.12.0.0.201020 Patch 31720435 for UNIX, or
Combo OJVM Release Update 18.12.0.0.201020 and GI
Release Update 18.12.0.0.201020 Patch 31720457, or
Quarterly Full Stack download for Exadata (Oct2020)
18.12.0.0.200814 Patch 31721185
|
CVE-2020-14735, CVE-2020-14734, CVE-2020-9488,
CVE-2020-11022, CVE-2020-14742, CVE-2019-12900, CVE-2020-13935,
CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358,
CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022,
CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489,
CVE-2016-5725, CVE-2019-17359, CVE-2020-14743, CVE-2020-11023
|
For patch availability, see section 2.2 Post Release Patches
OJVM Update patches from 18.4 onwards are RAC
Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle
JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches.
|
|
Oracle Database Server home
|
Database Release Update 18.12.0.0.201020 Patch 31730250, or
Database Release Update Revision
18.11.1.0.201020 Patch 31666917, or
Database Release Update Revision
18.10.2.0.201020 Patch 31667173, or
GI Release Update 18.12.0.0.201020 Patch 31748523, or
GI Release Update Revision 18.11.1.0.201020 Patch 31719758, or
GI Release Update Revision 18.10.2.0.201020 Patch 31719777, or
Microsoft Windows 32-Bit and x86-64 BP
18.12.0.0.201020 Patch 31629682, or later;
Quarterly Full Stack download for Exadata (Oct2020)
18.12.0.0.200814 Patch 31721185, or
Quarterly Full Stack download for SuperCluster
(Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit
|
CVE-2020-14735, CVE-2020-14734, CVE-2020-9488,
CVE-2020-11022, CVE-2020-14742, CVE-2019-12900, CVE-2020-13935,
CVE-2016-1000031, CVE-2018-8013, CVE-2017-7658, CVE-2019-11358,
CVE-2019-16335, CVE-2020-14745, CVE-2020-14744, CVE-2020-11022,
CVE-2020-14740, CVE-2017-5645, CVE-2017-12626, CVE-2018-7489,
CVE-2016-5725, CVE-2019-17359, CVE-2020-11023
|
For patch availability, see section 2.2 Post Release Patches
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
|
|
Oracle Database Server home
|
OJVM Release Update 18.12.0.0.201020 Patch 31668892 for all platforms
|
CVE-2020-14743
|
OJVM Update patches from 18.4 onwards are RAC
Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the
"Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches
|
|
Oracle Database Server and Client home
|
JDK8u271 Patch 31749759
|
CVE-2020-14792, CVE-2020-14781, CVE-2020-14782,
CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798
|
See Note 2584628.1, "JDK and PERL Patches for Oracle Database
Home and Grid Home" for information on availability and prior
patches.
JDK patches for 32 bit clients would be build on
demand basis
|
|
Oracle Database Server home
|
Perl Patch 31225444
|
Released July 2020
|
Perl Patch listed also includes CVE-2018-20843
announced in CPUOct2020.
|
|
Oracle Database Client home
|
Database Release Update 18.7.0.0.190716 Patch 29757256, or
Database Release Update Revision 18.6.1.0.190716 Patch 29708235, or
Database Release Update Revision 18.5.2.0.190716 Patch 29708437 or
Microsoft Windows 32-Bit and x86-64 BP
18.7.0.0.190716 Patch 29859180
|
Released July 2019
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.4 Oracle
Database 12.2.0.1
|
Patch Information
|
12.2.0.1
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.2.0.1
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 12.2.0.1.201020 and
Database Release Update 12.2.0.1.201020 Patch 31720473 for UNIX, or
Combo OJVM Release Update 12.2.0.1.201020 and GI
Release Update 12.2.0.1.201020 Patch 31720486, or
Quarterly Full Stack download for Exadata (Oct2020)
12.2.0.1 Patch 31721177, or
Quarterly Full Stack download for SuperCluster
(Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit
|
CVE-2020-14735, CVE-2020-14734, CVE-2020-9488,
CVE-2020-11022, CVE-2020-14736, CVE-2020-14741, CVE-2020-14742,
CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031, CVE-2018-8013,
CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745,
CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645,
CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359,
CVE-2020-14743, CVE-2020-11023, CVE-2018-2765
|
For patch availability, see section 2.2 Post Release Patches
OJVM Update Patches are not RAC Rolling
installable. However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the
database remains in unrestricted "startup" mode. Please refer
to the NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- "Oracle
JavaVM Component Database PSU and Update" (OJVM PSU and OJVM Update)
Patches.
|
|
Oracle Database Server home
|
Database Oct2020 Release Update
12.2.0.1.201020 Patch 31741641 for UNIX, or
Database Apr2020 Release Update Revision
12.2.0.1.201020 Patch 31667168, or
Database Jul2020 Release Update Revision
12.2.0.1.201020 Patch 31666944, or
GI Oct2020 Release Update 12.2.0.1.201020 Patch 31750094, or
GI Apr2020 Release Update Revision
12.2.0.1.201020 Patch 31718774, or
GI Jul2020 Release Update Revision
12.2.0.1.201020 Patch 31716471, or
BS2000 Database BP 12.2.0.1.201020 Patch 31784375
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.201020 Patch 31654782, or later;
Quarterly Full Stack download for Exadata (Oct2020)
12.2.0.1 Patch 31721177, or
Quarterly Full Stack download for SuperCluster
(Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit
|
CVE-2020-14735, CVE-2020-14734, CVE-2020-9488,
CVE-2020-11022, CVE-2020-14736, CVE-2020-14741, CVE-2020-14742,
CVE-2019-12900, CVE-2020-13935, CVE-2016-1000031, CVE-2018-8013,
CVE-2017-7658, CVE-2019-11358, CVE-2019-16335, CVE-2020-14745,
CVE-2020-14744, CVE-2020-11022, CVE-2020-14740, CVE-2017-5645,
CVE-2017-12626, CVE-2018-7489, CVE-2016-5725, CVE-2019-17359,
CVE-2020-11023, CVE-2018-2765
|
For patch availability, see section 2.2 Post Release Patches
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
|
|
Oracle Database Server home
|
OJVM Release Update 12.2.0.1.201020 Patch 31668898 for UNIX, or
OJVM Microsoft Windows Bundle Patch
12.2.0.1.201020 Patch 31740064
|
CVE-2020-14743
|
OJVM Update Patches are not RAC Rolling
installable. However, NOTE 2217053.1 defines a few specific situations where the
OJVM PSU patchset can be postinstalled into each database while the
database remains in unrestricted "startup" mode. Please refer
to the NOTE for more details.
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server and Client home
|
JDK8u271 Patch 31749740
|
CVE-2020-14792, CVE-2020-14781, CVE-2020-14782,
CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798
|
See Note 2584628.1, "JDK and PERL Patches for Oracle Database
Home and Grid Home" for information on availability and prior
patches.
JDK patches for 32 bit clients would be build on
demand basis.
|
|
Oracle Database Server home
|
Perl Patch 30508161
|
Released July 2020
|
Perl Patch listed also includes CVE-2018-20843
announced in CPUOct2020.
|
|
Oracle Database Client home
|
Database Oct2019 Release Update
12.2.0.1.190716 Patch 29757449 for UNIX, or
Database Jan2019 Release Update Revision 12.2.0.1.190716 Patch 29708478, or
Database Apr2019 Release Update Revision 12.2.0.1.190716 Patch 29708381, or
Microsoft Windows 32-Bit and x86-64 RU 12.2.0.1.190716 Patch 29832062, or later
|
Released July 2019
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.5 Oracle
Database 12.1.0.2
Error Correction information for Oracle Database
12.1.0.2
|
Patch Information
|
12.1.0.2
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 12.1.0.2.201020 and Database PSU
12.1.0.2.201020 Patch 31720729 for UNIX, or
Combo OJVM PSU 12.1.0.2.201020 and GI PSU
12.1.0.2.201020 Patch 31720761, or
Combo OJVM PSU 12.1.0.2.201020 and Database
Proactive BP 12.1.0.2.201020 Patch 31720769 for UNIX, or
Quarterly Full Stack download for Exadata (Oct2020)
BP 12.1.0.2 Patch 31721169, or
Quarterly Full Stack download for SuperCluster
(Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit
|
CVE-2020-14735, CVE-2020-14734, CVE-2020-14736,
CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2016-1000031,
CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335,
CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740,
CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725,
CVE-2019-17359, CVE-2020-14743, CVE-2020-11023, CVE-2018-2765
|
For patch availability, see section 2.2 Post Release Patches
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the
database remains in unrestricted "startup" mode. Please refer
to the NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches.
|
|
Oracle Database Server home
|
Database PSU 12.1.0.2.201020 Patch 31550110 for UNIX, or
GI PSU 12.1.0.2.201020 Patch 31718737, or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.201020 Patch 31658987, or later;
Database Proactive Bundle Patch
12.1.0.2.201020 Patch 31718813 or
Quarterly Full Stack download for Exadata (Oct2020)
BP 12.1.0.2 Patch 31721169, or
Quarterly Full Stack download for SuperCluster
(Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit
|
CVE-2020-14735, CVE-2020-14734, CVE-2020-14736,
CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2016-1000031,
CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335,
CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740,
CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725,
CVE-2019-17359, CVE-2020-11023, CVE-2018-2765
|
For patch availability, see section 2.2 Post Release Patches
For JDK fixes a separate patch is available (see
below) and needs to be installed in addition to the Database and GI
patches.
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU
12.1.0.2.201020 Patch 31668915 for UNIX, or
Oracle JavaVM Component Microsoft Windows Bundle
Patch 12.1.0.2.201020 Patch 31740134
|
CVE-2020-14743
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the
database remains in unrestricted "startup" mode. Please refer
to the NOTE for more details.
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server and Client home
|
JDK7u281 Patch 31749725
|
CVE-2020-14792, CVE-2020-14781, CVE-2020-14782,
CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798
|
See Note 2584628.1, "JDK and PERL Patches for Oracle Database
Home and Grid Home" for information on availability and prior
patches.
JDK patches for 32 bit clients would be build on
demand basis.
|
|
Oracle Database Server home
|
Perl Patch 30508171
|
Released July 2020
|
Perl Patch listed also includes CVE-2018-20843
announced in CPUOct2020.
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU - Generic
JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database PSU 12.1.0.2.190716 Patch 29494060 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.190716 Patch 29831650
|
Released July 2019
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.4.6 Oracle
Database 11.2.0.4
Error Correction information for Oracle Database
11.2.0.4
|
Patch Information
|
11.2.0.4
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
HP-UX PA-RISC
IBM: Linux on System Z
32-bit client-only platforms except Linux x86
|
|
|
On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Patch Availability for Oracle Database 11.2.0.4
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 11.2.0.4.201020 and Database SPU
11.2.0.4.201020 Patch 31720810 for UNIX, or
Combo OJVM PSU 11.2.0.4.201020 and Database PSU
11.2.0.4.201020 Patch 31720776 for UNIX, or
Combo OJVM PSU 11.2.0.4.201020 and GI PSU
11.2.0.4.201020 Patch 31720783 for UNIX, or
Combo OJVM PSU 11.2.0.4.201020 and Exadata BP
11.2.0.4.201020 Patch 31720797
|
CVE-2020-14735, CVE-2020-14734, CVE-2020-14736,
CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2016-1000031,
CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335,
CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740,
CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725,
CVE-2019-17359, CVE-2020-14743, CVE-2020-11023, CVE-2018-2765
|
For patch availability, see section 2.2 Post Release Patches
From Jan2019 onwards the OJVM now only supports
JDK7 for security compliance. Please ensure that if there are
applications with an OJVM dependency that they are compatible with JDK7.
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few specific situations where
the OJVM PSU patchset can be postinstalled into each database while the
database remains in unrestricted "startup" mode. Please refer
to the NOTE for more details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server home
|
Database PSU 11.2.0.4.201020 Patch 31537677 for UNIX, or
GI PSU 11.2.0.4.201020 Patch 31718723 for UNIX, or
Database SPU 11.2.0.4.201020 Patch 31834759 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP
11.2.0.4.200414 Patch 31659823, or later;
Quarterly Database Patch for Exadata BP
11.2.0.4.201020 Patch 31718644 for UNIX, or
Quarterly Full Stack download for Exadata (Oct2020)
BP 11.2.0.4 Patch 31721158, or
Quarterly Full Stack download for SuperCluster
(Q4.2020) Patch 31721198 for Solaris SPARC 64-Bit
|
CVE-2020-14735, CVE-2020-14734, CVE-2020-14736,
CVE-2020-14741, CVE-2020-14742, CVE-2019-12900, CVE-2016-1000031,
CVE-2018-8013, CVE-2017-7658, CVE-2019-11358, CVE-2019-16335,
CVE-2020-14745, CVE-2020-14744, CVE-2020-11022, CVE-2020-14740,
CVE-2017-5645, CVE-2017-12626, CVE-2018-7489, CVE-2016-5725,
CVE-2019-17359, CVE-2020-11023, CVE-2018-2765
|
For patch availability, see section 2.2 Post Release Patches
For JDK fixes a separate patch is available (see
below) and needs to be installed in addition to the Database and GI
patches.
|
|
Oracle Database Server home
|
Oracle JavaVM (OJVM) Component Database PSU
11.2.0.4.201020 Patch 31668908 for UNIX, or
Oracle JavaVM (OJVM) Component Database PSU
11.2.0.4.200414 Patch 31740195 for Microsoft Windows
|
CVE-2020-14743
|
From Jan2019 onwards the OJVM now only supports
JDK7 for security compliance. Please ensure that if there are
applications with an OJVM dependency that they are compatible with JDK7.
OJVM PSU 11.2.0.4.161018 and greater includes
Generic JDBC Patch 23727132
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Server and Client home
|
JDK7u281 Patch 31749197
|
CVE-2020-14792, CVE-2020-14781, CVE-2020-14782,
CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798
|
See Note 2584628.1, "JDK and PERL Patches for Oracle Database
Home and Grid Home" for information on availability and prior
patches.
JDK patches for 32 bit clients would be build on
demand basis.
|
|
Oracle Database Server home
|
Perl Patch 30508206
|
Released July 2020
|
Perl Patch listed also includes CVE-2018-20843
announced in CPUOct2020.
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU - Generic JDBC
11.2.0.4.160719 Patch 23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied
to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
|
Oracle Database Client home
|
Database PSU 11.2.0.4.190716 Patch 29497421 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.190716 Patch 29596609, or later
|
Released July 2019
|
The Instant Client installation is not the same
as the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's
Guide.
|
3.1.5 Oracle Database Mobile/Lite
Server
Error Correction Information for Oracle Database
Mobile Server
|
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
|
Final CPU
|
-
|
October 2021
|
|
Patch Availability for Oracle Database Mobile Server
12.1.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch Availability for Oracle Database Mobile Server
11.3.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle GoldenGate
Error Correction information for Oracle GoldenGate
|
Component
|
19.1
|
18.1
|
12.3.0.1
|
12.2.0.2
|
12.1.2.1
|
Comments
|
|
Final CPU
|
July 2026
|
April 2021
|
April 2021
|
October 2023
|
October 2021
|
|
Patch Availability for Oracle GoldenGate
3.1.7 Oracle GoldenGate for Big
Data (Formerly known as Oracle GoldenGate Application Adapters)
Error Correction information for Oracle GoldenGate
for Big Data
|
Component
|
19.1.0.0.x
|
12.3.2.1.0
|
Comments
|
|
Final CPU
|
July 2026
|
October 2021
|
|
Patch Availability for Oracle GoldenGate for Big Data
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
19.1.0.0.0
|
OGG for Big Data 19.1.0.0.6 Patch 31879447
|
CVE-2019-17531
|
|
|
12.3.2.1
|
Oracle GoldenGate for Big Data 12.3.2.1.9 Patch 31555782 or later
|
CVE-2018-8088, CVE-2018-11058
|
|
3.1.8 Oracle GoldenGate Veridata
Error Correction information for Oracle GoldenGate
Veridata
|
Component
|
12.2.1
|
12.1.3
|
11.2.1.0
|
Comments
|
|
Final CPU
|
July 2025
|
July 2022
|
October 2020
|
|
Patch Availability for Oracle GoldenGate Veridata
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1
|
OGG Veridata Bundle Patch 12.2.1.4.200714 (PS4
BP2) (Server+Agent) Patch 31044508
|
Released July 2020
|
|
|
12.1.3
|
ORACLE GOLDENGATE VERIDATA V12.1.3.0.180415
SERVER Patch 26424104
|
Released April, 2018
|
|
|
11.2.1.0
|
oracle goldengate veridata v11.2.1.0.2 java agent
- Patch 27425665
oracle goldengate veridata v11.2.1.0.2 server
- Patch 27425668
|
Released April 2018
|
Golden Gate Veridata Patch
|
3.1.9 Oracle Secure Backup
Error Correction information for Oracle Secure Backup
|
Patch Information
|
18.1
|
Comments
|
|
Final CPU
|
January 2024
|
|
Minimum Product Requirements for Oracle Secure
Backup
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Secure Backup downloads and
installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Secure Backup
|
18.1
|
Released April 2020
|
|
3.1.10 Oracle Spatial Studio
Minimum Product Requirements for Oracle Spatial
Studio
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Spatial Studio downloads and
installation instructions can be found at
https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Spatial Studio
|
19.2.1
|
Released July 2020
|
|
3.1.11 Oracle Stream Analytics
Minimum Product Requirements for Oracle Stream
Analytics
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Stream Analytics downloads and
installation instructions can be found at
https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html
|
Product
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Stream Analytics
|
19.1.0.0.1 Patch 30629903
|
Released July 2020
|
|
3.1.12 Oracle
TimesTen In-Memory Database
Error Correction information for
Oracle TimesTen In-Memory Database
Describes Error Correction information for Oracle
TimesTen In-Memory Database.
|
Patch Information
|
18.1
|
Comments
|
|
Final Patch
|
April 2026
|
|
Minimum Product Requirements for
Oracle TimesTen In-Memory Database
Describes the minimum product requirements for Oracle
TimesTen In-Memory Database. The CPU security vulnerabilities are fixed in
the listed release and later releases.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle TimesTen In-Memory Database
|
18.1.4.1.0 or later version
|
CVE-2018-11058, CVE-2017-5645, CVE-2019-1010239,
CVE-2019-0201
|
|
3.2 Oracle Enterprise Manager
This section contains the following:
3.2.1 Oracle
Real User Experience Insight
Error Correction information for Oracle Real User
Experience Insight
|
Patch Information
|
13.4.1.0
|
13.3.1.0
|
Comments
|
|
Final CPU
|
October 2023
|
April 2021
|
|
|
On-Request platforms
|
-
|
-
|
|
Minimum Product Requirements for Oracle Real User
Experience Insight
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For more information on Oracle Real User
Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Real User Experience Insight 13.3.1.0
|
Patch 31595030
|
Released July 2020
|
|
3.2.2 Oracle Application Testing
Suite
Error Correction information for Oracle Application
Testing Suite
|
Patch Information
|
13.3.0.1
|
Comments
|
|
Final CPU
|
June 2025
|
|
Patch Availability for Oracle Application Testing
Suite
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Application Testing
Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version
12.2.1.4)
|
Released January 2019
|
See "Oracle WebLogic Server" (Version
12.2.1.4)
|
|
13.3.0.1
|
EM BP Application Testing Suite CPU October
2020 Patch 31996548
|
CVE-2019-17638, CVE-2018-11058, CVE-2020-5398
|
|
|
13.3.0.1
|
EM BP Application Testing Suite OFB CPU October
2020 Patch 31996632
|
CVE-2019-17638, CVE-2018-11058, CVE-2020-5398
|
|
3.2.3 Oracle Business Transaction
Management
Error Correction Information for Oracle Business
Transaction Management
|
Component
|
12.1.0.7
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle Business Transaction
Management
|
Product Home
|
Patch
|
Advisory Number
|
Comment
|
|
BTM Home
|
BTM Patch 12.1.0.7.15 Patch 29135901
|
Released April 2019
|
|
3.2.4 Oracle Enterprise Manager
Cloud Control
If your plans include updating the JDK version,
please be sure that the JDK version that you choose is certified with your
OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM
Cloud Control Component.
Error Correction information for Oracle Enterprise
Manager Cloud Control
|
Patch Information
|
13.4.0.0
|
13.3.0.0
|
12.1.0.5
|
Comments
|
|
Final CPU
|
-
|
January 2021
|
October 2020
|
|
|
On-Request platforms
|
-
|
-
|
-
|
|
Patch Availability for Oracle Enterprise Manager
Cloud Control 13c Release 4 (13.4.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
|
|
|
Oracle Java SE home
|
See Note 2653847.1 EM 13.4: How to Use the Latest Certified
JDK 8 Update with OMS 13.4
|
See Note 2653847.1 EM 13.4: How to Use the Latest Certified
JDK 8 Update with OMS 13.4
|
|
|
Base Platform Fusion Middleware home
|
NGINST SPU FOR 13.9.4.2.2 FOR JACKSON-DATABIND
UPDATE TO 2.10.2 Patch 31101362 or later
|
Released July 2020
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.2.1.3.0)
|
See "Oracle WebLogic Server" (Version 12.2.1.3.0)
|
For EM 13.4 customers, Oracle recommends that
you delay applying Opatch 13.9.4.2.4 and Weblogic Server July PSU or
later, as Certification is not complete. See Note 2693952.1 for details.
|
|
Base Platform Fusion Middleware home
|
OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 or later
|
Released July 2020
|
Oracle Security Service (SSL/Network) Patch for
Oracle HTTP server (OHS)
|
|
Base Platform OMS home
|
Enterprise Manager for Peoplesoft 13.4.1.1.0
Patch for CPUOct2020 Patch 31795605
|
CVE-2020-9488
|
|
|
Base Platform Agent home
|
Enterprise Manager for Beacon 13c Release 4
Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later
|
Released July 2020
|
|
|
Base Platform OMS home
|
Enterprise Manager 13c Release 4 Update 7
(13.4.0.7) for OMS Patch 31882382 or later
|
CVE-2020-1967, CVE-2019-3740, CVE-2019-2897
|
|
|
Base Platform Fusion Middleware home
|
ADF BUNDLE PATCH 12.2.1.3.0
(ID:190924.2139.S) Patch 30347629 or later
|
Released October 2019
|
Apply to all Oracle homes installed with an FMW
Infrastructure
|
|
Base Platform Fusion Middleware home
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.3.0
(ID:191219.2319) Patch 30687404 or later
|
Released January 2020
|
Note 2568225.1Cumulative README Post-Install Steps for Oracle
HTTP Server 12.2.1.3 Bundle Patches
|
|
Base Platform Fusion Middleware home
|
REMOVE APACHE STRUTS FROM BI INSTALL 12.2.1.3
(EM 13.4) Patch 31254677 or later
|
Released July 2020
|
|
|
EM Cloud Control Connectors
|
See Announcement on MOSC
|
CVE-2020-1954, CVE-2020-5398
|
Connector 13.2.1.0 is applicable to EM 13.4
|
Patch Availability for Oracle Enterprise Manager
Cloud Control 13c Release 3 (13.3.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 12.1.3)
|
|
|
|
Base Platform Fusion Middleware home
|
Opatch SPU 13.8.0.0.0 Patch 31682991 or later
|
Released July 2020
|
|
|
Base Platform Fusion Middleware home
|
REMOVE APACHE STRUTS FROM BI INSTALL Patch 31076938 or later
|
Released July 2020
|
|
|
Base Platform OMS home
|
Base Release 13.3
|
Released April 2019
|
|
|
Base Platform OMS home
|
EM BP Patch Set Update 13.3.0.0.201020 Patch 31899771 or later
|
CVE-2019-2897
|
|
|
Base Platform OMS home
|
OSS SECURITY PATCH UPDATE 12.1.3.0.0
(CPUJAN2020) Patch 30692958 or later
|
Released January 2020
|
Oracle Security Service (SSL/Network) Patch for
Oracle HTTP server (OHS)
|
|
Base Platform OMS home
|
OHS 12.1.3 for EM APR 2020 SPU Patch 31046788 or later
|
Released April 2020
|
Note 2572758.1 Cumulative README Post-Install Steps for
Oracle HTTP Server 12.1.3 Critical Patch Update
|
|
Base Platform Agent home
|
EM-AGENT Bundle Patch 13.3.0.0.191015 Patch 30206738 or later
|
Released October 2019
|
|
|
Base Platform Agent home
|
EM-BEACON Plug-in Agent Bundle Patch
13.3.0.0.200731 (Patch canceled)
|
Released July 2020
|
For CVE-2019-12415, upgrade to 13.4 and apply
Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4)
for Agent Patch 31426056 or later.
|
|
EM Cloud Control Connectors
|
See Announcement on MOSC
|
Released April 2019
|
|
|
EM Cloud Control Connectors
|
See Announcement on MOSC
|
CVE-2020-1954, CVE-2020-5398
|
Connector 13.2.1.0 is applicable to EM 13.3
|
|
Base Platform OMS home
|
Enterprise Manager for OMS Plugins
13.3.2.0.200630 Patch 31521484 or later
|
Released July 2020
|
|
|
Base Platform OMS home
|
EM for OMS plugin 13.3.1.0.201031 Patch 32019093 or later
|
CVE-2020-1967, CVE-2019-3740
|
|
|
Base Platform OMS home
|
SPU Patch 25322055 or later
|
Released in January 2017
|
Oracle ADF Patch 12.1.3.0, This patch is
necessary for any co-located installations where ADF exists.
|
Patch Availability for Oracle Enterprise Manager
Cloud Control 12c Release 5 (12.1.0.5)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
|
Base Platform Fusion Middleware home
|
See "Oracle WebLogic Server" (Version 10.3.6)
|
See "Oracle WebLogic Server" (Version 10.3.6)
|
|
|
Base Platform Fusion Middleware home
|
CPU Patch 23703041 or later
|
Released July 2016
|
Oracle Business Intelligence Publisher BP
11.1.1.7.160719 patch for BIP home in Enterprise Manager
|
|
Base Platform OMS home
|
EM for OMS plugin 12.1.0.5.200331 Patch 31129450 or later
|
Released April 2020
|
For CVE-2019-0227, upgrade to 13.1 or later
release
|
|
Base Platform OMS home
|
EM BP Patch Set Update 12.1.0.5.200714 Patch 31250739 or later
|
Released July 2020
|
|
|
Base Platform Fusion Middleware home
|
JSP 11.1.1.7.0 SPU for EM 12.1.0.5
(CPUAPR2018) Patch 27872862 or later
|
Released April 2018
|
JSP 11.1.1.7.0 SPU patch
|
|
Base Platform Agent home
|
BP Patch 22317311 or later
|
Released January 2016
|
Apply to Agent core Oracle Home, after applying
agent patch 25456449, 22342358
|
|
Base Platform Agent home
|
BP Patch 22342358 or later
|
Released January 2016
|
Apply 22342358 to Agent sbin Oracle Home after
applying agent Patch 28193486. Then apply Patch 22317311.
If patches 22342358 and 22317311 were applied earlier, no need to
reapply.
|
|
Base Platform Fusion Middleware home
|
SPU Patch 22013598 or later
|
Released January 2016
|
Web Cache Patch
Apply to Oracle_WT
Post installation steps are not applicable for
Enterprise Manager
|
|
Plugin home
|
BP Patch 28347732 or later
|
Released July 2018
|
|
|
Base Platform Agent home
|
BP Patch 28193486 or later
|
Released July 2018
|
|
|
Base Platform Agent home
|
EM-BEACON Bundle Patch 12.1.0.5.200731 (Patch
canceled)
|
Released July 2020
|
For CVE-2019-12415, upgrade to 13.4 and apply
Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4)
for Agent Patch 31426056 or later.
|
|
Base Platform Fusion Middleware home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885 or later
|
Released January 2018
|
Note 2314658.1 SSL Configuration Required to Secure Oracle
HTTP Server After Applying Security Patch Updates
Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle
HTTP Server After Applying Security Patch Updates
See Note 2400141.1 before applying this patch
Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH
|
|
Base Platform Fusion Middleware home
|
CPU Patch 19345576 or later
|
Released January 2015
|
Oracle Process Management and Notification (OPMN)
Patch for Oracle_WT OH
See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle
Fusion Middleware 11g OPMN/ONS
|
|
Base Platform Fusion Middleware home
|
SPU Patch 17337741 or later
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch for
Oracle_WT OH
|
|
Base Platform Fusion Middleware home
|
SPU Patch 25297048 or later
|
Released January 2017
|
Oracle ADF Patch 11.1.1.7.1. This patch is
necessary for any co-located installations where ADF exists
|
3.2.5 Oracle Enterprise Manager
Ops Center
Error Correction information for Oracle Enterprise
Manager Ops Center
|
Patch Information
|
12.4.0
|
Comments
|
|
Final CPU
|
April 2024
|
Premier Support ends
|
Patch Availability for Oracle Enterprise Manager Ops
Center
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Enterprise Manager
Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
12.4.0
|
Ops Center UCE patches for July 2020 Patch 31470600
|
Released July 2020
|
|
|
12.4.0
|
Ops Center UI/Other patches for October
2020 Patch 31955705
|
CVE-2020-11022, CVE-2019-13990
|
|
3.2.6 OSS Support Tools
Error Correction information for OSS Support Tools
|
Patch Information
|
8.11.x
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for OSS Support Tools
|
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
|
8.11.16.3.8
|
BP Patch 22783063
|
March 2016
|
See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) -
RDA/Explorer, SNEEP, ACT
|
3.2.7 Oracle Configuration
Manager
Minimum Product Requirements for Oracle Configuration
Manager
Critical Patch Update security vulnerabilities are
fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS
(support.oracle.com). Customer can use collector tab to down the Oracle
Configuration Manager Collector.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Configuration Manager
|
OCM 12.1.2.0.7 Patch 5567658
|
Released July 2020
|
Upgrade to 12.1.2.0.7 Release
For patch availability, see section 2.2 Post Release Patches
|
3.3 Oracle Fusion Middleware
This section contains the following:
3.3.1 Oracle
GoldenGate Monitor (aka Management Pack for Oracle GoldenGate)
Error Correction information for Oracle GoldenGate
Monitor (aka Management Pack for Oracle GoldenGate)
|
Patch Information
|
12.2.1
|
12.1.3.x
|
Comments
|
|
Final CPU
|
July 2025
|
July 2022
|
|
Patch Availability for Management Pack For Oracle
GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.2.0
|
Oracle GoldenGate Monitor 12.2.1.2.200930
(Server+Agent) Patch 31748559
|
CVE-2020-3235
|
|
|
12.1.3
|
Monitor Server 12.1.3.0.160628 Patch 23340597
Monitor Agent 12.1.3.0.160628 Patch 23333295
|
Released June 2016
|
-
|
3.3.2 NetBeans IDE
Minimum Product Requirements for NetBeans IDE
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/
|
Product Home
|
Release
|
Advisory Number
|
Comments
|
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle API Gateway
Error Correction information for Oracle API
Gateway
|
Patch Information
|
11.1.2.4.0
|
Comments
|
|
Final CPU
|
March 2021
|
|
Patch Availability for Oracle API Gateway
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4.0
|
OAG 11.1.2.4.0 SPU FOR APRCPU2020 Patch 30901960
|
Released April 2020
|
|
3.3.4 Reserved for future use
3.3.5 Oracle Business
Intelligence Enterprise Edition
Error Correction information for Oracle Business
Intelligence Enterprise Edition
|
Patch Information
|
5.5.0.0.0
|
12.2.1.4.0
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
-
|
October 2021
|
October 2021
|
11.1.1.9.0 End of Error Correction for Extended Support
Customer only beyond Dec 2018
|
Patch Availability for Oracle Analytics Server 5.5
(Formerly known as Oracle Business Intelligence)
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server" (version 12.2.1.4.0)
|
See "Oracle WebLogic Server" (version 12.2.1.4.0)
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle Analytics Server (OAS) 5.5.0.0.0
|
See "Oracle Fusion Middleware
12c" (12.2.1.4.)
|
See "Oracle Fusion Middleware
12c" (12.2.1.4.)
|
Apply all 12.2.1.4 patches listed for
"Oracle Fusion Middleware Infrastructure (WebLogic Server for
FMW)"
|
|
Oracle Analytics Server (OAS) 5.5.0.0.0
|
OAS BUNDLE PATCH 5.5.0.0.201012 Patch 32003790
|
CVE-2020-14879, CVE-2020-14880, CVE-2020-14842,
CVE-2019-11358, CVE-2020-14780, CVE-2020-14815, CVE-2020-14843,
CVE-2020-14766, CVE-2020-14864
|
Oracle Business Intelligence is rebranded as Oracle
Analytics Server
Apply all 12.2.1.4 patches listed for "Oracle
Fusion Middleware Infrastructure (WebLogic Server for FMW)".
See "Oracle Fusion Middleware
12.2.1.4"
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle Security Service
|
OSS BUNDLE PATCH 12.2.1.4.200616 Patch 31503472
|
Released July 2020
|
|
Patch Availability for Oracle Business Intelligence
Enterprise Edition 12c
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
12.2.1.4 Oracle Business Intelligence Enterprise
Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise Edition
|
See "Oracle Fusion Middleware
12c"
|
See "Oracle Fusion Middleware
12c"
|
Apply all 12.2.1.3 patches listed for "Oracle
Fusion Middleware Infrastructure (WebLogic Server for FMW)"
|
|
12.2.1.4 Oracle Business Intelligence Enterprise
Edition
|
OBI Bundle Patch 12.2.1.4.201020 Patch 31690037
|
CVE-2020-14879, CVE-2020-14880, CVE-2020-14842,
CVE-2019-11358, CVE-2020-14784, CVE-2020-14780, CVE-2020-14815,
CVE-2020-14843, CVE-2020-14766, CVE-2020-14864
|
|
|
12.2.1.4 Oracle Business Intelligence Enterprise
Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise
Edition
|
OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139
|
Released July 2020
|
Oracle Security Service (SSL/Network) Patch
|
|
12.2.1.3 Oracle Business Intelligence Enterprise
Edition
|
OBI Bundle Patch 12.2.1.3.201020 Patch 31690029
|
CVE-2020-14879, CVE-2020-14880, CVE-2020-14842,
CVE-2019-11358, CVE-2020-14784, CVE-2020-14780, CVE-2020-14815,
CVE-2020-14843, CVE-2020-14766, CVE-2020-14864
|
|
Patch Availability for Oracle Business Intelligence
Enterprise Edition 11.1.1.9
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
11.1.1.9
|
BI SUITE BUNDLE PATCH 11.1.1.9.201020 Patch 31943269
|
CVE-2020-14879, CVE-2020-14880, CVE-2020-14842,
CVE-2020-14784, CVE-2020-14780, CVE-2020-14766
|
|
|
11.1.1.9
|
OSS BUNDLE PATCH 11.1.1.9.200714 Patch 31304503
|
Released July 2020
|
For patch availability, see section 2.2 Post Release Patches
Note 2572809.1 Steps to Evaluate and Update SSL Wallet
|
|
11.1.1.9
|
OPMN Patch 23716938
|
Released October 2017
|
|
|
DAC 11.1.1.6.4 home
|
Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU
for apr2018cpu
|
Released April 2018
|
Patch can be installed in any home
|
3.3.6 Oracle Business
Intelligence Publisher
Error Correction information for Oracle Business
Intelligence Publisher
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
October 2021
|
October 2021
|
11.1.1.9.0 End of Error Correction for Extended
Support Customer only beyond Dec 2018
|
Patch Availability for Oracle Business Intelligence
Publisher
3.3.7 Oracle Complex Event
Processing
Error Correction information for Oracle Complex Event
Processing
|
Patch Information
|
CEP 12.1.3
|
Comments
|
|
Final CPU
|
October 2020
|
|
Patch Availability for Oracle Complex Event
Processing
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1.3.0
|
SPU Patch 21071699
|
Released July 2015
|
|
3.3.8 Oracle Data Quality for
Oracle Data Integrator
Error Correction information for Oracle Data Quality
for Oracle Data Integrator
|
Patch Information
|
ODIDQ 11.1.x
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle Data Quality for Oracle
Data Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.9 Oracle Data Visualization
Desktop
Error Correction information for Oracle Data
Visualization Desktop
|
Patch Information
|
12.2.4.1.1
|
Comments
|
|
Final CPU
|
-
|
|
Patch availability for Oracle Data Visualization
Desktop
3.3.10 Oracle Endeca Server
Error Correction information for Oracle Endeca Server
|
Patch Information
|
7.7
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch availability for Oracle Endeca Server
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Server 7.7 home
|
ORACLE ENDECA SERVER 7.7 SPU APRIL 2020 Patch 30507959
|
Released April 2020
|
|
3.3.11 Oracle Endeca Information
Discovery Integrator
Error Correction information for Oracle Endeca
Information Discovery Studio Integrator
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch availability for Oracle Endeca Information
Discovery Studio Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Information Discovery Integrator
3.2 home
|
ORACLE ENDECA INFORMATION DISCOVERY INTEGRATOR
3.2 CPU OCTOBER 2020 Patch 31934960
|
CVE-2020-10683
|
|
|
Oracle Endeca Information Discovery Integrator
3.2 home
|
ORACLE ENDECA INFORMATION DISCOVERY INTEGRATOR
AQUISITION SYSTEM 3.2 SPU JAN 2020 Patch 30472013
|
Released in January 2020
|
|
3.3.12 Oracle Endeca Information
Discovery Studio
Error Correction information for Oracle Endeca
Information Discovery Studio
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
January 2021
|
|
Patch availability for Oracle Endeca Information
Discovery Studio
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Endeca Information Discovery Studio 3.2
home
|
ORACLE ENDECA INFORMATION DISCOVERY 3.2 STUDIO
CPU OCT2020 Patch 31992470
|
CVE-2019-10173
|
|
3.3.13 Oracle Enterprise Data
Quality
Error Correction information for Oracle Enterprise
Data Quality
|
Patch Information
|
11.1.1.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Enterprise Data Quality
3.3.14 Oracle Enterprise
Repository
Error Correction information for Oracle Enterprise
Repository
|
Patch Information
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Enterprise Repository
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7.0
|
OER 11.1.1.7.0 CPU for October 2020 Patch 32014669
|
CVE-2019-2904
|
"CVE-2018-1000180, CVE-2018-8013,
CVE-2018-1275, CVE-2017-5645" included in 11.1.1.7 patch are
announced in previous CPUs.
|
3.3.15 Oracle Exalogic Patch Set
Update (PSU)
Error Correction information for Oracle Exalogic
Patch Set Update (PSU)
|
Patch Information
|
2.x
|
1.x
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Set Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.4.200714 Physical Linux (for all X3-2, X4-2,
X5-2, and X6-2) Patch 31347467
|
Released in July 2020
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
|
2.x Virtual
|
2.0.6.4.200714 Virtual (for all X3-2, X4-2, X5-2,
and X6-2) Patch 31347468
|
Released in July 2020
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013 (15931901)
|
See Patch 13795376 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE
KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 15931901 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for
Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set
Updates)
|
3.3.16 Oracle Fusion Middleware
For more information on how to identify the components
in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or
Oracle home?.
This section contains the following:
3.3.16.1 Oracle Fusion Middleware
12c
The sections below cover Oracle Fusion Middleware
version 12.2.x and 12.1.x
3.3.16.1.1 Oracle Fusion
Middleware 12.2.1.4
Error Correction information for Oracle Fusion
Middleware 12.2.1.4
|
Patch Information
|
12.2.1.4
|
Comments
|
|
Final CPU
|
July 2025
|
See Note 1933372.1, Error Correction Support Dates for Oracle
Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
-
|
|
|
Determine Components in an Oracle Home
|
-
|
See Note 1591483.1, What is Installed in My Middleware or Oracle
home?
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, understanding Fusion Middleware Bundle Patch
(BP) Release Versions
See Note 2565576.1, Understanding WebLogic Server Patch Set Update
(PSU) Release Versions
|
Patch Availability for Oracle Fusion Middleware
12.2.1.4
|
Distribution
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
|
All 12.2.1.4 & 12.2.1.3 Fusion Middleware
Distributions & WebLogic home
|
OPatch 13.9.4.2.4 Patch 28186730 or later
|
Released July 2020
|
Update OPatch 13.9.4.2.4 Patch 28186730 before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle
Fusion Middleware 12c.
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
WLS PATCH SET UPDATE 12.2.1.4.201001 Patch 31960985 or later
|
CVE-2020-14841, CVE-2020-14825, CVE-2020-14859,
CVE-2020-14820, CVE-2020-11022, CVE-2020-14883, CVE-2020-14882
|
See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for
WebLogic Server.
For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU
2020 Patch 31544353 or later
|
CVE-2018-11058
|
ADR Patch
See Note 2703429.1 for details on ADR and Applicability of
this patch
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
WEBLOGIC SAMPLES SPU 12.2.1.4.200714 Patch 31384959 or later
|
Released July 2020
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
ADF BUNDLE PATCH 12.2.1.4.200817 Patch 31762739 or later
|
CVE-2020-11022
|
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.4.200826 Patch 31808404 or later
|
CVE-2020-1967, CVE-2019-10097, CVE-2019-5482
|
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.4.200917 Patch 31903409 or later
|
CVE-2019-2904, CVE-2020-1951, CVE-2019-11358,
CVE-2020-1945, CVE-2020-9484
|
|
|
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
OSS BUNDLE PATCH 12.2.1.4.200616 Patch 31503472 or later
|
Released July 2020
|
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
Coherence 12.2.1.4.5 Patch 31470730 or later
|
Released July 2020
|
|
|
Oracle Unified Directory
|
OUD BUNDLE PATCH 12.2.1.4.200526 Patch 31400392 or later
|
Released July 2020
|
|
|
Oracle WebCenter Portal
|
WebCenter Portal Bundle Patch 12.2.1.4.200903 Patch 31850623 or later
|
CVE-2020-2555, CVE-2020-10683, CVE-2020-9281
|
|
|
Oracle Forms and Reports
|
Oracle Reports Developer 12.2.1.4.0 SPU Patch 30731161 or later
|
Released January 2020
|
|
|
Oracle Webcenter Sites
|
Webcenter Sites 12.2.1.4.200714 Patch 31548912 or later
|
Released July 2020
|
|
3.3.16.1.2 Oracle Fusion
Middleware 12.2.1.3
Error Correction information for Oracle Fusion
Middleware 12.2.1.3
|
Patch Information
|
12.2.1.3
|
Comments
|
|
Final CPU
|
October 2021
|
See Note 1933372.1, Error Correction Support Dates for Oracle
Fusion Middleware 12c - FMW/WLS
|
|
On-Request platforms
|
-
|
|
|
Determine Components in an Oracle Home
|
-
|
See Note 1591483.1, What is Installed in My Middleware or Oracle
home?
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, understanding Fusion Middleware Bundle Patch
(BP) Release Versions
See Note 2565576.1, Understanding WebLogic Server Patch Set Update
(PSU) Release Versions
|
Patch Availability for Oracle Fusion Middleware
12.2.1.3
|
Distribution
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
|
All 12.2.1.3 Fusion Middleware Distributions
& WebLogic home
|
OPatch 13.9.4.2.4 Patch 28186730 or later
|
Released July 2020
|
Update OPatch 13.9.4.2.4 Patch 28186730 before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle
Fusion Middleware 12c.
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
WLS PATCH SET UPDATE 12.2.1.3.201001 Patch 31961038 or later
|
CVE-2020-14841, CVE-2020-14825, CVE-2020-14859,
CVE-2020-14757, CVE-2020-14820, CVE-2020-11022, CVE-2020-14883,
CVE-2019-17267, CVE-2020-14882
|
For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1
See Note 2421487.1, Oracle Strongly recommends applying minimum
JDK version (JDK 8u181 or later) to make some of Weblogic Server
Deserialization vulnerability fixes effective.
Refer to Note 2437460.1 for Patch Conflict issue.
WLS PSU should also be applied to all homes with a
WLS full or standalone domain.
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure WebLogic Server
for FMW)
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU
2020 Patch 31544340 or later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and Applicability of
this patch.
|
|
Identity and Access Management
|
OAM BUNDLE PATCH
12.2.1.3.191201(ID:191201.0123.S) Patch 30609442 or later
|
Released April 2020
|
|
|
Identity and Access Management Oracle Unified
Directory
|
OUD BUNDLE PATCH 12.2.1.3.200623 Patch 31529239 or later
|
Released July 2020
|
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.3.200901 Patch 31834649 or later
|
CVE-2019-2904, CVE-2020-1951, CVE-2019-11358,
CVE-2020-1945, CVE-2020-9484
|
|
|
Oracle WebCenter Portal
|
WebCenter Portal Bundle Patch 12.2.1.3.200905 Patch 31853298 or later
|
CVE-2019-10173, CVE-2020-9281,
CVE-2020-10683,CVE-2020-2555
|
|
|
Oracle Webcenter Sites
|
Webcenter Sites 12.2.1.3.200714 Patch 31548911 or later
|
Released July 2020
|
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
WEBLOGIC SAMPLES SPU 12.2.1.3.200714 Patch 31384951 or later
|
Released July 2020
|
This patch is a cumulative patch for all Struts 2
CVEs to date.
See Note 2255054.1, Oracle WebLogic Server Requirements for Apache
Struts 2 Vulnerabilities
|
|
Oracle WebLogic Server and Coherence
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
Coherence 12.2.1.3.10 Patch 31470751 or later
|
Released July 2020
|
|
|
Oracle HTTP Server
Oracle Forms and Reports
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.3.200911 Patch 31876370 or later
|
CVE-2019-5482
|
Note 2568225.1Cumulative README Post-Install Steps for Oracle
HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle Forms and Reports
|
Oracle Reports Developer 12.2.1.3 SPU Patch 30731147 or later
|
Released January 2020
|
|
|
Identity and Access Management
|
OIM BUNDLE PATCH 12.2.1.3.0 (ID:200108.2108) Patch 30735905 or later
|
Released January 2020
|
|
|
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 or later
|
Released July 2020
|
|
|
Oracle WebCenter Sites
|
Support Tools 4.4.2 for Oracle WebCenter Sites
12.2.1.3.0 Patch 30505173 or later
|
Released January 2020
|
Support Tools for Webcenter Sites Patch
|
|
Oracle Data Integrator
|
ODI Bundle Patch 12.2.1.3.201020 Patch 31873854 or later
|
CVE-2017-9800, CVE-2016-2510
|
Patch is released in July 2019, CVE-2019-2943 is
announced in Oct CPU.
|
|
Oracle Forms and Reports
|
Forms 12.2.1.3.0 SPU Patch 30410629 or later
|
Released October 2019
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
ADF BUNDLE PATCH 12.2.1.3.0
(ID:190924.2139.S) Patch 30347629 or later
|
Released October 2019
|
Apply to all Oracle homes installed with an FMW
Infrastructure
|
|
Oracle Service Bus
|
OSB BUNDLE PATCH 12.2.1.3.190716
(ID:190716.1831) Patch 30059259 or later
|
Released October 2019
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
|
FMW Platform 12.2.1.3.0 SPU FOR APRCPU2019 Patch 29650702 or later
|
Released April 2019
|
Apply to all Oracle Fusion Middleware homes
|
|
Oracle HTTP Server
Oracle Traffic Director
Oracle Forms and Reports
|
OAM Webgate Bundle Patch 12.2.1.3.180622 Patch 28243743 or later
|
Released July 2018
|
|
|
Oracle Enterprise Data Quality
|
EDQ 12.2.1.3.0 SPU Patch 28263628 or later
|
Released July 2018
|
|
|
Oracle HTTP Server
Oracle WebLogic Server Proxy Plug-In
(Apache, IIS, iPlanet)
|
ONS 12.2.1.3.0 SPU Patch Patch 27323998 or later
|
Released July 2018
|
|
|
Oracle WebCenter Content
|
WebCenter Content Bundle Patch
12.2.1.3.180417 Patch 27393392 or later
|
Released April 2018
|
|
|
Oracle Internet Directory
|
OID BUNDLE PATCH 12.2.1.3.0
(ID:180116.1256) Patch 27396651 or later
|
Released January 2018
|
Oracle Internet Directory (OID) Version 12c
Bundle Patch (BP) (Including Directory Integration Platform / DIP) /
Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA)
Customers Note 2355090.1
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
OHT SPU 12.2.1.3.0 Patch 31613012 or later
|
Released July 2020
|
Oracle Help Technologies
|
3.3.16.2 Oracle Fusion Middleware
11.1.1.9
Error Correction information for Oracle Fusion
Middleware 11.1.1.9
|
Patch Information
|
11.1.1.9
|
Comments
|
|
Final CPU
|
October 2021
|
Note 1290894.1 Error Correction Support Dates for Oracle
Fusion Middleware 11g (11.1.1/11.1.2)
11.1.1.9.0 End of Error Correction for Extended
Support Customer only beyond Dec 2018
|
|
On-Request platforms
|
AIX, HP-UX Itanium, and Windows are on request.
|
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, Understanding Fusion Middleware Bundle Patch
(BP) Release Versions.
|
Patch Availability for Oracle Fusion Middleware
11.1.1.9
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java
SE Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration
Guide for Oracle WebLogic Server (WLS)
|
|
Oracle WebCenter 11.1.1.9 home
|
WebCenter Portal Bundle Patch 11.1.1.9.201015 Patch 31827879 or later
|
CVE-2019-10173, CVE-2020-9281
|
Oracle WebCenter Portal 11.1.1.9 Patch
For patch availability, see section 2.2 Post Release Patches
See Note 2029169.1, Changes to Portlet standards request
dispatching of Resource Requests
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
OHS 11.1.1.9.0 SPU FOR APRCPU2020 Patch 31047338 or later
|
Released April 2020
|
Oracle HTTP Server 11.1.1.9 Patch
Note 2626956.1 Cumulative README Post-Install Steps for
Oracle HTTP Server 11.1.1.9 Critical Patch Update
|
|
Oracle Identity Management 11.1.1.9 home (with OID)
Oracle Web Tier 11.1.1.9 home
|
OSS BUNDLE PATCH 11.1.1.9.200714 Patch 31304503 or later
|
Released July 2020
|
For patch availability, see section 2.2 Post Release Patches
Note 2572809.1 Steps to Evaluate and Update SSL Wallet
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663 or later
|
Released October 2019
|
|
|
OSB 11.1.1.9 home
|
OSB Bundle Patch 11.1.1.9.191015 Patch 30002341 or later
|
Released October 2019
|
OSB Patch
|
|
Oracle Identity Management 11.1.1.9 home
|
OVD 11.1.1.9.0 SPU for October 19 Patch 30281334 or later
|
Released October 2019
|
Oracle Virtual Directory (OVD) Patch
OVD 11g: Oracle Virtual Directory SPU (Security
Patch Update) Patches Note 2318003.1
|
|
ODI 11.1.1.9 Home
|
ODI Bundle Patch 11.1.1.9.201015 Patch 31921933 or later
|
CVE-2016-2510
|
Oracle Data Integrator Patch
|
|
SOA 11.1.1.9 home
|
SOA Bundle Patch 11.1.1.9.0 (ID:181218.1300) Patch 29123005 or later
|
Released January 2019
|
SOA Patch
|
|
Oracle Web Tier 11.1.1.9 home
|
Oracle Web Cache SPU 11.1.1.9.0 CPUJan2019 Patch 28855717 or later
|
Released January 2019
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL
Cipher Suite Changes Beginning with CPU January 2016 and Note 2494468.1, How to Disable ESI in Oracle Web Cache
|
|
Oracle WebCenter 11.1.1.9 home
|
WCC BP 11.1.1.9.180226 Patch 27393411 or later
|
Released April 2018
|
WebCenter Content Patch
|
|
Oracle Identity Management 11.1.1.9 home
|
OID bundle patch 11.1.1.9.171127 Patch 26850241, or later
|
Released January 2018
|
Oracle Internet Directory Patch
See Note 2420947.1 for additional information about Oracle
Internet Directory Vulnerability CVE-2015-0204
Oracle Internet Directory (OID) Version 11g Bundle
Patch (BP) (Including Directory Integration Platform / DIP) / Bundle
Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers Note 1614114.1
|
|
Oracle Identity Management 11.1.1.9 home (with OID)
Oracle Web Tier 11.1.1.9 home
|
OPMN Patch 23716938 or later
|
Released October 2017
|
OPMN 11.1.1.9 required patch for integration
with OSS
Note 2566042.1 SSL Configuration Required to Secure OPMN
11.1.1.9
|
|
OSB 11.1.1.9 home
|
Patch 24847885 or later
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle FMW 11.1.1.9 ORACLE_COMMON home
|
JRF BP 11.1.1.9.160905 Patch 23243563 or later
|
Released January 2017
|
JRF BP
|
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
Oracle Identity Access Management 11.1.2.3.0 home
|
BP Patch 24580895 or later
|
Released October 2016
|
Web Services BP
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home
|
SPU Patch 22567790 or later
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for
11.1.1.9.0
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
DB PSU Patch 22290164 or later for Unix
DB BP Patch 22607089 or later for Windows 32-Bit
DB BP Patch 22607090 or later for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
OHT SPU 11.1.1.9.0 Patch 28097644 or later
|
Released July 2020
|
Oracle Help Technologies
|
3.3.16.3 Oracle Identity and
Access Management
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Identity Access Management installation. Only the relevant
homes from those tables need to be patched.
Patch Availability for Oracle Identity Access
Management
3.3.16.4 Oracle Identity Access
Management 11.1.2.3
Error Correction information for Oracle Identity
Access Management 11.1.2.3
|
Patch Information
|
11.1.2.3
|
Comments
|
|
Final CPU
|
Oct 2021
|
Note 1290894.1 Error Correction Support Dates for Oracle
Fusion Middleware 11g (11.1.1/11.1.2)
|
|
On-Request platforms
|
-
|
|
|
Understanding Patch Release Versions
|
-
|
See Note 1494151.1, Understanding Fusion Middleware Bundle Patch
(BP) Release Versions.
|
Patch Availability for Oracle Identity Access
Management 11.1.2.3
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration Guide
for Oracle WebLogic Server (WLS)
|
|
Oracle Identity and Access Management 11.1.2.3
home
|
See "Oracle Fusion Middleware
11.1.1.9"
|
See "Oracle Fusion Middleware
11.1.1.9"
|
Apply Fusion Middleware patches with Oracle
Identity and Access Management 11.1.2.3 home
|
|
Oracle Identity Access Management 11.1.2.3.0
home
|
OUD BUNDLE PATCH 11.1.2.3.200625 Patch 31541461
|
Released July 2020
|
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663
|
Released October 2019
|
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
JRF BP 11.1.1.9.160905 Patch 23243563 or later
|
Released January 2017
|
JRF BP
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for 11.1.1.9.0
|
|
Oracle Identity Management 11.1.2.3 home
|
OIM BUNDLE PATCH 11.1.2.3.0(ID:190922.2323) Patch 30338509 or later
OR
IDM SUITE BUNDLE PATCH 11.1.2.3.191015 Patch 30292098
|
Released January 2020
|
|
|
Oracle Identity Access Management 11.1.2.3 home
|
Patch 30292098 - IDM Suite Bundle Patch 11.1.2.3.191015
OR
Patch 30386537 - OAM BUNDLE PATCH
11.1.2.3.191004(ID:191004.0426)
|
Released April 2020
|
These CVE fixes announced in April CPU are part of
the patches released earlier.
|
|
Oracle Identity Access Management 11.1.2.3.0
home
|
OAAM Server 11.1.2.3.0 SPU for October18 Patch 28750460
|
Released October 2018
|
Oracle Adaptive Access Manager Patch
|
|
Oracle WebGate 11.1.2.3 Home
|
Patch 31710235 - OAM WEBGATE BUNDLE PATCH 11.1.2.3.200804
or later
|
CVE-2018-11058
|
|
3.3.16.5 Oracle Identity Management
Connector
Error Correction
information for Oracle Identity Management Connector
|
Patch
Information
|
12c
|
11g
|
9.1.1.5
|
Comments
|
|
Final CPU
|
refer to Note 2454684.1
|
|
Patch
Availability for Oracle Identity Management Connector
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Microsoft AD
connector 9.1.1.5
|
OIM Connector 9.1.1.5.15 Patch 25028999
|
Released October 2017
|
|
|
CA Top
Secret Connector 9.1.0.6
|
OIM Connector 9.1.0.6 Patch 31708407
|
CVE-2017-5645
|
9.0.x customers should upgrade to 9.1.0.x
|
|
RACF adv connector
9.1.0.2
|
OIM Connector 9.1.0.2 Patch 31058957
|
Released April 2020
|
9.0.x customers should upgrade to 9.1.0.x
|
|
acf2
connector 9.1.0.1
|
OIM Connector 9.1.0.1 Patch 31101274
|
Released April 2020
|
9.0.x customers should upgrade to 9.1.0.x
|
3.3.17 Oracle Hyperion Analytic Provider
Services
Error Correction
information for Oracle Hyperion Analytic Provider Services
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch
Availability for Oracle Hyperion Analytic Provider Services
3.3.18 Oracle
Hyperion BI+
Error Correction
information for Oracle Hyperion BI+
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion BI+
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2 Home
|
The issue has been addressed in the latest
releases: 11.1.2.4.900 and 11.2.*.
Customers on the prior releases are recommended to
upgrade to the latest releases. An upgrade path for release 11.1.2.4 is
described in the Oracle Enterprise Performance
Management System Release 11.2.2.0.000 Readme
|
CVE-2020-14767, CVE-2020-14770
|
IQR-Foundation service
|
3.3.19 Oracle
Hyperion Data Relationship Management
Error Correction
information for Oracle Hyperion Data Relationship Management
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Data Relationship Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
Hyperion Data Relationship Management
11.1.2.4.347 PSU; Patch 28818149
|
Released October 2019
|
|
3.3.20 Oracle
Hyperion Enterprise Performance Management Architect
Error Correction
information for Oracle Hyperion Enterprise Performance Management Architect
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch
Availability for Oracle Hyperion Enterprise Performance Management
Architect
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.3
|
SPU Patch 19466859
SPU Patch 20929659
|
Released July 2015
|
|
|
11.1.2.2
|
SPU On-Request
|
Released July 2015
|
|
3.3.21 Oracle
Hyperion Essbase
Error Correction
information for Oracle Hyperion Essbase
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
April 2021
|
|
Patch
Availability for Oracle Hyperion Essbase
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
11.1.2.4.040 PSU Patch 31206851 (RTC)
11.1.2.4.040 PSU Patch 31206855 (Client)
11.1.2.4.040 PSU Patch 31206859 (Client MSI)
11.1.2.4.040 PSU Patch 31206864 (Server)
11.1.2.4.031 PSU Patch 29260139 (Studio Server)
11.1.2.4.031 PSU Patch 29260141 (Studio Console)
11.1.2.4.0.037 PSU Patch 30717472 (Essbase Administration Services Server)
11.1.2.4.037 PSU Patch 30717462 (Essbase Administration Services Console)
|
CVE-2019-5482, CVE-2019-1547
|
Install prior to Java CPUApr2017 JDK/JRE or
later version
|
|
11.1.2.3
|
11.1.2.3.508 PSU Patch 22347375 (RTC)
11.1.2.3.508 PSU Patch 22347367 (Client)
11.1.2.3.508 PSU Patch 22314799 (Server)
|
Released April 2017
|
|
|
11.1.2.2
|
Upgrade to Hyperion Essbase 11.1.2.3, then apply
the patches listed above
|
Released July 2015
|
|
3.3.22 Oracle
Hyperion Financial Close Management
Error Correction
details for Oracle Hyperion Financial Close Management
|
Patch Information
|
11.1.2..x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Financial Close Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
PSU 11.1.2.4.253 Patch 29060830
|
Released July 2019
|
|
|
11.1.2.4
|
JDev ADF Patch 31246831
|
Released July 2020
|
|
3.3.23 Oracle
Hyperion Financial Management
Error Correction
information for Oracle Hyperion Financial Management
|
Patch Information
|
11.1.2.0
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Financial Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.0
|
SPU Patch Patch 28314691
|
Released October 2018
|
Hyperion Shared Service Patch for Common Events
Service used by Hyperion Financial Management
|
|
11.1.2.4
|
PSU 11.1.2.4.209 Patch 29343616 + JDev ADF Patch 30378046
|
Released April 2020
|
|
3.3.24 Oracle
Hyperion Financial Reporting
Error Correction
information for Oracle Hyperion Financial Reporting
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Financial Reporting
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2
|
Jdev 11.1.1.7.1 SPU Patch 27457998
|
Released July 2018
|
Jdev ADF Patch needs to be applied to Hyperion
Financial Reporting Home. To download this patch please contact support
to get the password.
|
|
11.1.2.4
|
PSU 11.1.2.4.712 Patch 30670918
PSU 11.1.2.4.902 Patch 30670918
|
Released April 2020
|
|
3.3.25 Oracle
Hyperion Lifecycle Management
Error Correction
information for Oracle Hyperion Lifecycle Management
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Lifecycle Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
The issue has been addressed in the latest
releases: 11.1.2.4.900 and 11.2.*.
Customers on the prior releases are recommended to
upgrade to the latest releases. An upgrade path for release 11.1.2.4 is
described in the Oracle Enterprise Performance
Management System Release 11.2.2.0.000 Readme
|
CVE-2020-14752, CVE-2020-14772
|
Shared Services
|
3.3.26 Oracle
Hyperion Planning
Error Correction
information for Oracle Hyperion Planning
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Planning
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
PSU 11.1.2.4.010 Patch 31365862
|
CVE-2020-14764
|
This patch is cumulative and will include the
fixes/CVEs from patch 29889455
|
|
11.1.2.4
|
JDev 11.1.1.7.1 SPU Patch 30378046
|
Released October 2019
|
JDev ADF Patch needs to be applied to Hyperion
Planning. To download this patch please contact Support to get the
password.
|
3.3.27 Oracle
Hyperion Profitability and Cost Management
Error Correction
information for Oracle Hyperion Profitability and Cost Management
|
Patch Information
|
11.1.2.4
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Profitability and Cost Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
11.1.2.4.130 PSU; Patch 29461894
|
Released October 2019
|
|
3.3.28 Oracle
Hyperion Strategic Finance
Error Correction
information for Oracle Hyperion Strategic Finance
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Strategic Finance
3.3.29 Oracle
Hyperion Workspace
Error Correction
information for Oracle Hyperion Workspace
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Workspace
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4.900
|
Patch 31486872
|
CVE-2020-14854
|
|
|
11.1.2.4.700
|
11.1.2.4.825 SPU Patch 31124100
|
CVE-2020-14854
|
|
|
11.1.2 Home
|
11.1.2.4.009 SPU Patch 29115044
apply Weblogic 10.3.6 Latest PSU. See "Oracle WebLogic Server" Section
|
Released July 2019
|
R&A Framework Patch
|
3.3.30 Oracle
JDeveloper and Oracle ADF
Error Correction
information for Oracle JDeveloper and Oracle ADF
Comments
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.2.4
|
11.1.1.9
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
October 2021
|
11.1.2.4 and 11.1.1.9.0: End of Error Correction
for Extended Support Customer only beyond Dec 2018
|
|
Understanding Patch Release Versions
|
See Note 1494151.1, Understanding Fusion Middleware Bundle Patch
(BP) Release Versions.
|
Critical Patch Update Availability for Oracle
JDeveloper and Oracle ADF
|
Release
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.4.0
|
ADF BUNDLE PATCH 12.2.1.4.200817 Patch 31762739 or later
|
CVE-2020-11022
|
|
|
12.2.1.3.0
|
ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or later
|
CVE-2020-11022
|
|
|
11.1.2.4.0
|
ADF SPU 11.1.2.4.0 for OctCPU2019 Patch 30380494 or later
|
Released October 2019
|
|
|
11.1.1.9.0
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2020 Patch 31985571 or later
|
CVE-2020-11022
|
|
3.3.31 Oracle Map Viewer
Error Correction information for Oracle Map Viewer
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
1.1.1.9.0 End of Error Correction for Extended
Support Customer only beyond Dec 2018
|
Patch Availability for Oracle Map Viewer
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.3 AND 12.2.1.4
|
Mapviewer 12.2.1.4.0 SPU Patch 31026189
|
Released July 2020
|
The same Patch applies to 12.2.1.3 and 12.2.1.4
|
|
11.1.1.9
|
SPU Patch 27534923
|
Released April 2018
|
|
3.3.32 Oracle Outside In
Technology
Error Correction information for Oracle Outside In
Technology
|
Patch Information
|
8.5.5
|
8.5.4
|
Comments
|
|
Final CPU
|
April 2022
|
December 2020
|
|
Patch Availability for Oracle Outside In Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Outside In Technology 8.5.5
|
ORACLE OUTSIDE IN TECHNOLOGY (OIT) OCTOBER 2020
8.5.5 BUNDLE PATCH #2 Patch 31942367
|
CVE-2020-15389, CVE-2020-13631
|
|
|
Oracle Outside In Technology 8.5.4
|
ORACLE OUTSIDE IN TECHNOLOGY (OIT) OCTOBER 2020
8.5.4 BUNDLE PATCH #10 Patch 31942355
|
CVE-2020-15389, CVE-2020-13631
|
|
3.3.33 Oracle Real Time Decisions
Platform
Error Correction information for Oracle Real Time
Decisions Platform
Describes the Error Correction information for Oracle
Real Time Decisions Platform.
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch Availability for Oracle Real Time Decisions
Platform
Describes the available patches for Oracle Real Time
Decisions Platform.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Real Time Decisions Platform 3.2 home
|
RTD Platform 3.2.1 SPU for October CPU
2018 Patch 28722658
|
Released October 2018
|
|
3.3.34 Oracle Service
Architecture Leveraging Tuxedo (SALT)
Error Correction information for Oracle Service
Architecture Leveraging Tuxedo (SALT)
|
Patch Information
|
12.2.2.0.x
|
12.1.3
|
Comments
|
|
Final CPU
|
Oct 2024
|
Oct 2020
|
|
Patch Availability for Oracle Service Architecture
Leveraging Tuxedo (SALT)
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Service Architecture Leveraging Tuxedo
(SALT) 12.2.2.0.x home
|
Oracle SALT 12.2.2.0.0 SPU FOR CPUJan2019 Patch 29169314
|
Released January 2019
|
|
|
Oracle Service Architecture Leveraging Tuxedo
(SALT) 12.1.3.0.x home
|
Oracle SALT 12.1.3.0.0 SPU FOR CPUJan2019 Patch 29169322
|
Released January 2019
|
|
3.3.35 Oracle SOA Suite
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle SOA Suite installation. Only the relevant homes from those
tables need to be patched.
Patch Availability for Oracle SOA Suite
3.3.36 Oracle Traffic Director
Error Correction information for Oracle Traffic
Director
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
|
Patch Availability for Oracle Traffic Director
3.3.37 Oracle Tuxedo
Error Correction information for Oracle Tuxedo
|
Patch Information
|
12.2.2.0
|
12.1.3.0
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
|
Patch Availability for Oracle Tuxedo
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
12.2.2.0
|
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018
Linux Patch 28090531
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-64
with vs2015 Patch 28124771
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018
win-32 with vs2015 Patch 28124779
|
Released July 2018
|
For CVE-2017-10269, see extra settings required
with these cumulative patches in Note 2326009.1
|
|
12.1.3.0
|
RP117 TUXEDO 12.1.3.0 SPU FOR CPUJAN2020 Patch 30596495
RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2013) FOR
CPUJAN2020 Patch 30601651
RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2012) FOR
CPUJAN2020 Patch 30601637
|
Released January 2020
|
For CVE-2017-10269, see extra settings required
with these cumulative patches in Note 2326009.1
|
3.3.38 Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)
Error Correction Information for Oracle Tuxedo System
and Applications Monitor Plus (TSAM Plus)
|
Patch Information
|
12.2.2
|
12.1.3
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
|
Patch Availability for Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
TSAM Plus 12.2.2
|
RP002 Patch 25389632
|
Released July 2017
|
|
|
TSAM Plus 12.1.3
|
RP019 FOR LINUX 64-BIT X86 Patch 27379436
|
Released January 2018
|
|
3.3.39 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Web-Tier 11g Utilities installation. Only the
relevant homes from those tables need to be patched.
Patch Availability for Oracle Web-Tier 11g Utilities
3.3.40 Oracle WebCenter
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle WebCenter installation. Only the relevant homes from those
tables need to be patched.
3.3.41 Oracle WebCenter Content
(Formerly Oracle Universal Content Management)
Patch Availability for Oracle WebCenter Content
3.3.42 Oracle WebCenter Portal
Error Correction information for Oracle WebCenter
Portal
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
December 2021
|
|
Patch Availability for Oracle WebCenter Portal
3.3.43 Oracle WebCenter Sites
(Formerly FatWire Content Server)
Error Correction information for Oracle WebCenter
Sites (formerly FatWire Content Server)
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.8
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
|
Patch Availability for Oracle WebCenter Sites
3.3.44 Oracle WebCenter Sites
Community
Error Correction information for Oracle WebCenter
Sites Community
|
Patch Information
|
11.1.1.8
|
Comments
|
|
Final CPU
|
-
|
|
Patch Availability for Oracle WebCenter Sites
Community
3.3.45 Oracle WebCenter Suite
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle WebCenter Suite installation. Only the relevant homes from
those tables need to be patched.
Patch Availability for Oracle WebCenter Suite
3.3.46 Oracle WebLogic Portal
Error Correction information for Oracle WebLogic
Portal
|
Patch Information
|
10.3.7.0
|
Comments
|
|
Final CPU
|
October 2021
|
Note 1308963.1 Error Correction Policy as it applies to
Oracle WebLogic Portal (WLP)
|
Critical Patch Update Availability for WebLogic
Portal
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
WebLogic Portal patches are cumulative to include all
the prior published advisories. For more information, see My Oracle
Support Note 1355929.1, October 2011 Updates Introduce New WebLogic
Portal (WLP) Configuration Options for SSL Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled with WebLogic
Server 9.2.3.0, which is out of error correction. Contact Oracle support
for security patches needed for WebLogic Server 9.2.3.0
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
WebLogic Portal 10.3.7.0 home
|
There are no CPU patches to document on 10.3.7.0
|
none
|
|
3.3.47 Oracle WebLogic Server
Error Correction information for Oracle WebLogic
Server Patch Set Update
|
Patch Information
|
14.1.1.0.0
|
12.2.1.4.0
|
12.2.1.3.0
|
12.1.3.0
|
10.3.6.0
|
Comments
|
|
Final CPU
|
January 2028
|
July 2025
|
October 2021
|
October 2020
|
October 2021
|
Note 950131.1 Error Correction Support Dates for Oracle
WebLogic Server
12.1.3 and 10.3.6.0 End of Error Correction for
Extended Support Customer only beyond Dec 2018
|
|
Understanding Patch Release Versions
|
|
-
|
-
|
-
|
-
|
See Note 2565576.1, Understanding WebLogic Server Patch Set Update
(PSU) Release Versions
|
Patch Set Update Availability for Oracle WebLogic Server
For more information, see MyOracleSupport Note 1470197.1, Patch Set Update (PSU) Release Listing for Oracle
WebLogic Server (WLS). See Note 1306505.1, Patch Set Update (PSU) Administration Guide for
Oracle WebLogic Server (WLS)
This section contains the following:
3.3.47.1 Oracle WebLogic Server
14.1.1.0
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 14.1.1.0 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 14.1.1.0
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
|
OPatch 13.9.4.2.4 Patch 28186730
|
Released July 2020
|
Update OPatch 13.9.4.2.4 Patch 28186730 before applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle
Fusion Middleware 12c
|
|
|
WLS PATCH SET UPDATE 14.1.1.0.200930 Patch 31957062
|
CVE-2020-14841, CVE-2020-14825, CVE-2020-14859,
CVE-2020-14820, CVE-2020-11022, CVE-2020-14883, CVE-2020-14882
|
For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1
|
|
|
WEBLOGIC SAMPLES SPU 14.1.1.0.200714 Patch 31384947
|
Released July 2020
|
|
|
|
Coherence 14.1.1.0.1 Patch 31201347 or later
|
Released July 2020
|
|
3.3.47.2 Oracle WebLogic Server
12.2.1.4
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.4 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.2.1.4
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
|
OPatch 13.9.4.2.4 Patch 28186730
|
Released July 2020
|
Update OPatch 13.9.4.2.4 Patch 28186730 before applying WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle
Fusion Middleware 12c
|
|
|
WLS PATCH SET UPDATE 12.2.1.4.201001 Patch 31960985
|
CVE-2020-14841, CVE-2020-14825, CVE-2020-14859,
CVE-2020-14820, CVE-2020-11022, CVE-2020-14883, CVE-2020-14882
|
For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1
See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for
WebLogic Server.
|
|
|
WEBLOGIC SAMPLES SPU 12.2.1.4.200714 Patch 31384959
|
Released July 2020
|
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU
2020 Patch 31544353
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and Applicability of
this patch.
|
|
|
Coherence 12.2.1.4.5 Patch 31470730 or later
|
Released July 2020
|
|
3.3.47.3 Oracle WebLogic Server
12.2.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.2.1.3
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
|
OPatch 13.9.4.2.4 Patch 28186730
|
Released July 2020
|
Update OPatch 13.9.4.2.4 Patch 28186730 before applying WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle
Fusion Middleware 12c
|
|
|
WLS PATCH SET UPDATE 12.2.1.3.201001 Patch 31961038
|
CVE-2020-14841, CVE-2020-14825, CVE-2020-14859,
CVE-2020-14757, CVE-2020-14820, CVE-2020-11022, CVE-2020-14883,
CVE-2019-17267, CVE-2020-14882
|
For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1
See Note 2421487.1, Oracle Strongly recommends applying minimum
JDK version (JDK 8u181 or later) to make some of Weblogic Server
Deserialization vulnerability fixes effective.
See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for
WebLogic Server
Refer to Note 2437460.1 for Patch Conflict issue.
CVE-2018-3213 Is addressed in Docker Images
published after September 13, 2018. Latest docker image at
https://container-registry.oracle.com.
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU
2020 Patch 31544340
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and Applicability of
this patch.
|
|
|
WEBLOGIC SAMPLES SPU 12.2.1.3.200714 Patch 31384951
|
Released July 2020
|
This patch is a cumulative patch for all Struts
2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for
Apache Struts 2 Vulnerabilities.
|
|
|
Coherence 12.2.1.3.10 Patch 31470751 or later
|
Released July 2020
|
|
3.3.47.4 Oracle WebLogic Server
12.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.1.3
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
|
WLS PATCH SET UPDATE 12.1.3.0.201020 Patch 31656851
|
CVE-2020-14841, CVE-2020-14859, CVE-2020-14820,
CVE-2020-11022, CVE-2020-14883, CVE-2020-14882
|
For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1
See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for
WebLogic Server
Refer to Note 2566635.1 for Overlay Patch Conflict issue
See Note 2421487.1, Oracle Strongly recommends applying minimum
JDK version (JDK 7 u191 or later OR JDK 8u181 or later) to make some of
the Weblogic Server Deserialization vulnerability fixes effective.
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle
|
|
|
ADR FOR WEBLOGIC SERVER 12.1.3.0 JULY CPU
2020 Patch 31544363
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and Applicability of
this patch.
|
|
|
WEBLOGIC SAMPLES SPU 12.1.3.0.200714 Patch 31615281
|
Released July 2020
|
This patch is a cumulative patch for all Struts 2
CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for
Apache Struts 2 Vulnerabilities.
|
|
|
Coherence 12.1.3.0.9 Patch 31470778
|
Released July 2020
|
|
|
|
WLS 12.1.3 JDBC Patch 20741228
|
Released January 2018
|
Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers
Bundled with WebLogic Server 10.3.6 and 12c
|
|
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS patch
|
|
|
See Note 1936300.1 How to Change SSL Protocols (to Disable
SSL 2.0/3.0) in Oracle Fusion Middleware Products (Doc ID 1936300.1)
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.47.5 Oracle WebLogic Server
10.3.6
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 10.3.6 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 10.3.6
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
Download locations and installation instructions in
above document
|
See Note 1492980.1, How to Install and Maintain the Java SE
Installed or Used with FMW 11g/12c Products
|
|
|
WLS PATCH SET UPDATE 10.3.6.0.201020 Patch 31641257
|
CVE-2020-14841, CVE-2020-14859, CVE-2020-14820,
CVE-2020-11022, CVE-2020-14883, CVE-2020-9488, CVE-2020-14882
|
For CVE-2020-14750 Security Advisory Patches, see Note 2724951.1
See Note 2421487.1 - Oracle Strongly recommends applying
minimum JDK version (JDK 7 u191 or later) to make some of the Weblogic
Server Deserialization vulnerability fixes effective.
See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for
WebLogic Server
See Note 1607170.1, SSL Authentication Problem Using WebLogic
10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher
See Note 2395745.1, April 2018 Critical Patch Update: Additional
Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628
See Note 2421480.1, July 2018 Critical Patch Update: Additional
information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.
See Note 2076338.1 July 2018 Critical Patch Update:
Additional information about the Oracle WebLogic Server Vulnerability
CVE-2015-4852
|
|
|
ADR FOR WEBLOGIC SERVER 10.3.6 JULY CPU
2020 Patch 31241365
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details on ADR and Applicability of
this patch.
|
|
|
WLS 10.3.6 JDBC Patch 27541896
|
Released January 2018
|
Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers
Bundled with WebLogic Server 10.3.6 and 12c
|
|
|
WLS 10.3.6 SAMPLES PSU 10.3.6.0.190716 Patch 29659185
|
Released July 2019
|
This patch is a cumulative patch for all Struts
2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for
Apache Struts 2 Vulnerabilities
|
|
|
Coherence 3.7.1.19 Patch 31447246
|
Released July 2020
|
|
|
|
See Note 1936300.1 How to Change SSL Protocols (to Disable
SSL 2.0/3.0) in Oracle Fusion Middleware Products (Doc ID 1936300.1)
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.48 Oracle Coherence
Error Correction information for Oracle Coherence
|
Patch Information
|
14.1.1.0
|
12.2.1.4
|
12.2.1.3
|
12.1.3.0
|
3.7.1
|
Comments
|
|
Final CPU
|
January 2028
|
July 2025
|
October 2021
|
January 2021
|
October 2021
|
The official dates are in the Lifetime Support document, which is updated when any
extension is approved.
|
Critical Patch Update Availability for Oracle
Coherence
Follow the guidance below to locate the patches that
should be applied to a Standalone Oracle Coherence installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Applies to all
Oracle Coherence Versions
|
Java See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
See Note 2708527.1, Oracle Critical Patch Update (CPU) Oct 2020
for Oracle Java SE
|
|
|
Oracle Coherence 14.1.1.0
|
OPatch 13.9.4.2.4 Patch 28186730 or later
Coherence 14.1.1.0.1 Patch 31201347 or later
|
Released July 2020
|
If WLS is installed, see WLS 14.1.1.0 for a full list of patches needed
including Oracle Coherence
|
|
Oracle Coherence 12.2.1.4
|
OPatch 13.9.4.2.4 Patch 28186730 or later
Coherence 12.2.1.4.5 Patch 31470730 or later
|
Released July 2020
|
If WLS is installed, see WLS 12.2.1.4 for a full list of patches needed
including Oracle Coherence
|
|
Oracle Coherence 12.2.1.3
|
OPatch 13.9.4.2.4 Patch 28186730 or later
Coherence 12.2.1.3.10 Patch 31470751 or later
|
Released July 2020
|
If WLS is installed, see WLS 12.2.1.3 for a full list of patches needed
including Oracle Coherence
|
|
Oracle Coherence 12.1.3.0
|
Coherence 12.1.3.0.9 Patch 31470778 or later
|
Released July 2020
|
If WLS is installed, see WLS 12.1.3 for a full list of patches needed
including Oracle Coherence
|
|
Oracle Coherence 3.7.1.x
|
Coherence 3.7.1.19 Patch 31447246 or later
|
Released July 2020
|
If WLS is installed, see WLS 10.3.6 for a full list of patches needed
including Oracle Coherence
|
3.4 Oracle Sun Middleware
This section contains the following:
3.4.1 Directory
Server Enterprise Edition
Error Correction information for Directory Server
Enterprise Edition
|
Patch Information
|
11.1.1.7.0
|
Comments
|
|
Final CPU (Premier Support)
|
October 2019
|
|
|
Final CPU (Extended Support)
|
October 2022
|
|
Patch Availability for Directory Server Enterprise
Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7.0
|
ODSEE BP 11.1.1.7.190716 Patch 29893742
|
Released July 2019
|
CVE-2018-18508 is not applicable to Windows
Platform. Please refer to 2.2 Post Release Patches for Windows Patch.
|
3.5 Tools
This section contains the following:
3.5.1 Oracle
OPatch
Minimum Product Requirements for Oracle OPatch
The CPU security vulnerabilities are fixed in the
listed release and later releases. The Oracle OPatch downloads can be found
at Patch 6880880.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle OPatch
|
11.2.0.3.25, 12.2.0.1.21
|
Released July 2020
|
Download the latest versions available to
install Database Patches
|
4 Final CPU History
Final CPU History
The Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. For more information, see My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy.
|
Release
|
Final CPUs
|
Comments
|
|
July 2020
|
Oracle Tuxedo 12.1.1.0
Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 12.1.1.1
|
|
|
April 2020
|
Management Pack For Oracle GoldenGate 11.2.1.0
Oracle Big Data Discovery
Oracle Enterprise Manager Cloud Control 13c Release 2 (13.2.0.0)
|
|
|
January 2020
|
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Repository 12.1.3
Oracle Fusion Middleware 12.1.3.0
Oracle GoldenGate 11.2.1.0
Oracle Map Viewer 12.1.3.0
|
|
|
October 2019
|
Oracle Application Testing Suite 13.2.0.1
Oracle Business Transaction Management 12.1.0.7
Oracle Enterprise Data Quality 9.0
Oracle GoldenGate for Big Data 12.3.1.1.0
Oracle GoldenGate Management Pack Plugin 12.1.0
Oracle Identity Analytics 11.1.1.5.0
Oracle JDeveloper and Oracle ADF 12.1.3.0
Oracle OpenSSO 8.0 u2 (8.0.2.0)
Oracle Waveset 8.1.1
|
|
|
July 2019
|
Oracle Application Testing Suite 13.1.0.1
Oracle Enterprise Manager Cloud Control 13.2
Oracle Enterprise Data Quality 8.1
Oracle Enterprise Data Quality 9.0
Oracle Real Time Decisions Applications 3.2
|
|
|
April 2019
|
Oracle Enterprise Manager Ops Center 12.2.x
Management Pack For Oracle GoldenGate 11.1.1
Oracle Outside In Technology 8.5.3
|
|
|
January 2019
|
Oracle Application Performance Management 11.1.x
Oracle GlassFish Server 3.1.2
Oracle Mobile Security Suite 3.0
|
|
|
October 2018
|
Oracle Business Intelligence App Mobile Designer
Oracle Business Intelligence Enterprise Edition 11.1.1.7
Oracle Business Intelligence Mobile
Oracle Business Intelligence Publisher 11.1.1.7
Oracle Communications Converged Application Server 5.x
Oracle Complex Event Processing 11.1.7
Oracle Data Integrator 11.1.1.7.0
Oracle Endeca Server 7.6
Oracle Endeca Server 7.6.1
Oracle Endeca Information Discovery Integrator 3.1
Oracle Endeca Information Discovery Studio 3.1
Oracle Forms and Reports 11.1.2.2
Oracle Fusion Middleware 11.1.1.7
Oracle GoldenGate Application Adapters 12.2.0.1
Oracle Hyperion BI+ 11.1.2.x
Oracle Identity Access Management 11.1.1.7
Oracle JDeveloper and Oracle ADF 11.1.1.7
Oracle Mapviewer 11.1.1.7.0
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
Oracle Real Time Decisions Server 11.1.1.7
Oracle Service Bus 11.1.1.7.0
Oracle SOA Suite 11.1.1.7.0
Oracle Traffic Director 11.1.1.7
Oracle WebCenter Suite 11.1.1.7
Oracle WebGate 10.1.4.3
Oracle WebLogic Portal 10.3.6.0
Oracle WebLogic Server Plug-in 11.1.1.7
Oracle Web-Tier 11g Utilities 11.1.1.7
|
|
5 Sources of Additional Information
The following documents provide additional
information about Critical Patch Updates:
- My Oracle Support Note 756671.1, Master Note for Database Proactive
Patch Program
- My Oracle Support Note 822485.1, Master Note for Enterprise Manager
Proactive Patch Program
- My Oracle
Support Note 1494151.1, Master Note on Fusion Middleware
Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs)
- My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager,
TimesTen In-Memory Database, and OCS Software Error Correction Support
Policy
6 Modification History
Modification History
|
Date
|
Modification
|
|
October 20, 2020
|
Released
Updated the 'OHS (NATIVE) BUNDLE PATCH' row in section 3.3.16.1.2 and
section 3.2.4
|
|
October 22, 2020
|
Removed Oracle Security Service from section
3.3.16.1.1
Returned Patch 30347629 to section 3.2.4 pending the completion of
internal testing.
|
|
October 23, 2020
|
Updated patch availability in section 2.2
Added distributions for Patch 31544340 in section 3.3.16.1.2
Updated final CPU in section 3.3.16.1.1
|
|
October 27, 2020
|
Updated patch availability in section 2.2
Updated final CPUs date of October 2025 to July 2025 throughout this
document.
|
|
October 28, 2020
|
Updated patch availability in section 2.2
|
|
October 29, 2020
|
Removed comment for Patch 32019093 in section
3.2.4
Updated the Final CPU date for version 12.1.3.0 in section 3.3.47
|
|
October 30, 2020
|
Updated patch availability in section 2.2
|
|
November 02, 2020
|
Added comment for Patch 31960985 to section
3.3.16.1.1 & 3.3.47.2
Added comment for Patch 31961038 to section 3.3.16.1.2 & 3.3.47.3
Added comment for Patch 31957062 to section 3.3.47.1
Added comment for Patch 31656851 to section 3.3.47.4
Added comment for Patch 31641257 to section 3.3.47.5
Removed comment for Patch 31899771 in section 3.2.4
Updated patch availability in section 2.2
|
|
November 04, 2020
|
Updated patch availability in section 2.2
|
|
November 05, 2020
|
Added CVE-2018-2765 to the Advisory Number
column in sections 3.1.4.4, 3.1.4.5, and 3.1.4.6.
Updated patch availability in section 2.2
|
|
November 06, 2020
|
Corrected the Advisory Number column for the 2nd
and the 3rd rows in sections 3.1.4.2 - 3.1.4.6
|
|
November 09, 2020
|
Updated patch availability in section 2.2
|
|
November 12, 2020
|
Updated patch availability in section 2.2
|
|
November 13, 2020
|
Updated patch availability in section 2.2
|
|
November 17, 2020
|
Corrected section numbers 3.3.45 through 3.3.48
at the top of section 3.3.
|
7 Documentation Accessibility
|