|
APPLIES TO:
Oracle Database - Standard Edition - Version 12.1.0.2 and later
Gen 1 Exadata Cloud at
Customer (Oracle Exadata Database Cloud Machine)
- Version N/A and later
Oracle Cloud Infrastructure - Database Service -
Version N/A and later
Oracle Fusion Middleware - Version 11.1.1.7.0 and
later
Oracle Database Cloud Exadata
Service - Version N/A and later
Information in this document applies to any platform.
This document defines the patches and minimum releases
for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch
Updates and Patch Set Updates released on April 20, 2021.
The document is for Database Administrators and/or
others tasked with Quarterly Security Patching.
Database, Fusion Middleware, and Enterprise Manager Critical
Patch Update April 2021 Patch Availability Document
My Oracle
Support Note 2749094.1
Released April 20, 2021
This document contains the
following sections:
Quick Links: Read Me First DB 19c EM Cloud Control FMW WLS
1 Overview
Oracle provides quarterly
cumulative patches to address security vulnerabilities. The patches may
include critical fixes in addition to the security fixes. The security
vulnerabilities addressed are announced in the Advisory for April 2021,
available at:
Oracle Technical
Network Advisory
This document lists the Oracle
Database, Fusion Middleware and Enterprise Manager CPU program cumulative
patches for product releases under error correction. The April 2021 release
supersedes earlier CPU program cumulative patches for the same product
releases. This document is subject to continual update after the initial
release, and the changes are listed in "Modification
History." If you print this document, check My Oracle
Support to ensure you have the latest version.
This section contains the
following:
·
Section 1.1
"How To Use This Document"
·
Section 1.2
"Terminology in the Tables"
·
Section 1.3
"On-Request Patches"
·
Section 1.4
"CPU Program and My Oracle Support Patch Recommendations"
·
Section 1.5 "My
Oracle Support (MOS) Conflict Checker Tool"
1.1 How To Use This Document
The following steps explain how to
use this document.
Step
1 Assess your Environments
Determine
the Oracle product suites and products and their release numbers for each
of your environments.
Step
2 Read Important Announcements
Review "What's New in
April 2021," as it lists documentation and packaging
changes along with important announcements such as upcoming final CPUs.
Step
3 Determine Patches to be Applied
For each
environment, determine which patches need to be applied by using the tables
in "Patch
Availability for Oracle Products." There is one
availability table for each product suite release, such as Oracle Database
12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise
Manager Cloud Control 13.4.0.0.
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen
In-Memory Database, and OCS Software Error Correction Support Policy.
Patches are provided only for these releases. If you do not see the release
that you have installed, then check "Final CPU
History" and contact Oracle Support for further
assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous
quarterly releases, or the current one without any security fixes, the
column indicates "Released MMM YYYY"
·
When a
section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle
Database" is referenced, determine the Oracle Database
release that is installed, and find the patches to apply in the table for
that Oracle Database release in "Oracle
Database."
Step
4 Apply the Patches
Download
the patches, review the READMEs, and apply the patches according to the
instructions.
Step
5 Planning for Future Critical Patch Updates
To help
you plan for future Critical Patch Updates, this document includes Final
CPU information based on Oracle's Lifetime Support Policy and error
correction policies.
"Final CPU
Information (Error Correction Policies)" in "What's New in
April 2021," documents product releases for which
final Critical Patch Updates are upcoming or are being announced. In each
product section, there is also an Error Correction Information Table that
documents the final CPU program patch for the product. Products that have
reached the end of error correction are documented in "Final CPU
History."
1.2 Terminology in the
Tables
The following terminology is used
in this patch availability document and in the subsequent tables.
·
Update - Release Update
·
Revision -Release Update Revision
·
BP -
Bundle Patch
·
Final CPU is the last quarter that a product is supported
in the CPU program as per the Premier Support and Extended Support
policies. http://www.oracle.com/us/support/lifetime-support/index.html.
·
NA Not
Applicable.
·
OR On-Request.
The patch is made available through the On-Request program.
·
PSU - Patch Set Update
·
SPU - Security Patch Update. An iterative, cumulative patch
consisting of security fixes.
·
Overlay SPU patch provided as an overlay on top of a PSU or
BP instead of a base/patch set release.
1.3 On-Request Patches
Oracle does not proactively release
patches for historically inactive platforms. However, Oracle will deliver
these patches when requested.
The following guidelines describe
how to initiate an on-request (OR) patch.
A request may be made:
o At any time. However, a patch for a specific
quarterly release, such as CPUOct2012, cannot be requested. Depending on
when the request is received and processed, either the patch for the
current quarterly release or the next quarterly release will be provided.
Your Service Request (SR) will provide you the planned availability date
for the patch.
o As long as the version is in either Premier
Support or Extended Support and error correction support has not expired.
For example, if a product release is under Extended Support through the
release of CPUJan2013 on January 15, 2013, then you can file a request for
the product release through January 29, 2013. For more information, see Oracle
Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen
In-Memory Database, and OCS Software Error Correction Support Policy.
o For a platform-version combination when a
major release or patch set is released on a platform after a quarterly
release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch
by following the on-request process. For example, if a patch is released
for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch
for that platform. You may request a CPUOct2012 patch for the platform, and
Oracle will review the request and determine whether to provide CPUJul2012
or CPUOct2012.
A patch that is marked as on-request (OR) may already have been requested
by another customer and be available on My Oracle Support. Before you file
a Service Request (SR), check on My Oracle Support to see if the patch is
already available for your platform.
1.4 CPU Program and My
Oracle Support Patch Recommendations
My Oracle Support patch
recommendation features are available on the Patches & Update tab. The
patches announced in this document as part of the CPU program are
classified as "Security" patch recommendations in My Oracle
Support. If a new patch is being announced in this document, then the
classification on any earlier patch is changed to "General",
causing it to be removed from the My Oracle Support patch recommendations.
If a patch has a "Security" classification, and a subsequent
bundle, SPU, or PSU is released with a recommendation classification, then
it will be classified as a "Security" recommendation in My Oracle
Support.
Once a product release is no longer
in error correction, its CPU patch information is removed from this
document, but the last patch recommendation continues to be available in My
Oracle Support. Ensure to select each of the products installed in
your environment to obtain all patches.
1.5 My Oracle Support
(MOS) Conflict Checker Tool
The My Oracle Support (MOS)
Conflict Checker tool is available as of July 21, 2014.
You can access MOS Conflict Checker
at https://support.oracle.com/epmos/faces/PatchConflictCheck.
This tool is also accessible from the Patch Search results screen
("Analyze with OPatch" button).
The MOS Conflict Checker Tool
allows you to upload an OPatch inventory to check
for conflicts with patches to apply to your environment. If no conflicts are
found, you can download the patches. If conflicts are found, the tool finds
an existing resolution to download. If no resolution is found, you can
request a solution, and monitor your request in the Plans region.
For more information and a
demonstration video, see Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict Checker Tool for
Patches Installed with OPatch [Video].
2 What's New in April
2021
This section describes important
changes in April 2021:
·
Section 2.1
"Final CPU Information (Error Correction Policies)"
·
Section 2.2 "Post Release Patches"
2.1 Final CPU Information (Error Correction Policies)
The final CPU is the last quarter
that a product is supported in the CPU program as per the Premier Support
and Extended Support policies. Final CPUs for upcoming releases, as well as
newly scheduled final CPUs, are listed in the following sections.
Final CPUs
scheduled for Apr 2021
- Oracle API Gateway 11.1.2.4
- Oracle Endeca
Information Discovery Studio 3.2
- Oracle GoldenGate
18.1
- Oracle GoldenGate
12.3.0.1
- Oracle Hyperion Analytic
Provider Services 11.1.2.x
- Oracle Hyperion Enterprise
Performance Management Architect 11.1.2.x
- Oracle Hyperion Essbase 11.1.2.x
- Oracle Real User Experience
Insight 13.3.1.0
Final CPUs
scheduled for Jul 2021
2.2 Post Release Patches
Oracle strives to complete preparations
and testing of each Quarterly Security Patch for each platform by the
quarterly release date. Occasionally, circumstances beyond our control
dictate that a particular patch be delayed and be released a few days after
the quarterly release date. The following table lists any current patch
delays and the estimated date of availability.
|
Patch
|
Patch Number
|
Platform
|
Availability
|
|
IDM Stack Patch Bundle 12.2.1.4.0
|
Patch
32769631
|
All Platforms
|
04-May-2021
|
|
OHS 11.1.1.9.0 SPU FOR APRCPU2021
|
TBD
|
All Platforms
|
31-May-2021
|
|
OSS BUNDLE PATCH 11.1.1.9.210420
|
Patch
32287205
|
All Platforms
|
31-May-2021
|
|
DB RU 19.11.0.0.210420 (&
associated COMBO)
|
Patch
32545013 (& Patch
32578972)
|
Solaris Sparc64, HP-UX Itanium, zLinux, AIX, Solaris x86-64
|
30-Apr-2021
|
|
GI RU 19.11.0.0.210420 (&
associated COMBO)
|
Patch
32545008 (& Patch
32578973)
|
Solaris Sparc64, HP-UX Itanium, zLinux, AIX, Solaris x86-64
|
30-Apr-2021
|
|
DB RUR 19.10.1.0.210420
|
Patch
32441092
|
Linux x86-64
|
22-Apr-2021
|
|
Solaris Sparc64, HP-UX Itanium, zLinux, AIX, Solaris x86-64
|
30-Apr-2021
|
|
GI RUR 19.10.1.0.210420
|
Patch
32580003
|
Linux x86-64
|
22-Apr-2021
|
|
Solaris Sparc64, HP-UX Itanium, zLinux, AIX, Solaris x86-64
|
30-Apr-2021
|
|
DB RUR 19.9.2.0.210420
|
Patch
32421507
|
Solaris Sparc64, HP-UX Itanium, zLinux, AIX, Solaris x86-64
|
30-Apr-2021
|
|
GI RUR 19.9.2.0.210420
|
Patch
32579970
|
Solaris Sparc64, HP-UX Itanium, zLinux, AIX, Solaris x86-64
|
30-Apr-2021
|
|
DB RU 18.14.0.0.210420 (&
associated COMBO)
|
Patch
32524155 (& Patch
32579022)
|
HP-UX Itanium
|
23-Apr-2021
|
|
GI RU 18.14.0.0.210420 (&
associated COMBO)
|
Patch
32524152 (& Patch
32579024)
|
Linux x86-64
|
22-Apr-2021
|
|
Solaris Sparc64, HP-UX Itanium, zLinux, AIX, Solaris x86-64
|
28-Apr-2021
|
|
DB RUR 18.13.1.0.210420
|
Patch
32451079
|
HP-UX Itanium
|
28-Apr-2021
|
|
GI RUR 18.13.1.0.210420
|
Patch
32580014
|
HP-UX Itanium, AIX
|
28-Apr-2021
|
|
DB RUR 18.12.2.0.210420
|
Patch
32421478
|
HP-UX Itanium
|
28-Apr-2021
|
|
GI RUR 18.12.2.0.210420
|
Patch
32579981
|
HP-UX Itanium, AIX
|
28-Apr-2021
|
|
DB Apr2021 RU 12.2.0.1.210420 (&
associated COMBO)
|
Patch
32507738 (& Patch
32579049)
|
HP-UX Itanium
|
28-Apr-2021
|
|
GI Apr2021 RU 12.2.0.1.210420 (&
associated COMBO)
|
Patch
32540149 (& Patch
32579057)
|
HP-UX Itanium
|
28-Apr-2021
|
|
DB Proactive BP 12.1.0.2.210420
(& associated COMBO)
|
Patch
32518631 (& Patch
32579100)
|
HP-UX Itanium, zLinux, AIX
|
23-Apr-2021
|
|
GI PSU 12.1.0.2.210420 (&
associated COMBO)
|
Patch
32495126 (& Patch
32579077)
|
AIX
|
23-Apr-2021
|
|
MS-Windows BP 19.11.0.0.210420
|
Patch
32409154
|
Windows 32-Bit and 64-Bit
|
30-Apr-2021
|
|
MS-Windows BP 18.14.0.0.210420
|
Patch
32438481
|
Windows 32-Bit and 64-Bit
|
Available
|
|
QFSDP for Exadata
(Apr2021) 19.11
|
Patch
32579178
|
All
|
27-Apr-2021
|
|
QFSDP for Exadata
(Apr2021) 18.14
|
Patch
32579177
|
All
|
27-Apr-2021
|
|
QFSDP for SuperCluster
(Q2.2021)
|
Patch
32579195
|
All
|
01-Jun-2021
|
3 Patch Availability
for Oracle Products
This section contains the
following:
·
Section 3.1
"Oracle Database"
·
Section 3.2
"Oracle Enterprise Manager"
·
Section 3.3
"Oracle Fusion Middleware"
·
Section 3.4
"Oracle Sun Middleware"
·
Section 3.5
"Tools"
3.1 Oracle Database
This section contains the
following:
·
Section 3.1.1
"Oracle REST Data Services (formally called Oracle APEX
Listener)"
·
Section 3.1.2
"Oracle Application Express"
·
Section 3.1.3
"Oracle Big Data Spatial and Graph"
·
Section 3.1.4
"Oracle Database"
·
Section 3.1.5
"Oracle Database Mobile/Lite Server"
·
Section 3.1.6
"Oracle GoldenGate"
·
Section 3.1.7
"Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate
Application Adapters)"
·
Section 3.1.8
"Oracle GoldenGate Veridata"
·
Section 3.1.9
"Oracle Secure Backup"
·
Section 3.1.10
"Oracle Secure Backup"
·
Section 3.1.11
"Oracle Spatial Studio"
·
Section 3.1.12
"Oracle SQL Developer"
·
Section 3.1.13
"Oracle Stream Analytics"
·
Section 3.1.14
"Oracle TimesTen In-Memory Database"
3.1.1 Oracle REST Data Services
(formally called Oracle APEX Listener)
Minimum
Product Requirements for Oracle REST Data Services
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle REST Data
Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
20.4.3
|
CVE-2020-27223
|
|
3.1.2 Oracle
Application Express
Minimum
Product Requirements for Oracle Application Express
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Application
Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
3.1.3 Oracle
Big Data Spatial and Graph
Minimum
Product Requirements for Oracle Big Data Spatial and Graph
Critical Patch
Update security vulnerabilities are fixed in the listed releases. For
Oracle Big Data Spatial and Graph downloads and installation instructions,
see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html
3.1.4 Oracle
Database
This section contains the following:
·
Section 3.1.4.1 "Patch Availability for Oracle
Database"
·
Section 3.1.4.2 "Oracle Database 19"
·
Section 3.1.4.3 "Oracle Database 18"
·
Section 3.1.4.4 "Oracle Database 12.2.0.1"
·
Section 3.1.4.5 "Oracle Database 12.1.0.2"
3.1.4.1 Patch Availability for Oracle Database
For
information regarding the different types of patches for Database, refer to
Oracle Database - Overview of Database Patch Delivery Methods - 12.1.0.2
and older, Note 1962125.1 and Oracle
Database - Overview of Database Patch Delivery Methods for 12.2.0.1 and
greater, Note 2337415.1
3.1.4.2 Oracle Database 19
Patch
Availability for Oracle Database 19
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Database Server home
|
Combo
OJVM Release Update 19.11.0.0.210420 and Database Release Update
19.11.0.0.210420 Patch 32578972 for UNIX, or
Combo OJVM Release Update 19.11.0.0.210420 and GI
Release Update 19.11.0.0.210420 Patch 32578973, or
Quarterly Full Stack download for Exadata (Apr2021) 19.11 Patch 32579178 for Linux
x86-64
|
CVE-2021-2207, CVE-2021-2175, CVE-2021-2173,
CVE-2019-3738, CVE-2019-3739, CVE-2019-3740, CVE-2020-5360, CVE-2020-17527,
CVE-2020-13943, CVE-2020-9484. CVE-2021-2245, CVE-2021-2234
|
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches.
For
patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server home
|
Database
Release Update 19.11.0.0.210420 Patch 32545013 for UNIX, or
GI Release Update 19.11.0.0.210420 Patch 32545008, or
Microsoft Windows 32-Bit and x86-64 BP
19.11.0.0.210420 Patch 32409154 or later, or
Database Release Update Revision 19.10.1.0.210420 Patch 32441092 for UNIX, or
GI Release Update Revision 19.10.1.0.210420 Patch 32580003, or
Database Release Update Revision 19.9.2.0.210420 Patch 32421507 for UNIX, or
GI Release Update Revision 19.9.2.0.210420 Patch 32579970, or
Quarterly Full Stack download for Exadata (Apr2021) 19.11 Patch 32579178 for Linux
x86-64, or
Quarterly Full Stack download for SuperCluster (Q2.2021) Patch 32579195 for Solaris
SPARC 64-Bit
|
CVE-2021-2207, CVE-2021-2175, CVE-2021-2173, CVE-2019-3738,
CVE-2019-3739, CVE-2019-3740, CVE-2020-5360, CVE-2020-17527, CVE-2020-13943,
CVE-2020-9484. CVE-2021-2245
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
From Jan2021 onwards the Database and GI Update and
Revision patches include updates to the Crypto libraries. See "MES
v4.1.6 to v4.5 update 18c / 19c databases (Note 2746801.1)" for more
details.
For
patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server home
|
OJVM
Release Update 19.11.0.0.210420 Patch 32399816 for all
platforms
|
CVE-2021-2234
|
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
For
patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server and Client home
|
JDK8u291Patch 32490416
|
CVE-2021-2161, CVE-2021-2163
|
JDK patches for 32 bit clients would be build on demand basis.
|
|
Oracle Database Server home
|
Perl Patch 31732095
|
Released January 2021
|
|
|
Oracle Database Client home
|
Database Release Update 19.11.0.0.210420 Patch 32545013 for UNIX, or
Database Release Update Revision 19.10.1.0.210420 Patch 32441092 for UNIX, or
Database Release Update Revision 19.9.2.0.210420 Patch 32421507 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 19.11.0.0.210420 Patch 32409154
|
CVE-2019-3738, CVE-2019-3739, CVE-2019-3740,
CVE-2020-5360
|
The Instant Client installation is not the same as
the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.3 Oracle Database 18
Patch
Availability for Oracle Database 18
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Database Server home
|
Combo
OJVM Release Update 18.14.0.0.210420 and Database Release Update
18.14.0.0.210420 Patch 32579022 for UNIX, or
Combo OJVM Release Update 18.14.0.0.210420 and GI
Release Update 18.14.0.0.210420 Patch 32579024, or
Quarterly Full Stack download for Exadata (Apr2021) 18.14 Patch 32579177
|
CVE-2021-2207, CVE-2021-2175, CVE-2021-2173,
CVE-2019-3738, CVE-2019-3739, CVE-2019-3740, CVE-2020-5360,
CVE-2020-17527, CVE-2020-13943, CVE-2020-9484. CVE-2021-2245,
CVE-2021-2234
|
OJVM Update patches from 18.4 onwards are RAC
Rolling installable. Please see Note 2217053.1, RAC Rolling
Install Process for the "Oracle JavaVM
Component Database PSU/RU" (OJVM PSU/RU) Patches.
For
patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server home
|
Database
Release Update 18.14.0.0.210420 Patch 32524155, or
GI Release Update 18.14.0.0.210420 Patch 32524152, or
Microsoft Windows 32-Bit and x86-64 BP
18.14.0.0.210420 Patch 32438481 or later, or
Database Release Update Revision 18.13.1.0.210420 Patch 32451079, or
GI Release Update Revision 18.13.1.0.210420 Patch 32580014, or
Database Release Update Revision 18.12.2.0.210420 Patch 32421478, or
GI Release Update Revision 18.12.2.0.210420 Patch 32579981, or
Quarterly Full Stack download for Exadata (Apr2021) 18.14 Patch 32579177, or
Quarterly Full Stack download for SuperCluster (Q2.2021) Patch 32579195 for Solaris
SPARC 64-Bit
|
CVE-2021-2207, CVE-2021-2175, CVE-2021-2173, CVE-2019-3738,
CVE-2019-3739, CVE-2019-3740, CVE-2020-5360, CVE-2020-17527, CVE-2020-13943,
CVE-2020-9484. CVE-2021-2245
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
From Jan2021 onwards the Database and GI Update and
Revision patches include updates to the Crypto libraries. See "MES
v4.1.6 to v4.5 update 18c / 19c databases (Note 2746801.1)" for more
details.
For
patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server home
|
OJVM
Release Update 18.14.0.0.210420 Patch 32552752 for all
platforms
|
CVE-2021-2234
|
OJVM Update patches from 18.4 onwards are RAC
Rolling installable. Please see Note 2217053.1, RAC Rolling
Install Process for the "Oracle JavaVM
Component Database PSU/RU" (OJVM PSU/RU) Patches
For
patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server and Client home
|
JDK8u291 Patch 32494267
|
CVE-2021-2161, CVE-2021-2163
|
See Note 2584628.1, "JDK and
PERL Patches for Oracle Database Home and Grid Home" for information
on availability and prior patches.
JDK
patches for 32 bit clients would be build on
demand basis
|
|
Oracle
Database Server home
|
Perl Patch 31858032
|
Released January 2021
|
|
|
Oracle Database Client home
|
Database Release Update 18.14.0.0.210420 Patch 32524155, or
Database Release Update Revision 18.13.1.0.210420 Patch 32451079, or
Database Release Update Revision 18.12.2.0.210420 Patch 32421478, or
Microsoft Windows 32-Bit and x86-64 BP 18.14.0.0.210420 Patch 32438481
|
CVE-2019-3738, CVE-2019-3739, CVE-2019-3740,
CVE-2020-5360
|
The Instant Client installation is not the same as
the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.4 Oracle Database 12.2.0.1
Patch
Availability for Oracle Database 12.2.0.1
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Database Server home
|
Combo
OJVM Release Update 12.2.0.1.210420 and Database Release Update
12.2.0.1.210420 Patch 32579049 for UNIX, or
Combo OJVM Release Update 12.2.0.1.210420 and GI
Release Update 12.2.0.1.210420 Patch 32579057, or
Quarterly Full Stack download for Exadata (Apr2021) 12.2.0.1 Patch 32579154, or
Quarterly Full Stack download for SuperCluster (Q2.2021) Patch 32579195 for Solaris
SPARC 64-Bit
|
CVE-2021-2207, CVE-2021-2175, CVE-2021-2173, CVE-2019-3738,
CVE-2019-3739, CVE-2019-3740, CVE-2020-5360, CVE-2021-2234
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few
specific situations where the OJVM PSU patchset
can be postinstalled into each database while
the database remains in unrestricted "startup" mode. Please
refer to the NOTE for more details.
Combos
are for environments that take a single downtime to apply all patches
See Note 1929745.1, Oracle
Recommended Patches -- "Oracle JavaVM
Component Database PSU and Update" (OJVM PSU and OJVM Update)
Patches.
For
patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server home
|
Database
Apr2021 Release Update 12.2.0.1.210420 Patch 32507738 for UNIX, or
GI Apr2021 Release Update 12.2.0.1.210420 Patch 32540149, or
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.210420 Patch 32392089 or later, or
BS2000 Database BP 12.2.0.1.210420 Patch 32507703, or
Quarterly Full Stack download for Exadata (Apr2021) 12.2.0.1 Patch 32579154, or
Quarterly Full Stack download for SuperCluster (Q2.2021) Patch 32579195 for Solaris
SPARC 64-Bit
|
CVE-2021-2207, CVE-2021-2175, CVE-2021-2173, CVE-2019-3738,
CVE-2019-3739, CVE-2019-3740, CVE-2020-5360
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
Please note that 12.2.0.1 entered Limited Error Correction as
of December 01, 2020. Hence, Oracle is only including Security and P1
fixes into the 12.2.0.1 quarterly patch bundles. Therefore as of 2021,
there is no content difference between a Release Update and a Release
Update Revision, and all 12.2.0.1 customers should use the 12.2.0.1
Release Update.
For
patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server home
|
OJVM
Release Update 12.2.0.1.210420 Patch 32473172 for UNIX, or
OJVM Microsoft Windows Bundle Patch 12.2.0.1.210420 Patch 32427674
|
CVE-2021-2234
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few
specific situations where the OJVM PSU patchset
can be postinstalled into each database while
the database remains in unrestricted "startup" mode. Please
refer to the NOTE for more details.
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
|
Oracle
Database Server and Client home
|
JDK8u291 Patch 32494298
|
CVE-2021-2161, CVE-2021-2163
|
See Note 2584628.1, "JDK and
PERL Patches for Oracle Database Home and Grid Home" for information
on availability and prior patches.
JDK
patches for 32 bit clients would be build on
demand basis.
|
|
Oracle
Database Server home
|
Perl Patch 31858212
|
Released January 2021
|
|
|
Oracle Database Client home
|
Database Apr2021 Release Update 12.2.0.1.210420 Patch 32507738 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.210420 Patch 32392089
|
CVE-2019-3738, CVE-2019-3739, CVE-2019-3740,
CVE-2020-5360
|
The Instant Client installation is not the same as
the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.4.5 Oracle Database 12.1.0.2
Error
Correction information for Oracle Database 12.1.0.2
Patch
Availability for Oracle Database 12.1.0.2
If the Combo
patches that are listed in the first row are applied, then the patches
listed in Rows 2 and 3 do not need to be applied.
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
Database Server home
|
Combo
OJVM PSU 12.1.0.2.210420 and Database Proactive BP 12.1.0.2.210420 Patch 32579100 for UNIX, or
Combo OJVM PSU 12.1.0.2.210420 and Database PSU
12.1.0.2.210420 Patch 32579074 for UNIX, or
Combo OJVM PSU 12.1.0.2.210420 and GI PSU
12.1.0.2.210420 Patch 32579077, or
Quarterly Full Stack download for Exadata (Apr2021) BP 12.1.0.2 Patch 32579140, or
Quarterly Full Stack download for SuperCluster (Q2.2021) Patch 32579195 for Solaris
SPARC 64-Bit
|
CVE-2021-2207, CVE-2021-2175, CVE-2021-2173, CVE-2019-3738,
CVE-2019-3739, CVE-2019-3740, CVE-2020-5360, CVE-2021-2234
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few
specific situations where the OJVM PSU patchset
can be postinstalled into each database while
the database remains in unrestricted "startup" mode. Please
refer to the NOTE for more details.
Combos
are for environments that take a single downtime to apply all patches
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches.
|
|
Oracle
Database Server home
|
Database
Proactive Bundle Patch 12.1.0.2.210420 Patch 32518631, or
Database PSU 12.1.0.2.210420 Patch 32328635 for UNIX, or
GI PSU 12.1.0.2.210420 Patch 32495126, or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.210420 Patch 32396181 or later, or
Quarterly Full Stack download for Exadata (Apr2021) BP 12.1.0.2 Patch 32579140, or
Quarterly Full Stack download for SuperCluster (Q2.2021) Patch 32579195 for Solaris
SPARC 64-Bit
|
CVE-2021-2207, CVE-2021-2175, CVE-2021-2173, CVE-2019-3738,
CVE-2019-3739, CVE-2019-3740, CVE-2020-5360
|
For JDK fixes a separate patch is available (see
below) and needs to be installed in addition to the Database and GI
patches.
For patch availability, see section 2.2 Post Release Patches
|
|
Oracle
Database Server home
|
Oracle JavaVM Component Database PSU 12.1.0.2.210420 Patch 32473164 for UNIX, or
Oracle JavaVM Component
Microsoft Windows Bundle Patch 12.1.0.2.210420 Patch 32427683
|
CVE-2021-2234
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines a few
specific situations where the OJVM PSU patchset
can be postinstalled into each database while
the database remains in unrestricted "startup" mode. Please
refer to the NOTE for more details.
All
OJVM PSU since 12.1.0.2.161018 includes Generic JDBC Patch 23727148
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component Database
PSU (OJVM PSU) Patches
|
|
Oracle
Database Server and Client home
|
JDK7u301 Patch 32494568
|
CVE-2021-2161, CVE-2021-2163
|
See Note 2584628.1, "JDK and
PERL Patches for Oracle Database Home and Grid Home" for information
on availability and prior patches.
JDK
patches for 32 bit clients would be build on
demand basis.
|
|
Oracle
Database Server home
|
Perl Patch 31858428
|
Released January 2021
|
|
|
Oracle Database Server home
|
Oracle JavaVM Component
Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database PSU 12.1.0.2.210420 Patch 32328635 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.210420 Patch 32396181
|
CVE-2019-3738, CVE-2019-3739, CVE-2019-3740,
CVE-2020-5360
|
The Instant Client installation is not the same as
the client-only Installation. For additional information about Instant
Client installations, see Oracle Call Interface Programmer's Guide.
|
3.1.5 Oracle Database Mobile/Lite Server
Error
Correction Information for Oracle Database Mobile Server
Patch
Availability for Oracle Database Mobile Server 12.1.x
Patch Availability for Oracle Database Mobile Server 11.3.x
3.1.6 Oracle GoldenGate
Error Correction information for Oracle GoldenGate
Patch Availability for Oracle GoldenGate
3.1.7 Oracle GoldenGate
for Big Data (Formerly known as Oracle GoldenGate
Application Adapters)
Error
Correction information for Oracle GoldenGate for
Big Data
Patch
Availability for Oracle GoldenGate for Big Data
3.1.8 Oracle GoldenGate Veridata
Error Correction information for Oracle GoldenGate
Veridata
Patch Availability for Oracle GoldenGate Veridata
3.1.9 Oracle NoSQL
Database
Minimum Product Requirements for Oracle NoSQL Database
Critical Patch Update security vulnerabilities are fixed in the
listed releases. The Oracle NoSQL Database downloads and installation
instructions can be found at https://www.oracle.com/database/technologies/nosql-database-server-downloads.html
3.1.10 Oracle
Secure Backup
Error Correction information for Oracle Secure Backup
Minimum Product Requirements for Oracle Secure Backup
Critical Patch Update security vulnerabilities are fixed in the
listed releases. The Oracle Secure Backup downloads and installation
instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
3.1.11 Oracle
Spatial Studio
Minimum Product Requirements for Oracle Spatial Studio
Critical Patch Update security vulnerabilities are fixed in the
listed releases. The Oracle Spatial Studio downloads and installation
instructions can be found at
https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html
3.1.12 Oracle SQL
Developer
Minimum Product Requirements for Oracle SQL Developer
Critical Patch Update security vulnerabilities are fixed in the
listed releases. The Oracle SQL Developer downloads and installation
instructions can be found at
https://www.oracle.com/tools/downloads/sqldev-downloads.html
3.1.13 Oracle
Stream Analytics
Minimum Product Requirements for Oracle Stream Analytics
Critical Patch Update security vulnerabilities are fixed in the
listed releases. The Oracle Stream Analytics downloads and installation
instructions can be found at
https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html
3.1.14 Oracle TimesTen In-Memory Database
Error
Correction information for Oracle TimesTen
In-Memory Database
Describes Error Correction information for Oracle TimesTen
In-Memory Database.
Minimum
Product Requirements for Oracle TimesTen
In-Memory Database
Describes the minimum product requirements for Oracle TimesTen In-Memory Database. The CPU security
vulnerabilities are fixed in the listed release and later releases.
This section contains the following:
·
Section 3.2.1 "Oracle Real User Experience
Insight"
·
Section 3.2.2 "Oracle Application Testing
Suite"
·
Section 3.2.3 "Oracle Business Transaction
Management"
·
Section 3.2.4 "Oracle Enterprise Manager Cloud
Control"
·
Section 3.2.5 "Oracle Enterprise Manager FMW
Control "
·
Section 3.2.6 "Oracle Enterprise Manager Ops
Center"
·
Section 3.2.7 "OSS Support Tools"
·
Section 3.2.8 "Oracle Configuration
Manager"
3.2.1 Oracle Real User Experience Insight
Error
Correction information for Oracle Real User Experience Insight
Minimum
Product Requirements for Oracle Real User Experience Insight
Critical Patch
Update security vulnerabilities are fixed in the listed releases. For more
information on Oracle Real User Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
3.2.2 Oracle
Application Testing Suite
Error Correction information for Oracle Application Testing Suite
Patch Availability for Oracle Application Testing Suite
These patches contain Critical Patch Update security vulnerabilities
fixes for this release. All previous versions will need to be upgraded to
the minimum version. Then, apply the following patches to fix the announced
security vulnerabilities. For Oracle Application Testing Suite downloads
and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
3.2.3 Oracle Business
Transaction Management
Error Correction Information for Oracle Business Transaction
Management
Patch Availability for Oracle Business Transaction Management
3.2.4 Oracle
Enterprise Manager Cloud Control
If your plans include updating the JDK version, please be sure that
the JDK version that you choose is certified with your OEM Cloud Control
Component. Please refer to Note 2241358.1 for upgrading
the JDK Component related to OEM Cloud Control Component.
Error
Correction information for Oracle Enterprise Manager Cloud Control
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 4
(13.4.0.0)
3.2.5 Oracle Enterprise Manager FMW Control
Patch
Availability for Oracle Enterprise Manager FMW Control 12.2.1.4.0
3.2.6 Oracle
Enterprise Manager Ops Center
Error Correction information for Oracle Enterprise Manager Ops Center
Patch Availability for Oracle Enterprise Manager Ops Center
These patches contain Critical Patch Update security vulnerabilities
fixes for this release. All previous versions will need to be upgraded to
the minimum version. Then, apply the following patches to fix the announced
security vulnerabilities. For Oracle Enterprise Manager Ops Center
downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
3.2.7 OSS Support
Tools
Error Correction information for OSS Support Tools
Patch Availability for OSS Support Tools
3.2.8 Oracle Configuration Manager
Minimum
Product Requirements for Oracle Configuration Manager
Critical Patch
Update security vulnerabilities are fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS
(support.oracle.com). Customer can use collector tab to down the Oracle
Configuration Manager Collector.
This section contains the following:
·
Section 3.3.1 "Management Pack For Oracle
GoldenGate"
·
Section 3.3.2 "NetBeans IDE"
·
Section 3.3.3 "Oracle API Gateway"
·
Section 3.3.4 "Oracle Business Intelligence
Enterprise Edition"
·
Section 3.3.5 "Oracle Business Intelligence
Publisher"
·
Section 3.3.6 "Oracle Data Quality for Oracle
Data Integrator"
·
Section 3.3.7 "Oracle Data Visualization
Desktop"
·
Section 3.3.8 "Oracle Endeca Information
Discovery Studio"
·
Section 3.3.9 "Oracle Enterprise Data
Quality"
·
Section 3.3.10 "Oracle Enterprise
Repository"
·
Section 3.3.11 "Oracle Exalogic Patch Set Update
(PSU)"
·
Section 3.3.12 "Oracle Fusion Middleware"
·
Section 3.3.13 "Oracle Hyperion Analytic
Provider Services"
·
Section 3.3.14 "Oracle Hyperion BI+"
·
Section 3.3.15 "Oracle Hyperion Data
Relationship Management"
·
Section 3.3.16 "Oracle Hyperion Enterprise
Performance Management Architect"
·
Section 3.3.17 "Oracle Hyperion Essbase"
·
Section 3.3.18 "Oracle Hyperion Financial Close
Management"
·
Section 3.3.19 "Oracle Hyperion Financial
Management"
·
Section 3.3.20 "Oracle Hyperion Financial
Reporting"
·
Section 3.3.21 "Oracle Hyperion Lifecycle
Management"
·
Section 3.3.22 "Oracle Hyperion Planning"
·
Section 3.3.23 "Oracle Hyperion Profitability
and Cost Management"
·
Section 3.3.24 "Oracle Hyperion Strategic
Finance"
·
Section 3.3.25 "Oracle Hyperion Workspace"
·
Section 3.3.26 "Oracle JDeveloper and Oracle
ADF"
·
Section 3.3.27 "Oracle Map Viewer"
·
Section 3.3.28 "Oracle Outside In
Technology"
·
Section 3.3.29 "Oracle Real Time Decisions
Platform"
·
Section 3.3.30 "Oracle Service Architecture
Leveraging Tuxedo (SALT)"
·
Section 3.3.31 "Oracle SOA Suite"
·
Section 3.3.32 "Oracle Traffic Director"
·
Section 3.3.33 "Oracle Tuxedo"
·
Section 3.3.34 "Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)"
·
Section 3.3.35 "Oracle Web-Tier 11g Utilities"
·
Section 3.3.36" Oracle WebCenter"
·
Section 3.3.37" Oracle WebCenter Content
(Formerly Oracle Universal Content Management)"
·
Section 3.3.38" Oracle WebCenter Portal"
·
Section 3.3.39 "Oracle WebCenter Sites (Formerly
FatWire Content Server)"
·
Section 3.3.40 "Oracle WebCenter Sites
Community"
·
Section 3.3.41 "Oracle WebCenter Suite"
·
Section 3.3.42 "Oracle WebLogic Portal"
·
Section 3.3.43 "Oracle WebLogic Server"
·
Section 3.3.44 "Oracle Coherence"
3.3.1 Oracle GoldenGate Monitor (aka
Management Pack for Oracle GoldenGate)
Error
Correction information for Oracle GoldenGate
Monitor (aka Management Pack for Oracle GoldenGate)
Patch
Availability for Management Pack For Oracle GoldenGate
3.3.2 NetBeans IDE
Minimum Product Requirements for NetBeans IDE
Critical Patch Update security vulnerabilities are fixed in the
listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/
3.3.3 Oracle API Gateway
Error Correction information for Oracle API Gateway
Patch Availability for Oracle API Gateway
3.3.4 Oracle Business
Intelligence Enterprise Edition
Error Correction information for Oracle Business Intelligence
Enterprise Edition
Patch Availability for Oracle Analytics Server 5.5 (Formerly known as
Oracle Business Intelligence)
Patch Availability for Oracle Business Intelligence Enterprise
Edition 12c
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch
any Database Server associated to a Fusion Middleware installation
|
|
Oracle
Java SE home
Oracle JRockit 28.x home
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used
with FMW 11g/12c Products
|
|
Oracle
WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle
WebLogic Server (WLS)
|
|
12.2.1.4
Oracle Business Intelligence Enterprise Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise Edition
|
See "Oracle Fusion Middleware 12c"
|
See "Oracle Fusion Middleware 12c"
|
Apply
all 12.2.1.3 patches listed for "Oracle Fusion Middleware
Infrastructure (WebLogic Server for FMW)"
|
|
12.2.1.4
Oracle Business Intelligence Enterprise Edition
|
OBI
Bundle Patch 12.2.1.4.210402 Patch 32718479 or later
|
CVE-2021-2191, CVE-2020-11022, CVE-2020-1971,
CVE-2021-2152
|
|
|
12.2.1.4 Oracle Business Intelligence Enterprise
Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise
Edition
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or later
|
CVE-2019-3729
|
Oracle Security Service (SSL/Network) Patch
|
|
12.2.1.3 Oracle Business Intelligence Enterprise
Edition
|
OBI Bundle Patch 12.2.1.3.210405 Patch 32726874 or later
|
CVE-2021-2191, CVE-2020-11022, CVE-2020-1971,
CVE-2021-2152
|
|
Patch Availability for Oracle Business Intelligence Enterprise
Edition 11.1.1.9
3.3.5 Oracle Business
Intelligence Publisher
Error Correction information for Oracle Business Intelligence
Publisher
Patch Availability for Oracle Business Intelligence Publisher
3.3.6 Oracle Data
Quality for Oracle Data Integrator
Error Correction information for Oracle Data Quality for Oracle Data
Integrator
Patch Availability for Oracle Data Quality for Oracle Data Integrator
3.3.7 Oracle Data
Visualization Desktop
Error Correction information for Oracle Data Visualization Desktop
Patch availability for Oracle Data Visualization Desktop
3.3.8 Oracle Endeca Information Discovery Studio
Error Correction information for Oracle Endeca
Information Discovery Studio
Patch availability for Oracle Endeca
Information Discovery Studio
3.3.9 Oracle Enterprise
Data Quality
Error Correction information for Oracle Enterprise Data Quality
Patch Availability for Oracle Enterprise Data Quality
3.3.10 Oracle Enterprise
Repository
Error Correction information for Oracle Enterprise Repository
Patch Availability for Oracle Enterprise Repository
3.3.11 Oracle Exalogic Patch Set Update (PSU)
Error Correction information for Oracle Exalogic
Patch Set Update (PSU)
Patch Set Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.3.210420 Physical Linux (for all X2-2, X3-2,
X4-2, X5-2, and X6-2) Patch 32536102
2.0.6.3.210420 Physical Solaris (for all X2-2, X3-2,
X4-2, and X5-2) Patch 32536102
|
Released in April 2021
|
Note:
Oct 2020 PSU is a pre-requisite for Apr 2021 PSU
Apr
2021 PSU upgrade path:
2.0.6.2.x
→ 2.0.6.3.201020 → 2.0.6.3.210420
2.0.6.3.x
→ 2.0.6.3.201020 → 2.0.6.3.210420
|
|
2.x
Virtual
|
2.0.6.3.210420
Virtual (for all X2-2, X3-2, X4-2, X5-2, and X6-2) Patch 32536822
|
Released in April 2021
|
Note:
Oct 2020 PSU is a pre-requisite for Apr 2021 PSU
Apr
2021 PSU Upgrade Path:
2.0.6.2.x
→ 2.0.6.3.201020 → 2.0.6.3.210420
2.0.6.3.x
→ 2.0.6.3.201020 → 2.0.6.3.210420
|
|
1.x
|
Upgrade
to 2.x based on information in the Comments column. Then apply the
patches listed above.
|
Released
March 2012 (13795376)
Released
Februrary 2013 (15931901)
|
See Patch 13795376 EECS 2.0
PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 15931901 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic PSUs (Patch
Set Updates)
|
3.3.12 Oracle Fusion Middleware
For more
information on how to identify the components in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or Oracle home?.
This section
contains the following:
·
Section 3.3.12.1 "Oracle Fusion Middleware
12c"
o
Section 3.3.12.1.1 "Oracle Fusion Middleware
12.2.1.4"
o
Section 3.3.12.1.2 "Oracle Fusion Middleware
12.2.1.3"
·
Section 3.3.12.2 "Oracle Fusion Middleware
11.1.1.9"
·
Section 3.3.122.3 "Oracle Identity and Access
Management"
·
Section 3.3.12.4 "Oracle Identity and Access
Management 12c"
·
Section 3.3.12.5 "Oracle Identity Access
Management 11.1.2.3"
·
Section 3.3.12.6 "Oracle Identity Management
Connector"
3.3.12.1 Oracle Fusion Middleware 12c
The sections
below cover Oracle Fusion Middleware version 12.2.x and 12.1.x
·
Section 3.3.16.1.1 "Oracle Fusion Middleware
12.2.1.4"
·
Section 3.3.16.1.2 "Oracle Fusion Middleware
12.2.1.3"
3.3.12.1.1 Oracle Fusion Middleware 12.2.1.4
Error
Correction information for Oracle Fusion Middleware 12.2.1.4
Patch
Availability for Oracle Fusion Middleware 12.2.1.4
|
Distribution
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle
Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch
any Database Server associated to a Fusion Middleware installation
|
|
Oracle
Java SE home
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
Oracle
Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle
HTTP Server
Oracle
Forms and Reports (Standalone Forms Builder)
Oracle
Internet Directory
|
Download
and apply the SPB patch:
WLS STACK PATCH BUNDLE 12.2.1.4.210411 Patch 32755791or later
Or download and apply the individual patches listed within section "Oracle WebLogic Server 12.2.1.4"
The
patches below are additionally required for the FMW Infrastructure and
other FMW products:
|
CVE-2021-2157,
CVE-2021-2294, CVE-2021-2204, CVE-2021-2214, CVE-2021-2135,
CVE-2021-2136, CVE-2021-2211, CVE-2019-3740, CVE-2021-2277,
CVE-2020-25649
|
See Note 2764636.1, Introducing the
Stack Patch Bundle (SPB) for Oracle WebLogic Server
|
|
Oracle
Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle
HTTP Server
|
FMW
COMMON THIRD PARTY SPU 12.2.1.4.0 FOR APRIL2021CPU Patch 32652899
|
CVE-2020-10683, CVE-2020-5421, CVE-2019-10086
|
See Note 2768441.1 Details for
Oracle Fusion Middleware Third-Party Component Updates
|
|
Fusion
Middleware Infrastructure
(WebLogic Server for FMW)
Oracle HTTP Server
|
FMW
PLATFORM 12.2.1.4.0 SPU FOR APRCPU2021 Patch 32772437 or later
|
CVE-2019-17638
|
Apply to all Oracle Fusion Middleware homes
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
OPSS BUNDLE PATCH 12.2.1.4.210418 Patch 32784652 or later
|
CVE-2021-2302
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
ADF BUNDLE PATCH 12.2.1.4.200817 Patch 31762739 or later
|
Released October 2020
|
|
|
Oracle HTTP Server
Oracle Forms and Reports
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.4.210324 Patch 32673423 or later
|
CVE-2021-2315, CVE-2020-5360
|
Note 2743971.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Oracle
SOA Suite and Business Process
|
SOA Bundle
Patch 12.2.1.4.210319 Patch 32656931 or later
|
CVE-2020-26217
|
|
|
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or later
|
CVE-2020-5360
|
|
|
Oracle Unified Directory
|
OUD BUNDLE PATCH 12.2.1.4.200526 Patch 31400392 or later
|
Released July 2020
|
|
|
Oracle WebCenter Portal
|
Oracle WebCenter Portal
Bundle Patch 12.2.1.4.210225 Patch 32557177 or later
Oracle WebCenter Core
Bundle Patch 12.2.1.4.210303 Patch 32582592 or later
|
CVE-2020-9489, CVE-2019-12402, CVE-2020-11612
|
|
|
Oracle Forms and Reports
|
Oracle Reports Developer 12.2.1.4.0 SPU Patch 30731161 or later
|
Released January 2020
|
|
|
Oracle Webcenter Sites
|
Webcenter Sites
12.2.1.4.210119 Patch 32315127 or later
|
Released January 2021
|
|
|
Oracle Data Integrator
|
ODI Bundle Patch 12.2.1.4.210108 Patch 32453836 or later
|
Released January 2021
|
|
|
Oracle Service Bus
|
OSB BUNDLE PATCH 12.2.1.4.201105 Patch 32121987 or later
|
CVE-2019-10086
|
CVE-2019-10086 is part of Jan 2021 Patch
|
3.3.12.1.2 Oracle
Fusion Middleware 12.2.1.3
Error Correction information for Oracle Fusion Middleware 12.2.1.3
Patch
Availability for Oracle Fusion Middleware 12.2.1.3
|
Distribution
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle
Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch
any Database Server associated to a Fusion Middleware installation
|
|
Oracle
Java SE home
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
Oracle
WebLogic Server and Coherence
Oracle
Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle
HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle
Internet Directory
|
Download
and apply the SPB patch:
WLS STACK PATCH BUNDLE 12.2.1.3.210411Patch 32755804 or later
Or download and apply the individual patches listed within section "Oracle WebLogic Server 12.2.1.3"
The
patches below are additionally required for the FMW Infrastructure and
other FMW products:
|
CVE-2021-2157,
CVE-2021-2294, CVE-2021-2204, CVE-2021-2214, CVE-2021-2135,
CVE-2021-2136, CVE-2021-2211, CVE-2019-3740, CVE-2021-2277
|
See Note 2764636.1, Introducing the
Stack Patch Bundle (SPB) for Oracle WebLogic Server
|
|
Oracle
Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle
HTTP Server
|
FMW
COMMON THIRD PARTY SPU 12.2.1.3.0 FOR APRIL2021CPU Patch 32651962
|
CVE-2020-10683, CVE-2020-5421, CVE-2019-10086
|
See Note 2768441.1 Details for
Oracle Fusion Middleware Third-Party Component Updates
|
|
Oracle
Fusion Middleware Infrastructure
(WebLogic Server for FMW)
Oracle
HTTP Server
|
FMW
Platform 12.2.1.3.0 SPU FOR APRCPU2021 Patch 32772477 or later
|
CVE-2019-17638
|
Apply to all Oracle Fusion Middleware homes
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
OPSS Bundle Patch 12.2.1.3.210420 Patch 32397127 or later
|
CVE-2021-2302
|
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
12.2.1.3 ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or later
|
Released October 2020
|
Apply to all Oracle homes installed with an FMW
Infrastructure
|
|
Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)
|
OHT SPU 12.2.1.3.0 Patch 31613012 or later
|
Released July 2020
|
Oracle Help Technologies
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.3.210402 Patch 32720399 or later
|
CVE-2020-26217
|
|
|
Oracle Service Bus
|
OSB BUNDLE PATCH 12.2.1.3.201111 Patch 32144336 or later
|
CVE-2019-10086
|
CVE-2019-10086 is part of Jan 2021 Patch
|
|
Identity and Access Management
|
OAM BUNDLE PATCH 12.2.1.3.191201(ID:191201.0123.S) Patch 30609442 or later
|
Released April 2020
|
|
|
Identity and Access Management Oracle Unified
Directory
|
OUD BUNDLE PATCH 12.2.1.3.200623 Patch 31529239 or later
|
Released July 2020
|
|
|
Oracle WebCenter Portal
|
Oracle WebCenter Portal
Bundle Patch 12.2.1.3.210225 Patch 32557170 or later
Oracle WebCenter Core
Bundle Patch 12.2.1.3.210209 Patch 32582614 or later
|
CVE-2020-9489, CVE-2019-12402, CVE-2020-11612
|
|
|
Oracle Webcenter Sites
|
Webcenter Sites
12.2.1.3.210119 Patch 32292427 or later
|
Released January 2021
|
|
|
Oracle HTTP Server
Oracle Forms and Reports
|
OHS (NATIVE) BUNDLE PATCH 12.2.1.3.210323 Patch 32668721 or later
|
CVE-2021-2315, CVE-2020-5360
|
Note 2568225.1Cumulative README Post-Install Steps for Oracle
HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle
Forms and Reports
|
Oracle
Reports Developer 12.2.1.3 SPU Patch 30731147 or later
|
Released January 2020
|
|
|
Identity and Access Management
|
OIM BUNDLE PATCH 12.2.1.3.0 (ID:200108.2108) Patch 30735905 or later
|
Released January 2020
|
|
|
Oracle HTTP Server
Oracle Forms and Reports (Standalone Forms Builder)
Oracle Internet Directory
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994
|
CVE-2020-5360
|
|
|
Oracle WebCenter Sites
|
Support Tools 4.4.2 for Oracle WebCenter
Sites 12.2.1.3.0 Patch 30505173 or later
|
Released January 2020
|
Support Tools for Webcenter
Sites Patch
|
|
Oracle Data Integrator
|
ODI Bundle Patch 12.2.1.3.210119 Patch 32040885 or later
|
Released January 2021
|
|
|
Oracle Forms and Reports
|
Forms 12.2.1.3.0 SPU Patch 30410629 or later
|
Released October 2019
|
|
|
Oracle HTTP Server
Oracle Traffic Director
Oracle Forms and Reports
|
OAM Webgate Bundle Patch
12.2.1.3.180622 Patch 28243743 or later
|
Released July 2018
|
|
|
Oracle Enterprise Data Quality
|
EDQ 12.2.1.3.0 Jan 2021 SPU Patch 32395703 or later
|
Released January 2021
|
|
|
Oracle HTTP Server
Oracle WebLogic Server Proxy Plug-In
(Apache, IIS, iPlanet)
|
ONS 12.2.1.3.0 SPU Patch Patch
27323998 or later
|
Released July 2018
|
|
|
Oracle WebCenter Content
|
WebCenter
Content Bundle Patch 12.2.1.3.180417 Patch 27393392 or later
|
Released April 2018
|
|
|
Oracle Internet Directory
|
OID BUNDLE PATCH 12.2.1.3.0 (ID:180116.1256) Patch 27396651 or later
|
Released January 2018
|
Oracle Internet Directory (OID) Version 12c Bundle
Patch (BP) (Including Directory Integration Platform / DIP) / Bundle
Patches For Non-Fusion Applications (NonFA /
NonP4FA) Customers Note 2355090.1
|
3.3.12.2 Oracle Fusion Middleware 11.1.1.9
Error
Correction information for Oracle Fusion Middleware 11.1.1.9
Patch
Availability for Oracle Fusion Middleware 11.1.1.9
Oracle Web
Tier 11.1.1.9 home
Identity
Management 11.1.1.9 home
OHS 11.1.1.9.0
SPU FOR APRCPU2020 Patch 31047338 or later
OHS 11.1.1.9.0 SPU FOR APRCPU2021 (Patch TBD) or later
CVE-2021-2315, CVE-2020-5360
For patch availability, see section 2.2 Post Release Patches
Oracle HTTP
Server 11.1.1.9 Patch
Note 2626956.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 11.1.1.9 Critical Patch
Update
|
Product
Home
|
Patches
|
Advisory
Number
|
Comments
|
|
Oracle
Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch
any Database Server associated to a Fusion Middleware installation
|
|
Oracle
Java SE home
Oracle JRockit 28.x home
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used
with FMW 11g/12c Products
|
|
Oracle
WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle
WebLogic Server (WLS)
|
|
|
JRF
11.1.1.9.0 SPU APR21 Patch 32603656 or later
|
CVE-2020-10683, CVE-2019-10086
|
|
|
Oracle Fusion Middleware 11.1.1.9.0
ORACLE_COMMON home
|
OPSS Bundle Patch 11.1.1.9.210420 Patch 32636808 or later
|
CVE-2021-2302
|
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2020 Patch 31985571 or later
|
Released October 2020
|
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
OHT SPU 11.1.1.9.0 Patch 28097644 or later
|
Released July 2020
|
Oracle Help Technologies
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
SPU Patch 22567790 or later
|
Released in July 2016
|
FMW Control Patch applies to oracle_common
OH for 11.1.1.9.0
|
|
Oracle Identity Management 11.1.1.9 home (with OID)
Oracle Web Tier 11.1.1.9 home
|
OSS BUNDLE PATCH 11.1.1.9.210420 Patch 32287205 or later
|
CVE-2020-5360
|
For patch availability, see section 2.2 Post Release Patches
Note 2572809.1 Steps to Evaluate
and Update SSL Wallet
|
|
Oracle
Identity Management 11.1.1.9 home (with OID)
Oracle
Web Tier 11.1.1.9 home
|
OPMN Patch 23716938 or later
|
Released October 2017
|
OPMN 11.1.1.9 required patch for integration with
OSS
Note 2566042.1 SSL
Configuration Required to Secure OPMN 11.1.1.9
|
|
Oracle WebCenter 11.1.1.9 home
|
WebCenter Portal Bundle Patch
11.1.1.9.210115 Patch 32189083 or later
|
CVE-2019-10086 , CVE-2020-10683
|
Oracle WebCenter Portal
11.1.1.9 Patch
See Note 2029169.1, Changes to Portlet standards request dispatching of
Resource Requests
|
|
OSB
11.1.1.9 home
|
OSB
Bundle Patch 11.1.1.9.210420 Patch 32112779 or later
|
CVE-2019-10086
|
OSB Patch
|
|
ODI 11.1.1.9 Home
|
ODI Bundle Patch 11.1.1.9.210115 Patch 32137794 or later
|
CVE-2018-9019, CVE-2019-10086, CVE-2016-5725
|
Oracle Data Integrator Patch
|
|
Oracle Business Activity Monitoring
|
BAM Security Patch Update 11.1.1.9.210420 Patch 32453917 or later
|
CVE-2020-26217
|
|
|
Oracle Identity Management 11.1.1.9 home
|
OVD 11.1.1.9.0 SPU for October 19 Patch 30281334 or later
|
Released October 2019
|
Oracle Virtual Directory (OVD) Patch
OVD 11g: Oracle Virtual Directory SPU (Security
Patch Update) Patches Note 2318003.1
|
|
SOA
11.1.1.9 home
|
SOA
Bundle Patch 11.1.1.9.0 (ID:181218.1300) Patch 29123005 or later
|
Released January 2019
|
SOA Patch
|
|
Oracle Web Tier 11.1.1.9 home
|
Oracle Web Cache SPU 11.1.1.9.0 CPUJan2019 Patch 28855717 or later
|
Released January 2019
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite
Changes Beginning with CPU January 2016 and Note 2494468.1, How to Disable ESI in Oracle Web Cache
|
|
Oracle WebCenter 11.1.1.9 home
|
WCC BP
11.1.1.9.180226 Patch 27393411 or later
|
Released April 2018
|
WebCenter
Content Patch
|
|
Oracle Identity Management 11.1.1.9 home
|
OID bundle patch 11.1.1.9.171127 Patch 26850241, or later
|
Released January 2018
|
Oracle Internet Directory Patch
See Note 2420947.1 for
additional information about Oracle Internet Directory Vulnerability
CVE-2015-0204
Oracle
Internet Directory (OID) Version 11g Bundle Patch (BP) (Including
Directory Integration Platform / DIP) / Bundle Patches For Non-Fusion
Applications (NonFA / NonP4FA) Customers Note 1614114.1
|
|
OSB
11.1.1.9 home
|
Patch 24847885 or later
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
|
Oracle Identity Access Management 11.1.2.3.0 home
|
|
Released October 2016
|
|
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
SPU Patch 22567790 or later
|
Released in July 2016
|
FMW Control Patch applies to oracle_common
OH for 11.1.1.9.0
|
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
DB PSU Patch 22290164 or later for
Unix
DB BP Patch 22607089 or later for
Windows 32-Bit
DB BP Patch 22607090 or later for
Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
3.3.12.3 Oracle Identity
and Access Management
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Identity Access Management installation. Only the relevant homes from those
tables need to be patched.
Patch Availability for Oracle Identity Access Management
3.3.12.4 Oracle Identity and Access Management 12c
Error Correction Information for
Oracle Identity and Access Management 12c
Patch Availability for Oracle
Identity and Access Management 12.2.1.4.0
Patch Availability for Oracle
Identity and Access Management 12.2.1.3.0
3.3.12.5 Oracle Identity Access Management 11.1.2.3
Error
Correction information for Oracle Identity Access Management 11.1.2.3
Patch
Availability for Oracle Identity Access Management 11.1.2.3
3.3.12.6 Oracle Identity Management Connector
Error
Correction information for Oracle Identity Management Connector
Patch Availability for Oracle
Identity Management Connector
3.3.13 Oracle
Hyperion Analytic Provider Services
Error
Correction information for Oracle Hyperion Analytic Provider Services
Patch
Availability for Oracle Hyperion Analytic Provider Services
3.3.14 Oracle Hyperion BI+
Error
Correction information for Oracle Hyperion BI+
Patch
Availability for Oracle Hyperion BI+
3.3.15 Oracle Hyperion Data Relationship Management
Error Correction information
for Oracle
Hyperion Data Relationship Management
Patch Availability for Oracle Hyperion Data
Relationship Management
3.3.16 Oracle Hyperion Enterprise Performance Management Architect
Error
Correction information for Oracle Hyperion Enterprise Performance
Management Architect
Patch
Availability for Oracle Hyperion Enterprise Performance Management
Architect
3.3.17 Oracle Hyperion Essbase
Error
Correction information for Oracle Hyperion Essbase
Patch
Availability for Oracle Hyperion Essbase
3.3.18 Oracle Hyperion Financial Close Management
Error
Correction details for Oracle Hyperion Financial Close Management
Patch
Availability for Oracle Hyperion Financial Close Management
3.3.19 Oracle Hyperion Financial Management
Error
Correction information for Oracle Hyperion Financial Management
Patch
Availability for Oracle Hyperion Financial Management
3.3.20 Oracle Hyperion Financial Reporting
Error
Correction information for Oracle Hyperion Financial Reporting
Patch
Availability for Oracle Hyperion Financial Reporting
3.3.21 Oracle Hyperion Lifecycle Management
Error Correction information for
Oracle Hyperion Lifecycle Management
Patch Availability for Oracle
Hyperion Lifecycle Management
3.3.22 Oracle Hyperion Planning
Error Correction information for
Oracle Hyperion Planning
Patch Availability for Oracle
Hyperion Planning
3.3.23 Oracle Hyperion Profitability and Cost Management
Error
Correction information for Oracle Hyperion Profitability and Cost
Management
Patch
Availability for Oracle Hyperion Profitability and Cost Management
3.3.24 Oracle Hyperion Strategic Finance
Error
Correction information for Oracle Hyperion Strategic Finance
Patch
Availability for Oracle Hyperion Strategic Finance
3.3.25 Oracle Hyperion Workspace
Error
Correction information for Oracle Hyperion Workspace
Patch
Availability for Oracle Hyperion Workspace
3.3.26 Oracle JDeveloper and Oracle ADF
Error Correction information for
Oracle JDeveloper and Oracle ADF
Comments
Critical Patch
Update Availability for Oracle JDeveloper and
Oracle ADF
3.3.27 Oracle Map Viewer
Error Correction information for Oracle Map Viewer
Patch Availability for Oracle Map Viewer
3.3.28 Oracle Outside In
Technology
Error Correction information for Oracle Outside In Technology
Patch Availability for Oracle Outside In Technology
3.3.29 Oracle Real Time
Decisions Platform
Error Correction information for Oracle Real Time Decisions Platform
Describes the Error Correction information for Oracle Real Time
Decisions Platform.
Patch Availability for Oracle Real Time Decisions Platform
Describes the available patches for Oracle Real Time Decisions
Platform.
3.3.30 Oracle Service
Architecture Leveraging Tuxedo (SALT)
Error Correction information for Oracle Service Architecture
Leveraging Tuxedo (SALT)
Patch Availability for Oracle Service Architecture Leveraging Tuxedo
(SALT)
3.3.31 Oracle SOA Suite
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
SOA Suite installation. Only the relevant homes from those tables need to
be patched.
Patch Availability for Oracle SOA Suite
3.3.32 Oracle Traffic Director
Error
Correction information for Oracle Traffic Director
Patch
Availability for Oracle Traffic Director
3.3.33 Oracle Tuxedo
Error Correction information for Oracle Tuxedo
Patch Availability for Oracle Tuxedo
3.3.34 Oracle Tuxedo System and Applications Monitor
Plus (TSAM Plus)
Error
Correction Information for Oracle Tuxedo System and Applications Monitor
Plus (TSAM Plus)
Patch
Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM
Plus)
3.3.35 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below, refer to the
corresponding Oracle Fusion Middleware patch availability sections that
contain information on Error Correction, and for the patches to apply. Not
all homes that are listed in those sections might be present in the Oracle
Web-Tier 11g Utilities installation.
Only the relevant homes from those tables need to be patched.
Patch Availability for Oracle Web-Tier 11g Utilities
3.3.36 Oracle WebCenter
For the
appropriate product versions listed below, refer to the corresponding
Oracle Fusion Middleware patch availability sections that contain
information on Error Correction, and for the patches to apply. Not all
homes that are listed in those sections might be present in the Oracle WebCenter installation. Only the relevant homes from
those tables need to be patched.
3.3.37 Oracle WebCenter
Content (Formerly Oracle Universal Content Management)
Patch
Availability for Oracle WebCenter Content
3.3.38 Oracle WebCenter Portal
Error
Correction information for Oracle WebCenter
Portal
Patch
Availability for Oracle WebCenter Portal
3.3.39 Oracle WebCenter Sites
(Formerly FatWire Content Server)
Error
Correction information for Oracle WebCenter Sites
(formerly FatWire Content Server)
Patch
Availability for Oracle WebCenter Sites
3.3.40 Oracle WebCenter Sites
Community
Error
Correction information for Oracle WebCenter Sites
Community
Patch
Availability for Oracle WebCenter Sites Community
3.3.41 Oracle WebCenter Suite
For the
appropriate product versions listed below, refer to the corresponding
Oracle Fusion Middleware patch availability sections that contain
information on Error Correction, and for the patches to apply. Not all
homes that are listed in those sections might be present in the Oracle WebCenter Suite installation. Only the relevant homes
from those tables need to be patched.
Patch
Availability for Oracle WebCenter Suite
3.3.42 Oracle WebLogic Portal
Error
Correction information for Oracle WebLogic Portal
Critical Patch
Update Availability for WebLogic Portal
See also the
underlying product stack tables (JRockit and WLS)
for any applicable patches.
WebLogic
Portal patches are cumulative to include all the prior published
advisories. For more information, see My Oracle Support Note 1355929.1, October 2011 Updates Introduce New WebLogic Portal (WLP)
Configuration Options for SSL Session ID and SSL Filters.
WebLogic
Portal 9.2.3.0 is bundled with WebLogic Server 9.2.3.0, which is out of
error correction. Contact Oracle support for security patches needed for
WebLogic Server 9.2.3.0
3.3.43 Oracle WebLogic Server
Error
Correction information for Oracle WebLogic Server Patch Set Update
Patch Set
Update Availability for Oracle WebLogic Server
For more
information, see MyOracleSupport Note 1470197.1, Patch Set Update
(PSU) Release Listing for Oracle WebLogic Server (WLS). See Note 1306505.1, Patch Set Update
(PSU) Administration Guide for Oracle WebLogic Server (WLS)
This section
contains the following:
·
Section 3.3.43.1 Oracle WebLogic Server 14.1.1.0
·
Section 3.3.43.2 Oracle WebLogic Server 12.2.1.4
·
Section 3.3.43.3 Oracle WebLogic Server 12.2.1.3
·
Section 3.3.43.4 Oracle WebLogic Server 12.1.3
·
Section 3.3.43.5 Oracle WebLogic Server 10.3.6
·
Section 3.3.43.6 Oracle WebLogic Server Proxy
Plug-Ins for Third-Party Webservers
3.3.43.1 Oracle WebLogic Server 14.1.1.0
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 14.1.1.0 installation
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
WebLogic Server 14.1.1.0
|
Download
and apply the SPB patch:
WLS STACK PATCH BUNDLE 14.1.1.0.210414 Patch 32771440 or later
OR download and apply the individual patches below:
|
CVE-2021-2294, CVE-2019-3740, CVE-2021-2211,
CVE-2021-2135, CVE-2021-2204, CVE-2021-2136, CVE-2021-2214,
CVE-2020-25649, CVE-2021-2277
|
See Note 2764636.1, Introducing the
Stack Patch Bundle (SPB) for Oracle WebLogic Server
|
|
Oracle
WebLogic Server 14.1.1.0
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
Download
locations and installation instructions in above document
|
See Note 1492980.1, How to Install
and Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
Released January 2021
|
Update OPatch 13.9.4.2.5 Patch 28186730 before
applying the WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c
|
|
|
WLS
PATCH SET UPDATE 14.1.1.0.210329 Patch 32697788 or later
|
CVE-2021-2294, CVE-2019-3740, CVE-2021-2211,
CVE-2021-2135, CVE-2021-2204, CVE-2021-2136, CVE-2021-2214
|
See Note 2764668.1, Security Advice
and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
WEBLOGIC
SAMPLES SPU 14.1.1.0.210119 Patch 32148641 or later
|
Released January 2021
|
|
|
|
Coherence 14.1.1.0.4 Patch 32581868 or later
|
CVE-2020-25649, CVE-2021-2277
|
|
3.3.43.2 Oracle WebLogic
Server 12.2.1.4
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.4 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.2.1.4
|
Download and apply the SPB patch:
WLS STACK PATCH BUNDLE 12.2.1.4.210411 Patch 32755791 or later
OR download and apply the individual patches below:
|
CVE-2021-2157, CVE-2021-2294, CVE-2021-2204,
CVE-2021-2214, CVE-2021-2135, CVE-2021-2136, CVE-2021-2211,
CVE-2019-3740, CVE-2021-2277, CVE-2020-25649
|
See Note 2764636.1, Introducing the
Stack Patch Bundle (SPB) for Oracle WebLogic Server
|
|
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
Released January 2021
|
Update OPatch 13.9.4.2.5 Patch 28186730 before
applying WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c
|
|
|
WLS
PATCH SET UPDATE 12.2.1.4.210330 Patch 32698246 or later
|
CVE-2021-2157, CVE-2021-2294, CVE-2021-2204,
CVE-2021-2214, CVE-2021-2135, CVE-2021-2136, CVE-2021-2211, CVE-2019-3740
|
See Note 2764668.1, Security Advice
and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
WEBLOGIC
SAMPLES SPU 12.2.1.4.210119 Patch 32148640 or later
|
Released January 2021
|
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020 Patch 31544353
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details
on ADR and Applicability of this patch.
|
|
|
Coherence
12.2.1.4.8 Cumulative Patch using OPatch Patch 32581859 or later
|
CVE-2021-2277, CVE-2020-25649
|
|
3.3.43.3 Oracle WebLogic
Server 12.2.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.2.1.3
|
Download and apply the SPB patch:
WLS STACK PATCH BUNDLE 12.2.1.3.210411 Patch 32755804 or later
OR download and apply the individual patches below:
|
CVE-2021-2157, CVE-2021-2294, CVE-2021-2204,
CVE-2021-2214, CVE-2021-2135, CVE-2021-2136, CVE-2021-2211,
CVE-2019-3740, CVE-2021-2277
|
See Note 2764636.1, Introducing the
Stack Patch Bundle (SPB) for Oracle WebLogic Server
|
|
|
OPatch 13.9.4.2.5 Patch 28186730 or later
|
Released January 2021
|
Update OPatch 13.9.4.2.5 Patch 28186730 before
applying WLS PSU.
See Note 1587524.1 Using OUI NextGen OPatch 13 for
Oracle Fusion Middleware 12c
|
|
|
WLS
PATCH SET UPDATE 12.2.1.3.210329 Patch 32697734 or later
|
CVE-2021-2157, CVE-2021-2294, CVE-2021-2204,
CVE-2021-2214, CVE-2021-2135, CVE-2021-2136, CVE-2021-2211, CVE-2019-3740
|
See Note 2764668.1, Security Advice
and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
ADR FOR
WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details
on ADR and Applicability of this patch.
|
|
|
WEBLOGIC
SAMPLES SPU 12.2.1.3.210119 Patch 32148634 or later
|
Released January 2021
|
This patch is a cumulative patch for all Struts 2
CVEs to date. For more information, see: Note 2255054.1 Oracle
WebLogic Server Requirements for Apache Struts 2 Vulnerabilities.
|
|
|
Coherence
12.2.1.3.13 Cumulative Patch using OPatch Patch 32581838 or later
|
CVE-2021-2277
|
|
3.3.43.4 Oracle WebLogic
Server 12.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.1.3
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
Download
locations and installation instructions in above document
|
See Note 1492980.1, How to Install
and Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
WLS
PATCH SET UPDATE 12.1.3.0.210420 Patch 32345262 or later
|
CVE-2021-2294, CVE-2021-2204, CVE-2021-2214,
CVE-2021-2135, CVE-2021-2136, CVE-2021-2157
|
See Note 2764668.1, Security Advice
and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
ADR FOR
WEBLOGIC SERVER 12.1.3.0 JULY CPU 2020 Patch 31544363
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details
on ADR and Applicability of this patch.
|
|
|
WEBLOGIC
SAMPLES SPU 12.1.3.0.210119 Patch 32148638 or later
|
Released January 2021
|
This patch is a cumulative patch for all Struts 2
CVEs to date. For more information, see: Note 2255054.1 Oracle
WebLogic Server Requirements for Apache Struts 2 Vulnerabilities.
|
|
|
Coherence
12.1.3.0.10 Patch 32124546 or later
|
Released January 2021
|
|
|
|
WLS 12.1.3 JDBC Patch 20741228
|
Released January 2018
|
Please refer to Note 1970437.1 How To Update
the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c
|
|
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS
patch
|
|
|
See Note 1936300.1 How to Change
SSL Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion Middleware
Products (Doc ID 1936300.1)
|
Released
October 2014
|
SSL
V3.0 "Poodle" Advisory
|
3.3.43.5 Oracle WebLogic Server 10.3.6
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 10.3.6 installation
|
Product
Home
|
Patch
|
Advisory
Number
|
Comments
|
|
Oracle
WebLogic Server 10.3.6
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
|
See Note 2762944.1, Oracle Critical
Patch Update (CPU) April 2021 for Oracle Java SE
Download
locations and installation instructions in above document
|
See Note 1492980.1, How to Install
and Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
|
WLS
PATCH SET UPDATE 10.3.6.0.210420 Patch 32403651 or later
|
CVE-2021-2142, CVE-2021-2294, CVE-2021-2204,
CVE-2021-2214, CVE-2019-10086, CVE-2021-2211, CVE-2019-3740,
CVE-2021-2157
|
See Note 2764668.1, Security Advice
and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
ADR FOR
WEBLOGIC SERVER 10.3.6 JULY CPU 2020 Patch 31241365
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for details
on ADR and Applicability of this patch.
|
|
|
WLS
10.3.6 JDBC Patch 27541896
|
Released January 2018
|
Please refer to Note 1970437.1 How To Update
the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c
|
|
|
WEBLOGIC
SAMPLES SPU 10.3.6.0.210119 Patch 32134024 or later
|
Released January 2021
|
This patch is a cumulative patch for all Struts 2
CVEs to date. For more information, see: Note 2255054.1 Oracle
WebLogic Server Requirements for Apache Struts 2 Vulnerabilities
|
|
|
Coherence
3.7.1.20 Patch 32124557 or later
|
Released January 2021
|
|
|
|
See Note 1936300.1 How to Change
SSL Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion Middleware
Products (Doc ID 1936300.1)
|
Released
October 2014
|
SSL
V3.0 "Poodle" Advisory
|
3.3.43.6 Oracle WebLogic Server Proxy Plug-Ins for
Third-Party Webservers
Critical Patch
Update Availability for Oracle WebLogic Server Proxy Plug-Ins
The available
patches for Oracle WebLogic Server Plug-ins (Apache/IIS).
3.3.44 Oracle Coherence
Error Correction information for Oracle Coherence
Critical Patch
Update Availability for Oracle Coherence
Follow the
guidance below to locate the patches that should be applied to a Standalone
Oracle Coherence installation
This section
contains the following:
·
Section 3.4.1 "Directory Server Enterprise
Edition"
3.4.1 Directory Server Enterprise Edition
Error
Correction information for Directory Server Enterprise Edition
Patch
Availability for Directory Server Enterprise Edition
This section
contains the following:
·
Section 3.5.1 "Oracle OPatch"
3.5.1 Oracle OPatch
Minimum
Product Requirements for Oracle OPatch
The CPU
security vulnerabilities are fixed in the listed release and later
releases. The Oracle OPatch downloads can be
found at Patch 6880880.
Final CPU History
The Final CPU is the last quarter that a product is supported in the
CPU program as per the Premier Support and Extended Support policies. For
more information, see My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error
Correction Support Policy.
The following
documents provide additional information about Critical Patch Updates:
·
My Oracle Support Note 888.1, Master Note for Database Proactive Patch Program
·
My Oracle Support Note 822485.1, Master Note for Enterprise Manager Proactive Patch Program
·
My Oracle Support Note 1494151.1, Master Note
on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and
Bundle Patches (BPs)
|