|
APPLIES TO:
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Express Cloud Service -
Version N/A and later
Oracle Database Backup Service - Version N/A and
later
Oracle Database - Enterprise Edition - Version
12.1.0.2 and later
Oracle Fusion Middleware - Version 11.1.1.7.0 and
later
Information in this document applies to any platform.
This document defines the patches and minimum releases
for the Database Product Suite, Fusion Middleware Product Suite, Exalogic,
and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates
released on October 19, 2021.
The document is for Database Administrators and/or
others tasked with Quarterly Security Patching.
Database, Fusion Middleware, and
Enterprise Manager Critical Patch Update October 2021 Patch Availability
Document
My Oracle
Support Note 2796575.1
Released October 19,
2021
This document contains the
following sections:
Quick Links: Read Me First DB 19c EM Cloud Control FMW WLS
1 Overview
Oracle provides quarterly
cumulative patches to address security vulnerabilities. The patches may
include critical fixes in addition to the security fixes. The security
vulnerabilities addressed are announced in the Advisory for October 2021,
available at:
Oracle Technical
Network Advisory
This document lists the Oracle
Database, Fusion Middleware and Enterprise Manager CPU program cumulative
patches for product releases under error correction. The October 2021
release supersedes earlier CPU program cumulative patches for the same
product releases. This document is subject to continual update after the
initial release, and the changes are listed in "Modification
History." If you print this document, check My Oracle
Support to ensure you have the latest version.
This section contains the
following:
·
Section 1.1
"How To Use This Document"
·
Section 1.2
"Terminology in the Tables"
·
Section 1.3
"On-Request Patches"
·
Section 1.4
"CPU Program and My Oracle Support Patch Recommendations"
·
Section 1.5 "My
Oracle Support (MOS) Conflict Checker Tool"
1.1 How To Use This
Document
The following steps explain how to
use this document.
Step
1 Assess your Environments
Determine
the Oracle product suites and products and their release numbers for each
of your environments.
Step
2 Read Important Announcements
Review "What's New in
October 2021," as it lists documentation and packaging
changes along with important announcements such as upcoming final CPUs.
Step
3 Determine Patches to be Applied
For each
environment, determine which patches need to be applied by using the tables
in "Patch
Availability for Oracle Products." There is one
availability table for each product suite release, such as Oracle Database
12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise
Manager Cloud Control 13.4.0.0.
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory
Database, and OCS Software Error Correction Support Policy.
Patches are provided only for these releases. If you do not see the release
that you have installed, then check "Final CPU
History" and contact Oracle Support for further
assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous
quarterly releases, or the current one without any security fixes, the
column indicates "Released MMM YYYY"
·
When a
section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle
Database" is referenced, determine the Oracle Database
release that is installed, and find the patches to apply in the table for
that Oracle Database release in "Oracle
Database."
Step
4 Apply the Patches
Download
the patches, review the READMEs, and apply the patches according to the
instructions.
Step
5 Planning for Future Critical Patch Updates
To help
you plan for future Critical Patch Updates, this document includes Final
CPU information based on Oracle's Lifetime Support Policy and error
correction policies.
"Final CPU
Information (Error Correction Policies)" in "What's New in
October 2021," documents product releases for which
final Critical Patch Updates are upcoming or are being announced. In each
product section, there is also an Error Correction Information Table that
documents the final CPU program patch for the product. Products that have
reached the end of error correction are documented in "Final CPU
History."
Oracle recommends that you subscribe to
this Patch Availability Document in order to stay informed of any emergent
problems.
1.2 Terminology in the
Tables
The following terminology is used
in this patch availability document and in the subsequent tables.
·
Update (RU) - Release Update
·
Revision (RUR) -Release Update Revision
·
BP -
Bundle Patch
·
Final CPU is the last quarter that a product is supported
in the CPU program as per the Premier Support and Extended Support
policies. http://www.oracle.com/us/support/lifetime-support/index.html.
·
NA Not
Applicable.
·
OR On-Request.
The patch is made available through the On-Request program.
·
PSU - Patch Set Update
·
SPU - Security Patch Update. An iterative, cumulative patch
consisting of security fixes.
·
Overlay SPU patch provided as an overlay on top of a PSU or
BP instead of a base/patch set release.
1.3 On-Request Patches
Oracle does not proactively release
patches for historically inactive platforms. However, Oracle will deliver
these patches when requested.
The following guidelines describe
how to initiate an on-request (OR) patch.
A request may be made:
o At any time. However, a patch for a specific
quarterly release, such as CPUOct2012, cannot be requested. Depending on
when the request is received and processed, either the patch for the
current quarterly release or the next quarterly release will be provided.
Your Service Request (SR) will provide you the planned availability date
for the patch.
o As long as the version is in either Premier
Support or Extended Support and error correction support has not expired.
For example, if a product release is under Extended Support through the
release of CPUJan2013 on January 15, 2013, then you can file a request for
the product release through January 29, 2013. For more information, see Oracle
Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory
Database, and OCS Software Error Correction Support Policy.
o For a platform-version combination when a
major release or patch set is released on a platform after a quarterly
release date. Oracle will provide the next patch for that platform-version
combination, however you may request the current patch by following the
on-request process. For example, if a patch is released for a platform on
August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform.
You may request a CPUOct2012 patch for the platform, and Oracle will review
the request and determine whether to provide CPUJul2012 or CPUOct2012.
A patch
that is marked as on-request (OR) may already have been requested by
another customer and be available on My Oracle Support. Before you file a
Service Request (SR), check on My Oracle Support to see if the patch is
already available for your platform.
1.4 CPU Program and My
Oracle Support Patch Recommendations
My Oracle Support patch
recommendation features are available on the Patches & Update tab. The
patches announced in this document as part of the CPU program are
classified as "Security" patch recommendations in My Oracle
Support. If a new patch is being announced in this document, then the
classification on any earlier patch is changed to "General",
causing it to be removed from the My Oracle Support patch recommendations.
If a patch has a "Security" classification, and a subsequent
bundle, SPU, or PSU is released with a recommendation classification, then
it will be classified as a "Security" recommendation in My Oracle
Support.
Once a product release is no longer
in error correction, its CPU patch information is removed from this
document, but the last patch recommendation continues to be available in My
Oracle Support. Ensure to select each of the products installed in
your environment to obtain all patches.
1.5 My Oracle Support
(MOS) Conflict Checker Tool
The My Oracle Support (MOS)
Conflict Checker tool is available as of July 21, 2014.
You can access MOS Conflict Checker
at https://support.oracle.com/epmos/faces/PatchConflictCheck.
This tool is also accessible from the Patch Search results screen
("Analyze with OPatch" button).
The MOS Conflict Checker Tool
allows you to upload an OPatch inventory to check for conflicts with
patches to apply to your environment. If no conflicts are found, you can
download the patches. If conflicts are found, the tool finds an existing
resolution to download. If no resolution is found, you can request a
solution, and monitor your request in the Plans region.
For more information and a
demonstration video, see Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict Checker Tool for
Patches Installed with OPatch [Video].
2 What's New in October
2021
This section describes important
changes in October 2021:
·
Section 2.1
"Final CPU Information (Error Correction Policies)"
·
Section 2.2 "Post Release Patches"
2.1 Final CPU Information (Error Correction Policies)
The final CPU is the last quarter that
a product is supported in the CPU program as per the Premier Support and
Extended Support policies. Final CPUs for upcoming releases, as well as
newly scheduled final CPUs, are listed in the following sections.
Final CPUs
scheduled for Oct 2021
- Oracle Data Integrator
12.2.1.3
- Oracle Data Integrator
11.1.1.9
- Oracle Database Mobile Server
11.3.x
- Oracle GoldenGate 12.1.2.1
- Oracle GoldenGate for Big Data
12.3.2.1.0
- Oracle Enterprise Manager FMW
Control 12.2.1.3
- Oracle Enterprise Manager FMW
Control 11.1.1.9
- Oracle Business Intelligence
Enterprise Edition 12.2.1.3
- Oracle Business Intelligence
Enterprise Edition 11.1.1.9
- Oracle Business Intelligence
Publisher 12.2.1.3
- Oracle Business Intelligence
Publisher 11.1.1.9
- Oracle Enterprise Data Quality
12.2.1.3
- Oracle Enterprise Data Quality
11.1.1.9
- Oracle Enterprise Repository
11.1.1.7
- Oracle Forms and Reports
12.2.1.3
- Oracle Fusion Middleware
Infrastructure 12.2.1.3
- Oracle Fusion Middleware
Infrastructure 11.1.1.9
- Oracle GoldenGate 18.1
- Oracle GoldenGate 12.3.0.1
- Oracle HTTP Server 12.2.1.3
- Oracle Hyperion Analytic
Provider Services 11.1.2.x
- Oracle Hyperion BI+ 11.1.2.x
- Oracle Hyperion Data
Relationship Management 11.1.2.x
- Oracle Hyperion Enterprise
Performance Management Architect 11.1.2.x
- Oracle Hyperion Essbase 11.1.2.x
- Oracle Hyperion Financial
Close Management 11.1.2.x
- Oracle Hyperion Financial
Management 11.1.2.0
- Oracle Hyperion Financial
Reporting 11.1.2.x
- Oracle Hyperion Infrastructure
Technology 11.1.2.4
- Oracle Hyperion Lifecycle
Management 11.1.2.x
- Oracle Hyperion Planning
11.1.2.x
- Oracle Hyperion Profitability
and Cost Management 11.1.2.4
- Oracle Hyperion Strategic
Finance 11.1.2.x
- Oracle Hyperion Workspace
11.1.2.x
- Oracle Identity and Access
Management 12.2.1.3.0
- Oracle Identity and Access
Management 11.1.x.x
- Oracle JDeveloper and Oracle
ADF 12.2.1.3
- Oracle JDeveloper and Oracle
ADF 11.1.2.4
- Oracle JDeveloper and Oracle
ADF 11.1.1.9
- Oracle Map Viewer 12.2.1.3
- Oracle Map Viewer 11.1.1.9
- Oracle Real Time Decisions
Platform 3.2
- Oracle SOA Suite 12.2.1.3
- Oracle SOA Suite 11.1.1.9
- Oracle Traffic Director
12.2.1.3
- Oracle Traffic Director
11.1.1.9
- Oracle WebCenter 12.2.1.3
- Oracle WebCenter 11.1.1.9
- Oracle WebCenter Portal
12.2.1.3
- Oracle WebCenter Sites
12.2.1.3
- Oracle WebCenter Sites
11.1.1.8
- Oracle WebLogic Portal
10.3.7.0
- Oracle WebLogic Server
12.2.1.3.0
- Oracle WebLogic Server
10.3.6.0
- Oracle WebTier 11.1.1.9
- Oracle Coherence 12.2.1.3
- Oracle Coherence 3.7.1
Final CPUs
scheduled for Jan 2022
- Oracle WebLogic Server
12.1.3.0
- Oracle Coherence 12.1.3.0
2.2 Post Release Patches
Oracle strives to complete
preparations and testing of each Quarterly Security Patch for each platform
by the quarterly release date. Occasionally, circumstances beyond our
control dictate that a particular patch be delayed and be released a few
days after the quarterly release date. The following table lists any
current patch delays and the estimated date of availability.
|
Patch
|
Patch Number
|
Platform
|
Availability
|
|
21.4.0.0.211019 DB RU
|
Patch
33239276
|
Linux x86-64
|
Available
|
|
21.4.0.0.211019 GI RU
|
Patch
33250101
|
Linux x86-64
|
Available
|
|
19.13.0.0.211019 DB RU (&
associated COMBO)
|
Patch
33192793 (& Patch
33248420)
|
zLinux, Solaris Sparc64, Solaris
x86-64
|
Available
|
|
HP-UX Itanium, AIX
|
13-Nov-2021
|
|
19.13.0.0.211019 GI RU (&
associated COMBO)
|
Patch
33182768 (& Patch
33248471)
|
zLinux, Solaris Sparc64, Solaris
x86-64
|
Available
|
|
HP-UX Itanium, AIX
|
13-Nov-2021
|
|
19.12.1.0.211019 DB RUR
|
Patch
33210889
|
All
|
Available
|
|
19.12.1.0.211019 GI RUR
|
Patch
33204768
|
All
|
Available
|
|
19.11.2.0.211019 DB RUR
|
Patch
33153989
|
All
|
Available
|
|
19.11.2.0.211019 GI RUR
|
Patch
33248229
|
All
|
Available
|
|
12.2.0.1.211019 DBRU (&
associated COMBO)
|
Patch
33261817 (& Patch
33248521)
|
HP-UX Itanium
|
Available
|
|
12.2.0.1.211019 GIRU
|
Patch
33290750
|
HP-UX Itanium
|
Available
|
|
COMBO 12.2.0.1.211019 GIRU
|
Patch
33248546
|
HP-UX Itanium
|
Available
|
|
12.1.0.2.211019 DB BP
|
Patch
33248411
|
Solaris Sparc64, Solaris x86-64,
zLinux, HP-UX Itanium, AIX
|
Available
|
|
COMBO 12.1.0.2.211019 DB BP
|
Patch
33248596
|
All
|
Available
|
|
12.1.0.2.211019 DBPSU
|
Patch
33128590
|
All
|
Available
|
|
COMBO 12.1.0.2.211019 DBPSU
|
Patch
33248571
|
All
|
Available
|
|
12.1.0.2.211019 GIPSU
|
Patch
33248367
|
Solaris Sparc64, Solaris x86-64, AIX,
zLinux, HP-UX Itanium
|
Available
|
|
COMBO 12.1.0.2.211019 GIPSU
|
Patch
33248580
|
All
|
Available
|
|
OJVM Release Update 19.13.0.0.211019
|
Patch
33192694
|
MS-Windows
|
13-Nov-2021
|
|
19.13.0.0.211019 WIN BP
|
Patch
33155330
|
All
|
13-Nov-2021
|
|
21.4 Quarterly Full Stack download
for Exadata
|
Patch
33266144
|
All
|
Available
|
|
19.3 Quarterly Full Stack download
for Exadata
|
Patch
33248572
|
All
|
Available
|
|
12.2.0.1 Quarterly Full Stack
download for Exadata
|
Patch
33248531
|
All
|
Available
|
|
12.1.0.2 Quarterly Full Stack
download for Exadata
|
Patch
33248499
|
All
|
Available
|
|
Quarterly Full Stack download for
SuperCluster (Q4.2021)
|
Patch
33248582
|
All
|
01-Dec-2021
|
3 Patch Availability
for Oracle Products
This section contains the
following:
·
Section 3.1
"Oracle Database"
·
Section 3.2
"Oracle Enterprise Manager"
·
Section 3.3
"Oracle Fusion Middleware"
·
Section 3.4
"Oracle Sun Middleware"
·
Section 3.5
"Tools"
3.1 Oracle Database
This section contains the
following:
·
Section 3.1.1
"Oracle REST Data Services (formally called Oracle APEX
Listener)"
·
Section 3.1.2
"Oracle Application Express"
·
Section 3.1.3
"Oracle Graph Server and Client"
·
Section 3.1.4
"Oracle Big Data Spatial and Graph"
·
Section 3.1.5
"Oracle Database"
·
Section 3.1.6
"Oracle Database Mobile/Lite Server"
·
Section 3.1.7
"Oracle GoldenGate"
·
Section 3.1.8
"Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate
Application Adapters)"
·
Section 3.1.9
"Oracle GoldenGate Veridata"
·
Section 3.1.10
"Oracle NoSQL Database"
·
Section 3.1.11
"Oracle Secure Backup"
·
Section 3.1.12
"Oracle Spatial Studio"
·
Section 3.1.13
"Oracle SQL Developer"
·
Section 3.1.14
"Oracle Stream Analytics"
·
Section 3.1.15
"Oracle TimesTen In-Memory Database"
·
Section 3.1.16
"Oracle Essbase "
3.1.1 Oracle REST Data Services
(formally called Oracle APEX Listener)
Minimum
Product Requirements for Oracle REST Data Services
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle REST Data
Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle REST Data Services
|
21.3
|
CVE-2021-28165, CVE-2021-28169, CVE-2021-34428,
CVE-2020-11988, CVE-2019-17566, CVE-2020-11987
|
|
3.1.2 Oracle
Application Express
Minimum
Product Requirements for Oracle Application Express
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Application
Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Application Express
|
21.1.0 Bundle Patch Patch
32598392
|
CVE-2021-26272, CVE-2021-26271
|
|
3.1.3
Oracle Graph Server and Client
Minimum
Product Requirements for Oracle Graph Server and Client
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Graph Server
and Client downloads and installation instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Graph Server and Client
|
21.3.0.0.0
|
CVE-2021-25122, CVE-2021-25329,
CVE-2020-8908, CVE-2021-23337, CVE-2020-28500, CVE-2020-25649
|
|
3.1.4
Oracle Big Data Spatial and Graph
Minimum
Product Requirements for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Big Data
Spatial and Graph downloads and installation instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Big Data Spatial and Graph
|
BDSG 3.0 Patch
30431133
|
Released July 2021
|
|
3.1.5 Oracle
Database
This section contains the
following:
·
Section 3.1.5.1
"Patch Availability for Oracle Database"
·
Section 3.1.5.2
"Oracle Database 21"
·
Section 3.1.5.3
"Oracle Database 19"
·
Section 3.1.5.4
"Oracle Database 12.2.0.1"
·
Section 3.1.5.5
"Oracle Database 12.1.0.2"
3.1.5.1 Patch Availability for
Oracle Database
For information regarding the
different types of patches for Database, refer to Oracle Database -
Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and
Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1
and greater, Note 2337415.1
3.1.5.2 Oracle Database 21
|
Patch
Information
|
21
|
Comments
|
|
Final
CPU
|
See Note 742060.1
|
|
|
On-Request
platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 21
|
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle
Database Server home
|
Database Release Update 21.4.0.0.211019 Patch
33239276 for UNIX, or
GI Release Update 21.4.0.0.211019 Patch
33250101, or
Quarterly Full Stack download for Exadata (Oct2021)
21.4 Patch
33266144 for Linux x86-64, or
|
CVE-2021-35599, CVE-2021-35619,
CVE-2021-2332, CVE-2021-35551, CVE-2021-35557, CVE-2021-35558,
CVE-2021-29425, CVE-2021-29921, CVE-2020-28928, CVE-2021-2341,
CVE-2021-2369, CVE-2021-2388, CVE-2021-2432, CVE-2021-25122 (GI)
|
21c does not have COMBO nor OJVM patches. Instead, the OJVM fixes are
contained within the DB RU and the GU RU patches.
The Database and GI Update and Revision patches
include the JDK fixes released in the prior cycle. For the most recent
JDK fixes a separate patch is available (see below) and needs to be
installed in addition to the Database and GI patches.
|
|
Oracle
Database Server, Client, and Global Data Services Home
|
JDK8u301 Patch
33197565
|
CVE-2021-3517, CVE-2021-35560,
CVE-2021-35567, CVE-2021-35550, CVE-2021-3522, CVE-2021-35586,
CVE-2021-35564, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561,
CVE-2021-35565, CVE-2021-35603, CVE-2021-35588, CVE-2021-35578
|
JDK patches for 32 bit clients would
be build on demand basis.
|
|
Oracle
Database Client, and Global Data Services Home
|
Database Release Update 21.4.0.0.211019 Patch
33239276 for UNIX
|
Released October 2021
|
The Instant Client installation is
not the same as the client-only Installation. For additional information
about Instant Client installations, see Oracle Call
Interface Programmer's Guide.
|
3.1.5.2 Oracle Database 19
|
Patch
Information
|
19
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 19
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 19.13.0.0.211019 and
Database Release Update 19.13.0.0.211019 Patch
33248420 for UNIX, or
Combo OJVM Release Update 19.13.0.0.211019 and GI
Release Update 19.13.0.0.211019 Patch
33248471, or
Quarterly Full Stack download for Exadata (Oct2021)
19.13 Patch
33248572 for Linux x86-64
|
CVE-2021-35619, CVE-2021-2332,
CVE-2021-35551, CVE-2021-35557, CVE-2021-35558, CVE-2021-35576,
CVE-2021-29425, CVE-2021-35579, CVE-2020-27824, CVE-2021-25122 (GI)
|
See Note 1929745.1,
Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches.
For patch availability, see section 2.2 Post Release
Patches
|
|
Oracle Database Server home
|
Database Release Update 19.13.0.0.211019 Patch
33192793 for UNIX, or
GI Release Update 19.13.0.0.211019 Patch
33182768, or
Microsoft Windows 32-Bit and x86-64 BP
19.13.0.0.211019 Patch
33155330 or later, or
Database Release Update Revision 19.12.1.0.211019 Patch
33210889 for UNIX, or
GI Release Update Revision 19.12.1.0.211019 Patch
33204768, or
Database Release Update Revision 19.11.2.0.211019 Patch
33153989 for UNIX, or
GI Release Update Revision 19.11.2.0.211019 Patch
33248229, or
Quarterly Full Stack download for Exadata (Oct2021)
19.13 Patch
33248572 for Linux x86-64, or
Quarterly Full Stack download for SuperCluster
(Q4.2021) Patch
33248582 for Solaris SPARC 64-Bit
|
CVE-2021-2332, CVE-2021-35551,
CVE-2021-35557, CVE-2021-35558, CVE-2021-35576, CVE-2021-29425,
CVE-2021-35579, CVE-2020-27824, CVE-2021-25122 (GI)
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
From Jan2021 onwards the Database and GI Update and
Revision patches include updates to the Crypto libraries. See "MES
v4.1.6 to v4.5 update 18c / 19c databases (Note 2746801.1)"
for more details.
From July 2021 onwards the Database and GI Update and
Revision patches introduce a number of Native Network Encryption changes
to deal with vulnerability CVE-2021-2351 and prevent the use of weaker
ciphers. Customers should review: “Changes in Native Network Encryption
with the July 2021 Critical Patch Update” Note 2791571.1
For patch availability, see section 2.2 Post Release
Patches
|
|
Oracle Database Server home
|
OJVM Release Update 19.13.0.0.211019 Patch
33192694 for all platforms
|
CVE-2021-35619
|
See Note 1929745.1,
Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches
|
|
Oracle Database Server, Client, and
Global Data Services Home
|
JDK8u311Patch
33197296
|
CVE-2021-3517, CVE-2021-35560,
CVE-2021-35567, CVE-2021-35550, CVE-2021-3522, CVE-2021-35586,
CVE-2021-35564, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561,
CVE-2021-35565, CVE-2021-35603, CVE-2021-35588, CVE-2021-35578
|
JDK patches for 32 bit clients would
be build on demand basis.
|
|
Oracle Database Server, Client, and
Global Data Services Home
|
Perl Patch
31732095
|
Released January 2021
|
|
|
Oracle Database Client, and Global
Data Services Home
|
Database Release Update 19.13.0.0.211019 Patch
33192793 for UNIX, or
Database Release Update Revision 19.12.1.0.211019 Patch
33210889 for UNIX, or
Database Release Update Revision 19.11.2.0.211019 Patch
33153989 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 19.13.0.0.211019 Patch
33155330
|
Released October 2021
|
The Instant Client installation is
not the same as the client-only Installation. For additional information
about Instant Client installations, see Oracle Call
Interface Programmer's Guide.
|
3.1.5.3 Oracle Database 12.2.0.1
|
Patch Information
|
12.2.0.1
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 12.2.0.1
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM Release Update 12.2.0.1.211019 and
Database Release Update 12.2.0.1.211019 Patch
33248521 for UNIX, or
Combo OJVM Release Update 12.2.0.1.211019 and GI
Release Update 12.2.0.1.211019 Patch
33248546, or
Quarterly Full Stack download for Exadata (Oct2021)
12.2.0.1 Patch
33248531, or
Quarterly Full Stack download for SuperCluster
(Q4.2021) Patch
33248582 for Solaris SPARC 64-Bit
|
CVE-2021-35619, CVE-2021-2332,
CVE-2021-35551, CVE-2021-35557, CVE-2021-35558, CVE-2021-35576,
CVE-2021-29425, CVE-2021-35579, CVE-2020-27824, CVE-2021-25122 (GI)
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines
a few specific situations where the OJVM PSU patchset can be
postinstalled into each database while the database remains in
unrestricted "startup" mode. Please refer to the NOTE for more
details.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1,
Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU
and Update" (OJVM PSU and OJVM Update) Patches.
From July 2021 onwards
the Database and GI Update and Revision patches include updates to the
Native Network Encryption. See
"Improving Native Network Encryption Security" for more details.
For patch availability, see section 2.2 Post Release
Patches
|
|
Oracle Database Server home
|
Database Oct2021 Release Update 12.2.0.1.211019 Patch
33261817 for UNIX, or
GI Oct2021 Release Update 12.2.0.1.211019 Patch
33290750, or
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.211019 Patch
33174380 or later, or
BS2000 Database BP 12.2.0.1.211019 Patch
33204389, or
Quarterly Full Stack download for Exadata (Oct2021)
12.2.0.1 Patch
33248531, or
Quarterly Full Stack download for SuperCluster
(Q4.2021) Patch
33248582 for Solaris SPARC 64-Bit
|
CVE-2021-2332, CVE-2021-35551,
CVE-2021-35557, CVE-2021-35558, CVE-2021-35576, CVE-2021-29425,
CVE-2021-35579, CVE-2020-27824, CVE-2021-25122 (GI)
|
From Jan2020 onwards the Database and GI Update and
Revision patches include the JDK fixes released in the prior cycle. For
the most recent JDK fixes a separate patch is available (see below) and
needs to be installed in addition to the Database and GI patches.
From July 2021 onwards the Database and GI Update and
Revision patches introduce a number of Native Network Encryption changes
to deal with vulnerability CVE-2021-2351 and prevent the use of weaker
ciphers. Customers should review: “Changes in Native Network Encryption
with the July 2021 Critical Patch Update” Note 2791571.1
Please note that 12.2.0.1 entered Limited Error
Correction as of December 01, 2020. Hence, Oracle is only
including Security and P1 fixes into the 12.2.0.1 quarterly patch
bundles. Therefore as of 2021, there is no content difference between a
Release Update and a Release Update Revision, and all 12.2.0.1 customers
should use the 12.2.0.1 Release Update.
For patch availability, see section 2.2 Post Release
Patches
|
|
Oracle Database Server home
|
OJVM Release Update 12.2.0.1.211019 Patch
33192662 for UNIX, or
OJVM Microsoft Windows Bundle Patch 12.2.0.1.211019 Patch
33248852
|
CVE-2021-35619
|
OJVM Update Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines
a few specific situations where the OJVM PSU patchset can be
postinstalled into each database while the database remains in
unrestricted "startup" mode. Please refer to the NOTE for more
details.
See Note 1929745.1,
Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches
|
|
Oracle Database Server and Client
home
|
JDK8u301 Patch
33197448
|
CVE-2021-3517, CVE-2021-35560,
CVE-2021-35567, CVE-2021-35550, CVE-2021-3522, CVE-2021-35586,
CVE-2021-35564, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561,
CVE-2021-35565, CVE-2021-35603, CVE-2021-35588, CVE-2021-35578
|
See Note 2584628.1,
"JDK and PERL Patches for Oracle Database Home and Grid Home"
for information on availability and prior patches.
JDK patches for 32 bit clients would be build on
demand basis.
|
|
Oracle Database Server home
|
Perl Patch
31858212
|
Released January 2021
|
|
|
Oracle Database Client home
|
Database Oct2021 Release Update 12.2.0.1.211019 Patch
33261817 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.211019 Patch
33174380
|
Released October 2021
|
The Instant Client installation is
not the same as the client-only Installation. For additional information
about Instant Client installations, see Oracle Call
Interface Programmer's Guide.
|
3.1.5.4 Oracle Database 12.1.0.2
Error
Correction information for Oracle Database 12.1.0.2
|
Patch Information
|
12.1.0.2
|
Comments
|
|
Final CPU
|
See Note 742060.1
|
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 12.1.0.2
If the Combo patches that are
listed in the first row are applied, then the patches listed in Rows 2 and
3 do not need to be applied.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database Server home
|
Combo OJVM PSU 12.1.0.2.211019 and Database Proactive
BP 12.1.0.2.211019 Patch
33248596 for UNIX, or
Combo OJVM PSU 12.1.0.2.211019 and Database PSU
12.1.0.2.211019 Patch
33248571 for UNIX, or
Combo OJVM PSU 12.1.0.2.211019 and GI PSU
12.1.0.2.211019 Patch
33248580, or
Quarterly Full Stack download for Exadata (Oct2021)
12.1.0.2 Patch
33248499, or
Quarterly Full Stack download for SuperCluster
(Q4.2021) Patch
33248582 for Solaris SPARC 64-Bit
|
CVE-2021-35619, CVE-2021-2332,
CVE-2021-35557, CVE-2021-35558, CVE-2021-35576, CVE-2021-29425,
CVE-2021-35579
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines
a few specific situations where the OJVM PSU patchset can be
postinstalled into each database while the database remains in
unrestricted "startup" mode. Please refer to the NOTE for more
details.
Combos are for environments that take a single downtime
to apply all patches
See Note 1929745.1,
Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches.
For patch availability, see section 2.2 Post Release
Patches
|
|
Oracle Database Server home
|
Database Proactive Bundle Patch 12.1.0.2.211019 Patch
33248411, or
Database PSU 12.1.0.2.211019 Patch
33128590 for UNIX, or
GI PSU 12.1.0.2.211019 Patch
33248367, or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.211019 Patch
33174365 or later, or
Quarterly Full Stack download for Exadata (Oct2021)
12.1.0.2 Patch
33248499, or
Quarterly Full Stack download for SuperCluster
(Q4.2021) Patch
33248582 for Solaris SPARC 64-Bit
|
CVE-2021-2332, CVE-2021-35557,
CVE-2021-35558, CVE-2021-35576, CVE-2021-29425, CVE-2021-35579
|
For JDK fixes a separate patch is available (see
below) and needs to be installed in addition to the Database and GI
patches.
From July 2021 onwards the Database and GI Update and
Revision patches introduce a number of Native Network Encryption changes
to deal with vulnerability CVE-2021-2351 and prevent the use of weaker
ciphers. Customers should review: “Changes in Native Network Encryption
with the July 2021 Critical Patch Update” Note 2791571.1
For patch availability, see section 2.2 Post Release
Patches
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU 12.1.0.2.211019 Patch
33192628 for UNIX, or
Oracle JavaVM Component Microsoft Windows Bundle
Patch 12.1.0.2.211019 Patch
33248785
|
CVE-2021-35619
|
OJVM PSU Patches are not RAC Rolling installable.
However, NOTE 2217053.1 defines
a few specific situations where the OJVM PSU patchset can be
postinstalled into each database while the database remains in
unrestricted "startup" mode. Please refer to the NOTE for more
details.
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch
23727148
See Note 1929745.1,
Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches
For patch availability, see section 2.2 Post Release
Patches
|
|
Oracle Database Server and Client
home
|
JDK7u321Patch
33197468
|
CVE-2021-35550, CVE-2021-35586,
CVE-2021-35564, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561,
CVE-2021-35565, CVE-2021-35603, CVE-2021-35588
|
See Note 2584628.1,
"JDK and PERL Patches for Oracle Database Home and Grid Home"
for information on availability and prior patches.
JDK patches for 32 bit clients would be build on
demand basis.
|
|
Oracle Database Server home
|
Perl Patch
31858428
|
Released January 2021
|
|
|
Oracle Database Server home
|
Oracle JavaVM Component Database PSU
- Generic JDBC 12.1.0.2.160719 Patch
23727148
|
Released July 2016
|
|
|
Oracle Database Client home
|
Database PSU 12.1.0.2.211019 Patch
33128590 for UNIX, or
Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.211019 Patch
33174365
|
Released October 2021
|
The Instant Client installation is
not the same as the client-only Installation. For additional information
about Instant Client installations, see Oracle Call
Interface Programmer's Guide.
|
3.1.6 Oracle
Database Mobile/Lite Server
Error
Correction Information for Oracle Database Mobile Server
|
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
|
Final CPU
|
April 2023
|
October 2021
|
|
Patch
Availability for Oracle Database Mobile Server 12.1.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.1
|
12.1.0.0 BP Patch
21974980
|
Released October 2015
|
|
Patch
Availability for Oracle Database Mobile Server 11.3.x
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.3
|
11.3.0.2 BP Patch
21950285
|
Released October 2015
|
|
3.1.7 Oracle
GoldenGate
Error
Correction information for Oracle GoldenGate
|
Component
|
19.1
|
12.3.0.1
|
12.2.0.2
|
12.1.2.1
|
Comments
|
|
Final CPU
|
July 2026
|
October 2021
|
October 2023
|
October 2021
|
|
Patch
Availability for Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
19.1
|
OGG 19.1.0.0.211019 for Oracle 19c Patch
33376981
OGG 19.1.0.0.211019 for Oracle 18c Patch
33376978
OGG 19.1.0.0.211019 for Oracle 12c Patch
33376975
OGG 19.1.0.0.211019 for Oracle 11g Patch
33376964
|
CVE-2019-3740, CVE-2019-3738,
CVE-2019-3739, CVE-2020-11987, CVE-2019-17566, CVE-2020-11023,
CVE-2011-4969, CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022,
CVE-2018-10237, CVE-2020-8908
|
Refer to Note 1645495.1 for
the latest release and additional platforms.
|
|
12.3.0.1
|
On-Request
|
CVE-2019-3740, CVE-2019-3738, CVE-2019-3739,
CVE-2020-11987, CVE-2019-17566, CVE-2020-11023, CVE-2011-4969,
CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022,
CVE-2018-10237, CVE-2020-8908
|
Refer to Note 1645495.1 for
the latest release and additional platforms.
|
|
12.2.0.2
|
On-Request
|
CVE-2019-3740, CVE-2019-3738,
CVE-2019-3739, CVE-2020-11987, CVE-2019-17566, CVE-2020-11023,
CVE-2011-4969, CVE-2012-6708, CVE-2015-9251, CVE-2019-11358,
CVE-2020-11022, CVE-2018-10237, CVE-2020-8908
|
Refer to Note 1645495.1 for
the latest release and additional platforms.
|
|
12.1.2.1
|
On-Request
|
CVE-2019-3740, CVE-2019-3738,
CVE-2019-3739, CVE-2020-11987, CVE-2019-17566, CVE-2020-11023,
CVE-2011-4969, CVE-2012-6708, CVE-2015-9251, CVE-2019-11358,
CVE-2020-11022, CVE-2018-10237, CVE-2020-8908
|
Refer to Note 1645495.1 for
the latest release and additional platforms.
|
3.1.8 Oracle
GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application
Adapters)
Error
Correction information for Oracle GoldenGate for Big Data
|
Component
|
19.1.0.0.x
|
12.3.2.1.0
|
Comments
|
|
Final CPU
|
July 2026
|
October 2021
|
|
Patch
Availability for Oracle GoldenGate for Big Data
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
19.1.0.0.0
|
Oracle GoldenGate for Big Data
19.1.0.0.9 Patch
33116428 or later
|
CVE-2021-29425
|
|
|
12.3.2.1
|
Oracle GoldenGate for Big Data
12.3.2.1.9 Patch
31555782 or later
|
Released October 2020
|
|
3.1.9 Oracle
GoldenGate Veridata
Error
Correction information for Oracle GoldenGate Veridata
|
Component
|
12.2.1
|
12.1.3
|
11.2.1.0
|
Comments
|
|
Final CPU
|
July 2025
|
July 2022
|
October 2020
|
|
Patch
Availability for Oracle GoldenGate Veridata
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1
|
OGG Veridata Bundle Patch
12.2.1.4.200714 (PS4 BP2) (Server+Agent) Patch
31044508
|
Released July 2020
|
|
|
12.1.3
|
ORACLE GOLDENGATE VERIDATA
V12.1.3.0.180415 SERVER Patch
26424104
|
Released April, 2018
|
|
|
11.2.1.0
|
oracle goldengate veridata v11.2.1.0.2 java agent - Patch
27425665
oracle goldengate veridata v11.2.1.0.2 server - Patch
27425668
|
Released April 2018
|
Golden Gate Veridata Patch
|
3.1.10 Oracle
NoSQL Database
Minimum
Product Requirements for Oracle NoSQL Database
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle NoSQL Database
downloads and installation instructions can be found at https://www.oracle.com/database/technologies/nosql-database-server-downloads.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle NoSQL Database
|
21.1.12
|
CVE-2021-34558, CVE-2021-21409
|
|
3.1.11 Oracle
Secure Backup
Error
Correction information for Oracle Secure Backup
|
Patch Information
|
18.1
|
Comments
|
|
Final CPU
|
January 2024
|
|
Minimum
Product Requirements for Oracle Secure Backup
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Secure Backup
downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Secure Backup
|
18.1.0.1
|
CVE-2021-3450, CVE-2021-3449,
CVE-2021-21702, CVE-2020-7065, CVE-2020-7071
|
|
3.1.12 Oracle
Spatial Studio
Minimum
Product Requirements for Oracle Spatial Studio
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Spatial Studio
downloads and installation instructions can be found at
https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Spatial Studio
|
21.1.0
|
CVE-2021-29425, CVE-2019-10086
|
|
3.1.13 Oracle
SQL Developer
Minimum
Product Requirements for Oracle SQL Developer
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle SQL Developer
downloads and installation instructions can be found at
https://www.oracle.com/tools/downloads/sqldev-downloads.html
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle SQL Developer
|
21.2.1.204.1703
|
CVE-2021-27807
|
|
3.1.14 Oracle
Stream Analytics
Minimum
Product Requirements for Oracle Stream Analytics
Critical Patch Update security
vulnerabilities are fixed in the listed releases. The Oracle Stream
Analytics downloads and installation instructions can be found at
https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html
|
Product
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Stream Analytics
|
19.1.0.0.1 Patch
30629903
|
Released July 2020
|
|
3.1.15 Oracle TimesTen In-Memory
Database
Error
Correction information for Oracle TimesTen In-Memory Database
Describes Error Correction
information for Oracle TimesTen In-Memory Database.
|
Patch Information
|
18.1
|
Comments
|
|
Final Patch
|
April 2026
|
|
Minimum
Product Requirements for Oracle TimesTen In-Memory Database
Describes the minimum product
requirements for Oracle TimesTen In-Memory Database. The CPU security
vulnerabilities are fixed in the listed release and later releases.
|
Product
|
Release
|
Advisory Number
|
Comments
|
|
Oracle TimesTen In-Memory Database
|
18.1.4.1.0 or later version
|
Released October 2020
|
|
3.1.16 Oracle Essbase
Error
Correction information for Oracle Essbase
Describes Error Correction
information for Oracle Essbase.
|
Patch Information
|
21.c
|
Comments
|
|
Final Patch
|
July 2025
|
|
Minimum
Product Requirements for Oracle Essbase
Describes the minimum product
requirements for Oracle Essbase. The CPU security vulnerabilities are fixed
in the listed release and later releases.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
21.x
|
21.2.0.0.0 ORACLE ESSBASE RELEASE
UPDATE Patch
31949360
|
Released July 2021
|
|
3.2 Oracle Enterprise
Manager
This section contains the
following:
·
Section 3.2.1
"Oracle Real User Experience Insight"
·
Section 3.2.2
"Oracle Application Testing Suite"
·
Section 3.2.3
"Oracle Business Transaction Management"
·
Section 3.2.4
"Oracle Enterprise Manager Cloud Control"
·
Section 3.2.5
"Oracle Enterprise Manager Ops Center"
·
Section 3.2.6
"OSS Support Tools"
·
Section 3.2.7
"Oracle Configuration Manager"
3.2.1 Oracle Real User
Experience Insight
Error
Correction information for Oracle Real User Experience Insight
|
Patch Information
|
13.4.1.0
|
Comments
|
|
Final CPU
|
July 2022
|
|
|
On-Request platforms
|
-
|
|
Minimum
Product Requirements for Oracle Real User Experience Insight
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For more information on
Oracle Real User Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Real User Experience Insight 13.4.1.0
|
-
|
-
|
There have been no quarterly patches
released so far for Real User Experience Insight 13.4.1.0
|
3.2.2 Oracle
Application Testing Suite
Error
Correction information for Oracle Application Testing Suite
|
Patch Information
|
13.3.0.1
|
Comments
|
|
Final CPU
|
June 2025
|
|
Patch
Availability for Oracle Application Testing Suite
These patches contain Critical
Patch Update security vulnerabilities fixes for this release. All previous
versions will need to be upgraded to the minimum version. Then, apply the
following patches to fix the announced security vulnerabilities. For Oracle
Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
3.2.3 Oracle Business
Transaction Management
Error
Correction Information for Oracle Business Transaction Management
|
Component
|
12.1.0.7
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Business Transaction Management
|
Product Home
|
Patch
|
Advisory Number
|
Comment
|
|
BTM Home
|
BTM Patch 12.1.0.7.15 Patch
29135901
|
Released April 2019
|
|
3.2.4 Oracle
Enterprise Manager Cloud Control
Error Correction information for
Oracle Enterprise Manager Cloud Control
|
Patch Information
|
13.5.0.0
|
13.4.0.0
|
Comments
|
|
Final CPU
|
October 2026
|
April 2022
|
Note 1595197.1 Lifetime
Support and Support Policies for Oracle Enterprise Manager
|
|
On-Request platforms
|
-
|
-
|
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 5
(13.5.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch Repository Database of Oracle
Enterprise Manager
|
|
Oracle Java SE home
|
Oracle JDK 8 Update 311 Patch
33416537 or later for Linux, Windows and Solaris
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 2776765.1 EM
13.5: How to Use the Latest Certified JDK 8 Update with OMS 13.5
If your plans include updating the JDK version, please be sure that the
JDK version that you choose is certified with your Oracle Enterprise
Manager Cloud Control Component.
|
|
Base Platform OMS home
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
Update OPatch 13.9.4.2.6 Patch
28186730 before applying the WLS PSU.
See Note 1587524.1 Using
OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.
|
|
Base Platform OMS home
|
Enterprise Manager 13c Release 5
Update 1 (13.5.0.1) for OMS Patch
32835392 or later
|
CVE-2021-2137
|
|
|
Base Platform Agent home
|
Enterprise Manager 13c Release 5
Update 1 (13.5.0.1) for Agent Patch
32924765 or later
|
CVE-2021-2137
|
|
|
Base Platform OMS home
|
WLS PATCH SET UPDATE 12.2.1.4.210930 Patch
33416868 or later
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2020-7226, CVE-2019-12400, CVE-2021-35552,
CVE-2020-11022
|
CVE-2021-35617 - Resolution of this
CVE requires installation of both the WebLogic Server PSU and the
Coherence patch
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
Base Platform OMS home
|
Coherence 12.2.1.4.0 Cumulative Patch
11 Patch
33286160 or later
|
|
CVE-2021-35617 - Resolution of this
CVE requires installation of both the WebLogic Server PSU and the
Coherence patch
|
|
Base Platform OMS home
|
FMW PLATFORM 12.2.1.4.0 SPU FOR
APRCPU2021 Patch
33093748 or later
|
Released April 2021
|
|
|
Base Platform OMS home
|
FMW COMMON THIRDPARTY SPU 12.2.1.4.0
FOR APRIL2021CPU Patch
32880070 or later
|
Released April 2021
|
See Note 2768441.1 Details
for Oracle Fusion Middleware Third-Party Component Updates
|
|
Base Platform OMS home
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0
JULY CPU 2020 Patch
31544353 or later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for
details on ADR and Applicability of this patch.
|
|
Base Platform OMS home
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.4.210826 Patch
33283762 or later
|
CVE-2020-1971, CVE-2018-20843
|
Note 2743971.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Base Platform OMS home
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch
32575741 or later
|
Released April 2021
|
Oracle Security Service (SSL/Network)
Patch for Oracle HTTP server (OHS)
|
|
Base Platform OMS home
|
OPSS BUNDLE PATCH 12.2.1.4.210418 Patch
32784652 or later
|
Released April 2021
|
|
|
Base Platform OMS home
|
ADF BUNDLE PATCH 12.2.1.4.210706 Patch
33084721 or later
|
Released July 2021
|
|
|
Base Platform OMS home
|
WebCenter Core Bundle Patch
12.2.1.4.200526 Patch
31403376 or later
|
Released July 2020
|
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 4
(13.4.0.0)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Base Platform Repository home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch Repository Database of Oracle
Enterprise Manager
|
|
Oracle Java SE home
|
Oracle JDK 8 Update 311 Patch
33416537 or later for Linux, Windows and Solaris
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 2653847.1 EM
13.4: How to Use the Latest Certified JDK 8 Update with OMS 13.4
If your plans include updating the JDK version, please be sure that the
JDK version that you choose is certified with your Oracle Enterprise
Manager Cloud Control Component.
|
|
Base Platform OMS home
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
Update OPatch 13.9.4.2.6 Patch
28186730 before applying the WLS PSU.
See Note 1587524.1 Using
OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.
|
|
Base Platform OMS home
|
WLS PATCH SET UPDATE 12.2.1.3.210929 Patch
33412599 or later
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2021-35552, CVE-2020-11022
|
CVE-2021-35617 - Resolution of this
CVE requires installation of both the WebLogic Server PSU and the Coherence
patch
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
Base Platform OMS home
|
Coherence 12.2.1.3 Cumulative Patch
16 Patch
33286132 or later
|
|
CVE-2021-35617 - Resolution of this
CVE requires installation of both the WebLogic Server PSU and the
Coherence patch
|
|
Base Platform OMS home
|
FMW Platform 12.2.1.3.0 SPU FOR
AprCPU2021 Patch
32982708 or later
|
Released April 2021
|
|
|
Base Platform OMS home
|
FMW COMMON THIRD PARTY SPU 12.2.1.3.0
FOR APRIL2021CPU Patch
32910589 or later
|
Released April 2021
|
See Note 2768441.1 Details
for Oracle Fusion Middleware Third-Party Component Updates
|
|
Base Platform OMS home
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0
JULY CPU 2020 Patch
31544340 or later
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for
details on ADR and Applicability of this patch.
|
|
Base Platform OMS home
|
Oracle WebLogic Server 12.2.1.3.0 Patch
33235201 or later
|
Released July 2021
|
Patch
33235201 replaces Patch 29738020. See Note 2568304.1 for
more details.
|
|
Base Platform OMS home
|
Enterprise Manager for Peoplesoft
13.4.1.1.0 Patch for CPUOct2020 Patch
31795605
|
Released October 2020
|
|
|
Base Platform Agent home
|
Enterprise Manager 13c Release 4
Platform Update 13 (13.4.0.13) for Agent Patch
33179516 or later
|
CVE-2021-2137
|
For CVE-2020-10878, upgrade to
Enterprise Manager 13c Release 5
|
|
Base Platform Agent home
|
Enterprise Manager for Beacon 13c
Release 4 Plug-in Update 12 (13.4.0.12) for Agent Patch
33072895 or later
|
Released July 2021
|
|
|
Base Platform Agent home
|
Enterprise Manager for Virtualization
13c Release 4 Plug-in Update 10 (13.4.1.10) for Agent (Discovery) Patch
32352393 or later
|
Released April 2021
|
|
|
Base Platform OMS home
|
Enterprise Manager 13c Release 4 Update
13 (13.4.0.13) for OMS Patch
33177978 or later
|
CVE-2021-2137
|
For CVE-2020-10878, upgrade to
Enterprise Manager 13c Release 5
|
|
Base Platform OMS home
|
Latest Oracle Cluster Verification
Utility Release Patch
16766985 or later
|
CVE-2021-20227
|
Follow the steps provided in Note 2628009.1 How
to Update the CVU for EM Cloud Control 13c
|
|
Base Platform OMS home
|
ADF BUNDLE PATCH 12.2.1.3.201007 Patch
31985811 or later
|
Released October 2020
|
|
|
Base Platform OMS home
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.3.210826 Patch
33283753 or later
|
CVE-2018-20843
|
Note 2568225.1Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Base Platform OMS home
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch
31971994 or later
|
Released April 2021
|
Oracle Security Service (SSL/Network)
Patch for Oracle HTTP server (OHS)
|
|
Base Platform OMS home
|
ONS 12.2.1.3.0 SPU Patch Patch
27323998 or later
|
Released July 2018
|
For the WLS Plug-In installed with
OHS
|
|
Base Platform OMS home
|
OBI BUNDLE PATCH 12.2.1.3.210915 Patch
33358811 or later
|
CVE-2021-30468, CVE-2021-23841
|
|
|
Base Platform OMS home
|
OHT SPU 12.2.1.3.0 Patch
31613012 or later
|
Released July 2020
|
|
|
Base Platform OMS home
|
WebCenter Core Bundle Patch
12.2.1.3.200519 Patch
31403333 or later
|
Released July 2020
|
|
|
EM Cloud Control Connectors
|
Upgrade to Enterprise Manager
Connectors 13.2.2.0.0 or later
|
Released January 2021
|
See Announcement on
MOSC
Connector 13.2.1.0 is applicable to EM 13.4
|
3.2.5 Oracle
Enterprise Manager Ops Center
Error
Correction information for Oracle Enterprise Manager Ops Center
|
Patch Information
|
12.4.0
|
Comments
|
|
Final CPU
|
April 2024
|
Premier Support ends
|
Patch
Availability for Oracle Enterprise Manager Ops Center
These patches contain Critical
Patch Update security vulnerabilities fixes for this release. All previous
versions will need to be upgraded to the minimum version. Then, apply the
following patches to fix the announced security vulnerabilities. For Oracle
Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
|
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
|
12.4.0
|
Ops Center UCE patches for Oct 2021 Patch
33352383 or later
|
CVE-2021-26691, CVE-2021-3518
|
|
|
12.4.0
|
Ops Center UI/Other patches for Oct
2021 Patch
33352410 or later
|
CVE-2021-29505, CVE-2021-21345
|
|
3.2.6 OSS
Support Tools
Error
Correction information for OSS Support Tools
|
Patch Information
|
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for OSS Support Tools
|
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
|
|
|
|
See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP,
ACT
|
3.2.7 Oracle
Configuration Manager
Minimum
Product Requirements for Oracle Configuration Manager
Critical Patch Update security
vulnerabilities are fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS
(support.oracle.com). Customer can use collector tab to down the Oracle
Configuration Manager Collector.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle Configuration Manager
|
OCM 12.1.2.0.8 Patch
5567658 or later
|
Released July 2021
|
Upgrade to 12.1.2.0.8 Release
|
3.3 Oracle Fusion
Middleware
This section contains the
following:
·
Section 3.3.1
"Management Pack For Oracle GoldenGate"
·
Section 3.3.2
"NetBeans IDE"
·
Section 3.3.3 "Oracle
Business Intelligence Enterprise Edition"
·
Section 3.3.4
"Oracle Business Intelligence Publisher"
·
Section 3.3.5
"Oracle Data Integrator"
·
Section 3.3.6
"Oracle Data Quality for Oracle Data Integrator"
·
Section 3.3.7
"Oracle Data Visualization Desktop"
·
Section 3.3.8
"Oracle Enterprise Data Quality"
·
Section 3.3.9
"Oracle Enterprise Repository"
·
Section 3.3.10
"Oracle Exalogic Patch Set Update (PSU)"
·
Section 3.3.11
"Oracle FMW Infrastructure"
·
Section 3.3.12
"Oracle Forms and Reports"
·
Section 3.3.13
"Oracle HTTP Server / Web-Tier"
·
Section 3.3.14
"Oracle Hyperion Analytic Provider Services"
·
Section 3.3.15
"Oracle Hyperion BI+"
·
Section 3.3.16
"Oracle Hyperion Data Relationship Management"
·
Section 3.3.17
"Oracle Hyperion Enterprise Performance Management Architect"
·
Section 3.3.18
"Oracle Hyperion Essbase"
·
Section 3.3.19
"Oracle Hyperion Financial Close Management"
·
Section 3.3.20
"Oracle Hyperion Financial Management"
·
Section 3.3.21
"Oracle Hyperion Financial Reporting"
·
Section 3.3.22
"Oracle Hyperion Infrastructure Technology"
·
Section 3.3.23
"Oracle Hyperion Lifecycle Management"
·
Section 3.3.24
"Oracle Hyperion Planning"
·
Section 3.3.25
"Oracle Hyperion Profitability and Cost Management"
·
Section 3.3.26
"Oracle Hyperion Strategic Finance"
·
Section 3.3.27
"Oracle Hyperion Workspace"
·
Section 3.3.28
"Oracle Identity and Access Management"
·
Section 3.3.29
"Oracle JDeveloper and Oracle ADF"
·
Section 3.3.30
"Oracle Map Viewer"
·
Section 3.3.31
"Oracle Outside In Technology"
·
Section 3.3.32
"Oracle Real Time Decisions Applications"
·
Section 3.3.33
"Oracle Real Time Decisions Platform"
·
Section 3.3.34
"Oracle Service Architecture Leveraging Tuxedo (SALT)"
·
Section 3.3.35
"Oracle SOA Suite"
·
Section 3.3.36
"Oracle Traffic Director"
·
Section 3.3.37
"Oracle Tuxedo"
·
Section 3.3.38
"Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)"
·
Section 3.3.39
"Oracle WebCenter"
·
Section 3.3.40
"Oracle WebCenter Sites (Formerly FatWire Content Server)"
·
Section 3.3.41
"Oracle WebCenter Sites Community"
·
Section 3.3.42
"Oracle WebLogic Portal"
·
Section 3.3.43
"Oracle WebLogic Server"
·
Section 3.3.44
"Oracle Coherence"
3.3.1 Oracle GoldenGate Monitor
(aka Management Pack for Oracle GoldenGate)
Error
Correction information for Oracle GoldenGate Monitor (aka Management Pack
for Oracle GoldenGate)
|
Patch Information
|
12.2.1
|
12.1.3.x
|
Comments
|
|
Final CPU
|
July 2025
|
July 2022
|
|
Patch
Availability for Management Pack For Oracle GoldenGate
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.2.0
|
Oracle GoldenGate Monitor
12.2.1.2.200930 (Server+Agent) Patch
31748559
|
Released October 2020
|
|
|
12.1.3
|
Monitor Server 12.1.3.0.160628 Patch
23340597
Monitor Agent 12.1.3.0.160628 Patch
23333295
|
Released June 2016
|
-
|
3.3.2 NetBeans IDE
Minimum
Product Requirements for NetBeans IDE
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For NetBeans IDE
downloads, see https://netbeans.org/downloads/
|
Product Home
|
Release
|
Advisory Number
|
Comments
|
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle Business
Intelligence Enterprise Edition
Error
Correction information for Oracle Business Intelligence Enterprise Edition
|
Patch Information
|
5.9.0.0.0
|
5.5.0.0.0
|
12.2.1.4.0
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
-
|
-
|
|
|
11.1.1.9.0 End of Error Correction
for Extended Support Customer only beyond Dec 2018
|
Patch
Availability for Oracle Analytics Server 5.9
Patch
Availability for Oracle Analytics Server 5.5 (Formerly known as Oracle
Business Intelligence)
Patch
Availability for Oracle Business Intelligence Enterprise Edition 12c
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used
with FMW 11g/12c Products
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Patch
Availability for Oracle Fusion Middleware Infrastructure 12.2.1.3"
|
See "Patch
Availability for Oracle Fusion Middleware Infrastructure 12.2.1.3"
|
For both OBIEE 12.2.1.4 and 12.2.1.3,
apply all patches listed for "Oracle Fusion Middleware
Infrastructure 12.2.1.3"
|
|
12.2.1.4 Oracle Business Intelligence
Enterprise Edition
|
OBI BUNDLE PATCH 12.2.1.4.210915 Patch
33358815 or later
|
CVE-2021-30468, CVE-2021-23841
|
|
|
12.2.1.4 Oracle Business Intelligence Enterprise
Edition
and
12.2.1.3 Oracle Business Intelligence Enterprise
Edition
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch
31971994 or later
|
Released April 2021
|
Oracle Security Service (SSL/Network) Patch
|
|
12.2.1.3 Oracle Business Intelligence
Enterprise Edition
|
OBI BUNDLE PATCH 12.2.1.3.210915 Patch
33358811 or later
|
CVE-2021-30468, CVE-2021-23841
|
|
Patch
Availability for Oracle Business Intelligence Enterprise Edition 11.1.1.9
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
|
Oracle Java SE home
Oracle JRockit 28.x home
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used
with FMW 11g/12c Products
|
|
Oracle WebLogic Server home
|
See "Oracle
WebLogic Server"
|
See "Oracle
WebLogic Server"
|
See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle
WebLogic Server (WLS)
|
|
11.1.1.9
|
BI Bundle Suite 11.1.1.9.210720 Patch
33032067 or later
|
Released July 2021
|
|
|
11.1.1.9
|
OSS BUNDLE PATCH 11.1.1.9.210420 Patch
32287205
|
Released April 2021
|
Note 2572809.1 Steps
to Evaluate and Update SSL Wallet
|
|
11.1.1.9
|
OPMN Patch
23716938 or later
OPMN (NATIVE) PATCH WITH MES 4.5 COMPLIANCE Patch
32928416
|
Released April 2021
|
Both OPMN 11.1.1.9 patches are required for
integration with OSS
See Note 2566042.1 SSL
Configuration Required to Secure OPMN 11.1.1.9
|
|
DAC 11.1.1.6.4 home
|
Patch
27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU for
apr2018cpu
|
Released April 2018
|
Patch can be installed in any home
|
3.3.4 Oracle Business
Intelligence Publisher
Error
Correction information for Oracle Business Intelligence Publisher
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
-
|
|
|
11.1.1.9.0 End of Error Correction
for Extended Support Customer only beyond Dec 2018
|
Patch
Availability for Oracle Business Intelligence Publisher
3.3.5 Oracle Data Integrator
Error
Correction information for Oracle Data Integrator
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
|
October 2021
|
October 2021
|
Note 1933372.1 Error
Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
Note 1290894.1 Error
Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
11.1.1.9.0 patches provided beyond Dec 2018 are for
Extended Support Customers only
|
Patch Availability for Oracle Data
Integrator 12.2.1.4
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle Data Integrator
|
ODIMP Bundle Patch 12.2.1.4.211011 Patch
33455953 or later
|
CVE-2020-25649
|
|
Patch Availability for Oracle Data
Integrator 12.2.1.3
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle Data Integrator
|
ODI Bundle Patch 12.2.1.3.210720 Patch
32835080 or later
|
Released July 2021
|
|
Patch Availability for Oracle Data
Integrator 11.1.1.9
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Data Integrator 11.1.1.9 home
(Colocated with WebLogic Server)
|
See "Oracle
Fusion Middleware Infrastructure 11.1.1.9"
|
|
Apply patches for WebLogic Server and
Middleware common components
|
|
ODI 11.1.1.9 Home
|
ODI Bundle Patch 11.1.1.9.210115 Patch
32137794 or later
|
Released April 2021
|
Oracle Data Integrator Patch
|
3.3.6 Oracle Data
Quality for Oracle Data Integrator
Error
Correction information for Oracle Data Quality for Oracle Data Integrator
|
Patch Information
|
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle Data Quality for Oracle Data Integrator
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.3.0
|
CPU Patch
21418574
|
Released July 2015
|
|
3.3.7 Oracle
Data Visualization Desktop
Error
Correction information for Oracle Data Visualization Desktop
|
Patch Information
|
12.2.4.1.1
|
Comments
|
|
Final CPU
|
-
|
|
Patch
availability for Oracle Data Visualization Desktop
3.3.8 Oracle
Enterprise Data Quality
Error
Correction information for Oracle Enterprise Data Quality
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
|
Patch
Availability for Oracle Enterprise Data Quality
|
Distribution / Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure"
|
|
Apply FMW infrastructure patches if
you have installed EDQ with WebLogic Server
|
|
Oracle Enterprise Data Quality
12.2.1.4
|
EDQ 12.2.1.4.0 CPU Jul 2021 Patch
33143748 or later
|
Released July 2021
|
|
|
Oracle Enterprise Data Quality
12.2.1.3
|
EDQ 12.2.1.3.0 CPU Jul 2021 Patch
33124541 or later
|
Released July 2021
|
|
|
Oracle Enterprise Data Quality
11.1.1.9
|
EDQ 11.1.1.9 Jan 2021 SPU Patch
32395356 or later
|
Released January 2021
|
|
3.3.9 Oracle
Enterprise Repository
Error
Correction information for Oracle Enterprise Repository
|
Patch Information
|
11.1.1.7
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Enterprise Repository
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7.0
|
OER 11.1.1.7.0 SPU for Oct 2021 Patch
33206715 or later
|
CVE-2021-36374
|
|
3.3.10 Oracle Exalogic
Patch Set Update (PSU)
Error
Correction information for Oracle Exalogic Patch Set Update (PSU)
|
Patch Information
|
2.x
|
1.x
|
Comments
|
|
Final CPU
|
-
|
-
|
|
Patch Set
Update Availability for Oracle Exalogic
|
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
|
2.x Physical
|
2.0.6.4.211019 Physical Linux (for all X2-2, X3-2,
X4-2, X5-2, and X6-2) Patch
33217537 or later
2.0.6.3.211019 Physical Solaris (for all X2-2, X3-2,
X4-2, and X5-2) Patch
33217537 or later
|
Released July 2021
|
See Note 1314535.1,
Announcing Exalogic PSUs (Patch Set Updates)
|
|
2.x Virtual
|
2.0.6.3.211019 Virtual (for all X2-2, X3-2, X4-2, X5-2,
and X6-2) Patch
33217538 or later
|
Released July 2021
|
See Note 1314535.1,
Announcing Exalogic PSUs (Patch Set Updates)
|
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013 (15931901)
|
See Patch
13795376 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT
(V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch
15931901 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for
Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
3.3.11 Oracle FMW
Infrastructure
This section contains the
following:
·
Section 3.3.11.1
"Error Correction information for Oracle Fusion Middleware
Infrastructure"
·
Section 3.3.11.2
"Patch Availability for Oracle Fusion Middleware Infrastructure
12.2.1.4"
·
Section 3.3.11.3
"Patch Availability for Oracle Fusion Middleware Infrastructure
12.2.1.3"
·
Section 3.3.11.4
"Patch Availability for Oracle Fusion Middleware Infrastructure
11.1.1.9"
3.3.11.1 Error
Correction Information for Oracle Fusion Middleware Infrastructure
Error
Correction information for Oracle Fusion Middleware Infrastructure
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
|
October 2021
|
October 2021
|
See Note 1933372.1,
Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
See Note 1290894.1,
Error Correction Support Dates for Oracle Fusion Middleware 11g
(11.1.1/11.1.2)
|
|
On-Request platforms
|
-
|
|
AIX, HP-UX Itanium, and Windows are
on request.
|
Note: 11.1.1.9.0 patches provided
beyond Dec 2018 are for Extended Support Customers only
|
3.3.11.2 Patch
Availability for Oracle Fusion Middleware Infrastructure 12.2.1.4
Note: The patches and guidance
below are common to all Oracle Fusion Middleware (FMW) products installed
(colocated) with an FMW 12.2.1.4 Infrastructure. Ensure to also follow the
tables within this document for all FMW products you have installed with the
FMW 12.2.1.4 Infrastructure.
|
Product / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any Database SERVER associated with a Fusion
Middleware installation. If any CLIENT side patching is required in the
FMW home, there will be a separate row below.
|
|
Java home
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris.
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
Oracle WebLogic Server
|
Download and apply the SPB or individual patches
listed within the section, "Oracle
WebLogic Server 12.2.1.4"
Then, apply the patches below for the remaining FMW
Infrastructure components:
|
See "Oracle
WebLogic Server 12.2.1.4"
|
If using Identity and Access Management, refer to Oracle Identity
and Access Management 12.2.1.4. The IDM Stack Patch Bundle
includes all FMW Infrastructure and WLS patches.
|
|
Application Development Framework
(ADF)
|
ADF Bundle Patch 12.2.1.4.210706 Patch
33084721 or later
|
Released July 2021
|
|
|
FMW Third-Party Jars
|
FMW COMMON THIRD PARTY SPU 12.2.1.4.0
FOR APRIL2021CPU Patch
32880070 or later
|
Released April 2021
|
See Note 2768441.1 Details
for Oracle Fusion Middleware Third-Party Component Updates
|
|
Oracle Platform Security Services
(OPSS)
|
OPSS BUNDLE PATCH 12.2.1.4.210418 Patch
32784652 or later
|
Released April 2021
|
|
|
FMW Control
|
FMW Control SPU Patch Patch
30613424
|
Released April 2021
|
|
|
WebCenter Core
|
WebCenter Core Bundle Patch
12.2.1.4.200526 Patch
31403376 or later
|
Released July 2020
|
|
3.3.11.3 Patch
Availability for Oracle Fusion Middleware Infrastructure 12.2.1.3
Note: The patches and guidance
below are common to all Oracle Fusion Middleware (FMW) products installed
(colocated) with an FMW 12.2.1.3 Infrastructure. Ensure to also follow the
tables within this document for all FMW products you have installed with
the FMW 12.2.1.3 Infrastructure.
|
Product / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any Database SERVER associated with a Fusion
Middleware installation. If any CLIENT side patching is required in the
FMW home, there will be a separate row below.
|
|
Java home
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris.
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
Oracle WebLogic Server
|
Download and apply the SPB or individual patches
listed within the section, "Oracle
WebLogic Server 12.2.1.3"
Then, apply the patches below for the remaining FMW
Infrastructure components:
|
See "Oracle
WebLogic Server 12.2.1.3"
|
If using Identity and Access Management, refer to Oracle Identity
and Access Management 12.2.1.3. The IDM Stack Patch Bundle
includes all FMW Infrastructure and WLS patches.
|
|
FMW Third-Party Jars
|
FMW COMMON THIRD PARTY SPU 12.2.1.3.0
FOR APRIL2021CPU Patch
32910589 or later
|
Released April 2021
|
See Note 2768441.1 Details
for Oracle Fusion Middleware Third-Party Component Updates
|
|
Oracle Platform Security Services
(OPSS)
|
OPSS Bundle Patch 12.2.1.3.210420 Patch
32397127 or later
|
Released April 2021
|
|
|
Application Development Framework
(ADF)
|
ADF BUNDLE PATCH 12.2.1.3.201007 Patch
31985811 or later
|
Released October 2020
|
Apply to all Oracle homes installed
with an FMW Infrastructure
|
|
Oracle Help Technologies (OHT)
|
OHT SPU 12.2.1.3.0 Patch
31613012 or later
|
Released July 2020
|
|
|
WebCenter Core
|
WebCenter Core Bundle Patch
12.2.1.3.200519 Patch
31403333 or later
|
Released July 2020
|
|
3.3.11.4 Patch
Availability for Oracle Fusion Middleware Infrastructure 11.1.1.9
Note: The patches and guidance
below are common to all Oracle Fusion Middleware (FMW) products installed
in a Middleware home with Oracle WebLogic Server 10.3.6. Ensure to also
follow the tables within this document for all FMW products you have
installed in this Middleware home.
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database home
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any Database SERVER associated with a Fusion
Middleware installation. If any CLIENT side patching is required in the
FMW home, there will be a separate row below.
|
|
Java home
|
Java SE 7 Update 321 Patch
33416555
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
Oracle WebLogic Server home
|
See "Oracle
WebLogic Server 10.3.6"
|
See "Oracle
WebLogic Server 10.3.6"
|
See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle
WebLogic Server (WLS)
|
|
Middleware 11.1.1.9 ORACLE_COMMON
home
|
JRF 11.1.1.9.0 SPU APR21 Patch
32910651 or later
|
Released April 2021
|
Java Required Files (JRF) patch
|
|
Middleware 11.1.1.9 ORACLE_COMMON
home
|
OPSS Bundle Patch 11.1.1.9.210420 Patch
32636808 or later
|
Released April 2021
|
Oracle Platform Security Services
(OPSS) patch
|
|
Middleware 11.1.1.9 ORACLE_COMMON
home
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2020 Patch
31985571 or later
|
Released October 2020
|
Application Development Framework
(ADF) patch
|
|
Middleware 11.1.1.9 ORACLE_COMMON
home
|
OHT SPU 11.1.1.9.0 Patch
28097644 or later
|
Released July 2020
|
Oracle Help Technologies (OHT) patch
|
|
Middleware 11.1.1.9 ORACLE_COMMON
home
|
WEB SERVICES BP Patch
24580895 or later
|
Released October 2016
|
Oracle Web Services Manager (OWSM)
patch
|
|
Middleware 11.1.1.9 ORACLE_COMMON
home
|
Enterprise Manager for Fusion
Middleware SPU Patch
22567790 or later
|
Released July 2016
|
FMW Control patch
|
3.3.12 Oracle Forms and
Reports
Error
Correction information for Oracle Forms and Reports
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
Comments
|
|
Final CPU
|
|
October 2021
|
Note 1933372.1 Error
Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
|
Patch Availability for Oracle Forms and Reports 12.2.1.4
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle Reports
|
Oracle Reports Developer 12.2.1.4.0
SPU Patch
30731161 or later
|
Released January 2020
|
|
|
Oracle HTTP server (OHS)
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.4.210826 Patch
33283762 or later
|
CVE-2020-1971, CVE-2018-20843
|
Note 2743971.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch
32575741 or later
|
Released April 2021
|
|
Patch Availability for Oracle Forms
and Reports 12.2.1.3
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle Forms
|
Forms 12.2.1.3.0 SPU Patch
30410629 or later
|
Released October 2019
|
|
|
Oracle Reports
|
Reports Developer 12.2.1.3 SPU Patch
30731147 or later
|
Released January 2020
|
|
|
Oracle HTTP Server (OHS)
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.3.210826 Patch
33283753 or later
|
CVE-2018-20843
|
Note 2568225.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch
31971994 or later
|
Released April 2021
|
|
|
Oracle Access Manager (OAM) WebGate
|
OAM WebGate Bundle Patch
12.2.1.3.200813 Patch
31750289 or later
|
Released October 2020
|
|
|
Oracle Notification Server (ONS)
|
ONS 12.2.1.3.0 SPU Patch Patch
27323998 or later
|
Released July 2018
|
For the WLS Plug-In installed with
OHS
|
3.3.13 Oracle HTTP
Server / Web-Tier
This section contains the
following:
·
Section 3.3.13.1
"Error Correction information for Oracle HTTP Server"
·
Section 3.3.13.2
"Patch Availability for Oracle HTTP Server 12.2.1.4 (Colocated
with FMW Infrastructure)"
·
Section 3.3.13.3
"Patch Availability for Oracle HTTP Server
12.2.1.4 (Standalone)"
·
Section 3.3.13.4
"Patch Availability for Oracle HTTP server 12.2.1.3 (Colocated
with FMW Infrastructure)"
·
Section 3.3.13.5
"Patch Availability for Oracle HTTP Server 12.2.1.3 (Standalone)"
·
Section 3.3.13.6
"Patch Availability for Web-Tier 11.1.1.9 (Oracle HTTP Server)"
3.3.13.1 Error
Correction Information for Oracle HTTP Server / Web-Tier
Error
Correction information for Oracle HTTP Server / Web-Tier
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
Note 1933372.1 Error
Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
Note 1290894.1 Error
Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
11.1.1.9.0 patches provided beyond Dec 2018 are for
Extended Support Customers only
|
|
On-Request platforms
|
|
|
AIX, HP-UX Itanium, and Windows are
on request.
|
|
3.3.13.2 Patch
Availability for Oracle HTTP Server 12.2.1.4 (Colocated with FMW
Infrastructure)
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.4.210826 Patch
33283762 or later
|
CVE-2020-1971, CVE-2018-20843
|
Note 2743971.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch
32575741 or later
|
Released April 2021
|
|
3.3.13.3 Patch
Availability for Oracle HTTP Server 12.2.1.4 (Standalone)
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Java home
|
Java SE 8 Update 311 Patch
18143322 for Linux, Windows, and Solaris.
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1 How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
OPatch home
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
Upgrade OPatch before installing
patches
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.4.210826 Patch
33283762 or later
|
CVE-2020-1971, CVE-2018-20843
|
Note 2743971.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.4.210302 Patch
32575741 or later
|
Released April 2021
|
|
|
Node Manager and WLST
|
WLS PATCH SET UPDATE 12.2.1.4.210930 Patch
33416868 or later
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2020-7226, CVE-2019-12400, CVE-2021-35552,
CVE-2020-11022
|
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
FMW Platform
|
FMW PLATFORM 12.2.1.4.0 SPU FOR
APRCPU2021 Patch
33093748 or later
|
Released April 2021
|
|
|
FMW Third-Party Jars
|
FMW COMMON THIRD PARTY SPU 12.2.1.4.0
FOR APRIL2021CPU Patch
32880070 or later
|
Released April 2021
|
See Note 2768441.1 Details
for Oracle Fusion Middleware Third-Party Component Updates
|
3.3.13.4 Patch
Availability for Oracle HTTP Server 12.2.1.3 (Colocated with FMW
Infrastructure)
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.3.210826 Patch
33283753 or later
|
CVE-2018-20843
|
See Note 2568225.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch
31971994 or later
|
Released April 2021
|
|
|
Oracle Access Manager (OAM) WebGate
|
OAM WebGate Bundle Patch
12.2.1.3.200813 Patch
31750289 or later
|
Released October 2020
|
|
|
Oracle Notification Server (ONS)
|
ONS 12.2.1.3.0 SPU Patch Patch
27323998 or later
|
Released July 2018
|
For the WLS Plug-In installed with
OHS
|
3.3.13.5 Patch
Availability for Oracle HTTP Server 12.2.1.3 (Standalone)
|
Distribution / Component
|
Patches
|
Advisory Number
|
Comments
|
|
Java home
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris.
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1 How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
OPatch home
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
Upgrade OPatch before installing
patches
|
|
Oracle HTTP Server
|
OHS (NATIVE) BUNDLE PATCH
12.2.1.3.210826 Patch
33283753 or later
|
CVE-2018-20843
|
See Note 2568225.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
|
|
Oracle Security Services (OSS)
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch
31971994 or later
|
Released April 2021
|
|
|
Node Manager and WLST
|
WLS PATCH SET UPDATE 12.2.1.3.210929 Patch
33412599 or later
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2021-35552, CVE-2020-11022
|
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
FMW Platform
|
FMW Platform 12.2.1.3.0 SPU FOR
AprCPU2021 Patch
32982708 or later
|
Released April 2021
|
|
|
FMW Third-Party Jars
|
FMW COMMON THIRD PARTY SPU 12.2.1.3.0
FOR APRIL2021CPU Patch
32910589 or later
|
Released April 2021
|
See Note 2768441.1 Details
for Oracle Fusion Middleware Third-Party Component Updates
|
|
Oracle Access Manager (OAM) WebGate
|
OAM WebGate Bundle Patch
12.2.1.3.200813 Patch
31750289 or later
|
Released October 2020
|
|
|
Oracle Notification Server (ONS)
|
ONS 12.2.1.3.0 SPU Patch Patch
27323998 or later
|
Released July 2018
|
For the WLS Plug-In installed with
OHS
|
3.3.13.6 Patch
Availability for Web-Tier 11.1.1.9 (Oracle HTTP Server)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Web-Tier 11.1.1.9 home
(Colocated with WebLogic Server)
|
See "Oracle
Fusion Middleware Infrastructure 11.1.1.9"
|
|
Apply patches for WebLogic Server and
Middleware common components
|
|
Oracle Web-Tier 11.1.1.9 home
|
OHS 11.1.1.9.0 SPU FOR OCTCPU2021Patch
33311587 or later
|
CVE-2021-35666, CVE-2021-2480
|
Oracle HTTP Server Patch
See Note 2626956.1 Cumulative
README Post-Install Steps for Oracle HTTP Server 11.1.1.9 Critical Patch
Update
|
|
Oracle Web Tier 11.1.1.9 home
|
WLS PROXY PLUG-IN FOR OHS 11.1.1.9.0
SPU FOR APRCPU2021 Patch
33144848 or later
|
Released April 2021
|
|
|
Oracle Web-Tier 11.1.1.9 home
|
OSS BUNDLE PATCH 11.1.1.9.210420 Patch
32287205 or later
|
Released April 2021
|
Oracle Security Services (OSS) patch for OHS SSL
See Note 2572809.1 Steps
to Evaluate and Update SSL Wallet
|
|
Oracle Web-Tier 11.1.1.9 home
|
OAM WEBGATE BUNDLE PATCH
11.1.2.3.210825Patch
33290860 or later
|
Released April 2021
|
OAM WebGate 11.1.2.3 patch
This is an optional installation from the Oracle
Access Manager (OAM) 11.1.2.3 media.
|
|
Oracle Web-Tier 11.1.1.9 home
|
Oracle Web Cache SPU 11.1.1.9.0 CPU
OCT2021 Patch
33442931 or later
|
Released April 2021
|
Web Cache Patch
See Note 2095166.1 Oracle
Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU
January 2016 and Note 2494468.1 How
to Disable ESI in Oracle Web Cache
|
|
Oracle Web-Tier 11.1.1.9 home
|
OPMN Patch
23716938 or later
OPMN (NATIVE) PATCH WITH MES 4.5 COMPLIANCE Patch
32928416 or later
|
Released April 2021
|
Both 11.1.1.9 required patch for integration with OSS
Note 2566042.1 SSL
Configuration Required to Secure OPMN 11.1.1.9
|
|
Oracle Web-Tier 11.1.1.9 home
|
DB PSU Patch
22290164 or later for Unix
DB BP Patch
22607089 or later for Windows 32-Bit
DB BP Patch
22607090 or later for Windows x64
|
Released January 2016
|
Oracle Database Client 11.1.0.7 patch
for FMW 11.1.1.x/11.1.2.x only
|
3.3.14 Oracle Hyperion Analytic
Provider Services
Error
Correction information for Oracle Hyperion Analytic Provider Services
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Analytic Provider Services
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.4
|
See Note 2769474.1 How
To Remove Analytic Provider Services from Oracle Business Intelligence /
Fusion Middleware 12.2.1.4
|
Released April 2021
|
|
|
11.1.2.4
|
11.1.2.4.043 PSU Patch
32770793
|
Released April 2021
|
|
|
11.1.2.3
|
SPU Patch
20184072
SPU Patch
20184082
|
Released October 2015
|
|
|
11.1.2.2
|
SPU Patch
18148649
|
Released July 2014
|
|
3.3.15 Oracle Hyperion
BI+
Error
Correction information for Oracle Hyperion BI+
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion BI+
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2 Home
|
The issue has been addressed in the latest releases:
11.1.2.4.900 and 11.2.*.
Customers on the prior releases are recommended to
upgrade to the latest releases. An upgrade path for release 11.1.2.4 is
described in the Oracle Enterprise
Performance Management System Release 11.2.2.0.000 Readme
|
Released October 2020
|
IQR-Foundation service
|
3.3.16 Oracle Hyperion
Data Relationship Management
Error
Correction information for Oracle Hyperion Data Relationship Management
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Data Relationship Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
Hyperion Data Relationship Management
11.1.2.4.347 PSU; Patch
28818149
|
Released October 2019
|
|
3.3.17 Oracle Hyperion
Enterprise Performance Management Architect
Error
Correction information for Oracle Hyperion Enterprise Performance
Management Architect
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Enterprise Performance Management
Architect
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.3
|
SPU Patch
19466859
SPU Patch
20929659
|
Released July 2015
|
|
|
11.1.2.2
|
SPU On-Request
|
Released July 2015
|
|
3.3.18 Oracle Hyperion
Essbase
Error
Correction information for Oracle Hyperion Essbase
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Essbase
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
11.1.2.4.046 PSU Patch
33266816 (Essbase Server)
11.1.2.4.046 PSU Patch
33266820 (Essbase Client)
11.1.2.4.046 PSU Patch
33266818 (Essbase MSI Client)
11.1.2.4.046 PSU Patch
33266809 (Essbase Runtime Client)
11.1.2.4.046 PSU Patch
33266804 (Analytic Provider Services)
11.1.2.4.046 PSU Patch
33266835 (Essbase Administration Services Server)
11.1.2.4.046 PSU Patch
33266828 (Essbase Administration Services MSI Client)
|
Released October 2021
|
|
|
11.1.2.3
|
11.1.2.3.508 PSU Patch
22347375 (RTC)
11.1.2.3.508 PSU Patch
22347367 (Client)
11.1.2.3.508 PSU Patch
22314799 (Server)
|
Released April 2017
|
|
|
11.1.2.2
|
Upgrade to Hyperion Essbase 11.1.2.3, then apply the
patches listed above
|
Released July 2015
|
|
3.3.19 Oracle Hyperion
Financial Close Management
Error
Correction details for Oracle Hyperion Financial Close Management
|
Patch Information
|
11.1.2..x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Financial Close Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
PSU 11.1.2.4.253 Patch
29060830
|
Released July 2019
|
|
|
11.1.2.4
|
JDev ADF Patch
31246831
|
Released July 2020
|
To obtain JDev ADF patch 31246831
download EPM Patch
32740400
|
3.3.20 Oracle Hyperion
Financial Management
Error
Correction information for Oracle Hyperion Financial Management
|
Patch Information
|
11.1.2.0
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Financial Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.0
|
SPU Patch Patch
28314691
|
Released October 2018
|
Hyperion Shared Service Patch for
Common Events Service used by Hyperion Financial Management
|
|
11.1.2.4
|
The issue has been addressed in the
latest releases: 11.2.*.
Customers on the prior releases are recommended to upgrade to the latest
releases. An upgrade path for release 11.1.2.4 is described in the Oracle
Enterprise Performance Management System Release 11.2.2.0.000 Readme
|
Released April 2021
|
|
|
11.1.2.4 & 11.2
|
The issue has been addressed in the
latest release: 11.2.7.0.000
Customers on the prior releases are recommended to upgrade to the latest
release.
|
CVE-2021-29425
|
|
3.3.21 Oracle Hyperion
Financial Reporting
Error
Correction information for Oracle Hyperion Financial Reporting
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Financial Reporting
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2
|
Jdev 11.1.1.7.1 SPU Patch
27457998
|
Released July 2018
|
Jdev ADF Patch needs to be applied to
Hyperion Financial Reporting Home. To obtain JDev patch 27457998,
download EPM Patch
32751717.
|
|
11.1.2.4
|
PSU 11.1.2.4.712 Patch
30670918
PSU 11.1.2.4.902 Patch
30670918
|
Released April 2021
|
January Advisery CVE fixes are
available in 11.2.x release and customers are recommended to upgrade.
Hyperion downloads are available here
|
|
11.1.2.4
|
The issue has been addressed in the latest release:
11.2.6
Customers on the prior releases are recommended to
upgrade to the latest releases. An upgrade path for release 11.1.2.4 is
described in the latest Oracle Enterprise Performance Management System
Release 11.2.x Readme
|
Released July 2021
|
|
|
11.2
|
The issue has been addressed in the latest releases:
11.2.7.0.000
Customers on the prior releases are recommended to
upgrade to the latest release.
|
CVE-2021-35665, CVE-2021-27906
|
|
3.3.22 Oracle Hyperion
Infrastructure Technology
Error
Correction information for Oracle Hyperion Infrastructure Technology
|
Patch Information
|
11.1.2.4
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Infrastructure Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
Apply Weblogic 10.3.6 Patch 33172858
- (This patch can be obtained by downloading EPM Patch
33471254)
|
CVE-2020-11022, CVE-2021-35620
|
|
|
11.1.2.4
|
For customers using OHS 11.1.1.9.0.
Apply OHS 11.1.1.9.0 SPU FOR OCTCPU2021 Patch 33311587 - (This patch can
be obtained by downloading EPM Patch
33499414)
|
CVE-2021-35666, CVE-2021-2480
|
|
|
11.1.2.4
|
To obtain the WLS Coherence patch 32973233 download
the EPM Patch
33150738
To obtain the WLS ADR patch 31241365 download EPM Patch
32763928
To obtain the WLS JDBC patch 27541896 download EPM Patch
33019120
To obtain the WLS Samples patch 32134024 download EPM Patch
33019138
|
Released July 2021
|
This section details the availability
of Web Logic patches that are packaged specifically for EPM customers
|
|
11.1.2.4
|
The issue has been addressed in the
latest releases: 11.2.5 and above
Customers on the prior releases are recommended to upgrade to the latest
releases. An upgrade path for release 11.1.2.4 is described in the latest
Oracle Enterprise Performance Management System Release 11.2.x Readme
|
Released July 2021
|
|
|
11.1.2.4
|
The issue has been addressed in the
latest release: 11.2.6
Customers on the prior releases are recommended to upgrade to the latest
releases. An upgrade path for release 11.1.2.4 is described in the latest
Oracle Enterprise Performance Management System Release 11.2.x Readme
|
Released July 2021
|
|
|
11.1.2.4
|
The issue has been addressed in the
latest release: 11.2.6
Customers on the prior releases are recommended to upgrade to the latest
releases. An upgrade path for release 11.1.2.4 is described in the latest
Oracle Enterprise Performance Management System Release 11.2.x Readme
|
Released July 2021
|
|
|
11.2
|
The issue has been addressed in the
latest release: 11.2.7.0.000
Customers on the prior releases are recommended to upgrade to the latest
release.
|
CVE-2019-7317, CVE-2020-27218
|
|
3.3.23 Oracle Hyperion
Lifecycle Management
Error
Correction information for Oracle Hyperion Lifecycle Management
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Lifecycle Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
The issue has been addressed in the latest releases:
11.1.2.4.900 and 11.2.*.
Customers on the prior releases are recommended to
upgrade to the latest releases. An upgrade path for release 11.1.2.4 is
described in the Oracle Enterprise
Performance Management System Release 11.2.2.0.000 Readme
|
Released October 2020
|
Shared Services
|
3.3.24 Oracle Hyperion
Planning
Error
Correction information for Oracle Hyperion Planning
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Planning
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
PSU 11.1.2.4.010 Patch
31365862
|
Released October 2020
|
This patch is cumulative and will
include the fixes/CVEs from patch 29889455
|
|
11.1.2.4
|
JDev 11.1.1.7.1 SPU Patch
30378046
|
Released October 2019
|
JDev ADF Patch needs to be applied to
Hyperion Planning. To obtain JDev patch 30378046 download EPM Patch
32746369.
|
|
11.1.2.4 & 11.2
|
The issue has been addressed in the
latest releases: 11.2.7.0.000
Customers on the prior releases are recommended to upgrade to the latest
release.
|
CVE-2019-11358
|
|
3.3.25 Oracle Hyperion
Profitability and Cost Management
Error
Correction information for Oracle Hyperion Profitability and Cost
Management
|
Patch Information
|
11.1.2.4
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Profitability and Cost Management
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.2.4
|
11.1.2.4.130 PSU; Patch
29461894
|
Released October 2019
|
|
3.3.26 Oracle Hyperion
Strategic Finance
Error
Correction information for Oracle Hyperion Strategic Finance
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Strategic Finance
3.3.27 Oracle Hyperion
Workspace
Error Correction
information for Oracle Hyperion Workspace
|
Patch Information
|
11.1.2.x
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Hyperion Workspace
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.2
|
The issue has been addressed in the
latest release: 11.2.6
|
Released July 2021
|
|
|
11.1.2.4.900
|
Patch 31486872
|
Released January 2021
|
January Advisery CVE fixes are
available in 11.2.x release and customers are recommended to upgrade.
Hyperion downloads are available here.
|
|
11.1.2.4.700
|
11.1.2.4.825 SPU Patch
31124100
|
Released January 2021
|
January Advisery CVE fixes are
available in 11.2.x release and customers are recommended to upgrade.
Hyperion downloads are available here.
|
|
11.1.2 Home
|
11.1.2.4.009 SPU Patch
29115044
Apply Weblogic 10.3.6 Latest PSU. See "Hyperion
Infrastructure Technology" section for details on
how to access the latest WebLogic patches
|
Released January 2021
|
R&A Framework Patch
January Advisery CVE fixes are available in 11.2.x
release and customers are recommended to upgrade. Hyperion downloads are
available here.
|
3.3.28 Oracle Identity
and Access Management
This section contains the
following:
·
Section 3.3.28.1
"Error Correction Information for Oracle Identity & Access
Management"
·
Section 3.3.28.2
"Patch Availability for Oracle Identity & Access Management
12.2.1.4"
·
Section 3.3.28.3
"Patch Availability
for Oracle Identity
& Access Management 12.2.1.3"
·
Section 3.3.28.4
"Patch Availability
for Oracle Identity
& Access Management 11.1.x.x"
·
Section 3.3.28.5
"Oracle Identity
Management Connector"
3.3.28.1 Error
Correction Information for Oracle Identity & Access Management
Error Correction Information for Oracle
Identity & Access Management
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.x.x
|
Comments
|
|
Final
CPU
|
July 2025
|
|
October 2021
|
See Note 1933372.1,
Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
See Note 1290894.1 Error
Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
|
|
On-Request
platforms
|
-
|
-
|
-
|
|
3.3.28.2 Patch
Availability for Oracle Identity & Access Management 12.2.1.4.0
|
Product
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any Database SERVER associated with a Fusion
Middleware installation. If any CLIENT side patching is required in the
FMW home, there will be a separate row below.
|
|
Java
SE
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
Download locations and installation instructions are
in the above document.
|
See Note 1492980.1 How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle
Access Manager (OAM)
Oracle
Identity Manager (OIM)
Oracle
Unified Directory (OUD) -Collocated
Oracle
Internet Directory (OID)- Collocated
|
Download and apply the SPB patch:
IDM Stack Patch Bundle 12.2.1.4.211014 Patch
33470892 or later
OR download and apply the individual patches below:
|
CVE-2021-29505
|
See Note 2657920.1 Stack
Patch Bundle for Oracle Identity Management Products
The IDM SPB includes CPU and functional
fixes from IDM and lower stack products. Oracle recommends that you
apply this single patch for Identity & Access Management Oracle
homes.
|
|
Oracle
Access Manager (OAM)
Oracle
Identity Manager (OIM)
Oracle
Unified Directory (OUD) -Collocated
Oracle
Internet Directory (OID)- Collocated
|
See Section "Oracle
Fusion Middleware Infrastructure 12.2.1.4"
|
See Section "Oracle
Fusion Middleware Infrastructure 12.2.1.4"
|
Oracle Fusion Middleware
Infrastructure patches
|
|
Oracle
Identity Manager (OIM)
|
OIM Bundle Patch 12.2.1.4.210708 Patch
33092785 or later
|
Released July 2021
|
|
|
Oracle
Identity Manager (OIM)
|
SOA BUNDLE PATCH 12.2.1.4.210928Patch
33408307 or later
|
CVE-2021-29505
|
|
|
Oracle
Internet Directory (OID) - Standalone with NodeManager
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
|
|
Oracle
Identity Manager (OIM)
|
Oracle WebCenter Core Bundle Patch
12.2.1.4.210303 Patch
32582592 or later
|
Released April 2021
|
|
|
Oracle
Unified Directory (OUD) - Standalone and Collocated
|
OUD BUNDLE PATCH 12.2.1.4.200526 Patch
31400392 or later
|
Released July 2020
|
|
|
Oracle
Internet Directory (OID) - Standalone and Standalone with Nodemanger
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
|
|
Oracle
Internet Directory (OID) - Standalone and Standalone with Nodemanger
|
OSS Bundle Patch 12.2.1.4.210302 Patch
32575741 or later
|
Released April 2021
|
Oracle Security Services (OSS) patch
for SSL used by Oracle Internet Directory (OID) Standalone and Standalone
with NodeManager installs.
|
|
Oracle
Internet Directory (OID) - Standalone with NodeManager
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0
JULY CPU 2020 Patch
31544353
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for
details on ADR and the Applicability of this patch.
|
3.3.28.3 Patch
Availability for Oracle Identity & Access Management 12.2.1.3.0
|
Product
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any Database SERVER associated with a Fusion
Middleware installation. If any CLIENT side patching is required in the
FMW home, there will be a separate row below.
|
|
Java SE
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
Download locations and installation instructions are
in the above document.
|
See Note 1492980.1 How
to Install and Maintain the Java SE Installed or Used with FMW 11g/12c
Products
|
|
Oracle Access Manager (OAM)
Oracle Identity Manager (OIM)
Oracle Unified Directory (OUD) -Collocated
Oracle Internet Directory (OID)- Collocated
|
Download
and apply the SPB patch:
IDM Stack Patch Bundle 12.2.1.3.211014 Patch
33470976 or later
OR download and apply the individual
patches below:
|
CVE-2021-29505
|
See Note 2657920.1 Stack
Patch Bundle for Oracle Identity Management Products
The IDM SPB includes CPU and functional fixes from IDM and lower stack
products. Oracle recommends that you apply this single patch for Identity
& Access Management Oracle homes.
|
|
Oracle Access Manager (OAM)
Oracle Identity Manager (OIM)
Oracle Unified Directory (OUD) -Collocated
Oracle Internet Directory (OID)- Collocated
|
See Section "Oracle
Fusion Middleware Infrastructure 12.2.1.3"
|
See Section "Oracle
Fusion Middleware Infrastructure 12.2.1.3"
|
Apply all of the patches recommended
for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)"
Distribution.
|
|
Oracle Identity Manager (OIM)
|
SOA Bundle Patch 12.2.1.3..210826 Patch
33281437 or later
|
CVE-2021-29505
|
|
|
Oracle Identity Manager (OIM)
|
OIM Bundle Patch 12.2.1.3.210713 Patch
33112283 or later
|
Released July 2021
|
|
|
WebGates for Oracle Access Manager
|
OAM WebGate Bundle Patch
12.2.1.3.200813 Patch
31750289 or later
|
Released October 2020
|
Apply this patch where OHS 12.2.1.3 is installed.
See "Oracle HTTP Server
12.2.1.3"
|
|
Oracle Access Manager (OAM)
|
OAM Bundle Patch 12.2.1.3.191201 Patch
30609442 or later
|
Released April 2020
|
|
|
Oracle Internet Directory (OID) -
Standalone and Standalone with NodeManager
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
Upgrade OPatch before installing
patches on OUD/OID standalone installations
|
|
Oracle Unified Directory (OUD) -
Standalone and Collocated
|
OUD BUNDLE PATCH 12.2.1.3.200623 Patch
31529239 or later
|
Released July 2020
|
|
|
Oracle Internet Directory (OID)
-Standalone, Standalone with NodeManager and Collocated
|
OID Bundle Patch 12.2.1.3.180116
Patch 27396651> or later
|
Released January 2018
|
Oracle Internet Directory (OID) patch
See Note 2355090.1 Oracle
Internet Directory (OID) Version 12c Bundle Patch (BP) (Including Directory
Integration Platform / DIP) / Bundle Patches For Non-Fusion Applications
(NonFA / NonP4FA) Customers
|
|
Oracle Internet Directory (OID) -
Standalone and Standalone with NodeManager
|
OSS BUNDLE PATCH 12.2.1.3.210420 Patch
31971994 or later
|
Released April 2021
|
Oracle Security Services (OSS) patch
for SSL used by Oracle Internet Directory (OID)
|
3.3.28.4 Patch
Availability for Oracle Identity & Access Management 11.1.2.3 /
11.1.1.9
Oracle Identity & Access
Management (IAM) 11g Release 2 (11.1.2.3) products are required to be
installed with Oracle WebLogic Server 10.3.6 and include specific Oracle Identity
Management (IDM) 11g Release 1 (11.1.1.9 ) products and their underlying
components. See Note 1510284.1 for
more information on IDM and IAM products considered for the table below.
|
Product
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Database
|
See "Oracle
Database"
|
See "Oracle
Database"
|
Patch any Database SERVER associated with a Fusion
Middleware installation. If any CLIENT side patching is required in the
FMW home, there will be a separate row below.
|
|
Oracle Java SE
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1 How to Install and
Maintain the Java SE Installed or Used with FMW 11g/12c Products
|
|
Oracle Access Manager (OAM)
Oracle Identity Manager (OIM)
Oracle Unified Directory (OUD) -Collocated
Oracle Internet Directory (OID)- Collocated
|
See "Oracle
Fusion Middleware Infrastructure 11.1.1.9"
|
See "Oracle
Fusion Middleware Infrastructure 11.1.1.9"
|
Patch WebLogic Server 10.3.6 and
Middleware common components. (Note: common components are version
11.1.1.9 in both 11.1.2.3 and 11.1.1.9 installations).
|
|
Oracle Access Manager (OAM)
|
OAM Bundle Patch 11.1.2.3.210611 Patch
32993776 or later
|
Released July 2021
|
|
|
WebGates for Oracle Access Manager
|
OAM WEBGATE BUNDLE PATCH
11.1.2.3.210825 Patch
33290860 or later
|
Released April 2021
|
|
|
Oracle Adaptive Access Manager (OAAM)
|
OAAM SERVER 11.1.2.3.0 SPU FOR
JANUARY21 Patch
32384800 or later
|
Released January 2021
|
|
|
Oracle Identity Manager (OIM)
|
OIM Bundle Patch 11.1.2.3.210713 Patch
33111451 or later
|
Released July 2021
|
|
|
Oracle Identity Manager (OIM)
|
SOA Bundle Patch 11.1.1.9.181218 Patch
29123005 or later
|
Released January 2019
|
|
|
Oracle Internet Directory (OID)
|
OID bundle patch 11.1.1.9.171127 Patch
26850241 or later
|
Released January 2018
|
Oracle Internet Directory Patch
See Note 2420947.1 for
additional information about Oracle Internet Directory Vulnerability
CVE-2015-0204
See Note 1614114.1 Oracle
Internet Directory (OID) Version 11g Bundle Patch (BP) (Including
Directory Integration Platform / DIP) / Bundle Patches For Non-Fusion
Applications (NonFA / NonP4FA) Customers
|
|
Oracle Internet Directory (OID)
|
OSS Bundle Patch 11.1.1.9.210420 Patch
32287205 or later
|
Released April 2021
|
Oracle Security Services (OSS) patch for OHS SSL
Note 2572809.1 Steps
to Evaluate and Update SSL Wallet
|
|
Oracle Internet Directory (OID)
|
OVD 11.1.1.9.0 SPU for October 2019 Patch
30281334 or later
|
Released October 2019
|
Oracle Virtual Directory (OVD) Patch
OVD 11g: Oracle Virtual Directory SPU (Security Patch
Update) Patches Note 2318003.1
|
|
Oracle Internet Directory (OID)
|
OPMN Patch
23716938 or later
OPMN (NATIVE) PATCH WITH MES 4.5 COMPLIANCE Patch
32928416
|
Released April 2021
|
Both OPMN 11.1.1.9 required patch for
integration with OSS
See Note 2566042.1 SSL
Configuration Required to Secure OPMN 11.1.1.9
|
|
Oracle Internet Directory (OID)
|
DB PSU Patch
22290164 or later for Unix
DB BP Patch
22607089 or later for Windows 32-Bit
DB BP Patch
22607090 or later for Windows x64
|
Released January 2016
|
Oracle Database Client 11.1.0.7 patch
for FMW 11.1.1.x/11.1.2.x only
|
3.3.28.5 Oracle
Identity Management Connector
Error Correction information for Oracle
Identity Management Connector
|
Patch Information
|
12c
|
11g
|
9.1.1.5
|
Comments
|
|
Final
CPU
|
refer to Note 2454684.1
|
|
Patch Availability for Oracle Identity
Management Connector
|
Product Version
|
Patch
|
Advisory Number
|
Comments
|
|
Microsoft
AD connector 9.1.1.5
|
OIM Connector 9.1.1.5.15 Patch
25028999
|
Released October 2017
|
|
|
CA
Top Secret Connector 9.1.0.6
|
OIM Connector 9.1.0.6 Patch
31708407
|
Released October 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
|
RACF
adv connector 9.1.0.2
|
OIM Connector 9.1.0.2 Patch
31058957
|
Released April 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
|
acf2
connector 9.1.0.1
|
OIM Connector 9.1.0.1 Patch
31101274
|
Released April 2020
|
9.0.x customers should upgrade to
9.1.0.x
|
|
Generic
Rest 11.1.1.5.0
|
OIM Connector 11.1.1.5.0 Patch
32352803
|
Released April 2021
|
|
3.3.29 Oracle
JDeveloper and Oracle ADF
Error Correction information for Oracle
JDeveloper and Oracle ADF
Comments
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.2.4
|
11.1.1.9
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
October 2021
|
11.1.2.4 and 11.1.1.9.0: End of Error
Correction for Extended Support Customer only beyond Dec 2018
|
|
Understanding Patch Release Versions
|
See Note 1494151.1,
Understanding Fusion Middleware Bundle Patch (BP) Release Versions.
|
Critical
Patch Update Availability for Oracle JDeveloper and Oracle ADF
|
Release
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.4.0
|
ADF Bundle Patch 12.2.1.4.210706 Patch
33084721 or later
|
Released July 2021
|
|
|
12.2.1.3.0
|
ADF BUNDLE PATCH 12.2.1.3.201007 Patch
31985811 or later
|
Released October 2020
|
|
|
11.1.2.4.0
|
ADF SPU 11.1.2.4.0 for OctCPU2019 Patch
30380494 or later
|
Released October 2019
|
|
|
.0
|
ADF SPU 11.1.1.9.0 FOR OCTCPU2020 Patch
31985571 or later
|
Released October 2020
|
|
3.3.30 Oracle Map
Viewer
Error
Correction information for Oracle Map Viewer
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
1.1.1.9.0 End of Error Correction for
Extended Support Customer only beyond Dec 2018
|
Patch
Availability for Oracle Map Viewer
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
12.2.1.3 AND 12.2.1.4
|
MapViewer 12.2.1.4 Patch
32957408 or later
|
Released July 2021
|
The same patch applies to 12.2.1.3 and 12.2.1.4
|
|
11.1.1.9
|
SPU Patch
27534923
|
Released April 2018
|
|
3.3.31 Oracle Outside
In Technology
Error
Correction information for Oracle Outside In Technology
|
Patch Information
|
8.5.5
|
Comments
|
|
Final CPU
|
April 2022
|
|
Patch
Availability for Oracle Outside In Technology
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Outside In Technology 8.5.5
|
ORACLE OUTSIDE IN TECHNOLOGY (OIT)
OCTOBER 2021 8.5.5 BUNDLE PATCH Patch
33394086
|
CVE-2021-35658, CVE-2021-35657,
CVE-2021-35656, CVE-2021-35661, CVE-2021-35662, CVE-2021-35573,
CVE-2021-35572, CVE-2021-35659, CVE-2021-35660, CVE-2021-35574
|
|
|
|
Oracle Outside in Clean Content 855
July Bundle Patch Release Patch
33091862
|
Released July 2021
|
|
3.3.32 Oracle Real Time
Decisions Applications
Error
Correction information for Oracle Real Time Decisions Applications
Describes the Error Correction
information for Oracle Real Time Decisions Applications.
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
Jul 2022
|
|
Patch
Availability for Oracle Real Time Decisions Applications
Describes the available patches for
Oracle Real Time Decisions Applications.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Real Time Decisions
Applications 3.2 home
|
RTD APPLICATIONS 3.2 SPU FOR JUL CPU
2021
Patch
33107342 or later
|
Released July 2021
|
|
3.3.33 Oracle Real Time
Decisions Platform
Error
Correction information for Oracle Real Time Decisions Platform
Describes the Error Correction
information for Oracle Real Time Decisions Platform.
|
Patch Information
|
3.2
|
Comments
|
|
Final CPU
|
October 2021
|
|
Patch
Availability for Oracle Real Time Decisions Platform
Describes the available patches for
Oracle Real Time Decisions Platform.
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Real Time Decisions Platform
3.2 home
|
RTD PLATFORM 3.2 SPU FOR OCT CPU 2021 Patch
33373472 or later
|
CVE-2021-29425, CVE-2020-11979,
CVE-2021-36374, CVE-2017-5645
|
|
|
Oracle Real Time Decisions Platform
11.1.1.9 home
|
RTD SERVER 11.1.1.1.9 SPU FOR OCT CPU
2021 Patch
33172848 or later
|
CVE-2021-36374, CVE-2020-11979,
CVE-2017-5645
|
|
3.3.34 Oracle Service
Architecture Leveraging Tuxedo (SALT)
Error
Correction information for Oracle Service Architecture Leveraging Tuxedo
(SALT)
|
Patch Information
|
12.2.2.0.x
|
12.1.3
|
Comments
|
|
Final CPU
|
Oct 2024
|
Oct 2020
|
|
Patch
Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Service Architecture
Leveraging Tuxedo (SALT) 12.2.2.0.x home
|
Oracle SALT 12.2.2.0.0 SPU FOR
CPUJan2019 Patch
29169314
|
Released January 2019
|
|
|
Oracle Service Architecture
Leveraging Tuxedo (SALT) 12.1.3.0.x home
|
Oracle SALT 12.1.3.0.0 SPU FOR
CPUJan2019 Patch
29169322
|
Released January 2019
|
|
3.3.35 Oracle SOA Suite
Error
Correction information for Oracle SOA Suite
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
|
October 2021
|
October 2021
|
Note 1933372.1 Error
Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
Note 1290894.1 Error
Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
11.1.1.9.0 patches provided beyond Dec 2018 are for
Extended Support Customers only
|
|
On-Request platforms
|
|
|
AIX, HP-UX Itanium, and Windows are
on request.
|
|
Patch Availability for Oracle SOA
Suite 12.2.1.4
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.4.210928 Patch
33408307 or later
|
CVE-2021-29505
|
|
|
Oracle Service Bus
|
OSB BUNDLE PATCH 12.2.1.4.201105 Patch
32121987 or later
|
Released January 2021
|
|
Patch Availability for Oracle SOA
Suite 12.2.1.3
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle SOA Suite and Business Process
|
SOA Bundle Patch 12.2.1.3.210826 Patch
33281437 or later
|
CVE-2021-29505
|
|
|
Oracle Service Bus
|
OSB BUNDLE PATCH 12.2.1.3.201111
Patch 32144336 or later
|
Released January 2021
|
|
Patch Availability for Oracle SOA
Suite 11.1.1.9
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle SOA Suite 11.1.1.9 home
(Colocated with WebLogic Server)
|
See "Oracle
Fusion Middleware Infrastructure 11.1.1.9"
|
|
Apply patches for WebLogic Server and
Middleware common components
|
|
Oracle Business Activity Monitoring
|
BAM Security Patch Update
11.1.1.211019 Patch
33124959 or later
|
CVE-2021-29505
|
|
|
OSB 11.1.1.9 home
|
OSB Bundle Patch 11.1.1.9.210420 Patch
32112779 or later
|
Released April 2021
|
OSB Patch
|
|
SOA 11.1.1.9 home
|
SOA Bundle Patch 11.1.1.9.0
(ID:181218.1300) Patch
29123005 or later
|
Released January 2019
|
SOA Patch
|
|
OSB 11.1.1.9 home
|
Patch
24847885 or later
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
3.3.36 Oracle Traffic
Director
Error
Correction information for Oracle Traffic Director
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
|
Patch
Availability for Oracle Traffic Director
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle Traffic Director 12c home
|
See "Oracle
Fusion Middleware 12c"
|
See "Oracle
Fusion Middleware 12c"
|
Apply patches as applicable to FMW
12c installation. There are no OTD 12c patches at this time.
|
|
11.1.1.9
|
Oracle Traffic Director SPU Patch
29340480
|
Released April 2019
|
11.1.1.9.0 End of Error Correction
for Extended Support Customer only beyond Dec 2018
|
3.3.37 Oracle Tuxedo
Error
Correction information for Oracle Tuxedo
|
Patch Information
|
12.2.2.0
|
12.1.3.0
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
|
Patch
Availability for Oracle Tuxedo
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
12.2.2.0
|
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 Linux Patch
28090531
rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-64
with vs2015 Patch
28124771
rp029 oracle tuxedo 12.2.2 SPU for
JULCPU2018 win-32 with vs2015 Patch
28124779
|
Released July 2018
|
For CVE-2017-10269, see extra settings required with
these cumulative patches in Note 2326009.1
|
|
12.1.3.0
|
RP117 TUXEDO 12.1.3.0 SPU FOR CPUJAN2020 Patch
30596495
RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2013) FOR
CPUJAN2020 Patch
30601651
RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2012) FOR
CPUJAN2020 Patch
30601637
|
Released January 2020
|
For CVE-2017-10269, see extra settings required with
these cumulative patches in Note 2326009.1
|
3.3.38 Oracle Tuxedo
System and Applications Monitor Plus (TSAM Plus)
Error
Correction Information for Oracle Tuxedo System and Applications Monitor
Plus (TSAM Plus)
|
Patch Information
|
12.2.2
|
12.1.3
|
Comments
|
|
Final CPU
|
April 2024
|
April 2022
|
|
Patch
Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM
Plus)
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
TSAM Plus 12.2.2
|
RP002 Patch
25389632
|
Released July 2017
|
|
|
TSAM Plus 12.1.3
|
RP019 FOR LINUX 64-BIT X86 Patch
27379436
|
Released January 2018
|
|
3.3.39 Oracle WebCenter
Error
Correction information for Oracle WebCenter
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.9
|
11.1.1.8
|
Comments
|
|
Final CPU
|
|
October 2021
|
October 2021
|
October 2021
|
Note 1933372.1 Error
Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
Note 1290894.1 Error
Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
11.1.1.9.0 patches provided beyond Dec 2018 are for
Extended Support Customers only
|
|
On-Request platforms
|
|
|
AIX, HP-UX Itanium, and Windows are
on request.
|
|
|
Patch Availability for Oracle
WebCenter 12.2.1.4
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.4"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle WebCenter Portal
|
Oracle Webcenter Portal Bundle Patch 12.2.1.4.210830 Patch
33298526 or later
|
CVE-2021-29505
|
|
|
Oracle WebCenter Sites
|
Oracle WebCenter Sites
12.2.1.4.211019 Patch
33381673 or later
|
CVE-2021-26272, CVE-2020-5258,
CVE-2019-13990, CVE-2019-12415, CVE-2021-27906, CVE-2021-27906
|
|
Patch Availability for Oracle
WebCenter 12.2.1.3
|
Distribution / Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle Fusion Middleware
Infrastructure
(WebLogic Server for FMW)
|
See "Oracle
Fusion Middleware Infrastructure 12.2.1.3"
|
|
Apply patches for WebLogic Server and
Infrastructure components
|
|
Oracle WebCenter Portal
|
Oracle Webcenter Portal Bundle Patch 12.2.1.3.210830 Patch
33298544 or later
|
CVE-2021-29505
|
|
|
Oracle WebCenter Sites
|
Oracle WebCenter Sites
12.2.1.3.211019 Patch
33386937 or later
|
CVE-2021-26272, CVE-2020-5258,
CVE-2019-13990, CVE-2019-12415, CVE-2021-27906, CVE-2021-27906
|
|
|
Oracle WebCenter Sites
|
Support Tools 4.4.2 for Oracle
WebCenter Sites 12.2.1.3.0 Patch
30505173
|
Released January 2020
|
Support Tools for Webcenter Sites
Patch
|
|
Oracle WebCenter Content
|
WebCenter Content Bundle Patch
12.2.1.3.180417 Patch
27393392 or later
|
Released April 2018
|
|
Patch Availability for Oracle
WebCenter 11.1.1.9
|
Product Home
|
Patches
|
Advisory Number
|
Comments
|
|
Oracle WebCenter 11.1.1.9 home
(Colocated with WebLogic Server)
|
See "Oracle
Fusion Middleware Infrastructure 11.1.1.9"
|
|
Apply patches for WebLogic Server and
Middleware common components
|
|
Oracle WebCenter 11.1.1.9 home
|
Oracle WebCenter Portal Bundle
Patch11.1.1.9.210720 Patch
32973716 or later
|
Released July 2021
|
Oracle WebCenter Portal 11.1.1.9 Patch
See Note 2029169.1 Changes
to Portlet standards request dispatching of Resource Requests
|
|
Oracle WebCenter 11.1.1.9 home
|
WCC BP 11.1.1.9.180226 Patch 27393411
or later
|
Released April 2018
|
WebCenter Content Patch
|
Patch Availability for Oracle
WebCenter 11.1.1.8
3.3.40 Oracle WebCenter
Sites (Formerly FatWire Content Server)
Error
Correction information for Oracle WebCenter Sites (formerly FatWire Content
Server)
|
Patch Information
|
12.2.1.4
|
12.2.1.3
|
11.1.1.8
|
Comments
|
|
Final CPU
|
July 2025
|
October 2021
|
October 2021
|
|
Patch
Availability for Oracle WebCenter Sites
3.3.41 Oracle WebCenter
Sites Community
Error
Correction information for Oracle WebCenter Sites Community
|
Patch Information
|
11.1.1.8
|
Comments
|
|
Final CPU
|
-
|
|
Patch
Availability for Oracle WebCenter Sites Community
3.3.42 Oracle WebLogic
Portal
Error
Correction information for Oracle WebLogic Portal
|
Patch Information
|
10.3.7.0
|
Comments
|
|
Final CPU
|
October 2021
|
Note 1308963.1 Error
Correction Policy as it applies to Oracle WebLogic Portal (WLP)
|
Critical
Patch Update Availability for WebLogic Portal
See also the underlying product
stack tables (JRockit and WLS) for any applicable patches.
WebLogic Portal patches are
cumulative to include all the prior published advisories. For more
information, see My Oracle Support Note 1355929.1, October 2011 Updates Introduce New WebLogic Portal (WLP)
Configuration Options for SSL Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled
with WebLogic Server 9.2.3.0, which is out of error correction. Contact
Oracle support for security patches needed for WebLogic Server 9.2.3.0
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
WebLogic Portal 10.3.7.0 home
|
There are no CPU patches to document
on 10.3.7.0
|
none
|
|
3.3.43 Oracle WebLogic
Server
Error
Correction information for Oracle WebLogic Server
|
Patch Information
|
14.1.1.0.0
|
12.2.1.4.0
|
12.2.1.3.0
|
12.1.3.0
|
10.3.6.0
|
Comments
|
|
Final CPU
|
January 2028
|
July 2025
|
October 2021
|
January 2022
|
October 2021
|
Note 950131.1 Error
Correction Support Dates for Oracle WebLogic Server
After Dec 2018, 12.1.3 and 10.3.6.0 patches are
available for Extended Support Customers only
|
|
Understanding Patch Release Versions
|
|
-
|
-
|
-
|
-
|
See Note 2565576.1,
Understanding WebLogic Server Patch Set Update (PSU) Release Versions
|
Patch Set
Update Availability for Oracle WebLogic Server
For more information, see
MyOracleSupport Note 1470197.1,
Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS).
See Note 1306505.1,
Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server
(WLS)
This section contains the
following:
·
Section 3.3.43.1
Oracle WebLogic Server 14.1.1.0
·
Section 3.3.43.2
Oracle WebLogic Server 12.2.1.4
·
Section 3.3.43.3
Oracle WebLogic Server 12.2.1.3
·
Section 3.3.43.4
Oracle WebLogic Server 12.1.3
·
Section 3.3.43.5
Oracle WebLogic Server 10.3.6
·
Section 3.3.43.6
Oracle WebLogic Server Proxy Plug-Ins for Third-Party Webservers
For more information on obtaining
WebLogic Server container images with WebLogic Server Patch Set Updates,
see the following document on MyOracle Support “WebLogic Server Container
Images Updated with the Patch Set Update (PSU) and Other Security
Patches," Note 2771055.1
3.3.43.1 Oracle
WebLogic Server 14.1.1.0
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 14.1.1.0 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris.
or
Java SE 11.0.13 Patch
27838191 or later for Linux, Windows, and Solaris.
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1,
How to Install and Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
Oracle WebLogic Server 14.1.1.0
|
Download
and apply the SPB patch:
WLS STACK PATCH BUNDLE 14.1.1.0.211009 Patch
33452377 or later
OR download and apply the individual
patches below:
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2020-7226, CVE-2019-12400, CVE-2021-35552,
CVE-2020-11022
|
See Note 2764636.1,
Introducing the Stack Patch Bundle (SPB) with SPBAT Utility for Oracle
WebLogic Server
|
|
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
|
|
|
WLS PATCH SET UPDATE 14.1.1.0.210930 Patch
33416881 or later
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2020-7226, CVE-2019-12400, CVE-2021-35552,
CVE-2020-11022
|
CVE-2021-35617 - Resolution of this CVE requires
installation of both the WebLogic Server PSU and the Coherence patch
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
Coherence 14.1.1.0 Cumulative Patch 7 Patch
33286174 or later
|
|
CVE-2021-35617 - Resolution of this
CVE requires installation of both the WebLogic Server PSU and the
Coherence patch
|
|
|
WEBLOGIC SAMPLES SPU 14.1.1.0.210119 Patch
32148641 or later
|
Released January 2021
|
See Note 2255054.1 Details
for Oracle WebLogic Server's Use of Struts and the SAMPLES SPU
|
3.3.43.2 Oracle
WebLogic Server 12.2.1.4
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.4 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris.
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1,
How to Install and Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
Oracle WebLogic Server 12.2.1.4
|
Download and apply the SPB patch:
WLS STACK PATCH BUNDLE 12.2.1.4.211011 Patch
33455144 or later
OR download and apply the individual patches below:
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2020-7226, CVE-2019-12400, CVE-2021-35552,
CVE-2020-11022
|
See Note 2764636.1,
Introducing the Stack Patch Bundle (SPB) with SPBAT Utility for Oracle
WebLogic Server
If using the WLS Proxy Plugin for Apache or IIS,
refer to Oracle WebLogic
Server Proxy Plug-Ins for Third-Party Webservers
|
|
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
|
|
|
WLS PATCH SET UPDATE 12.2.1.4.210930 Patch
33416868 or later
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2020-7226, CVE-2019-12400, CVE-2021-35552,
CVE-2020-11022
|
CVE-2021-35617 - Resolution of this CVE requires
installation of both the WebLogic Server PSU and the Coherence patch
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
Coherence 12.2.1.4.0 Cumulative Patch
11 Patch
33286160 or later
|
|
CVE-2021-35617 - Resolution of this
CVE requires installation of both the WebLogic Server PSU and the
Coherence patch
|
|
|
FMW PLATFORM 12.2.1.4.0 SPU FOR
APRCPU2021 Patch
33093748 or later
|
Released April 2021
|
|
|
|
WEBLOGIC SAMPLES SPU 12.2.1.4.210119 Patch
32148640 or later
|
Released January 2021
|
See Note 2255054.1,
Details for Oracle WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.4.0
JULY CPU 2020 Patch
31544353
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for
details on ADR and Applicability of this patch.
|
3.3.43.3 Oracle
WebLogic Server 12.2.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.2.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris.
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1,
How to Install and Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
Oracle WebLogic Server 12.2.1.3
|
Download and apply the SPB patch:
WLS STACK PATCH BUNDLE 12.2.1.3.211009 Patch
33452370 or later
OR download
and apply the individual patches below:
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2021-35552, CVE-2020-11022
|
See Note 2764636.1,
Introducing the Stack Patch Bundle (SPB) with SPBAT Utility for Oracle
WebLogic Server
If using the WLS Proxy Plugin for Apache or IIS,
refer to Oracle WebLogic
Server Proxy Plug-Ins for Third-Party Webservers
|
|
|
OPatch 13.9.4.2.6 Patch
28186730 or later
|
Released July 2021
|
|
|
|
WLS PATCH SET UPDATE 12.2.1.3.210929 Patch
33412599 or later
|
CVE-2021-35620, CVE-2021-35617,
CVE-2021-29425, CVE-2021-35552, CVE-2020-11022
|
CVE-2021-35617 - Resolution of this CVE requires
installation of both the WebLogic Server PSU and the Coherence patch
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
Coherence 12.2.1.3 Cumulative Patch
16 Patch
33286132 or later
|
|
CVE-2021-35617 - Resolution of this
CVE requires installation of both the WebLogic Server PSU and the
Coherence patch
|
|
|
FMW Platform 12.2.1.3.0 SPU FOR
AprCPU2021 Patch
32982708 or later
|
Released April 2021
|
|
|
|
WEBLOGIC SAMPLES SPU 12.2.1.3.210119 Patch
32148634 or later
|
Released January 2021
|
See Note 2255054.1,
Details for Oracle WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
ADR FOR WEBLOGIC SERVER 12.2.1.3.0
JULY CPU 2020 Patch
31544340
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for
details on ADR and Applicability of this patch.
|
3.3.43.4 Oracle
WebLogic Server 12.1.3
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 12.1.3 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 12.1.3
|
Java SE 8 Update 311 Patch
18143322 or later for Linux, Windows, and Solaris.
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1,
How to Install and Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
|
WLS PATCH SET UPDATE 12.1.3.0.211019 Patch
33172866 or later
|
CVE-2021-35620, CVE-2021-35617,
CVE-2018-10237, CVE-2020-11022, CVE-2018-8088
|
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
Coherence 12.1.3.0 Cumulative Patch
12 Patch
32973268 or later
|
Released July 2021
|
|
|
|
WEBLOGIC SAMPLES SPU 12.1.3.0.210119 Patch
32148638 or later
|
Released January 2021
|
This is the final SPU for Samples, see Note 2255054.1,
Details for Oracle WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
ADR FOR WEBLOGIC SERVER 12.1.3.0 JULY
CPU 2020 Patch
31544363
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for
details on ADR and Applicability of this patch.
|
|
|
WLS 12.1.3 JDBC Patch
20741228
|
Released January 2018
|
Please refer to Note 1970437.1 How
To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6
and 12c
|
|
|
TopLink SPU Patch
24327938
|
Released July 2016
|
TopLink JPA-RS patch
|
|
|
See Note 1936300.1 How
to Change SSL Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion
Middleware Products (Doc ID 1936300.1)
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.43.5 Oracle
WebLogic Server 10.3.6
All of the patches listed in the table below should be applied to an Oracle
WebLogic Server 10.3.6 installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Oracle WebLogic Server 10.3.6
|
Java SE 7 Update 321 Patch
13079846 or later for Linux, Windows and Solaris
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 1492980.1,
How to Install and Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
|
|
WLS PATCH SET UPDATE 10.3.6.0.211019 Patch
33172858 or later
|
CVE-2020-11022, CVE-2021-35620
|
See Note 2764668.1 Security
Advice and Post-Install Information for Oracle WebLogic Server PSUs
|
|
|
Coherence 3.7.1 Patch 22 Patch
32973233 or later
|
Released July 2021
|
|
|
|
WEBLOGIC SAMPLES SPU 10.3.6.0.210119 Patch
32134024 or later
|
Released January 2021
|
This is the final SPU for Samples,
see Note 2255054.1,
Details for Oracle WebLogic Server's Use of Struts and the SAMPLES SPU
|
|
|
ADR FOR WEBLOGIC SERVER 10.3.6 JULY
CPU 2020 Patch
31241365
|
Released July 2020
|
ADR Patch
See Note 2703429.1 for
details on ADR and Applicability of this patch.
|
|
|
WLS 10.3.6 JDBC Patch
27541896
|
Released January 2018
|
Please refer to Note 1970437.1 How
To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6
and 12c
|
|
|
See Note 1936300.1 How
to Change SSL Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion
Middleware Products (Doc ID 1936300.1)
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.43.6 Oracle
WebLogic Server Proxy Plug-Ins for Third-Party Webservers
Critical
Patch Update Availability for Oracle WebLogic Server Proxy Plug-Ins
The available patches for Oracle
WebLogic Server Plug-ins (Apache/IIS).
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
WebLogic Server Proxy Plug-In
|
IIS PLUGIN BUNDLE PATCH
12.2.1.4.210420 Patch
32500025 or later
APACHE PLUGIN BUNDLE PATCH 12.2.1.4.210420 Patch
32499990 or later
|
Released April 2021
|
These are full replacements for
WebLogic Server Proxy Plug-In. Versions 11.1.1.9.0 and 12.2.1.3 should
update to the latest 12.2.1.4 Proxy Plug-In. See Note 1111903.1,
WebLogic Server Proxy Plug-In Support.
|
3.3.44 Oracle
Coherence
Error
Correction information for Oracle Coherence
|
Patch Information
|
14.1.1.0
|
12.2.1.4
|
12.2.1.3
|
12.1.3.0
|
3.7.1
|
Comments
|
|
Final CPU
|
January 2028
|
July 2025
|
October 2021
|
January 2022
|
October 2021
|
The official dates are in the Lifetime Support document,
which is updated when any extension is approved.
|
Critical
Patch Update Availability for Oracle Coherence
Follow the guidance below to locate
the patches that should be applied to a Standalone Oracle Coherence
installation
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
Applies to all
Oracle Coherence Versions
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
See Note 2810386.1,
Oracle Critical Patch Update (CPU) October 2021 for Oracle Java SE
|
|
|
Oracle Coherence 14.1.1.0
|
OPatch 13.9.4.2.6 Patch
28186730 or later
Coherence 14.1.1.0 Cumulative Patch 6 Patch
32973306 or later
|
Released July 2021
|
If WLS is installed, see WLS 14.1.1.0 for
a full list of patches needed including Oracle Coherence
|
|
Oracle Coherence 12.2.1.4
|
OPatch 13.9.4.2.6 Patch
28186730 or later
Coherence 12.2.1.4 Cumulative Patch 10 Patch
32973297 or later
|
Released July 2021
|
If WLS is installed, see WLS 12.2.1.4 for
a full list of patches needed including Oracle Coherence
|
|
Oracle Coherence 12.2.1.3
|
OPatch 13.9.4.2.6 Patch
28186730 or later
Coherence 12.2.1.3 Cumulative Patch 15 Patch
32973279 or later
|
Released July 2021
|
If WLS is installed, see WLS 12.2.1.3 for
a full list of patches needed including Oracle Coherence
|
|
Oracle Coherence 12.1.3.0
|
Coherence 12.1.3.0 Cumulative Patch
12 Patch
32973268 or later
|
Released July 2021
|
If WLS is installed, see WLS 12.1.3 for
a full list of patches needed including Oracle Coherence
|
|
Oracle Coherence 3.7.1.x
|
Coherence 3.7.1 Patch 22 Patch
32973233 or later
|
Released July 2021
|
If WLS is installed, see WLS 10.3.6 for
a full list of patches needed including Oracle Coherence
|
3.4 Oracle Sun Middleware
This section contains the
following:
·
Section 3.4.1
"Directory Server Enterprise Edition"
3.4.1 Directory Server
Enterprise Edition
Error
Correction information for Directory Server Enterprise Edition
|
Patch Information
|
11.1.1.7.0
|
Comments
|
|
Final CPU (Premier Support)
|
October 2019
|
|
|
Final CPU (Extended Support)
|
October 2022
|
|
Patch
Availability for Directory Server Enterprise Edition
|
Product Home
|
Patch
|
Advisory Number
|
Comments
|
|
11.1.1.7.0
|
ODSEE BP 11.1.1.7.190716 Patch
29893742
|
Released July 2019
|
CVE-2018-18508 is not applicable to Windows Platform.
Please refer to 2.2 Post Release
Patches for Windows Patch.
|
3.5 Tools
This section contains the
following:
·
Section 3.5.1
"Oracle OPatch"
3.5.1 Oracle OPatch
Minimum
Product Requirements for Oracle OPatch
The CPU security vulnerabilities
are fixed in the listed release and later releases. The Oracle OPatch
downloads can be found at Patch
6880880.
|
Component
|
Release
|
Advisory Number
|
Comments
|
|
Oracle OPatch
|
11.2.0.3.31, 21.2.0.1.27
|
CVE-2021-36090, CVE-2021-35515, CVE-2021-35516,
CVE-2021-35517, CVE-2020-25649
|
Download the latest versions
available to install Database Patches
|
4 Final CPU History
Final CPU
History
The Final CPU is the last quarter
that a product is supported in the CPU program as per the Premier Support
and Extended Support policies. For more information, see My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error
Correction Support Policy.
|
Release
|
Final CPUs
|
Comments
|
|
April 2021
|
Oracle API Gateway 11.1.2.4
Oracle Database 18
Oracle Endeca Information Discovery Studio 3.2
|
|
|
January 2021
|
Oracle Complex Event Processing
Oracle Endeca Server
Oracle Endeca Information Discovery Integrator
Oracle Endeca Information Discovery Studio
Oracle Enterprise Manager Cloud Control 13.3.0.0
Oracle Outside In Technology 8.5.4
|
|
|
October 2020
|
Oracle Enterprise Data Quality for
Product Data 11.1.1.6.0
Oracle Enterprise Manager Cloud Control 12.1.0.5
|
|
|
July 2020
|
Oracle Tuxedo 12.1.1.0
Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 12.1.1.1
Oracle Real User Experience Insight 13.3.1.0
|
|
|
April 2020
|
Management Pack For Oracle GoldenGate
11.2.1.0
Oracle Big Data Discovery
Oracle Enterprise Manager Cloud Control 13c Release 2 (13.2.0.0)
|
|
|
January 2020
|
Oracle Enterprise Manager Ops Center
12.3.3
Oracle Enterprise Repository 12.1.3
Oracle Fusion Middleware 12.1.3.0
Oracle GoldenGate 11.2.1.0
Oracle Map Viewer 12.1.3.0
|
|
|
October 2019
|
Oracle Application Testing Suite
13.2.0.1
Oracle Business Transaction Management 12.1.0.7
Oracle Enterprise Data Quality 9.0
Oracle GoldenGate for Big Data 12.3.1.1.0
Oracle GoldenGate Management Pack Plugin 12.1.0
Oracle Identity Analytics 11.1.1.5.0
Oracle JDeveloper and Oracle ADF 12.1.3.0
Oracle OpenSSO 8.0 u2 (8.0.2.0)
Oracle Waveset 8.1.1
|
|
|
July 2019
|
Oracle Application Testing Suite
13.1.0.1
Oracle Enterprise Manager Cloud Control 13.2
Oracle Enterprise Data Quality 8.1
Oracle Enterprise Data Quality 9.0
|
|
|
April 2019
|
Oracle Enterprise Manager Ops Center
12.2.x
Management Pack For Oracle GoldenGate 11.1.1
Oracle Outside In Technology 8.5.3
|
|
5 Sources of Additional
Information
The following documents provide
additional information about Critical Patch Updates:
·
My
Oracle Support Note 888.1, Primary Note for Database Proactive Patch Program
·
My
Oracle Support Note 822485.1, Primary Note for Enterprise Manager Proactive Patch Program
·
My
Oracle Support Note 1494151.1, Primary
Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and
Bundle Patches (BPs)
- My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager,
TimesTen In-Memory Database, and OCS Software Error Correction Support
Policy
6 Modification History
Modification
History
|
Date
|
Modification
|
|
October 19, 2021
|
Released
Removed SuperCluster QFSDP from section 3.1.5.2 as it will not be
produced for the 21c product
Replaced Patch 32915586 with Patch 33192694 in section 3.1.5.2
Corrected JDK version of JDK8u301 to JDK8u311 in section 3.1.5.2
|
|
October 20, 2021
|
Updated the patch # for OJVM Component Database PSU
12.1.0.2.211019 in section 3.1.5.4
Updated patch availability in section 2.2
Corrected the patch # for Database PSU 12.1.0.2.211019 in section 3.1.5.4
Corrected display and link problems in section 3.3.22
|
|
October 21, 2021
|
Corrected link for Patch 33172858 and
moved it to it's own row in section 3.3.22
Added row for 11.1.2.4 & 11.2 to section 3.3.20, & 3.3.24
Added row for 11.2 to section 3.3.21, & 3.3.22
|
|
October 22, 2021
|
Corrected JDK version for Patch
33197468 in section 3.1.5.4
Updated the 'Oracle WebCenter Portal' row, in the 12.2.1.4 table, in
section 3.3.39
Updated patch availability in section 2.2
|
|
October 25, 2021
|
Corrected the Java SE 7 Update level
in section 3.3.43.5
Updated patch availability in section 2.2
|
|
October 27, 2021
|
Updated the 'Oracle Web Cache SPU'
row in section 3.3.13.6
Added row for Patch 33311587 in section 3.3.22
Corrected the 'Product / Component' value for the 'Patch 32784652' row in
section 3.3.11.2
Added a row for Patch 31403333 in section 3.3.11.3
Updated patch availability in section 2.2
|
|
October 29, 2021
|
Updated patch availability in section
2.2
|
|
November 02, 2021
|
Updated patch availability in section
2.2
|
|
November 03, 2021
|
Updated patch availability in section
2.2
|
|
November 10, 2021
|
Updated patch availability in section
2.2
|
7 Documentation
Accessibility
For information about Oracle's
commitment to accessibility, visit the Oracle Accessibility Program website
at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle
Support
Oracle customers that have
purchased support have access to electronic support through My Oracle
Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or
visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Critical Patch Update Availability
Document October 2021
Copyright © 2006, 2021, Oracle
and/or its affiliates.
This software and related
documentation are provided under a license agreement containing
restrictions on use and disclosure and are protected by intellectual
property laws. Except as expressly permitted in your license agreement or
allowed by law, you may not use, copy, reproduce, translate, broadcast,
modify, license, transmit, distribute, exhibit, perform, publish, or
display any part, in any form, or by any means. Reverse engineering,
disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is
subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related
documentation that is delivered to the U.S. Government or anyone licensing
it on behalf of the U.S. Government, then the following notice is
applicable:
U.S. GOVERNMENT END USERS: Oracle
programs, including any operating system, integrated software, any programs
installed on the hardware, and/or documentation, delivered to U.S.
Government end users are "commercial computer software" pursuant
to the applicable Federal Acquisition Regulation and agency-specific
supplemental regulations. As such, use, duplication, disclosure,
modification, and adaptation of the programs, including any operating
system, integrated software, any programs installed on the hardware, and/or
documentation, shall be subject to license terms and license restrictions
applicable to the programs. No other rights are granted to the U.S.
Government.
This software or hardware is
developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently
dangerous applications, including applications that may create a risk of
personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate
fail-safe, backup, redundancy, and other measures to ensure its safe use.
Oracle Corporation and its affiliates disclaim any liability for any
damages caused by use of this software or hardware in dangerous
applications.
Oracle and Java are registered
trademarks of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners.
Intel and Intel Xeon are trademarks
or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC
International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo
are trademarks or registered trademarks of Advanced Micro Devices. UNIX is
a registered trademark of The Open Group.
This software or hardware and
documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are
not responsible for and expressly disclaim all warranties of any kind with
respect to third-party content, products, and services unless otherwise set
forth in an applicable agreement between you and Oracle. Oracle Corporation
and its affiliates will not be responsible for any loss, costs, or damages
incurred due to your access to or use of third-party content, products, or
services, except as set forth in an applicable agreement between you and
Oracle.
|