微信公众号:云库管 www.yunDBA.com

北京云库管科技有限公司 (内部培训资料) 返回上级

 

PDF文档下载

 

 

 

 

Critical Patch Update (CPU) Program Jan 2022 Patch Availability Document (PAD) (Doc ID 2817011.1)

 

 


APPLIES TO:

Oracle Database Cloud Service - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Oracle WebLogic Server - Version 10.3.6 and later
Oracle Database Cloud Schema Service - Version N/A and later
Information in this document applies to any platform.

PURPOSE

This document defines the patches and minimum releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates released on January 18, 2022.

SCOPE

 The document is for Database Administrators and/or others tasked with Quarterly Security Patching.

DETAILS

Database, Fusion Middleware, and Enterprise Manager Critical Patch Update January 2022 Patch Availability Document

My Oracle Support Note 2817011.1

Released January 18, 2022

This document contains the following sections:

Quick Links:   Read Me First    DB 19c    EM Cloud Control    FMW    WLS

1 Overview

Oracle provides quarterly cumulative patches to address security vulnerabilities. The patches may include critical fixes in addition to the security fixes. The security vulnerabilities addressed are announced in the Advisory for January 2022, available at:

Oracle Technical Network Advisory

This document lists the Oracle Database, Fusion Middleware and Enterprise Manager CPU program cumulative patches for product releases under error correction. The January 2022 release supersedes earlier CPU program cumulative patches for the same product releases. This document is subject to continual update after the initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to ensure you have the latest version.

This section contains the following:

·         Section 1.1 "How To Use This Document"

·         Section 1.2 "Terminology in the Tables"

·         Section 1.3 "On-Request Patches"

·         Section 1.4 "CPU Program and My Oracle Support Patch Recommendations"

·         Section 1.5 "My Oracle Support (MOS) Conflict Checker Tool"

1.1 How To Use This Document

The following steps explain how to use this document.

Step 1   Assess your Environments

Determine the Oracle product suites and products and their release numbers for each of your environments.

Step 2   Read Important Announcements

Review "What's New in January 2022," as it lists documentation and packaging changes along with important announcements such as upcoming final CPUs.

Step 3   Determine Patches to be Applied

For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control 13.4.0.0.

·         The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite

·         The patches are listed in the order released, with newest patches listed first

·         For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes

·         The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance

·         Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

·         When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."

Step 4   Apply the Patches

Download the patches, review the READMEs, and apply the patches according to the instructions.

Step 5   Planning for Future Critical Patch Updates

To help you plan for future Critical Patch Updates, this document includes Final CPU information based on Oracle's Lifetime Support Policy and error correction policies.

"Final CPU Information (Error Correction Policies)" in "What's New in January 2022," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU program patch for the product. Products that have reached the end of error correction are documented in "Final CPU History."

Oracle recommends that you subscribe to this Patch Availability Document in order to stay informed of any emergent problems.

1.2 Terminology in the Tables

The following terminology is used in this patch availability document and in the subsequent tables.

·         Update (RU) - Release Update

·         Revision (RUR) -Release Update Revision

·         BP - Bundle Patch

·         Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.

·         NA Not Applicable.

·         OR On-Request. The patch is made available through the On-Request program.

·         PSU - Patch Set Update

·         SPU - Security Patch Update. An iterative, cumulative patch consisting of security fixes.

·         Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

1.3 On-Request Patches

Oracle does not proactively release patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

The following guidelines describe how to initiate an on-request (OR) patch.

A request may be made:

o    At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.

o    As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy.

o    For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUOct2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

1.4 CPU Program and My Oracle Support Patch Recommendations

My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

1.5 My Oracle Support (MOS) Conflict Checker Tool

The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

For more information and a demonstration video, see Knowledge Document Note 1091294.1How to Use the My Oracle Support Conflict Checker Tool for Patches Installed with OPatch [Video].

2 What's New in January 2022

This section describes important changes in January 2022:

·         Section 2.1 "Final CPU Information (Error Correction Policies)"

·         Section 2.2 "Post Release Patches"

2.1 Final CPU Information (Error Correction Policies)

The final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. Final CPUs for upcoming releases, as well as newly scheduled final CPUs, are listed in the following sections.

Final CPUs scheduled for Jan 2022

  • Oracle GoldenGate for Big Data 12.3.2.1.11
  • Oracle Hyperion Essbase 11.1.2.x

 

Final CPUs scheduled for Apr 2022

  • Oracle Enterprise Manager Cloud Control 13.4.0.0
  • Oracle Outside In Technology 8.5.5
  • Oracle Tuxedo 12.1.3.0
  • Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 12.1.3

 

2.2 Post Release Patches

Oracle strives to complete preparations and testing of each Quarterly Security Patch for each platform by the quarterly release date. Occasionally, circumstances beyond our control dictate that a particular patch be delayed and be released a few days after the quarterly release date. The following table lists any current patch delays and the estimated date of availability.

Patch

Patch Number

Platform

Availability

Enterprise Manager Agent 13.5.0.0.0

Patch 33565758

All

28-Jan-2022

Enterprise Manager Agent 13.4.0.0.0

Patch 33565758

All

28-Jan-2022

IDM Stack Patch Bundle 12.2.1.4.0

Patch 33762692

All

31-Jan-2022

IDM Stack Patch Bundle 12.2.1.3.0

Patch 33762787

All

31-Jan-2022

OAM Bundle Patch 12.2.1.4.220113

Patch 33751903

All

31-Jan-2022

OAM Bundle Patch 12.2.1.3.220113

Patch 33752617

All

31-Jan-2022

OAS Bundle Patch 5.9.0.0.211223

Patch 33702984

All

31-Jan-2022

OAS Bundle Patch 5.5.0.0.211223

Patch 33702981

All

31-Jan-2022

OAS Stack Patch Bundle 5.9.0.0.220110

Patch 33742401

All

31-Jan-2022

OAS Stack Patch Bundle 5.5.0.0.220110

Patch 33742402

All

31-Jan-2022

OBI Stack Patch Bundle 12.2.1.4.220102

Patch 33715784

All

31-Jan-2022

OBI Stack Patch Bundle 12.2.1.3.220112

Patch 33747991

All

31-Jan-2022

OIM Bundle Patch 12.2.1.4.220115

Patch 33757456

All

31-Jan-2022

OIM Bundle Patch 12.2.1.3.220115

Patch 33757401

All

31-Jan-2022

OWSM Bundle Patch 12.2.1.4.211129

Patch 33618954

All

31-Jan-2022

OWSM Bundle Patch 12.2.1.3.211129

Patch 33618953

All

31-Jan-2022

ODIMP Bundle Patch 12.2.1.4.22012

Patch 33747852

Generic

31-Jan-2022

OBI Bundle Patch 12.2.1.4.211207

Patch 33642477

All

31-Jan-2022

OBI Bundle Patch 12.2.1.3.211213

Patch 33666334

All

31-Jan-2022

21.5.0.0.220118 DB & GI RU

Patch 33516412 & Patch 33531909

HP-UX Itanium

30-Jan-2022

21.5.0.0.220118 WIN BP

Patch 33589769

MS-Windows

01-Feb-2022

19.14.0.0.220118 DB RU (& associated COMBO)

Patch 33515361 (& Patch 33567270)

AIX

Available

19.14.0.0.220118 GI RU (& associated COMBO)

Patch 33509923 (& Patch 33567274)

AIX

Available

19.14.0.0.220118 WIN BP

Patch 33575656

MS-Windows

30-Jan-2022

19.13.1.0.220118 DB RUR & GI RUR

Patch 33516456 & Patch 33513541

All

30-Jan-2022

19.12.2.0.220118 DB RUR & GI RUR

Patch 33494256 & Patch 33575673

Linux x86-64

25-Jan-2022

Solaris Sparc64, Solaris x86-64, zLinux, HP-UX Itanium, AIX

30-Jan-2022

12.2.0.1.220118 DB RU (& associated COMBOs)

Patch 33587128 (& Patch 33559893)

HP-UX Itanium, zLinux, AIX

25-Jan-2022

12.2.0.1.220118 GI RU (& associated COMBOs)

Patch 33583921 (& Patch 33559966)

HP-UX Itanium, zLinux, AIX

25-Jan-2022

12.1.0.2.220118 Proactive DBBP (& associated COMBO)

Patch 33575286 (& Patch 33560081)

HP-UX Itanium, AIX

25-Jan-2022

OJVM Release Update 19.14.0.0.220118

Patch 33561310

MS-Windows

30-Jan-2022

21.5 Quarterly Full Stack download for Exadata

Patch 33567288

Linux x86-64

25-Jan-2022

19.14 Quarterly Full Stack download for Exadata

Patch 33567286

Linux x86-64, Solaris x86-64

25-Jan-2022

12.2.0.1 Quarterly Full Stack download for Exadata

Patch 33567282

Linux x86-64, Solaris x86-64

25-Jan-2022

12.1.0.2 Quarterly Full Stack download for Exadata

Patch 33567280

Linux x86-64, Solaris x86-64

25-Jan-2022

Quarterly Full Stack download for SuperCluster (Q1.2022)

Patch 33567289

Solaris SPARC (64-Bit)

03-Mar-2022

Oracle recommends that you subscribe to this PAD NOTE in order to stay informed of any emergent updates.

 

3 Patch Availability for Oracle Products

This section contains the following:

·         Section 3.1 "Oracle Database"

·         Section 3.2 "Oracle Enterprise Manager"

·         Section 3.3 "Oracle Fusion Middleware"

·         Section 3.4 "Oracle Sun Middleware"

·         Section 3.5 "Tools"

3.1 Oracle Database

This section contains the following:

·         Section 3.1.1 "Oracle REST Data Services (formally called Oracle APEX Listener)"

·         Section 3.1.2 "Oracle Application Express"

·         Section 3.1.3 "Oracle Autonomous Health Framework (TFA and ORACHK/EXACHK)"

·         Section 3.1.4 "Oracle Graph Server and Client"

·         Section 3.1.5 "Oracle Big Data Spatial and Graph"

·         Section 3.1.6 "Oracle Database"

·         Section 3.1.7 "Oracle Database Mobile/Lite Server"

·         Section 3.1.8 "Oracle GoldenGate"

·         Section 3.1.9 "Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)"

·         Section 3.1.10 "Oracle GoldenGate Monitor"

·         Section 3.1.11 "Oracle GoldenGate Veridata"

·         Section 3.1.12 "Oracle NoSQL Database"

·         Section 3.1.13 "Oracle Secure Backup"

·         Section 3.1.14 "Oracle Spatial Studio"

·         Section 3.1.15 "Oracle SQL Developer"

·         Section 3.1.16 "Oracle Stream Analytics"

·         Section 3.1.17 "Oracle TimesTen In-Memory Database"

·         Section 3.1.18 "Oracle Essbase "

3.1.1 Oracle REST Data Services (formally called Oracle APEX Listener)

Minimum Product Requirements for Oracle REST Data Services

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle REST Data Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.

Product

Release

Advisory Number

Comments

Oracle REST Data Services

21.3

Released October 2021

 

 

3.1.2 Oracle Application Express

Minimum Product Requirements for Oracle Application Express

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

Component

Release

Advisory Number

Comments

Oracle Application Express

21.1.0 Bundle Patch Patch 32598392 or later

CVE-2021-37695, CVE-2021-32723, CVE-2021-32808, CVE-2021-32809

 

 

3.1.3 Oracle Autonomous Health Framework (TFA and ORACHK/EXACHK)

Minimum Product Requirements for Autonomous Health Framework

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Autonomous Health Framework downloads and installation instructions, see Note 2550798.1, "Autonomous Health Framework (AHF) - Including TFA and ORAchk/EXAchk"

Component

Release

Advisory Number

Comments

Autonomous Health Framework

AHF 21.4.1 Release. See MOS Note 2550798.1 to download patch

CVE-2021-45105

If you have previously downloaded AHF 21.3.4 release on MOS as patch 30166242, then please re-download Patch 30166242 so that you obtain AHF 21.4, which addresses CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. See Note 2828415.1 for additional details on the listed CVEs with respect to AHF.

Autonomous Health Framework (AHF) - Including TFA and ORAchk/EXAchk Note 2550798.1

For more information on Log4j Vulnerabilities, see Note 2827611.1

 

3.1.4 Oracle Graph Server and Client

Minimum Product Requirements for Oracle Graph Server and Client

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Graph Server and Client downloads and installation instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html

Component

Release

Advisory Number

Comments

Oracle Graph Server and Client

21.4.2.0.0

CVE-2021-2351, CVE-2021-33037

For more information on Log4j Vulnerabilities, see Note 2827611.1

For more information on CVE-2021-44228, see Note 2828603.1

 

3.1.5 Oracle Big Data Spatial and Graph

Minimum Product Requirements for Oracle Big Data Spatial and Graph

Critical Patch Update security vulnerabilities for the graph feature of Oracle Big Data Spatial and Graph are fixed in the listed releases. For downloads and installation instructions, see https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html

Component

Release

Advisory Number

Comments

Big Data Spatial and Graph

Oracle Graph Server and Client 21.4.2 (released December 2021) should replace all installations of graph feature of Oracle Big Data Spatial and Graph.

CVE-2021-44228, CVE-2021-45046, CVE-2021-25122, CVE-2021-25329, CVE-2020-8908, CVE-2021-23337, CVE-2020-28500, CVE-2020-25649

Steps to replace BDSG 3.0 and all prior installations with Oracle Graph Server and Client 21.4.2:

(1) Apply Patch 33695304 to remove all BDSG bits.

(2) If using Graph feature of Big Data Spatial and Graph, download and use Graph Server and Client 21.4.2 by downloading from https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html or Oracle Software Delivery Cloud. The Oracle Graph HDFS Connector component contains the libraries to connect Oracle Graph with Apache Hadoop Distributed Filesystem (HDFS).

 

3.1.6 Oracle Database

This section contains the following:

·         Section 3.1.6.1 "Patch Availability for Oracle Database"

·         Section 3.1.6.2 "Oracle Database 21"

·         Section 3.1.6.3 "Oracle Database 19"

·         Section 3.1.6.4 "Oracle Database 12.2.0.1"

·         Section 3.1.6.5 "Oracle Database 12.1.0.2"

3.1.6.1 Patch Availability for Oracle Database

For information regarding the different types of patches for Database, refer to Oracle Database - Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1

 

3.1.6.2 Oracle Database 21

Patch Information

21

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 21

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Database Release Update 21.5.0.0.220118 Patch 33516412 for UNIX, or

GI Release Update 21.5.0.0.220118 Patch 33531909, or

Microsoft Windows 32-Bit and x86-64 BP 21.5.0.0.220118 Patch 33589769 or later, or

Quarterly Full Stack download for Exadata (Jan2022) 21.5 Patch 33567288 for Linux x86-64, or

CVE-2021-45105, CVE-2022-21393

21c does not have COMBO nor OJVM patches. Instead, the OJVM fixes are contained within the DB RU and the GU RU patches.

The Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

Oracle Database Server, Gateway, Client and Global Data Services Home

JDK8u321 Patch 33497132

CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248

JDK patches for 32 bit clients would be build on demand basis.

Oracle Database Client, Gateway, and Global Data Services Home

Database Release Update 21.5.0.0.220118 Patch 33516412 for UNIX

Released January 2022

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.6.2 Oracle Database 19

Patch Information

19

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 19

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Release Update 19.14.0.0.220118 and Database Release Update 19.14.0.0.220118 Patch 33567270 for UNIX, or

Combo OJVM Release Update 19.14.0.0.220118 and GI Release Update 19.14.0.0.220118 Patch 33567274, or

Quarterly Full Stack download for Exadata (Jan2022) 19.14 Patch 33567286 for Linux x86-64

CVE-2022-21247, CVE-2021-45105, CVE-2022-21393

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.

For patch availability, see section 2.2 Post Release Patches

Oracle Database Server home

Database Release Update 19.14.0.0.220118 Patch 33515361 for UNIX, or

GI Release Update 19.14.0.0.220118 Patch 33509923, or

Microsoft Windows 32-Bit and x86-64 BP 19.14.0.0.220118 Patch 33575656 or later, or

Database Release Update Revision 19.13.1.0.220118 Patch 33516456 for UNIX, or

GI Release Update Revision 19.13.1.0.220118 Patch 33513541, or

Database Release Update Revision 19.12.2.0.220118 Patch 33494256 for UNIX, or

GI Release Update Revision 19.12.2.0.220118 Patch 33575673, or

Quarterly Full Stack download for Exadata (Jan2022) 19.14 Patch 33567286 for Linux x86-64, or

Quarterly Full Stack download for SuperCluster (Q1.2022) Patch 33567289 for Solaris SPARC 64-Bit

CVE-2022-21247, CVE-2021-45105

From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

From Jan2021 onwards the Database and GI Update and Revision patches include updates to the Crypto libraries. See "MES v4.1.6 to v4.5 update 18c / 19c databases (Note 2746801.1)" for more details.

From July 2021 onwards the Database and GI Update and Revision patches introduce a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: “Changes in Native Network Encryption with the July 2021 Critical Patch Update” Note 2791571.1

For patch availability, see section 2.2 Post Release Patches

Oracle Database Server home

OJVM Release Update 19.14.0.0.220118 Patch 33561310 for all platforms

CVE-2022-21393

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server, Gateway, Client and Global Data Services Home

JDK8u311Patch 33497160

CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248

JDK patches for 32 bit clients would be build on demand basis.

Oracle Database Server, Client, and Global Data Services Home

Perl Patch 31732095

Released January 2021

 

Oracle Database Client, Gateway, and Global Data Services Home

Database Release Update 19.14.0.0.220118 Patch 33515361 for UNIX, or

Database Release Update Revision 19.13.1.0.220118 Patch 33516456 for UNIX, or

Database Release Update Revision 19.12.2.0.220118 Patch 33494256 for UNIX, or

Microsoft Windows 32-Bit and x86-64 BP 19.14.0.0.220118 Patch 33575656

Released January 2022

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.6.3 Oracle Database 12.2.0.1

Patch Information

12.2.0.1

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 12.2.0.1

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Release Update 12.2.0.1.220118 and Database Release Update 12.2.0.1.220118 Patch 33559893 for UNIX, or

Combo OJVM Release Update 12.2.0.1.220118 and GI Release Update 12.2.0.1.220118 Patch 33559966, or

Quarterly Full Stack download for Exadata (Jan2022) 12.2.0.1 Patch 33567282, or

Quarterly Full Stack download for SuperCluster (Q1.2022) Patch 33567289 for Solaris SPARC 64-Bit

CVE-2022-21247, CVE-2021-45105, CVE-2022-21393

OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM PSU and OJVM Update) Patches.

From July 2021 onwards the Database and GI Update and Revision patches include updates to the Native Network Encryption. See "Improving Native Network Encryption Security" for more details.

For patch availability, see section 2.2 Post Release Patches

Oracle Database Server home

Database Jan2022 Release Update 12.2.0.1.220118 Patch 33587128 for UNIX, or

GI Jan2022 Release Update 12.2.0.1.220118 Patch 33583921, or

Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.220118 Patch 33488333 or later, or

BS2000 Database BP 12.2.0.1.220118 Patch 33554848, or

Quarterly Full Stack download for Exadata (Jan2022) 12.2.0.1 Patch 33567282, or

Quarterly Full Stack download for SuperCluster (Q1.2022) Patch 33567289 for Solaris SPARC 64-Bit

CVE-2022-21247, CVE-2021-45105

From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

From July 2021 onwards the Database and GI Update and Revision patches introduce a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: “Changes in Native Network Encryption with the July 2021 Critical Patch Update” Note 2791571.1

From January 2022 onward the Database and GI Bundles include Security fixes to the DELL MES Security libraries used by the Database Product. Customers on AIX 6.1 should review My Oracle Support Note 2832618.1 - MES 4.6 support for IBM AIX platform.

Please note that 12.2.0.1 entered Limited Error Correction as of December 01, 2020. Hence, Oracle is only including Security and P1 fixes into the 12.2.0.1 quarterly patch bundles. Therefore as of 2021, there is no content difference between a Release Update and a Release Update Revision, and all 12.2.0.1 customers should use the 12.2.0.1 Release Update.

For patch availability, see section 2.2 Post Release Patches

Oracle Database Server home

OJVM Release Update 12.2.0.1.220118 Patch 33561275 for UNIX, or

OJVM Microsoft Windows Bundle Patch 12.2.0.1.220118 Patch 33577550

CVE-2022-21393

OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server, Gateway, and Client home

JDK8u321 Patch 33497187

CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

JDK patches for 32 bit clients would be build on demand basis.

Oracle Database Server home

Perl Patch 31858212

Released January 2021

 

Oracle Database Client, Gateway, and Global Data Services Home

Database Jan2022 Release Update 12.2.0.1.220118 Patch 33587128 for UNIX, or

Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.220118 Patch 33488333

Released January 2022

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.6.4 Oracle Database 12.1.0.2

Error Correction information for Oracle Database 12.1.0.2

Patch Information

12.1.0.2

Comments

Final CPU

See Note 742060.1

 

On-Request platforms

 32-bit client-only platforms

 

Patch Availability for Oracle Database 12.1.0.2

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM PSU 12.1.0.2.220118 and Database Proactive BP 12.1.0.2.220118  Patch 33560081 for UNIX, or

Combo OJVM PSU 12.1.0.2.220118 and Database PSU 12.1.0.2.220118 Patch 33559997 for UNIX, or

Combo OJVM PSU 12.1.0.2.220118 and GI PSU 12.1.0.2.220118 Patch 33560011, or

Quarterly Full Stack download for Exadata (Jan2022) 12.1.0.2 Patch 33567280, or

Quarterly Full Stack download for SuperCluster (Q1.2022) Patch 33567289 for Solaris SPARC 64-Bit

CVE-2022-21393

OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.

For patch availability, see section 2.2 Post Release Patches

Oracle Database Server home

Database Proactive Bundle Patch 12.1.0.2.220118 Patch 33575286, or

Database PSU 12.1.0.2.220118 Patch 33477199 for UNIX, or

GI PSU 12.1.0.2.220118 Patch 33575274, or

Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.220118 Patch 33492893 or later, or

Quarterly Full Stack download for Exadata (Jan2022) 12.1.0.2 Patch 33567280, or

Quarterly Full Stack download for SuperCluster (Q1.2022) Patch 33567289 for Solaris SPARC 64-Bit

none

For JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

From July 2021 onwards the Database and GI Update and Revision patches introduce a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: “Changes in Native Network Encryption with the July 2021 Critical Patch Update” Note 2791571.1

From January 2022 onward the Database and GI Bundles include Security fixes to the DELL MES Security libraries used by the Database Product. Customers on AIX 6.1 should review My Oracle Support Note 2832618.1 - MES 4.6 support for IBM AIX platform.

For patch availability, see section 2.2 Post Release Patches

Oracle Database Server home

Oracle JavaVM Component Database PSU 12.1.0.2.220118 Patch 33561268 for UNIX, or

Oracle JavaVM Component Microsoft Windows Bundle Patch 12.1.0.2.220118 Patch 33577533

CVE-2022-21393

OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

All OJVM PSU since 12.1.0.2.161018 includes Generic JDBC Patch 23727148

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

For patch availability, see section 2.2 Post Release Patches

Oracle Database Server, Gateway and Client Home

JDK7u331Patch 33497195

CVE-2022-21349, CVE-2022-21291,CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248

See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

JDK patches for 32 bit clients would be build on demand basis.

Oracle Database Server home

Perl Patch 31858428

Released January 2021

 

Oracle Database Server home

Oracle JavaVM Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148

Released July 2016

 

Oracle Database Client, Gateway, and Global Data Services Home

Database PSU 12.1.0.2.220118 Patch 33477199 for UNIX, or

Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.220118 Patch 33492893

Released January 2022

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.7 Oracle Database Mobile/Lite Server

Error Correction Information for Oracle Database Mobile Server

Patch Information

12.1 (Mobile Server)

Comments

Final CPU

April 2023

 

Patch Availability for Oracle Database Mobile Server 12.1.x

Product Home

Patch

Advisory Number

Comments

12.1

12.1.0.0 BP Patch 21974980

Released October 2015

 

 

3.1.8 Oracle GoldenGate

Error Correction information for Oracle GoldenGate

Component

21.3.0.0.0

19.1

12.2.0.2

Comments

Final CPU

-

July 2026

October 2023

 

Patch Availability for Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

21.3.0.0.0

Oracle GoldenGate 21.5.0.0.0 for Oracle Patch 33673511 or later

Oracle GoldenGate 21.5.0.0.0 Microservices for Oracle Patch 33673524 or later

CVE-2021-23017 (MarketPlace release only), CVE-2018-1311, CVE-2021-2351

 

19.1

Oracle GoldenGate 19.1.0.0.220118 for Oracle 11g Patch 33742655 or later

Oracle GoldenGate 19.1.0.0.220118 for Oracle 12c Patch 33742660 or later

Oracle GoldenGate 19.1.0.0.220118 for Oracle 18c Patch 33742664 or later

Oracle GoldenGate 19.1.0.0.220118 for Oracle 19c Patch 33742666 or later

CVE-2021-23017, CVE-2018-1311, CVE-2021-2351

Refer to Note 1645495.1 for the latest release and additional platforms.

12.2.0.2

On-Request

Released October 2021

Refer to Note 1645495.1 for the latest release and additional platforms.

 

3.1.9 Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)

Error Correction information for Oracle GoldenGate for Big Data

Component

21.3.0.0.0

19.1.0.0.x

12.3.0.0.0

Comments

Final CPU

-

July 2026

January 2022

 

Patch Availability for Oracle GoldenGate for Big Data

Product Home

Patch

Advisory Number

Comments

21.3.0.0.0

Oracle GoldenGate for Big Data 21.4.0.0.3 Microservices Patch 33730810

Oracle GoldenGate for Big Data 21.4.0.0.3
Patch 33730732

CVE-2021-44228, CVE-2021-45046, CVE-2021-45105

 

19.1.0.0.0

Oracle GoldenGate for Big Data 19.1.0.0.12
Patch 33676474

CVE-2021-44228, CVE-2021-45046

 

12.3.0.0.0

Oracle GoldenGate for Big Data 12.3.2.1.11 Patch 33676479

CVE-2021-44228, CVE-2021-45046

 

 

3.1.10 Oracle GoldenGate Monitor (aka Management Pack for Oracle GoldenGate)

Error Correction information for Oracle GoldenGate Monitor (aka Management Pack for Oracle GoldenGate)

Patch Information

12.2.1

12.1.3.x

Comments

Final CPU

July 2025

July 2022

 

 

Patch Availability for Management Pack For Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

12.2.1.2.0

Oracle GoldenGate Monitor 12.2.1.2.200930 (Server+Agent) Patch 31748559

Released October 2020

 

12.1.3

Monitor Server 12.1.3.0.160628 Patch 23340597
Monitor Agent 12.1.3.0.160628 Patch 23333295

Released June 2016

-

 

3.1.11 Oracle GoldenGate Veridata

Error Correction information for Oracle GoldenGate Veridata

Component

12.2.1

12.1.3

Comments

Final CPU

July 2025

July 2022

 

Patch Availability for Oracle GoldenGate Veridata

Product Home

Patch

Advisory Number

Comments

12.2.1

OGG Veridata Bundle Patch 12.2.1.4.200714 (PS4 BP2) (Server+Agent) Patch 31044508

Released July 2020

 

12.1.3

ORACLE GOLDENGATE VERIDATA V12.1.3.0.180415 SERVER Patch 26424104

Released April, 2018

 

 

3.1.12 Oracle NoSQL Database

Minimum Product Requirements for Oracle NoSQL Database 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle NoSQL Database downloads and installation instructions can be found at https://www.oracle.com/database/technologies/nosql-database-server-downloads.html

Product

Release

Advisory Number

Comments

Oracle NoSQL Database

21.1.12

CVE-2021-21409

 

 

3.1.13 Oracle Secure Backup

Error Correction information for Oracle Secure Backup

Patch Information

18.1

Comments

Final CPU

January 2024

 

Minimum Product Requirements for Oracle Secure Backup 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Secure Backup downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html

Product

Release

Advisory Number

Comments

Oracle Secure Backup

18.1.0.1

CVE-2021-26691, CVE-2021-33193, CVE-2021-42013, CVE-2021-3712

 

 

3.1.14 Oracle Spatial Studio

Minimum Product Requirements for Oracle Spatial Studio 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Spatial Studio downloads and installation instructions can be found at
https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html

Product

Release

Advisory Number

Comments

Oracle Spatial Studio

21.2.1

CVE-2021-2351

 

 

3.1.15 Oracle SQL Developer

Minimum Product Requirements for Oracle SQL Developer 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle SQL Developer downloads and installation instructions can be found at
https://www.oracle.com/tools/downloads/sqldev-downloads.html

Product

Release

Advisory Number

Comments

Oracle SQL Developer

21.4.1.349.1822

CVE-2021-45046, CVE-2021-44228

Announced as part of Log4j security alert (https://www.oracle.com/security-alerts/alert-cve-2021-44228.html)

 

3.1.16 Oracle Stream Analytics

Minimum Product Requirements for Oracle Stream Analytics 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Stream Analytics downloads and installation instructions can be found at
https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html

Product

Patch

Advisory Number

Comments

Oracle Stream Analytics

19.1.0.0.6 MLR Patch 33750861

CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832

 

 

3.1.17 Oracle TimesTen In-Memory Database

Error Correction information for Oracle TimesTen In-Memory Database

Describes Error Correction information for Oracle TimesTen In-Memory Database. The Oracle TimesTen In-Memory Database downloads and installation instructions can be found at https://www.oracle.com/in/database/technologies/timesten-downloads.html

Patch Information

18.1

Comments

Final Patch

April 2026

 

Minimum Product Requirements for Oracle TimesTen In-Memory Database

Describes the minimum product requirements for Oracle TimesTen In-Memory Database. The CPU security vulnerabilities are fixed in the listed release and later releases.

Product

Release

Advisory Number

Comments

Oracle TimesTen In-Memory Database

22.1.1.1.0 or later version

CVE-2021-29923, CVE-2021-2351, CVE-2020-7712, CVE-2020-11979, CVE-2020-1945, CVE-2021-36373 and CVE-2021-36374, CVE-2021-34558 and CVE-2021-36221

 

 

3.1.18 Oracle Essbase

Error Correction information for Oracle Essbase

Describes Error Correction information for Oracle Essbase.

Patch Information

21.c

Comments

Final Patch

July 2025

 

 

Minimum Product Requirements for Oracle Essbase

Describes the minimum product requirements for Oracle Essbase. The CPU security vulnerabilities are fixed in the listed release and later releases.

Product Home

Patch

Advisory Number

Comments

21.x

21.3.0.0.0 ORACLE ESSBASE RELEASE UPDATE Patch 32646479

CVE-2021-3711, CVE-2021-22901, CVE-2021-20718

 

 

3.2 Oracle Enterprise Manager

This section contains the following:

·         Section 3.2.1 "Oracle Real User Experience Insight"

·         Section 3.2.2 "Oracle Application Testing Suite"

·         Section 3.2.3 "Oracle Business Transaction Management"

·         Section 3.2.4 "Oracle Enterprise Manager Cloud Control"

·         Section 3.2.5 "Oracle Enterprise Manager Ops Center"

·         Section 3.2.6 "OSS Support Tools"

·         Section 3.2.7 "Oracle Configuration Manager"

3.2.1 Oracle Real User Experience Insight

Error Correction information for Oracle Real User Experience Insight

Patch Information

13.5.1.0

13.4.1.0

Comments

Final CPU

-

July 2022

 

On-Request platforms

 

 

 

Minimum Product Requirements for Oracle Real User Experience Insight

Critical Patch Update security vulnerabilities are fixed in the listed releases. For more information on Oracle Real User Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.

Product Version

Patch

Advisory Number

Comments

Real User Experience Insight 13.4.1.0

Oracle Real User Experience Insight Patch release 13.4.1.0.2 Patch 33507469 or later

CVE-2021-2351

 

Real User Experience Insight 13.5.1.0

Oracle Real User Experience Insight Patch release 13.5.1.0.1 Patch 33509103 or later

CVE-2021-2351

 

 

3.2.2 Oracle Application Testing Suite

Error Correction information for Oracle Application Testing Suite

Patch Information

13.3.0.1

Comments

Final CPU

June 2025

 

Patch Availability for Oracle Application Testing Suite

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.

Product Home

Patches

Advisory Number

Comments

Base Platform Fusion Middleware home

See "Oracle WebLogic Server 12.2.1.4"

See "Oracle WebLogic Server 12.2.1.4"

See "Oracle WebLogic Server" (Version 12.2.1.4)

13.3.0.1

EM BP Application Testing Suite CPU January 2022 Patch 33755762 or later

CVE-2021-2351

 

13.3.0.1

EM BP Application Testing Suite OFB CPU January 2022 Patch 33755751 or later

CVE-2021-2351

 

 

3.2.3 Oracle Business Transaction Management

Error Correction Information for Oracle Business Transaction Management

Component

12.1.0.7

Comments

Final CPU

-

 

Patch Availability for Oracle Business Transaction Management

Product Home

Patch

Advisory Number

Comment

BTM Home

BTM Patch 12.1.0.7.15 Patch 29135901

Released April 2019

 

 

3.2.4 Oracle Enterprise Manager Cloud Control

Error Correction information for Oracle Enterprise Manager Cloud Control

Patch Information

13.5.0.0

13.4.0.0

Comments

Final CPU

October 2026

April 2022

Note 1595197.1 Lifetime Support and Support Policies for Oracle Enterprise Manager

On-Request platforms

-

-

 

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 5 (13.5.0.0)

Product Home

Patches

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

Patch Repository Database of Oracle Enterprise Manager

Oracle Java SE home

Oracle JDK 8 Update 321 Patch 33518551 or later for Linux, Windows and Solaris

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 2776765.1 EM 13.5: How to Use the Latest Certified JDK 8 Update with OMS 13.5

If your plans include updating the JDK version, please be sure that the JDK version that you choose is certified with your Oracle Enterprise Manager Cloud Control Component.

Base Platform OMS home

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

Update OPatch 13.9.4.2.6 Patch 28186730 or later before applying the WLS PSU.

See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

Base Platform OMS home

Enterprise Manager 13c Release 5 Update 1 (13.5.0.1) for OMS Patch 32835392 or later

Released October 2021

 

Base Platform Agent home

Enterprise Manager 13c Release 5 Update 1 (13.5.0.1) for Agent Patch 32924765 or later

Released October 2021

 

Base Platform Agent home

Enterprise Manager Agent 13.5.0.0.0 Patch 33565758

CVE-2022-21392

 

Base Platform OMS home

WLS PATCH SET UPDATE 12.2.1.4.210930 Patch 33416868 or later

Released October 2021

See Note 2764668.1 Security Advice and Post-Install Information for Oracle WebLogic Server PSUs

Base Platform OMS home

Coherence 12.2.1.4.0 Cumulative Patch 11 Patch 33286160 or later

 

 

Base Platform OMS home

FMW PLATFORM 12.2.1.4.0 SPU FOR APRCPU2021 Patch 33093748 or later

Released April 2021

 

Base Platform OMS home

FMW COMMON THIRDPARTY SPU 12.2.1.4.0 FOR APRIL2021CPU Patch 32880070 or later

Released April 2021

See Note 2768441.1 Details for Oracle Fusion Middleware Third-Party Component Updates

Base Platform OMS home

ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020 Patch 31544353 or later

Released July 2020

ADR Patch

See Note 2703429.1 for details on ADR and Applicability of this patch.

Base Platform OMS home

OHS (NATIVE) BUNDLE PATCH 12.2.1.4.210826 Patch 33283762 or later

Released October 2021

Note 2743971.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches

Base Platform OMS home

OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or later

Released April 2021

Oracle Security Service (SSL/Network) Patch for Oracle HTTP server (OHS)

Base Platform OMS home

OPSS BUNDLE PATCH 12.2.1.4.210418 Patch 32784652 or later

Released April 2021

 

Base Platform OMS home

ADF BUNDLE PATCH 12.2.1.4.210706 Patch 33084721 or later

Released July 2021

 

Base Platform OMS home

WebCenter Core Bundle Patch 12.2.1.4.200526 Patch 31403376 or later

Released July 2020

 

Base Platform OMS home

FMW JDBC Java Patch 32720458 or later

CVE-2021-2351

 

 

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 4 (13.4.0.0)

Product Home

Patches

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

Patch Repository Database of Oracle Enterprise Manager

Oracle Java SE home

Oracle JDK 8 Update 321 Patch 33518551 or later for Linux, Windows and Solaris

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 2653847.1 EM 13.4: How to Use the Latest Certified JDK 8 Update with OMS 13.4

If your plans include updating the JDK version, please be sure that the JDK version that you choose is certified with your Oracle Enterprise Manager Cloud Control Component.

Base Platform OMS home

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

Update OPatch 13.9.4.2.6 Patch 28186730 or later before applying the WLS PSU.

See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

Base Platform OMS home

WLS PATCH SET UPDATE 12.2.1.3.211222 Patch 33699205 or later

CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934

See Note 2764668.1 Security Advice and Post-Install Information for Oracle WebLogic Server PSUs.

For CVE-2021-44832 fix, an overlay patch on top of Jan'22 WLS PSU will be made available by 20th Jan'22. See Note 2827793.1 for details.

For CVE-2021-4104 fix, an overlay patch on top of Jan'22 WLS PSU will be made available by 31st Jan'22.

Base Platform OMS home

Coherence 12.2.1.3 Cumulative Patch 16 Patch 33286132 or later

 

CVE-2021-35617 - Resolution of this CVE requires installation of both the WebLogic Server PSU and the Coherence patch.

Base Platform OMS home

FMW Platform 12.2.1.3.0 SPU FOR AprCPU2021 Patch 32982708 or later

Released April 2021

 

Base Platform OMS home

FMW COMMON THIRD PARTY SPU 12.2.1.3.0 FOR APRIL2021CPU Patch 32910589 or later

Released April 2021

See Note 2768441.1 Details for Oracle Fusion Middleware Third-Party Component Updates

Base Platform OMS home

ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340 or later

Released July 2020

ADR Patch

See Note 2703429.1 for details on ADR and Applicability of this patch.

Base Platform OMS home

Oracle WebLogic Server 12.2.1.3.0 Patch 33235201 or later

Released July 2021

Patch 33235201 replaces Patch 29738020. See Note 2568304.1 for more details.

Base Platform OMS home

Enterprise Manager for Peoplesoft 13.4.1.1.0 Patch for CPUOct2020 Patch 31795605

Released October 2020

 

Base Platform Agent home

Enterprise Manager 13c Release 4 Platform Update 13 (13.4.0.13) for Agent Patch 33179516 or later

Released October 2021

For CVE-2020-10878, upgrade to Enterprise Manager 13c Release 5

Base Platform Agent home

Enterprise Manager Agent 13.4.0.0.0 Patch 33565758

CVE-2022-21392

 

Base Platform Agent home

Enterprise Manager for Beacon 13c Release 4 Plug-in Update 12 (13.4.0.12) for Agent Patch 33072895 or later

Released July 2021

 

Base Platform Agent home

Enterprise Manager for Virtualization 13c Release 4 Plug-in Update 10 (13.4.1.10) for Agent (Discovery) Patch 32352393 or later

Released April 2021

 

Base Platform OMS home

Enterprise Manager 13c Release 4 Update 13 (13.4.0.13) for OMS Patch 33177978 or later

Released October 2021

For CVE-2020-10878, upgrade to Enterprise Manager 13c Release 5

Base Platform OMS home

Latest Oracle Cluster Verification Utility Release Patch 16766985 or later

Released October 2021

Follow the steps provided in Note 2628009.1 How to Update the CVU for EM Cloud Control 13c

Base Platform OMS home

ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or later

Released October 2020

 

Base Platform OMS home

OHS (NATIVE) BUNDLE PATCH 12.2.1.3.211130 Patch 33619405 or later

CVE-2021-40438

Note 2568225.1Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches

Base Platform OMS home

OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or later

Released April 2021

Oracle Security Service (SSL/Network) Patch for Oracle HTTP server (OHS)

Base Platform OMS home

ONS 12.2.1.3.0 SPU Patch Patch 27323998 or later

Released July 2018

For the WLS Plug-In installed with OHS

Base Platform OMS home

OBI BUNDLE PATCH 12.2.1.3.210915 Patch 33358811 or later

Released October 2021

 

Base Platform OMS home

OHT SPU 12.2.1.3.0 Patch 31613012 or later

Released July 2020

 

Base Platform OMS home

WebCenter Core Bundle Patch 12.2.1.3.200519 Patch 31403333 or later

Released July 2020

 

Base Platform OMS home

FMW JDBC Java Patch 33621861 or later

CVE-2021-2351

 

EM Cloud Control Connectors

Upgrade to Enterprise Manager Connectors 13.2.2.0.0 or later

Released January 2021

See Announcement on MOSC

Connector 13.2.1.0 is applicable to EM 13.4

 

3.2.5 Oracle Enterprise Manager Ops Center

Error Correction information for Oracle Enterprise Manager Ops Center

Patch Information

12.4.0

Comments

Final CPU

April 2024

Premier Support ends

Patch Availability for Oracle Enterprise Manager Ops Center

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.

Product Home

UNIX

Advisory Number

Comments

12.4.0

Ops Center UCE patches for Jan 2022 Patch 33701477 or later

CVE-2021-3177

 

12.4.0

Ops Center UI/Other patches for Jan 2022 Patch 33701457 or later

CVE-2021-2351, CVE-2021-3177

 

 

3.2.6 OSS Support Tools

Error Correction information for OSS Support Tools

Patch Information

8.11.x

Comments

Final CPU

-

 

Patch Availability for OSS Support Tools

Product Home

Solaris

Advisory Number

Comments

8.11.16.3.8

BP Patch 22783063

March 2016

See My Oracle Support Note 1153444.1Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT

 

3.2.7 Oracle Configuration Manager

Minimum Product Requirements for Oracle Configuration Manager

Critical Patch Update security vulnerabilities are fixed in the listed releases. 
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com). Customer can use collector tab to down the Oracle Configuration Manager Collector.

Component

Release

Advisory Number

Comments

Oracle Configuration Manager

OCM 12.1.2.0.8 Patch 5567658 or later

Released July 2021

Upgrade to 12.1.2.0.8 Release

 

3.3 Oracle Fusion Middleware

This section contains the following:

·         Section 3.3.1 "Reserved for Future Use"

·         Section 3.3.2 "NetBeans IDE"

·         Section 3.3.3 "Oracle Business Intelligence Enterprise Edition"

·         Section 3.3.4 "Oracle Business Intelligence Publisher"

·         Section 3.3.5 "Oracle Data Integrator"

·         Section 3.3.6 "Reserved for Future Use"

·         Section 3.3.7 "Oracle Data Visualization Desktop"

·         Section 3.3.8 "Oracle Enterprise Data Quality"

·         Section 3.3.9 "Reserved for Future Use"

·         Section 3.3.10 "Oracle Exalogic Patch Set Update (PSU)"

·         Section 3.3.11 "Oracle FMW Infrastructure"

·         Section 3.3.12 "Oracle Forms and Reports"

·         Section 3.3.13 "Oracle HTTP Server / Web-Tier"

·         Section 3.3.14 "Oracle Hyperion Analytic Provider Services"

·         Section 3.3.15 "Reserved for Future Use"

·         Section 3.3.16 "Reserved for Future Use"

·         Section 3.3.17 "Reserved for Future Use"

·         Section 3.3.18 "Oracle Hyperion Essbase"

·         Section 3.3.19 "Reserved for Future Use"

·         Section 3.3.20 "Oracle Hyperion Financial Management"

·         Section 3.3.21 "Reserved for Future Use"

·         Section 3.3.22 "Oracle Hyperion Infrastructure Technology"

·         Section 3.3.23 "Reserved for Future Use"

·         Section 3.3.24 "Oracle Hyperion Planning"

·         Section 3.3.25 "Reserved for Future Use"

·         Section 3.3.26 "Reserved for Future Use"

·         Section 3.3.27 "Oracle Hyperion Workspace"

·         Section 3.3.28 "Oracle Identity and Access Management"

·         Section 3.3.29 "Oracle JDeveloper and Oracle ADF"

·         Section 3.3.30 "Oracle Map Viewer"

·         Section 3.3.31 "Oracle Outside In Technology"

·         Section 3.3.32 "Oracle Real Time Decisions Applications"

·         Section 3.3.33 "Oracle Real Time Decisions Platform"

·         Section 3.3.34 "Oracle Service Architecture Leveraging Tuxedo (SALT)"

·         Section 3.3.35 "Oracle SOA Suite"

·         Section 3.3.36 "Oracle Traffic Director"

·         Section 3.3.37 "Oracle Tuxedo"

·         Section 3.3.38 "Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)"

·         Section 3.3.39 "Oracle WebCenter"

·         Section 3.3.40 "Oracle WebCenter Sites (Formerly FatWire Content Server)"

·         Section 3.3.41 "Reserved for Future Use"

·         Section 3.3.42 "Reserved for Future Use"

·         Section 3.3.43 "Oracle WebLogic Server"

·         Section 3.3.44 "Oracle Coherence"

 

3.3.1 Reserved for Future Use

 

3.3.2 NetBeans IDE

Minimum Product Requirements for NetBeans IDE

Critical Patch Update security vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/

Product Home

Release

Advisory Number

Comments

NetBeans IDE

8.2

Released October 2016

 

 

3.3.3 Oracle Business Intelligence Enterprise Edition

Error Correction information for Oracle Business Intelligence Enterprise Edition

Patch Information

5.9.0.0.0

5.5.0.0.0

12.2.1.4.0

12.2.1.3

Comments

Final CPU

-

-

-

October 2022

 

NOTE: If Oracle Analytics or Business Intelligence customer’s enable Native Network Encryption (NNE), they may see services fail. To learn more, see Note 2834587.1

Patch Availability for Oracle Analytics Server 5.9

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle Analytics Server (OAS) 5.9.0.0.0

Download and apply the SPB patch:

OAS STACK PATCH BUNDLE 5.9.0.0.0 Patch 33742401 or later

OR download and apply the individual patches below:

CVE-2022-21346, CVE-2019-17566, CVE-2021-45105, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934, CVE-2022-21361, CVE-2020-5258, CVE-2020-13956, CVE-2022-21257, CVE-2022-21385, CVE-2022-21259, CVE-2022-21260, CVE-2022-21261, CVE-2022-21262, CVE-2020-11023, CVE-2022-21252, CVE-2022-21292, CVE-2022-21306

For patch availability, see section 2.2 Post Release Patches

 

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

 

 

OAS BUNDLE PATCH 5.9.0.0 <Patch 33702984> or later

CVE-2022-21346, CVE-2019-17566, CVE-2021-45105

Fix for CVE-2021-45105 will also fix the CVE-45046 and CVE-2021-44228.

For patch availability, see section 2.2 Post Release Patches

 

WLS PATCH SET UPDATE 12.2.1.4.220105 Patch 33727616 or later

CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934, CVE-2022-21306

See Note 2764668.1 Security Advice and Post-Install Information for Oracle WebLogic Server PSUs.

 

Coherence 12.2.1.4 Cumulative Patch 10 Patch 32973297 or later

Released July 2021

If WLS is installed, see WLS 12.2.1.4 for a full list of patches needed including Oracle Coherence

 

WEBLOGIC SAMPLES SPU 12.2.1.4 Patch 33539252 or later

CVE-2022-21361, CVE-2020-5258, CVE-2020-13956, CVE-2022-21257, CVE-2022-21385, CVE-2022-21259, CVE-2022-21260, CVE-2022-21261, CVE-2022-21262, CVE-2020-11023, CVE-2022-21252, CVE-2022-21292

See Note 2255054.1, Details for Oracle WebLogic Server's Use of Struts and the SAMPLES SPU

 

ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020 Patch 31544353 or later

Released July 2020

ADR Patch

See Note 2703429.1 for details on ADR and Applicability of this patch.

 

Patch Availability for Oracle Analytics Server 5.5

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle Analytics Server (OAS) 5.5.0.0.0

Download and apply the SPB patch:

OAS STACK PATCH BUNDLE 5.5.0.0.0 Patch 33742402 or later

OR download and apply the individual patches below:

CVE-2022-21346, CVE-2019-17566, CVE-2021-45105, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934, CVE-2022-21306

For patch availability, see section 2.2 Post Release Patches

 

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

 

 

OAS BUNDLE PATCH 5.5.0.0.210922 Patch 33327488 or later
+
OAS 5.5.0.0.210922 One off Patch Patch 33545334

CVE-2022-21346

For patch availability of OAS BUNDLE PATCH 5.5.0.0 Patch 33702981, see section 2.2 Post Release Patches

 

WLS PATCH SET UPDATE 12.2.1.4.220105 Patch 33727616 or later

CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934, CVE-2022-21306

See Note 2764668.1 Security Advice and Post-Install Information for Oracle WebLogic Server PSUs.

 

Coherence 12.2.1.4 Cumulative Patch 10 Patch 32973297 or later

Released July 2021

If WLS is installed, see WLS 12.2.1.4 for a full list of patches needed including Oracle Coherence

 

WEBLOGIC SAMPLES SPU 12.2.1.4.220118 Patch 33539252 or later

CVE-2022-21361, CVE-2020-5258, CVE-2020-13956, CVE-2022-21257, CVE-2022-21385, CVE-2022-21259, CVE-2022-21260, CVE-2022-21261, CVE-2022-21262, CVE-2020-11023, CVE-2022-21252, CVE-2022-21292

See Note 2255054.1, Details for Oracle WebLogic Server's Use of Struts and the SAMPLES SPU

 

ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020 Patch 31544353

Released July 2020

ADR Patch

See Note 2703429.1 for details on ADR and Applicability of this patch.

 

Patch Availability for Oracle Business Intelligence Enterprise Edition 12.2.1.4

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle Business Intelligence Enterprise Edition

Download and apply the SPB patch:

OBI STACK PATCH BUNDLE 12.2.1.4 Patch 33715784 or later

OR download and apply the individual patches below:

CVE-2022-21346, CVE-2019-17566, CVE-2021-45105, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934, CVE-2022-21306

For patch availability, see section 2.2 Post Release Patches

 

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

 

 

OBI BUNDLE PATCH 12.2.1.4.210915 Patch 33358815
+
OBI 12.2.1.4.210915 One off Patch 33545271

CVE-2022-21346

For patch availability of BUNDLE PATCH 12.2.1.4 Patch 33642477, see section 2.2 Post Release Patches

 

WLS PATCH SET UPDATE 12.2.1.3.211222 Patch 33699205 or later

CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934, CVE-2022-21306

See Note 2764668.1 Security Advice and Post-Install Information for Oracle WebLogic Server PSUs.

 

Coherence 12.2.1.3 Cumulative Patch 15 Patch 32973279 or later

Released July 2021

If WLS is installed, see WLS 12.2.1.3 for a full list of patches needed including Oracle Coherence

 

ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340 or later

Released July 2020

ADR Patch

See Note 2703429.1 for details on ADR and Applicability of this patch.

 

Patch Availability for Oracle Business Intelligence Enterprise Edition 12.2.1.3

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle Business Intelligence Enterprise Edition

Download and apply the SPB patch:

OBI STACK PATCH BUNDLE 12.2.1.3 Patch 33747991 or later

OR download and apply the individual patches below:

CVE-2022-21346, CVE-2019-17566, CVE-2021-45105, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934, CVE-2022-21306

For patch availability, see section 2.2 Post Release Patches

 

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

 

 

OBI BUNDLE PATCH 12.2.1.3.210915 Patch 33358811

OBI 12.2.1.3.210915 One off <Patch 33560997> 

CVE-2022-21346

For patch availability of OBI BUNDLE PATCH 12.2.1.3 Patch 33666334, see section 2.2 Post Release Patches

 

WLS PATCH SET UPDATE 12.2.1.3.211222 Patch 33699205 or later

CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934, CVE-2022-21306

See Note 2764668.1 Security Advice and Post-Install Information for Oracle WebLogic Server PSUs

 

Coherence 12.2.1.3 Cumulative Patch 15 Patch 32973279 or later

Released July 2021

If WLS is installed, see WLS 12.2.1.3 for a full list of patches needed including Oracle Coherence

 

FMW Platform 12.2.1.3.0 SPU FOR AprCPU2021 Patch 32982708 or later

Released April 2021

 

 

ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340 or later

Released July 2020

ADR Patch

See Note 2703429.1 for details on ADR and Applicability of this patch.

 

3.3.4 Oracle Business Intelligence Publisher

Error Correction information for Oracle Business Intelligence Publisher

Patch Information

12.2.1.4

Comments

Final CPU

-

 

Patch Availability for Oracle Business Intelligence Publisher

Product Home

Patch

Advisory Number

Comments

OAS 5.5.0.0.0, and 12.2.1.4 Business Intelligence Publisher

See "Oracle Business Intelligence Enterprise Edition"

See "Oracle Business Intelligence Enterprise Edition"

BIP is part of OBI Patch in 12c

 

3.3.5 Oracle Data Integrator

Error Correction information for Oracle Data Integrator

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

Note 1933372.1 Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

Patch Availability for Oracle Data Integrator 12.2.1.4

Distribution / Product Home

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.4"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle Data Integrator

ODIMP Bundle Patch 12.2.1.4 Patch 33747852 or later

CVE-2021-45105

For patch availability, see section 2.2 Post Release Patches

Patch Availability for Oracle Data Integrator 12.2.1.3

Distribution / Product Home

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.3"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle Data Integrator

ODI Bundle Patch 12.2.1.3 Patch 33510887 or later

CVE-2021-45105

 

 

3.3.6 Reserved for Future Use

 

3.3.7 Oracle Data Visualization Desktop

Error Correction information for Oracle Data Visualization Desktop

Patch Information

12.2.4.1.1

Comments

Final CPU

-

 

Patch availability for Oracle Data Visualization Desktop

Product Home

Patch

Advisory Number

Comments

Oracle Data Visualization Desktop 12.2.4.1.1

Patch is available on http://www.oracle.com/technetwork/middleware/oracle-data-visualization/index.html

Released April 2018

 

 

3.3.8 Oracle Enterprise Data Quality

Error Correction information for Oracle Enterprise Data Quality

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

 

Patch Availability for Oracle Enterprise Data Quality

Distribution / Product Home

Patch

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure"

 

Apply FMW infrastructure patches if you have installed EDQ with WebLogic Server

Oracle Enterprise Data Quality 12.2.1.4

EDQ 12.2.1.4.0 CPU Jan 2022 Patch 33764554 or later

CVE-2021-2351

 

Oracle Enterprise Data Quality 12.2.1.3

EDQ 12.2.1.3.0 CPU Jan 2022 Patch 33764671 or later

CVE-2021-2351

 

 

3.3.9 Reserved for Future Use

 

3.3.10 Oracle Exalogic Patch Set Update (PSU)

Error Correction information for Oracle Exalogic Patch Set Update (PSU)

Patch Information

2.x

1.x

Comments

Final CPU

-

-

 

Patch Set Update Availability for Oracle Exalogic

Oracle Exalogic

Patch

Advisory Number

Comments

2.x Physical

2.0.6.4.211019 Physical Linux (for all X2-2, X3-2, X4-2, X5-2, and X6-2) Patch 33217537 or later

2.0.6.3.211019 Physical Solaris (for all X2-2, X3-2, X4-2, and X5-2) Patch 33217537 or later

Released July 2021

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

2.x Virtual

2.0.6.3.211019 Virtual (for all X2-2, X3-2, X4-2, X5-2, and X6-2) Patch 33217538 or later

Released July 2021

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

1.x

Upgrade to 2.x based on information in the Comments column. Then apply the patches listed above.

Released March 2012 (13795376)

Released Februrary 2013 (15931901)

See Patch 13795376 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)

See Patch 15931901 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)

See Note 1314535.1Announcing Exalogic PSUs (Patch Set Updates)

 

3.3.11 Oracle FMW Infrastructure

This section contains the following:

·         Section 3.3.11.1 "Error Correction information for Oracle Fusion Middleware Infrastructure"

·         Section 3.3.11.2 "Patch Availability for Oracle Fusion Middleware Infrastructure 12.2.1.4"

·         Section 3.3.11.3 "Patch Availability for Oracle Fusion Middleware Infrastructure 12.2.1.3"

 

3.3.11.1 Error Correction Information for Oracle Fusion Middleware Infrastructure

Error Correction information for Oracle Fusion Middleware Infrastructure

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

See Note 1290894.1, Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)

On-Request platforms

-

 

Note: 11.1.1.9.0 patches provided beyond Dec 2018 are for Extended Support Customers only

 

3.3.11.2 Patch Availability for Oracle Fusion Middleware Infrastructure 12.2.1.4

Note: The patches and guidance below are common to all Oracle Fusion Middleware (FMW) products installed (colocated) with an FMW 12.2.1.4 Infrastructure. Ensure to also follow the tables within this document for all FMW products you have installed with the FMW 12.2.1.4 Infrastructure.

Product / Component

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

Java home

Java SE 8 Update 321 Patch 18143322 or later for Linux, Windows, and Solaris.

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server

Download and apply the SPB or individual patches listed within the section, "Oracle WebLogic Server 12.2.1.4"

Then, apply the patches below for the remaining FMW Infrastructure components:

See "Oracle WebLogic Server 12.2.1.4"

If using Identity and Access Management, refer to Oracle Identity and Access Management 12.2.1.4. The IDM Stack Patch Bundle includes all FMW Infrastructure and WLS patches.

Application Development Framework (ADF)

ADF Bundle Patch 12.2.1.4 Patch 33697227 or later

CVE-2021-45105

See Note 2834384.1 Details for applying Jan 2022 ADF 12.2.1.4 patch with 12.2.1.4 FMW COMMON THIRD PARTY SPU

FMW Third-Party Jars

FMW COMMON THIRD PARTY SPU 12.2.1.4.0 FOR Jan2022 CPU Patch 33723124 or later

Released Jan 2022

See Note 2768441.1 Details for Oracle Fusion Middleware Third-Party Component Updates

Oracle Platform Security Services (OPSS)

OPSS BUNDLE PATCH 12.2.1.4.210418 Patch 32784652 or later

Released April 2021

 

FMW Control

FMW Control SPU Patch Patch 30613424 or later

Released April 2021

 

WebCenter Core

WebCenter Core Bundle Patch 12.2.1.4.200526 Patch 31403376 or later

Released July 2020

 

 

3.3.11.3 Patch Availability for Oracle Fusion Middleware Infrastructure 12.2.1.3

Note: The patches and guidance below are common to all Oracle Fusion Middleware (FMW) products installed (colocated) with an FMW 12.2.1.3 Infrastructure. Ensure to also follow the tables within this document for all FMW products you have installed with the FMW 12.2.1.3 Infrastructure.

Product / Component

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

Java home

Java SE 8 Update 321 Patch 18143322 or later for Linux, Windows, and Solaris.

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server

Download and apply the SPB or individual patches listed within the section, "Oracle WebLogic Server 12.2.1.3"

Then, apply the patches below for the remaining FMW Infrastructure components:

See "Oracle WebLogic Server 12.2.1.3"

If using Identity and Access Management, refer to Oracle Identity and Access Management 12.2.1.3. The IDM Stack Patch Bundle includes all FMW Infrastructure and WLS patches.

FMW Third-Party Jars

FMW COMMON THIRD PARTY SPU 12.2.1.3.0 FOR APRIL2021CPU Patch 32910589 or later

Released April 2021

See Note 2768441.1 Details for Oracle Fusion Middleware Third-Party Component Updates

Oracle Platform Security Services (OPSS)

OPSS Bundle Patch 12.2.1.3.210420 Patch 32397127 or later

Released April 2021

 

Application Development Framework (ADF)

ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or later

Released October 2020

Apply to all Oracle homes installed with an FMW Infrastructure

Oracle Help Technologies (OHT)

OHT SPU 12.2.1.3.0 Patch 31613012 or later

Released July 2020

 

WebCenter Core

WebCenter Core Bundle Patch 12.2.1.3.200519 Patch 31403333 or later

Released July 2020

 

 

 

3.3.12 Oracle Forms and Reports

Error Correction information for Oracle Forms and Reports

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

Note 1933372.1 Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

Patch Availability for Oracle Forms and Reports 12.2.1.4

Distribution / Component

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.4"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle Reports

Oracle Reports Developer 12.2.1.4.0 SPU Patch 30731161 or later

Released January 2020

 

Oracle HTTP server (OHS)

OHS (NATIVE) BUNDLE PATCH 12.2.1.4.211130 Patch 33619347 or later

CVE-2021-40438

Note 2743971.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches

Oracle Security Services (OSS)

OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or later

Released April 2021

 

Patch Availability for Oracle Forms and Reports 12.2.1.3

Distribution / Component

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.3"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle Forms 

Forms 12.2.1.3.0 SPU Patch 30410629 or later

Released October 2019

 

Oracle Reports

Reports Developer 12.2.1.3 SPU Patch 30731147 or later

Released January 2020

 

Oracle HTTP Server (OHS)

OHS (NATIVE) BUNDLE PATCH 12.2.1.3.211130 Patch 33619405 or later

CVE-2021-40438

Note 2568225.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches

Oracle Security Services (OSS)

OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or later

Released April 2021

 

Oracle Access Manager (OAM) WebGate

OAM WebGate Bundle Patch 12.2.1.3.200813 Patch 31750289 or later

Released October 2020

 

Oracle Notification Server (ONS)

ONS 12.2.1.3.0 SPU Patch Patch 27323998 or later

Released July 2018

For the WLS Plug-In installed with OHS

 

3.3.13 Oracle HTTP Server / Web-Tier

This section contains the following:

·         Section 3.3.13.1 "Error Correction information for Oracle HTTP Server"

·         Section 3.3.13.2 "Patch Availability for Oracle HTTP Server 12.2.1.4 (Colocated with FMW Infrastructure)"

·         Section 3.3.13.3 "Patch Availability for Oracle HTTP Server 12.2.1.4 (Standalone)"

·         Section 3.3.13.4 "Patch Availability for Oracle HTTP server 12.2.1.3 (Colocated with FMW Infrastructure)"

·         Section 3.3.13.5 "Patch Availability for Oracle HTTP Server 12.2.1.3 (Standalone)"

 

3.3.13.1 Error Correction Information for Oracle HTTP Server / Web-Tier

Error Correction information for Oracle HTTP Server / Web-Tier

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

Note 1933372.1 Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

 

 

 

 

3.3.13.2 Patch Availability for Oracle HTTP Server 12.2.1.4 (Colocated with FMW Infrastructure)

Distribution / Component

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.4"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle HTTP Server

OHS (NATIVE) BUNDLE PATCH 12.2.1.4.211130 Patch 33619347 or later

CVE-2021-40438

Note 2743971.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches

Oracle Security Services (OSS)

OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or later

Released April 2021

 

 

3.3.13.3 Patch Availability for Oracle HTTP Server 12.2.1.4 (Standalone)

Distribution / Component

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

Java home

Java SE 8 Update 321 Patch 18143322 for Linux, Windows, and Solaris.

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 1492980.1 How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

OPatch home

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

Upgrade OPatch before installing patches

Oracle HTTP Server

OHS (NATIVE) BUNDLE PATCH 12.2.1.4.211130 Patch 33619347 or later

CVE-2021-40438

Note 2743971.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.4 Bundle Patches

FMW JDBC

FMW JDBC Java Patch 32720458 or later

CVE-2021-2351

 

Oracle Security Services (OSS)

OSS BUNDLE PATCH 12.2.1.4.210302 Patch 32575741 or later

Released April 2021

 

Node Manager and WLST

WLS PATCH SET UPDATE 12.2.1.4.220105 Patch 33727616 or later

CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934

See Note 2764668.1 Security Advice and Post-Install Information for Oracle WebLogic Server PSUs.

 

RDAOFM (OPatch) 20.4.07.01.22 for FMW 12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or later

CVE-2021-2351

 

FMW Platform

FMW PLATFORM 12.2.1.4.0 SPU FOR APRCPU2021 Patch 33093748 or later

Released April 2021

 

FMW Third-Party Jars

FMW COMMON THIRD PARTY SPU 12.2.1.4.0 FOR Jan 2022 CPU Patch 33723124 or later

Released January 2022

See Note 2768441.1 Details for Oracle Fusion Middleware Third-Party Component Updates

 

3.3.13.4 Patch Availability for Oracle HTTP Server 12.2.1.3 (Colocated with FMW Infrastructure)

Distribution / Component

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.3"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle HTTP Server

OHS (NATIVE) BUNDLE PATCH 12.2.1.3.211130 Patch 33619405 or later

CVE-2021-40438

See Note 2568225.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches

Oracle Security Services (OSS)

OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or later

Released April 2021

 

Oracle Access Manager (OAM) WebGate

OAM WebGate Bundle Patch 12.2.1.3.200813 Patch 31750289 or later

Released October 2020

 

Oracle Notification Server (ONS)

ONS 12.2.1.3.0 SPU Patch Patch 27323998 or later

Released July 2018

For the WLS Plug-In installed with OHS

 

3.3.13.5 Patch Availability for Oracle HTTP Server 12.2.1.3 (Standalone)

Distribution / Component

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

Java home

Java SE 8 Update 311 Patch 18143322 or later for Linux, Windows, and Solaris.

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

See Note 1492980.1 How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

OPatch home

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

Upgrade OPatch before installing patches

Oracle HTTP Server

OHS (NATIVE) BUNDLE PATCH 12.2.1.3.211130 Patch 33619405 or later

CVE-2021-40438

See Note 2568225.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches

 

RDAOFM (OPatch) 20.4.07.01.22 for FMW 12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or later

CVE-2021-2351

 

FMW JDBC

FMW JDBC Java Patch 33290784 or later

CVE-2021-2351

 

Oracle Security Services (OSS)

OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or later

Released April 2021

 

Node Manager and WLST

WLS PATCH SET UPDATE 12.2.1.3.211222 Patch 33699205 or later

CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2019-17195, CVE-2020-2934

See Note 2764668.1 Security Advice and Post-Install Information for Oracle WebLogic Server PSUs.

FMW Platform

FMW Platform 12.2.1.3.0 SPU FOR AprCPU2021 Patch 32982708 or later

Released April 2021

 

FMW Third-Party Jars

FMW COMMON THIRD PARTY SPU 12.2.1.3.0 FOR APRIL2021CPU Patch 32910589 or later

Released April 2021

See Note 2768441.1 Details for Oracle Fusion Middleware Third-Party Component Updates

Oracle Access Manager (OAM) WebGate

OAM WebGate Bundle Patch 12.2.1.3.200813 Patch 31750289 or later

Released October 2020

 

Oracle Notification Server (ONS)

ONS 12.2.1.3.0 SPU Patch Patch 27323998 or later

Released July 2018

For the WLS Plug-In installed with OHS

 

3.3.14 Oracle Hyperion Analytic Provider Services

Error Correction information for Oracle Hyperion Analytic Provider Services

Patch Information

12.2.1.4

Comments

Final CPU

-

 

Patch Availability for Oracle Hyperion Analytic Provider Services

Product Home

Patch

Advisory Number

Comments

12.2.1.4

See Note 2769474.1 How To Remove Analytic Provider Services from Oracle Business Intelligence / Fusion Middleware 12.2.1.4

Released April 2021

 

 

3.3.15 Reserved for Future Use

 

3.3.16 Reserved for Future Use

 

3.3.17 Reserved for Future Use

 

3.3.18 Oracle Hyperion Essbase

Error Correction information for Oracle Hyperion Essbase

Patch Information

11.1.2.x

Comments

Final CPU

January 2022

 

Patch Availability for Oracle Hyperion Essbase

Product Home

Patch

Advisory Number

Comments

11.1.2.4

11.1.2.4.047 PSU Patch 33485383 (Essbase Server)
11.1.2.4.047 PSU Patch 33485376 (Essbase Client)
11.1.2.4.047 PSU Patch 33485381 (Essbase MSI Client)
11.1.2.4.047 PSU Patch 33485386 (Essbase Runtime Client)

11.1.2.4.047 PSU Patch 33485394 (Analytic Provider Services)

11.1.2.4.047 PSU Patch 33485370 (Essbase Administration Services Server)

11.1.2.4.047 PSU Patch 33485372 (Essbase Administration Services MSI Client)

Released January 2022

 

11.1.2.3

11.1.2.3.508 PSU Patch 22347375 (RTC)
11.1.2.3.508 PSU Patch 22347367 (Client)
11.1.2.3.508 PSU Patch 22314799 (Server)

Released April 2017

 

11.1.2.2

Upgrade to Hyperion Essbase 11.1.2.3, then apply the patches listed above

Released July 2015

 

 

3.3.19 Reserved for Future Use

 

3.3.20 Oracle Hyperion Financial Management

Error Correction information for Oracle Hyperion Financial Management

Patch Information

11.1.2.4

Comments

Final CPU

-

 

Patch Availability for Oracle Hyperion Financial Management

Product Home

Patch

Advisory Number

Comments

11.1.2.4

The issue has been addressed in the latest releases: 11.2.*.

Customers on the prior releases are recommended to upgrade to the latest releases. An upgrade path for release 11.1.2.4 is described in the Oracle Enterprise Performance Management System Release 11.2.2.0.000 Readme

Released April 2021

 

11.1.2.4 & 11.2

The issue has been addressed in the latest release: 11.2.7.0.000

Customers on the prior releases are recommended to upgrade to the latest release.

Released October 2021

 

 

3.3.21 Reserved for Future Use

 

3.3.22 Oracle Hyperion Infrastructure Technology

Error Correction information for Oracle Hyperion Infrastructure Technology

Patch Information

11.2

Comments

Final CPU

-

 

Patch Availability for Oracle Hyperion Infrastructure Technology

Product Home

Patch

Advisory Number

Comments

11.2

The issue has been addressed in the latest release: 11.2.7.0.000

Customers on the prior releases are recommended to upgrade to the latest release.

CVE-2021-2351

 

11.2

For 11.2.4, 11.2.5, 11.2.6 & 11.2.7 Apply FMW JDBC Java Patch 32720458 or later

CVE-2021-2351

 

 

3.3.23 Reserved for Future Use

 

3.3.24 Oracle Hyperion Planning

Error Correction information for Oracle Hyperion Planning

Patch Information

11.2

Comments

Final CPU

-

 

Patch Availability for Oracle Hyperion Planning

Product Home

Patch

Advisory Number

Comments

11.2

The issue has been addressed in the latest releases: 11.2.7.0.000

Customers on the prior releases are recommended to upgrade to the latest release.

Released October 2021

 

 

3.3.25 Reserved for Future Use

 

3.3.26 Reserved for Future Use

 

3.3.27 Oracle Hyperion Workspace

Error Correction information for Oracle Hyperion Workspace

Patch Information

11.2

Comments

Final CPU

-

 

Patch Availability for Oracle Hyperion Workspace

Product Home

Patch

Advisory Number

Comments

11.2

The issue has been addressed in the latest release: 11.2.6

Released July 2021

 

 

3.3.28 Oracle Identity and Access Management

This section contains the following:

·         Section 3.3.28.1 "Error Correction Information for Oracle Identity & Access Management"

·         Section 3.3.28.2 "Patch Availability for Oracle Identity & Access Management 12.2.1.4"

·         Section 3.3.28.3 "Patch Availability for Oracle Identity & Access Management 12.2.1.3"

·         Section 3.3.28.5 "Oracle Identity Management Connector"

3.3.28.1 Error Correction Information for Oracle Identity & Access Management

Error Correction Information for Oracle Identity & Access Management

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

-

-

 

 

3.3.28.2 Patch Availability for Oracle Identity & Access Management 12.2.1.4.0

Product

Patches

Advisory Number

Comments

Oracle Database

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

Java SE

Java SE 8 Update 311 Patch 18143322 or later for Linux, Windows, and Solaris

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

Download locations and installation instructions are in the above document.

See Note 1492980.1 How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle Access Manager (OAM)

Oracle Identity Manager (OIM)

Oracle Unified Directory (OUD) -Collocated

Oracle Internet Directory (OID)- Collocated

Download and apply the SPB patch:

IDM Stack Patch Bundle 12.2.1.4 Patch 33762692 or later

OR download and apply the individual patches below:

CVE-2021-35587, CVE-2020-9546, CVE-2021-29505, CVE-2021-36090, CVE-2021-45105, CVE-2021-2351

See Note 2657920.1 Stack Patch Bundle for Oracle Identity Management Products 

For patch availability, see section 2.2 Post Release Patches

Oracle Access Manager (OAM)

Oracle Identity Manager (OIM)

Oracle Unified Directory (OUD) -Collocated

Oracle Internet Directory (OID)- Collocated

See Section "Oracle Fusion Middleware Infrastructure 12.2.1.4"

See Section "Oracle Fusion Middleware Infrastructure 12.2.1.4"

Oracle Fusion Middleware Infrastructure patches

Oracle Access Manager (OAM)

OAM Bundle Patch 12.2.1.4 Patch 33751903 or later

CVE-2021-35587

For patch availability, see section 2.2 Post Release Patches

Oracle Identity Manager (OIM)

OIM Bundle Patch 12.2.1.4.210708 Patch 33092785 or later

Released July 2021

 

Oracle Identity Manager (OIM)

SOA BUNDLE PATCH 12.2.1.4.211221Patch 33696548 or later

CVE-2021-29505, CVE-2021-36090, CVE-2021-45105

 

Oracle Internet Directory (OID) - Standalone with NodeManager

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

 

Oracle Internet Directory (OID) - Standalone with NodeManager

FMW JDBC Java Patch 32720458 or later

CVE-2021-2351

 

Oracle Identity Manager (OIM)

Oracle WebCenter Core Bundle Patch 12.2.1.4.210303 Patch 32582592 or later

Released April 2021

 

Oracle Unified Directory (OUD) - Standalone and Collocated

OUD BUNDLE PATCH 12.2.1.4.200526 Patch 31400392 or later

Released July 2020

 

Oracle Internet Directory (OID) - Standalone and Standalone with Nodemanger

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

 

Oracle Internet Directory (OID) - Standalone and Standalone with Nodemanger

OSS Bundle Patch 12.2.1.4.210302 Patch 32575741 or later

Released April 2021

Oracle Security Services (OSS) patch for SSL used by Oracle Internet Directory (OID) Standalone and Standalone with NodeManager installs.

Oracle Internet Directory (OID) - Standalone with NodeManager

ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JAN CPU 2022 Patch 33639718 or later

CVE-2021-2351

ADR Patch

See Note 2703429.1 for details on ADR and the Applicability of this patch.

 

3.3.28.3 Patch Availability for Oracle Identity & Access Management 12.2.1.3.0

Product

Patches

Advisory Number

Comments

Oracle Database

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

Java SE

Java SE 8 Update 311 Patch 18143322 or later for Linux, Windows, and Solaris

See Note 2828114.1, Oracle Critical Patch Update (CPU) January 2022 for Oracle Java SE

Download locations and installation instructions are in the above document.

See Note 1492980.1 How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle Access Manager (OAM)

Oracle Identity Manager (OIM)

Oracle Unified Directory (OUD) -Collocated

Oracle Internet Directory (OID)- Collocated

Download and apply the SPB patch:

IDM Stack Patch Bundle 12.2.1.3 Patch 33762787 or later

OR download and apply the individual patches below:

CVE-2021-35587, CVE-2021-36090, CVE-2021-45105, CVE-2021-2351

See Note 2657920.1 Stack Patch Bundle for Oracle Identity Management Products

The IDM SPB includes CPU and functional fixes from IDM and lower stack products. Oracle recommends that you apply this single patch for Identity & Access Management Oracle homes.

For patch availability, see section 2.2 Post Release Patches

Oracle Access Manager (OAM)

Oracle Identity Manager (OIM)

Oracle Unified Directory (OUD) -Collocated

Oracle Internet Directory (OID)- Collocated

See Section "Oracle Fusion Middleware Infrastructure 12.2.1.3"

See Section "Oracle Fusion Middleware Infrastructure 12.2.1.3"

Apply all of the patches recommended for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)" Distribution.

Oracle Access Manager (OAM)

OAM Bundle Patch 12.2.1.3 Patch 33752617 or later

CVE-2021-35587

For patch availability, see section 2.2 Post Release Patches

Oracle Identity Manager (OIM)

SOA Bundle Patch 12.2.1.3.211119 Patch 33697220 or later

CVE-2021-36090, CVE-2021-45105

 

Oracle Internet Directory (OID) - Standalone with NodeManager

FMW JDBC Java Patch 33290784 or later

CVE-2021-2351

 

Oracle Identity Manager (OIM)

OIM Bundle Patch 12.2.1.3.210713 Patch 33112283 or later

Released July 2021

 

WebGates for Oracle Access Manager

OAM WebGate Bundle Patch 12.2.1.3.200813 Patch 31750289 or later

Released October 2020

Apply this patch where OHS 12.2.1.3 is installed.

See "Oracle HTTP Server 12.2.1.3"

Oracle Internet Directory (OID) - Standalone and Standalone with NodeManager

OPatch 13.9.4.2.8 Patch 28186730 or later

Released January 2022

Upgrade OPatch before installing patches on OUD/OID standalone installations

Oracle Unified Directory (OUD) - Standalone and Collocated

OUD BUNDLE PATCH 12.2.1.3.200623 Patch 31529239 or later

Released July 2020

 

Oracle Internet Directory (OID) -Standalone, Standalone with NodeManager and Collocated

OID Bundle Patch 12.2.1.3.180116 Patch 27396651> or later

Released January 2018

Oracle Internet Directory (OID) patch

See Note 2355090.1 Oracle Internet Directory (OID) Version 12c Bundle Patch (BP) (Including Directory Integration Platform / DIP) / Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers

Oracle Internet Directory (OID) - Standalone and Standalone with NodeManager

OSS BUNDLE PATCH 12.2.1.3.210420 Patch 31971994 or later

Released April 2021

Oracle Security Services (OSS) patch for SSL used by Oracle Internet Directory (OID)

 

3.3.28.5 Oracle Identity Management Connector

Error Correction information for Oracle Identity Management Connector

Patch Information

12c

11g

9.1.1.5

Comments

Final CPU

refer to Note 2454684.1

 

Patch Availability for Oracle Identity Management Connector

Product Version

Patch

Advisory Number

Comments

Microsoft AD connector 9.1.1.5

OIM Connector 9.1.1.5.15 Patch 25028999

Released October 2017

 

CA Top Secret Connector 9.1.0.6

OIM Connector 9.1.0.6 Patch 31708407

Released October 2020

9.0.x customers should upgrade to 9.1.0.x

RACF adv connector 9.1.0.2

OIM Connector 9.1.0.2 Patch 31058957

Released April 2020

9.0.x customers should upgrade to 9.1.0.x

acf2 connector 9.1.0.1

OIM Connector 9.1.0.1 Patch 31101274

Released April 2020

9.0.x customers should upgrade to 9.1.0.x

Generic Rest 11.1.1.5.0

OIM Connector 11.1.1.5.0 Patch 32352803

Released April 2021

 

 

3.3.29 Oracle JDeveloper and Oracle ADF

Error Correction information for Oracle JDeveloper and Oracle ADF

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

 

Understanding Patch Release Versions

See Note 1494151.1, Understanding Fusion Middleware Bundle Patch (BP) Release Versions.

Critical Patch Update Availability for Oracle JDeveloper and Oracle ADF

Release

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

12.2.1.4.0

ADF Bundle Patch 12.2.1.4.211221 Patch 33697227 or later

CVE-2021-45105

See Note 2834384.1 Details for applying Jan 2022 ADF 12.2.1.4 patch with 12.2.1.4 FMW COMMON THIRD PARTY SPU

It is recommended to apply FMW JDBC 12.2.1.4 to fix CVE-2021-2351

FMW Home 12.2.1.4 JDBC

FMW JDBC Java Patch 32720458 or later

CVE-2021-2351

 

12.2.1.3.0

ADF BUNDLE PATCH 12.2.1.3.201007 Patch 31985811 or later

Released October 2020

It is recommended to apply FMW Home 12.2.1.3 JDBC patch to fix CVE-2021-2351

FMW Home 12.2.1.3 JDBC

FMW JDBC Java Patch 33290784 or later

CVE-2021-2351

 

 

RDAOFM (OPatch) 20.4.07.01.22 for FMW 12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or later

CVE-2021-2351

 

 

3.3.30 Oracle Map Viewer

Error Correction information for Oracle Map Viewer

Patch Information

12.2.1.4

Comments

Final CPU

July 2025

 

Patch Availability for Oracle Map Viewer

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

12.2.1.4

MapViewer 12.2.1.4 Patch 33493864 or later

CVE-2021-29425

 

FMW JDBC

FMW JDBC Java Patch 32720458 or later

CVE-2021-2351

 

 

RDAOFM (OPatch) 20.4.07.01.22 for FMW 12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or later

CVE-2021-2351

 

 

3.3.31 Oracle Outside In Technology

Error Correction information for Oracle Outside In Technology

Patch Information

8.5.5

Comments

Final CPU

April 2022

 

Patch Availability for Oracle Outside In Technology

Product Home

Patch

Advisory Number

Comments

Oracle Outside In Technology 8.5.5

ORACLE OUTSIDE IN TECHNOLOGY (OIT) OCTOBER 2021 8.5.5 BUNDLE PATCH Patch 33394086

Released October 2021

 

 

Oracle Outside in Clean Content 855 July Bundle Patch Release Patch 33091862

Released July 2021

 

 

3.3.32 Oracle Real Time Decisions Applications

Error Correction information for Oracle Real Time Decisions Applications

Describes the Error Correction information for Oracle Real Time Decisions Applications.

Patch Information

3.2

Comments

Final CPU

Jul 2022

 

Patch Availability for Oracle Real Time Decisions Applications

Describes the available patches for Oracle Real Time Decisions Applications.

Product Home

Patch

Advisory Number

Comments

Oracle Real Time Decisions Applications 3.2 home

RTD APPLICATIONS 3.2 SPU FOR JUL CPU 2021
Patch 33107342 or later

Released July 2021

 

 

3.3.33 Oracle Real Time Decisions Platform

Error Correction information for Oracle Real Time Decisions Platform

Describes the Error Correction information for Oracle Real Time Decisions Platform.

Patch Information

3.2

Comments

Final CPU

July 2022

 

Patch Availability for Oracle Real Time Decisions Platform

Describes the available patches for Oracle Real Time Decisions Platform.

Product Home

Patch

Advisory Number

Comments

Oracle Real Time Decisions Platform 3.2 home

RTD PLATFORM 3.2 SPU FOR OCT CPU 2021 Patch 33373472 or later

Released October 2021

 

 

3.3.34 Oracle Service Architecture Leveraging Tuxedo (SALT)

Error Correction information for Oracle Service Architecture Leveraging Tuxedo (SALT)

Patch Information

12.2.2.0.x

Comments

Final CPU

October 2024

 

Patch Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)

Product Home

Patch

Advisory Number

Comments

Oracle Service Architecture Leveraging Tuxedo (SALT) 12.2.2.0.x home

Oracle SALT 12.2.2.0.0 SPU FOR CPUJan2019 Patch 29169314

Released January 2019

 

 

3.3.35 Oracle SOA Suite

Error Correction information for Oracle SOA Suite

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

Note 1933372.1 Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

 

 

 

Patch Availability for Oracle SOA Suite 12.2.1.4

Distribution / Product Home

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.4"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle SOA Suite and Business Process

SOA STACK PATCH BUNDLE 12.2.1.4.220113Patch 33751658 or later

CVE-2021-29505, CVE-2021-36090, CVE-2021-45105, CVE-2021-2351

 

Oracle SOA Suite and Business Process

SOA BUNDLE PATCH 12.2.1.4.211221 Patch 33696548 or later

CVE-2021-29505, CVE-2021-36090, CVE-2021-45105

 

Patch Availability for Oracle SOA Suite 12.2.1.3

Distribution / Product Home

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.3"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle SOA Suite and Business Process

SOA STACK PATCH BUNDLE 12.2.1.3 Patch 33751657 or later

CVE-2021-29505, CVE-2021-36090, CVE-2021-45105, CVE-2021-2351

 

Oracle SOA Suite and Business Process

SOA Bundle Patch 12.2.1.3.221221 Patch 33697220 or later

CVE-2021-29505, CVE-2021-36090, CVE-2021-45105

 

 

3.3.36 Oracle Traffic Director

Error Correction information for Oracle Traffic Director

Patch Information

12.2.1.4

Comments

Final CPU

July 2025

 

Patch Availability for Oracle Traffic Director

Product Home

Patch

Advisory Number

Comments

Oracle Traffic Director 12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

Apply patches as applicable to FMW 12c installation. There are no OTD 12c patches at this time.

 

3.3.37 Oracle Tuxedo

Error Correction information for Oracle Tuxedo

Patch Information

12.2.2.0

12.1.3.0

Comments

Final CPU

April 2024

April 2022

 

Patch Availability for Oracle Tuxedo

Product Home

Patches

Advisory Number

Comments

12.2.2.0

rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 Linux Patch 28090531

rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-64 with vs2015 Patch 28124771

rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-32 with vs2015 Patch 28124779

Released July 2018

For CVE-2017-10269, see extra settings required with these cumulative patches in Note 2326009.1

12.1.3.0

RP117 TUXEDO 12.1.3.0 SPU FOR CPUJAN2020 Patch 30596495

RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2013) FOR CPUJAN2020 Patch 30601651

RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2012) FOR CPUJAN2020 Patch 30601637

Released January 2020

For CVE-2017-10269, see extra settings required with these cumulative patches in Note 2326009.1

3.3.38 Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Error Correction Information for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Patch Information

12.2.2

12.1.3

Comments

Final CPU

April 2024

April 2022

 

Patch Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database SERVER with July 2021 DB PSU or later associated with a Fusion Middleware installation. If any CLIENT side patching is required in the FMW home, there will be a separate row below. See Note 2791571.1 for more details

TSAM Plus 12.2.2

RP002 Patch 25389632

Released July 2017

 

TSAM Plus 12.1.3

RP019 FOR LINUX 64-BIT X86 Patch 27379436

Released January 2018

 

FMW JDBC

FMW JDBC Java Patch 32720458 or later

CVE-2021-2351

 

 

RDAOFM (OPatch) 20.4.07.01.22 for FMW 12.2.1.3, 12.2.1.4, 14.1.1 Patch 33678607 or later

CVE-2021-2351

 

 

3.3.39 Oracle WebCenter

Error Correction information for Oracle WebCenter

Patch Information

12.2.1.4

12.2.1.3

Comments

Final CPU

July 2025

October 2022

Note 1933372.1 Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS

On-Request platforms

 

 

 

 

Patch Availability for Oracle WebCenter 12.2.1.4

Distribution / Product Home

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.4"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle WebCenter Portal

Oracle Webcenter Portal Bundle Patch 12.2.1.4 Patch 33696812 or later

CVE-2021-45105

 

Oracle WebCenter Sites

Oracle WebCenter Sites 12.2.1.4.211019 Patch 33381673 or later

Released October 2021

 

 

Patch Availability for Oracle WebCenter 12.2.1.3

Distribution / Product Home

Patches

Advisory Number

Comments

Oracle Fusion Middleware Infrastructure
(WebLogic Server for FMW)

See "Oracle Fusion Middleware Infrastructure 12.2.1.3"

 

Apply patches for WebLogic Server and Infrastructure components

Oracle WebCenter Portal

Oracle Webcenter Portal Bundle Patch 12.2.1.3 Patch 33695730 or later

CVE-2021-45105

 

Oracle WebCenter Sites

Oracle WebCenter Sites 12.2.1.3.211019 Patch 33386937 or later

Released October 2021

 

Oracle WebCenter Sites

Support Tools 4.4.2 for Oracle WebCenter Sites 12.2.1.3.0 Patch 30505173

Released January 2020

Support Tools for Webcenter Sites Patch

Oracle WebCenter Content

WebCenter Content Bundle Patch 12.2.1.3.180417 Patch 27393392 or later

Released April 2018

 

 

3.3.40 Oracle WebCenter Sites (Formerly FatWire Content Server)

Error Correction information for Oracle WebCenter Sites (formerly FatWire Content Server)

Patch Information

12.2.1.4

Comments

Final CPU

July 2025

 

Patch Availability for Oracle WebCenter Sites

Product Home

Patch

Advisory Number

Comments

12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

 

3.3.41 Reserved for Future Use

 

3.3.42 Reserved for Future Use

 

3.3.43 Oracle WebLogic Server

Error Correction information for Oracle WebLogic Server

Patch Information

14.1.1.0.0

12.2.1.4.0

12.2.1.3

12.1.3

Comments

Final CPU

January 2028

July 2025

October 2022

January 2022

Note 950131.1 Error Correction Support Dates for Oracle WebLogic Server

Understanding Patch Release Versions

 

-

 

 

See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

Patch Set Update Availability for Oracle WebLogic Server

For more information, see MyOracleSupport Note 1470197.1, Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS). See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

This section contains the following:

·         Section 3.3.43.1 Oracle WebLogic Server 14.1.1.0

·         Section 3.3.43.2 Oracle WebLogic Server 12.2.1.4

·         Section 3.3.43.3 Oracle WebLogic Server 12.2.1.3

·         Section 3.3.43.4 Oracle WebLogic Server 12.1.3

·         Section 3.3.43.5 Oracle WebLogic Server Proxy Plug-Ins for Third-Party Webservers

For more information on obtaining WebLogic Server container images with WebLogic Server Patch Set Updates, see the following document on MyOracle Support “WebLogic Server Container Images Updated with the Patch Set Update (PSU) and Other Security Patches," Note 2771055.1

Apache Log4j version 2 is not used in default Oracle WebLogic Server installations or configurations. However, the Oracle WebLogic Server and Fusion Middleware homes contain vulnerable Log4j version 2 jars.

3.3.43.1 Oracle WebLogic Server 14.1.1.0
All of the patches listed in the table below should be applied to an Oracle WebLogic Server 14.1.1.0 installation

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See