说明: https://support.oracle.com/epmos/adf/images/t.gif微信公众号:云库管    www.yunDBA.com

北京云库管科技有限公司 (内部培训资料) 返回上级

 

PDF文档下载

 

说明: https://support.oracle.com/epmos/adf/images/t.gif

说明: https://support.oracle.com/epmos/adf/images/t.gif

Critical Patch Update (CPU) Program July 2018 Patch Availability Document (PAD) (Doc ID 2394520.1)

说明: https://support.oracle.com/epmos/adf/images/t.gif


说明: https://support.oracle.com/epmos/adf/images/t.gif

APPLIES TO:

Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database - Standard Edition - Version 11.2.0.4 and later
Oracle WebLogic Server - Version 12.2.1.3.0 and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Information in this document applies to any platform.

PURPOSE

This document defines the patches and minimum releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates released on July 17, 2018.

SCOPE

 The document is for Database Administrators and/or others tasked with Quarterly Security Patching.

DETAILS

Database, Fusion Middleware, and Enterprise Manager Critical Patch Update July 2018 Patch Availability Document

My Oracle Support Note 2394520.1

Released July 17, 2018

This document contains the following sections:

1 Overview

Oracle provides quarterly cumulative patches to address security vulnerabilities. The patches may include critical fixes in addition to the security fixes. The security vulnerabilities addressed are announced in the Advisory for July 2018, available at:

Oracle Technical Network Advisory

This document lists the Oracle Database, Fusion Middleware and Enterprise Manager CPU program cumulative patches for product releases under error correction. The July 2018 release supersedes earlier CPU program cumulative patches for the same product releases. This document is subject to continual update after the initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to ensure you have the latest version.

This section contains the following:

1.1 How To Use This Document

The following steps explain how to use this document.

Step 1   Assess your Environments

Determine the Oracle product suites and products and their release numbers for each of your environments.

Step 2   Read Important Announcements

Review "What's New in July 2018," as it lists documentation and packaging changes along with important announcements such as upcoming final CPUs.

Step 3   Determine Patches to be Applied

For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control 12.1.0.5.

·         The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite

·         The patches are listed in the order released, with newest patches listed first

·         For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes

·         The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance

·         Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

·         When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."

Step 4   Apply the Patches

Download the patches, review the READMEs, and apply the patches according to the instructions.

Step 5   Planning for Future Critical Patch Updates

To help you plan for future Critical Patch Updates, this document includes Final CPU information based on Oracle's Lifetime Support Policy and error correction policies.

"Final CPU Information (Error Correction Policies)" in "What's New in July 2018," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU program patch for the product. Products that have reached the end of error correction are documented in "Final CPU History."

1.2 Terminology in the Tables

The following terminology is used in this patch availability document and in the subsequent tables.

  • Update - Release Update
  • Revision -Release Update Revision
  • BP - Bundle Patch
  • Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
  • NA Not Applicable.
  • OR On-Request. The patch is made available through the On-Request program.
  • PSU - Patch Set Update
  • SPU - Security Patch Update. An iterative, cumulative patch consisting of security fixes.
  • Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

1.3 On-Request Patches

Oracle does not proactively release patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

The following guidelines describe how to initiate an on-request (OR) patch.

A request may be made:

  • At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.
  • As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy.
  • For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUOct2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

1.4 CPU Program and My Oracle Support Patch Recommendations

My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

1.5 My Oracle Support (MOS) Conflict Checker Tool

The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

For more information and a demonstration video, see Knowledge Document Note 1091294.1How to Use the My Oracle Support Conflict Checker Tool for Patches Installed with OPatch [Video].

2 What's New in July 2018

This section describes important changes in July 2018:

2.1 Final CPU Information (Error Correction Policies)

The final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. Final CPUs for upcoming releases, as well as newly scheduled final CPUs, are listed in the following sections.

Final CPUs scheduled for October 2018

  • Oracle Business Intelligence Enterprise Edition 11.1.1.7
  • Oracle Business Intelligence Publisher 11.1.1.7
  • Oracle Complex Event Processing 11.1.7
  • Oracle Endeca Server 7.6
  • Oracle Endeca Information Discovery Studio 3.1
  • Oracle Enterprise Repository 12.1.3 and 11.1.1.7
  • Oracle Forms and Reports 11.1.2.2
  • Oracle Fusion Middleware 11.1.1.7
  • Oracle JDeveloper and Oracle ADF 11.1.1.7
  • Oracle Real Time Decisions Server 11.1.1.7
  • Oracle Traffic Director 11.1.1.7
  • Oracle WebGate 10.1.4.3

Final CPUs scheduled for July 2018

  • FMW 12.2.1.2 all components
  • Oracle Communications Converged Application Server 5.0

2.2 Post Release Patches

Oracle strives to complete preparations and testing of each Quarterly Security Patch for each platform by the quarterly release date. Occasionally, circumstances beyond our control dictate that a particular patch be delayed and be released a few days after the quarterly release date. The following table lists any current patch delays and the estimated date of availability.

Patch Number

Patch

Platform

Availability

Patch 28346593

18.2.1.0.180717 DB RUR

Linux.X64

Available

Patch 28276290

18.2.1.0.180717 GI RUR

Linux.X64

Available

Patch 28183653

12.2.0.1.180717 GI Jul2018 RU

Solaris.SPARC64, Solaris86-64, AIX

Available

Patch 28183653

12.2.0.1.180717 GI Jul2018 RU

Linux.X64, HP-UX IA, Linux-zSer

Available

Patch 27848049

12.2.0.1.180717 DB Apr2018 RUR

HP-UX IA

Available

Patch 28251239

12.2.0.1.180717 GI Apr2018 RUR

HP-UX IA

Available

Patch 28251239

12.2.0.1.180717 GI Apr2018 RUR

Linux.X64, Solaris.SPARC64, Solaris86-64, AIX, Linux-zSer

Available

Patch 28251142

12.2.0.1.180717 GI Jan2018 RUR

All

Available

Patch 28317214

Combo OJVM PSU 12.1.0.2.180717 and GI PSU 12.1.0.2.180717

HP-UX IA

Available

Patch 28317214

Combo OJVM PSU 12.1.0.2.180717 and GI PSU 12.1.0.2.180717

Linux.X64, Solaris.SPARC64, Linux-zSer, Solaris86-64, AIX

Available

Patch 27547329

12.1.0.2.180717 DB PSU

HP-UX IA

Available

Patch 27967747

12.1.0.2.180717 GI PSU

HP-UX IA

Available

Patch 27967747

12.1.0.2.180717 GI PSU

Linux.X64, Solaris.SPARC64, Linux-zSer, Solaris86-64, AIX

Available

Patch 27968010

12.1.0.2.180717 DB BP

HP-UX IA

Available

Patch 27968010

12.1.0.2.180717 DB BP

Linux.X64, Solaris.SPARC64, Linux-zSer, Solaris86-64, AIX

Available

Patch 28183368

QFSDP for Exadata (Jul2018) 18.3

Linux.X64

Available

Patch 28183380

QFSDP for Supercluster (Jul2018) 18.3

Solaris.SPARC64

Available

Patch 28183343

QFSDP for Exadata (Jul2018) 12.2.0.1

Linux.X64, Solaris86-64

Available

Patch 28183354

QFSDP for Supercluster (Jul2018) 12.2.0.1

Solaris.SPARC64

Available

Patch 28183303

QFSDP for Exadata (Jul2018) 12.1.0.2

Linux.X64, Solaris86-64

Available

Patch 28183326

QFSDP for Supercluster (Jul2018) 12.1.0.2

Solaris.SPARC64

Available

Patch 28182317

QFSDP for Exadata (Jul2018) 11.2.0.4

Linux.X64, Solaris86-64

Available

Patch 28182334

QFSDP for Supercluster (Jul2018) 11.2.0.4

Solaris.SPARC64

Available

Patch 28347732

12.1.0.5.180717 EM for OMS Plugins

Generic

Available

Patch 28347355

13.2.2.0.180731 EM for OMS Plugins

Generic

Available

Patch 28347358

13.2.3.0.180731 EM for OMS Plugins

Generic

Available

Patch 28367949

Hyperion Data Relationship Management 11.1.2.4.346

Generic

Available

2.3 Updates and Revisions bundle Strategy for 12.2.0.1 and later Database versions

Information on the Update and Revision bundle patches is also found in the Database Master Note, as well as in Note 2285040.1 Release Update Introduction and FAQ

2.4 Database Bundle client applicability moving to this Patch Availability Document (PAD)

Database bundle patch README files have historically had a section indicating for each installation type, the most recent patches, which includes new security fixes that are pertinent to that installation type. If a specific patch is listed, then apply that or any later patch to be current with security fixes.

This information has been moved from the README files to the Patch Availability Document (PAD).

2.5 Database OJVM Security fix CVE-2018-3110 now updated for Database versions

Fix for CVE-2018-3110 is included in Database OJVM patches for 18, 12.2.0.1, 12.1.0.2 and 11.2.0.4 and is documented in their respective tables in section '3.1.4 Oracle Database' as of 10-Aug-2018.

3 Patch Availability for Oracle Products

This section contains the following:

3.1 Oracle Database

This section contains the following:

3.1.1 Oracle REST Data Services (formally called Oracle APEX Listener)

Error Correction information for Oracle REST Data Services 3.0

Patch Information

3.0

Comments

Final CPU

-

 

Minimum Product Requirements for Oracle REST Data Services

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle REST Data Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.

Product

Release

Advisory Number

Comments

Oracle REST Data Services

3.0.10.25.02.36

Released July 2017

 

3.1.2 Oracle Application Express

Minimum Product Requirements for Oracle Application Express

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

Component

Release

Advisory Number

Comments

Oracle Application Express

5.1.4.00.08

Released January 2018

 

3.1.3 Oracle Big Data Spatial and Graph

Error Correction information for Oracle Big Data Spatial and Graph

Patch Information

2.0

1.2

Comments

Final CPU

-

-

 

Minimum Product Requirements for Oracle Big Data Spatial and Graph

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Big Data Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.

Product

Release

Advisory Number

Comments

Oracle Big Data Spatial and Graph

2.0

Released January 2017

 

Oracle Big Data Spatial and Graph

1.2

Released January 2017

 

3.1.4 Oracle Database

This section contains the following:

3.1.4.1 Patch Availability for Oracle Database

For information regarding the different types of patches for Database, refer to Oracle Database - Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1

3.1.4.2 Oracle Database 18

Patch Information

18

Comments

Final CPU

-

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 18

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Update 18.3.0 and Database Update 18.3.0 Patch 28317326 for UNIX, or

Combo OJVM Update 18.3.0 and GI Update 18.3.0 Patch 28317346, or

Quarterly Full Stack download for Exadata (Jul2018) 18.3.0 Patch 28183368 for Linux x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2018) 18.3.0 Patch 28183380 for Solaris SPARC 64-Bit

CVE-2017-15095, CVE-2018-2939, CVE-2018-3004, CVE-2018-3110

OJVM Update Patches are not RAC Rolling installable

Combos are for environments that take a single downtime to apply all patches

Oracle Database Server home

Database Update 18.3.0 Patch 28090523, or

Database Update Revision 18.2.1 Patch 28346593, or

GI Update 18.3.0 Patch 28096386, or

GI Update Revision 18.2.1 Patch 28276290, or

Quarterly Full Stack download for Exadata (Jul2018) 18.3.0 Patch 28183368 for Linux x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2018) 18.3.0 Patch 28183380 for Solaris SPARC 64-Bit

CVE-2017-15095, CVE-2018-2939

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

OJVM Update Patches are not RAC Rolling installable

Oracle Database Server home

OJVM Update 18.3.0 Patch 27923415 for UNIX

CVE-2018-3004, CVE-2018-3110

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Client home

none for July 2018

 

no security-related content

 

3.1.4.3 Oracle Database 12.2.0.1

Patch Information

12.2.0.1

Comments

Final CPU

-

 

On-Request platforms

32-bit client-only platforms

 

Patch Availability for Oracle Database 12.2.0.1

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM Update 12.2.0.1.180717 and Database Update 12.2.0.1.180717 Patch 28317292 for UNIX, or

Combo OJVM Update 12.2.0.1.180717 and GI Update 12.2.0.1.180717 Patch 28317269, or

Quarterly Full Stack download for Exadata (Jul2018) 12.2.0.1 Patch 28183343 for Linux x86-64 and Solaris x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2018) 12.2.0.1 Patch 28183354 for Solaris SPARC 64-Bit

CVE-2017-15095, CVE-2018-2939, CVE-2018-3004, CVE-2018-3110

OJVM Update Patches are not RAC Rolling installable

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM PSU and OJVM Update) Patches

Oracle Database Server home

Database Jul 2018 Update 12.2.0.1.180717 Patch 28163133 for UNIX, or

Database Jan 2018 Revision 12.2.0.1.180717 Patch 27872031, or

Database Apr 2018 Revision 12.2.0.1.180717 Patch 27848049, or

GI Update 12.2.0.1.180717 Patch 28183653, or

GI Jan 2018 Revision 12.2.0.1.180717 Patch 28251142, or

GI Apr 2018 Revision 12.2.0.1.180717 Patch 28251239, or

Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.180717 Patch 27937914, or later;

Quarterly Full Stack download for Exadata (Jul2018) 12.2.0.1 Patch 28183343 for Linux x86-64 and Solaris x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2018) 12.2.0.1 Patch 28183354 for Solaris SPARC 64-Bit

CVE-2017-15095, CVE-2018-2939

 

Oracle Database Server home

OJVM Update 12.2.0.1.180717 Patch 27923353 for UNIX, or

OJVM Microsoft Windows Bundle Patch 12.2.0.1.180810 Patch 28416087 or later

CVE-2018-3004, CVE-2018-3110

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Client home

Database Update 12.2.0.1.170718 Patch 26123830

Released July 2017

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

 

3.1.4.4 Oracle Database 12.1.0.2

Error Correction information for Oracle Database 12.1.0.2

Patch Information

12.1.0.2

Comments

Final CPU

July 2021

 

On-Request platforms

 32-bit client-only platforms

 

Patch Availability for Oracle Database 12.1.0.2

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM PSU 12.1.0.2.180717 and Database PSU 12.1.0.2.180717 Patch 28317232 for UNIX, or

Combo OJVM PSU 12.1.0.2.180717 and GI PSU 12.1.0.2.180717 Patch 28317214, or

Combo OJVM PSU 12.1.0.2.180717 and Database Proactive BP 12.1.0.2.180717  Patch 28317206 for UNIX, or

Quarterly Full Stack download for Exadata (Jul2018) BP 12.1.0.2 Patch 28183303 for Linux x86-64 and Solaris x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2018) BP 12.1.0.2 Patch 28183326 for Solaris SPARC 64-Bit

CVE-2018-2939, CVE-2018-3004, CVE-2018-3110

OJVM PSU Patches are not RAC Rolling installable

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

Database PSU 12.1.0.2.180717 Patch 27547329 for UNIX, or

GI PSU 12.1.0.2.180717 Patch 27967747, or

Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.180717 Patch 27937907, or later;

Database Proactive Bundle Patch 12.1.0.2.180717 Patch 27968010 or

Quarterly Full Stack download for Exadata (Jul2018) BP 12.1.0.2 Patch 28183303 for Linux x86-64 and Solaris x86-64, or

Quarterly Full Stack download for SuperCluster (Jul2018) BP 12.1.0.2 Patch 28183326 for Solaris SPARC 64-Bit

CVE-2018-2939

 

Oracle Database Server home

Oracle JavaVM Component Database PSU 12.1.0.2.180717 Patch 27923320 for UNIX, or

Oracle JavaVM Component Microsoft Windows Bundle Patch 12.1.0.2.180717 Patch 28135126

CVE-2018-3004, CVE-2018-3110

OJVM PSU Patches are not RAC Rolling installable

All OJVM PSU since 12.1.0.2.161018 includes Generic JDBC Patch 23727148

See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

Oracle JavaVM Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148

Released July 2016

 

Oracle Database Client home

Database Patch Set Update 12.1.0.2.170418 Patch 25171037

Released April 2017

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

3.1.4.5 Oracle Database 11.2.0.4

Error Correction information for Oracle Database 11.2.0.4

Patch Information

11.2.0.4

Comments

Final CPU

October 2020

 

On-Request platforms

HP-UX PA RISC

IBM: Linux on System Z

32-bit client-only platforms except Linux x86

 

On-Request platforms

32-bit client-only platforms except Linux x86

 

Patch Availability for Oracle Database 11.2.0.4

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

Product Home

Patch

Advisory Number

Comments

Oracle Database Server home

Combo OJVM PSU 11.2.0.4.180717 and Database SPU 11.2.0.4.180717 Patch 28317175 for UNIX, or

Combo OJVM PSU 11.2.0.4.180717 and Database PSU 11.2.0.4.180717 Patch 28317183 for UNIX, or 

Combo OJVM PSU 11.2.0.4.180717 and GI PSU 11.2.0.4.180717 Patch 28317141, or

Combo OJVM PSU 11.2.0.4.180717 and Exadata BP 11.2.0.4.180717 Patch 28321254

CVE-2018-2939, CVE-2018-3004, CVE-2018-3110

OJVM PSU Patches are not RAC Rolling installable.

Combos are for environments that take a single downtime to apply all patches

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

Database PSU 11.2.0.4.180717 Patch 27734982 for UNIX, or

GI PSU 11.2.0.4.180717 Patch 27967757 for UNIX, or

Database SPU 11.2.0.4.180717 Patch 27870645 for UNIX, or

Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.180717 Patch 27695940, or later;

Quarterly Database Patch for Exadata BP 11.2.0.4.180717 Patch 27980213 for UNIX, or

Quarterly Full Stack download for Exadata (Jul2018) BP 11.2.0.4 Patch 28182317, or

Quarterly Full Stack download for Supercluster (Jul2018) BP 11.2.0.4 Patch 28182334

CVE-2018-2939

 

Oracle Database Server home

Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.180717 Patch 27923163 for UNIX, or

OJVM Microsoft Windows Bundle Patch 11.2.0.4.180810 Patch 28416098 or later

CVE-2018-3004, CVE-2018-3110

OJVM PSU 11.2.0.4.161018 and greater includes Generic JDBC Patch 23727132

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Server home

Oracle JavaVM Component Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132

Released July 2016

For RAC deployments, this patch should be applied to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher

See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

Oracle Database Client home

Database Patch Set Update 11.2.0.4.170418 Patch 24732075

Released April 2017

The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

3.1.5 Oracle Database Mobile/Lite Server

Error Correction Information for Oracle Database Mobile Server

Patch Information

12.1 (Mobile Server)

11.3 (Mobile Server)

Comments

Final CPU

-

October 2021

 

Patch Availability for Oracle Database Mobile Server 12.1.x

Product Home

Patch

Advisory Number

Comments

12.1

12.1.0.0 BP Patch 21974980

Released October 2015

 

Patch Availability for Oracle Database Mobile Server 11.3.x

Product Home

Patch

Advisory Number

Comments

11.3

11.3.0.2 BP Patch 21950285

Released October 2015

 

3.1.6 Oracle GoldenGate

Error Correction information for Oracle GoldenGate

Component

12.2.0.1

12.1.2.1

11.2.1.0

Comments

Final CPU

-

October 2021

January 2020

 

Patch Availability for Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

12.2.0.1

Patch 24765017 - ORACLE GOLDENGATE V12.2.0.1.161018 FOR DB2 10.1/10.5

Patch 24764985 - ORACLE GOLDENGATE V12.2.0.1.161018 FOR DB2(IBM I)

Patch 24764950 - ORACLE GOLDENGATE V12.2.0.1.161018 FOR Oracle 12c

Patch 24764941 - ORACLE GOLDENGATE V12.2.0.1.161018 FOR Oracle 11g

 

Released October 2016 (Included CVE-2018-2832)

Refer to Note 1645495.1 for the latest release.

12.1.2.1

Patch 25184937 - ORACLE GOLDENGATE V12.1.2.1.161031 FOR MSSQL ON WINDOWS

Patch 25074303 - ORACLE GOLDENGATE V12.1.2.1.161031 FOR ORACLE 12c

Patch 25074268 - ORACLE GOLDENGATE V12.1.2.1.161031 FOR ORACLE 11G

Patch 22953549 - Oracle GoldenGate v12.1.2.1.161031 for FOR IBM DB2 11.1 ON Z/OS

Released October 2016

Refer to Note 1645495.1 for the latest release.

11.2.1.0

Patch 22077109 - Sybase 15.5: OGG 11.2.1.0.31

Patch 22077052 - IBM AS400: DB2(IBM I): OGG 11.2.1.0.31

Patch 22076884 - Teradata: OGG 11.2.1.0.31

Patch 22076755 - Oracle 11g: OGG 11.2.1.0.31

Patch 22076584 - Windows x86-64: MSSQL: OGG 11.2.1.0.31

Patch 22076540 - IBM Z/OS: DB2 9.1: OGG 11.2.1.0.31

Released January 2016

OGG Bundle Patch post 11.2.1.0.31 will include fixes listed here. See Note 1645495.1

3.1.7 Oracle GoldenGate Veridata

Error Correction information for Oracle GoldenGate Veridata

Component

11.2.1.0

Comments

Final CPU

October 2020

 

Patch Availability for Oracle GoldenGate Veridata

Product Home

Patch

Advisory Number

Comments

11.2.1.0

oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665

oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668

Released April 2018

Golden Gate Veridata Patch

3.1.8 Oracle Secure Backup

Error Correction information for Oracle Secure Backup

Patch Information

12.1.x

Comments

Final CPU

January 2020

 

Minimum Product Requirements for Oracle Secure Backup 

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Secure Backup downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html

Product

Release

Advisory Number

Comments

Oracle Secure Backup

12.1.0.3

Released April 2017

 

3.2 Oracle Enterprise Manager

This section contains the following:

3.2.1 Oracle Application Performance Management

Error Correction information for Oracle Application Performance Management

Patch Information

12.1.0.7

11.1.x

Comments

Final CPU

-

January 2019

 

On-Request platforms

-

 

 

Minimum Product Requirements for Oracle Application Performance Management

Critical Patch Update security vulnerabilities are fixed in the listed releases. For more information on Oracle Application Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.

Product Version

Patch

Advisory Number

Comments

12.1.0.7

12.1.0.7.11 Release Patch 25244272

Released July 2017

 

11.1.x

11.1.0.5.7 Release Patch 26290928

Released July 2017

 

3.2.2 Oracle Application Testing Suite

Error Correction information for Oracle Application Testing Suite

Patch Information

13.2.0.1

13.1.0.1

12.5.0.3

Comments

Final CPU

-

-

April 2020

 

Patch Availability for Oracle Application Testing Suite

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.

Product Home

UNIX

Advisory Number

Comments

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.1.3.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

13.2.0.1

BP Patch 27794987

Released April 2018

 

13.1.0.1

BP Patch 27794982

Released April 2018

 

12.5.0.3

BP Patch 27794971

Released April 2018

 

3.2.3 Oracle Enterprise Manager Cloud Control

Error Correction information for Oracle Enterprise Manager Cloud Control

Patch Information

13.2.0.0

12.1.0.5

Comments

Final CPU

-

October 2019

 

On-Request platforms

-

-

 

Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 1 (13.2.0.0)

Product Home

UNIX

Microsoft Windows

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

See "Oracle Database"

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 12.1.3.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

See "Oracle WebLogic Server" (Version 12.1.3.0.0)

 

Base Platform OMS home

PSU 13.2.0.0.180717 Patch 28161815 or later

PSU 13.2.0.0.180717 Patch 28161815 or later

CVE-2017-5645

 

Base Platform OMS home

EM for OMS Plugins 13.2.3.0.180630 Patch 28170938 or later

EM for OMS Plugins 13.2.2.0.180630 
Patch 28170918 or later

CVE-2017-5645

 

 

Base Platform Agent home

EM VT Plugin BP 13.2.3.0.180630 (Agent Monitoring) Patch 28195767 Patch 28195767

EM VT Plugin BP 13.2.3.0.180630 (Agent Monitoring) Patch 28195767

CVE-2018-7489

 

Base Platform Agent Home

EM for OMS Plugins 13.2.3.0.180731 Patch 28347358 or later

EM for OMS Plugins 13.2.2.0.180731
Patch 28347355 or later

CVE-2017-5645, CVE-2016-1181

See "Post Release Patches" for Avaialbility

 

Base Platform Agent home

EM VT Plugin BP 13.2.2.0.180630 (Agent Monitoring) Patch 28195765

EM VT Plugin BP 13.2.2.0.180630 (Agent Monitoring) Patch 28195765

CVE-2018-7489

 

Base Platform Agent home

EM for PeopleSoft 13.2.1.1.0 Patch 28243206 or EM for PeopleSoft 13.1.1.1.0 Patch 28243212

EM for PeopleSoft 13.2.1.1.0 Patch 28243206 or EM for PeopleSoft 13.1.1.1.0 Patch 28243212

CVE-2017-5645

 

Base Platform Agent home

EM for MYSQL Database 13.2.2.0.0 Patch 27540716

EM for MYSQL Database 13.2.2.0.0 Patch 27540716

Released April 2018

 

Base Platform OMS home

OHS SPU for Jan2018CPU Patch 27244723

OHS SPU for Jan2018CPU Patch 27244723

CVE-2017-9798

OHS 12.1.3 patch

Base Platform OMS home

SPU Patch 25322055

SPU Patch 25322055

Released in January 2017

Oracle ADF Patch 12.1.3.0
This patch is necessary for any co-located installations where ADF exists.

 

Patch Availability for Oracle Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5)

Product Home

UNIX

Microsoft Windows

Advisory Number

Comments

Base Platform Repository home

See "Oracle Database"

See "Oracle Database"

See "Oracle Database"

 

Base Platform Fusion Middleware home

See "Oracle WebLogic Server" (Version 10.3.6.0)

See "Oracle WebLogic Server" (Version 10.3.6.0)

See "Oracle WebLogic Server" (Version 10.3.6.0)

 

Base Platform Fusion Middleware home

CPU Patch 23703041

CPU Patch 23703041

Released July 2016

Oracle Business Intelligence Publisher BP 11.1.1.7.160719 patch for BIP home in Enterprise Manager

Base Platform OMS home

PSU 12.1.0.5.180717 Patch 28026487

PSU 12.1.0.5.180717 Patch 28026487

CVE-2017-5645

 

Base Platform Fusion Middleware home

JSP 11.1.1.7.0 SPU for EM 12.1.0.5 (CPUAPR2018) Patch 27872862

JSP 11.1.1.7.0 SPU for EM 12.1.0.5 (CPUAPR2018) Patch 27872862

Released April 2018

JSP 11.1.1.7.0 SPU patch

Base Platform Agent home

BP Patch 22317311

BP Patch 22317311

Released January 2016

Apply to Agent core Oracle Home, after applying agent patch 25456449, 22342358

Base Platform Agent home

BP Patch 22342358

BP Patch 22342358

Released January 2016

Apply 22342358 to Agent sbin Oracle Home after applying agent Patch 28193486. Then apply Patch 22317311.
If patches 22342358 and 22317311 were applied earlier, no need to reapply.

Base Platform Fusion Middleware home

SPU Patch 22013598

SPU Patch 22013598

Released January 2016

Web Cache Patch

Apply to Oracle_WT

Post installation steps are not applicable for Enterprise Manager

Plugin home

BP Patch 28347732

BP Patch 28347732

CVE-2017-5645, CVE-2016-1181

See "Post Release Patches" for availability

Base Platform Agent home

BP Patch 28193486

BP Patch 28193486

CVE-2017-5645

 

Base Platform Fusion Middleware home

OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885

Released January 2018

Released October 2015

Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates

Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates

See Note 2400141.1 before applying this patch

Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH

Base Platform Fusion Middleware home

CPU Patch 19345576

CPU Patch 19345576

Released January 2015

Oracle Process Management and Notification (OPMN) Patch for Oracle_WT OH

See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

Base Platform Fusion Middleware home

SPU Patch 17337741

SPU Patch 17337741

Released October 2013

Oracle Security Service (SSL/Network) Patch for Oracle_WT OH

3.2.5 Oracle Enterprise Manager Ops Center

Error Correction information for Oracle Enterprise Manager Ops Center

Patch Information

12.3.x

12.2.x

Comments

Final CPU

Jun 2020

Feb 2019

 

Patch Availability for Oracle Enterprise Manager Ops Center

These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.

Product Home

UNIX

Advisory Number

Comments

12.3.3

Solaris 10 Sparc, Solaris 10 x86 and Linux x86 Patch 28329304 and Patch 28329289

CVE-2018-1275, CVE-2018-2976, CVE-2017-9798, CVE-2018-0739, CVE-2016-9878

 

12.2.2

Solaris 10 Sparc, Solaris 10 x86 and Linux x86 Patch 28329304 and Patch 28329289

CVE-2018-1275, CVE-2017-9798, CVE-2018-0739, CVE-2016-9878

 

3.2.6 OSS Support Tools

Error Correction information for OSS Support Tools

Patch Information

8.11.x

Comments

Final CPU

-

 

Patch Availability for OSS Support Tools

Product Home

Solaris

Advisory Number

Comments

8.11.16.3.8

BP Patch 22783063

March 2016

See My Oracle Support Note 1153444.1Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT

3.2.7 Oracle Configuration Manager

Minimum Product Requirements for Oracle Configuration Manager

Critical Patch Update security vulnerabilities are fixed in the listed releases.  
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com). Customer can use collector tab to down the Oracle Configuration Manager Collector.

Component

Release

Advisory Number

Comments

Oracle Configuration Manager

12.1.2.0.4

Released October 2016

Released July 2017

3.3 Oracle Fusion Middleware

This section contains the following:

3.3.1 Management Pack For Oracle GoldenGate

Error Correction information for Management Pack For Oracle GoldenGate

Patch Information

12.1.3.x

Comments

Final CPU

July 2022

 

 

Patch Availability for Management Pack For Oracle GoldenGate

Product Home

Patch

Advisory Number

Comments

11.1.2.1.0

Oracle Goldengate Monitor v11.2.1.0.13 or later Patch 27221310

Released April 2018

Oracle GoldenGate Monitor patch


3.3.2 NetBeans IDE

Minimum Product Requirements for NetBeans IDE

Critical Patch Update security vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/

Product Home

Release

Advisory Number

Comments

NetBeans IDE

8.2

Released October 2016

 


3.3.3 Oracle API Gateway

Error Correction information for Oracle API Gateway

Patch Information

11.1.2.4.0

Comments

Final CPU

-

 

Patch Availability for Oracle API Gateway

Product Home

Patch

Advisory Number

Comments

11.1.2.4.0

OAG 11.1.2.4.0 SPU for JULCPU2018 Patch 28201203

CVE-2018-0739

 

 

3.3.4 Oracle Big Data Discovery

Minimum Product Requirements for Oracle Big Data Discovery

 Critical Patch Update security vulnerabilities are fixed in the listed release only and installations with any prior versions will need to move to the listed version. For Oracle Big Data Discovery downloads, seehttps://edelivery.oracle.com and search for "Oracle Big Data Discovery".

Product

Release

Advisory Number

Comments

Oracle Big Data Discovery

1.6

Released April 2018

 

3.3.5 Oracle Business Intelligence App Mobile Designer

Error Correction information for Oracle Business Intelligence App Mobile Designer

Patch Information

11.1.1.7 iOS

Comments

Final CPU

-

 

Patch Availability for Oracle Business Intelligence App Mobile Designer

Product Home

Patch

Advisory Number

Comments

11.1.1.7

SPU Patch 18794832

Released July 2014

 

3.3.6 Oracle Business Intelligence Enterprise Edition

Error Correction information for Oracle Business Intelligence Enterprise Edition

Patch Information

12.2.1.3.0

12.2.1.2.0

11.1.1.9

11.1.1.7

Comments

Final CPU

-

July 2018

October 2021

October 2018

11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

Patch Availability for Oracle Business Intelligence Enterprise Edition

Product Home

Patch

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle JRockit 28.x home

See "Oracle JRockit"

See "Oracle JRockit"

 

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

Oracle WebLogic Server Proxy Plug-ins home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

FMW 12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

11.1.1.9

Oracle BI Suite BP 11.1.1.9.180717 Patch 28119112 or higher

CVE-2018-2925, CVE-2018-2958

 

11.1.1.9

Oracle Business Intelligence Enterprise Edition BP 11.1.1.9.1 Patch 21235195 or higher

Released July 2015

BIEE Third Party Bundle Patch

11.1.1.7

Oracle BI Suite BP 11.1.1.7.180717 Patch 28119130 or higher

CVE-2018-2925, CVE-2018-2958, CVE-2018-2900

 

11.1.1.7

OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885

Released January 2018

Oracle HTTP Server 11.1.1.7 Patch

Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates

Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates

11.1.1.7

SPU Patch 25264940

Released January 2017

Oracle ADF 11.1.1.7 Patch

11.1.1.7

SPU Patch 18423801

Released July 2014

Oracle Process Management and Notification (OPMN) Patch

See Note 1905314.1New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

11.1.1.7

SPU Patch 17617649

Released January 2014

Oracle Help Technologies Patch

11.1.1.7

CPU Patch 17337741

Released October 2013

Oracle Security Service (SSL/Network) Patch

DAC 11.1.1.6.4 home

Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU for apr2018cpu

Released April 2018

Patch can be installed in any home

3.3.7 Oracle Business Intelligence Mobile

Error Correction information for Oracle Business Intelligence Mobile

Patch Information

11.1.1.7 iOS

Comments

Final CPU

-

 

Minimum Product Requirements for Oracle Business Intelligence Mobile

Patch Information

11.1.1.7.0 iOS

Advisory Number

Comments

Minimum Version

11.1.1.7.0 (11.6.39)

Released July 2015

 

3.3.8 Oracle Business Intelligence Publisher

Error Correction information for Oracle Business Intelligence Publisher

Patch Information

11.1.1.9

11.1.1.7

Comments

Final CPU

October 2021

October 2018

 

Patch Availability for Oracle Business Intelligence Publisher

Product Home

Patch

Advisory Number

Comments

11.1.1.9

Oracle BI Suite BP 11.1.1.9.170718 Patch 26092391 or higher

Released July 2017

 

11.1.1.9

BP Patch 24580895

Released October 2016

Webservice BP

11.1.1.9

11.1.1.9 Interim Patch 17081528

Released October 2016

XDK Interim Patch

11.1.1.9

WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12 (Jul2015) or later WLS PSU

Released October 2016

WLS 10.3.6 Interim Patch or WLS PSU

11.1.1.7

Oracle BI Suite BP 11.1.1.7.170718 Patch 26092384 or higher

Released July 2017

 

11.1.1.7

BP Patch 24486705

Released October 2016

Webservice BP

11.1.1.7

11.1.1.7.0 Interim Patch 17081528

Released October 2016

XDK Interim Patch

11.1.1.7

WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12 (Jul2015) or later WLS PSU

Released October 2016

WLS 10.3.6 Interim Patch or WLS PSU

3.3.9 Oracle Complex Event Processing

Error Correction information for Oracle Complex Event Processing

Patch Information

CEP 12.1.3

CEP 11.1.7

Comments

Final CPU

December 2019

October 2018

 

Patch Availability for Oracle Complex Event Processing

See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

Product Home

Patch

Advisory Number

Comments

12.1.3.0

SPU Patch 21071699

Released July 2015

 

11.1.1.7

SPU Patch 21103154

Released July 2015

 

3.3.10 Oracle Data Quality for Oracle Data Integrator

Error Correction information for Oracle Data Quality for Oracle Data Integrator

Patch Information

ODIDQ 11.1.x

Comments

Final CPU

-

 

Patch Availability for Oracle Data Quality for Oracle Data Integrator

Product Home

Patch

Advisory Number

Comments

11.1.1.3.0

CPU Patch 21418574

Released July 2015

 

3.3.11 Oracle Data Visualization Desktop

Error Correction information for Oracle Data Visualization Desktop

Patch Information

12.2.4.1.1

Comments

Final CPU

-

 

Patch availability for Oracle Data Visualization Desktop

Product Home

Patch

Advisory Number

Comments

Oracle Data Visualization Desktop 12.2.4.1.1

Patch is available on http://www.oracle.com/technetwork/middleware/oracle-data-visualization/index.html

Released April 2018

 

3.3.12 Oracle Endeca Server

Error Correction information for Oracle Endeca Server

Patch Information

7.7

7.6

7.4

7.3

Comments

Final CPU

January 2021

October 2018

July 2020

-

 

Patch availability for Oracle Endeca Server

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Server 7.7 home

SPU Patch 27236674

Released April 2018

 

Oracle Endeca Server 7.6 home

SPU Patch 27236680

Released April 2018

 

Oracle Endeca Server 7.5 home

SPU Patch 27236689

Released April 2018

 

3.3.13 Oracle Endeca Information Discovery Studio

Error Correction information for Oracle Endeca Information Discovery Studio

Patch Information

3.2

3.1

Comments

Final CPU

January 2021

October 2018

 

Patch availability for Oracle Endeca Information Discovery Studio

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Information Discovery Studio 3.2 home

Endeca Information Discovery Studio SPU 3.2 CPUJUL2018 Patch 28316347

CVE-2011-4461

 

Oracle Endeca Information Discovery Studio 3.1 home

Endeca Information Discovery Studio SPU 3.1 CPUJUL2018 Patch 28316335

CVE-2011-4461

 

3.3.14 Oracle Endeca Information Discovery Integrator

Error Correction information for Oracle Endeca Information Discovery Studio Integrator

Patch Information

3.2

Comments

Final CPU

-

 

 

Patch availability for Oracle Endeca Information Discovery Studio Integrator

Product Home

Patch

Advisory Number

Comments

Oracle Endeca Information Discovery Integrator 3.2 home

April 2018 SPU Patch 27236651

Released April 2018

All Patches are cumulative of prior fixes

Oracle Endeca Information Discovery Integrator 3.1 home

April 2018 SPU patch 27236635

Released April 2018

 

3.3.15 Oracle Enterprise Data Quality

Error Correction information for Oracle Enterprise Data Quality

Patch Information

11.1.1.x

9.0

8.1

Comments

Final CPU

October 2021

October 2019

July 2019

 

Patch Availability for Oracle Enterprise Data Quality

Product Home

Patch

Advisory Number

Comments

12c home

See "Oracle Fusion Middleware 12c"

See "Oracle Fusion Middleware 12c"

 

11.1.1.9

Patch 25084186

Patch 25534288 (EDQ-CDS)

Released April 2017

Install prior to Java CPUApr2017 JDK/JRE or later version

9.0

EDQ 9.0.11 Patch 19320253

Released October 2014

See Note 1595538.1How To Upgrade The Apache Tomcat Version Installed By The EDQ (Enterprise Data Quality) Windows Installer

8.1

EDQ 8.1.13 Patch 25510229

Released July 2017

See Note 1595538.1How To Upgrade The Apache Tomcat Version Installed By The EDQ (Enterprise Data Quality) Windows Installer

3.3.16 Oracle Enterprise Repository

Error Correction information for Oracle Enterprise Repository

Patch Information

12.1.3

11.1.1.7

Comments

Final CPU

October 2018

October 2018

 

Patch Availability for Oracle Enterprise Repository

Product Home

Patch

Advisory Number

Comments

12.1.3.0.0

OER 12.1.3.0.0 SPU for July2018CPU Patch 28076713

CVE-2018-1275

 

11.1.1.7.0

OER 11.1.1.7.0 SPU for July2018CPU Patch 28150760

CVE-2018-1275

 

3.3.17 Oracle Exalogic Patch Set Update (PSU)

Error Correction information for Oracle Exalogic Patch Set Update (PSU)

Patch Information

2.x

1.x

Comments

Final CPU

-

-

 

Patch Set Update Availability for Oracle Exalogic

Oracle Exalogic

Patch

Advisory Number

Comments

2.x Physical

2.0.6.2.170418 Physical Linux x86-64 (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 25422080

2.0.6.2.170418 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2) PSU 
Patch 25422080

Released April 2017

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

2.x Virtual

2.0.6.2.170418 Virtual (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 25422070

Released April 2017

See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)

1.x

Upgrade to 2.x based on information in the Comments column. Then apply the patches listed above.

Released March 2012 (13795376)

Released Februrary 2013 (15931901)

See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)

See Patch 14834860 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)

See Note 1314535.1Announcing Exalogic PSUs (Patch Set Updates)

3.3.18 Oracle Forms and Reports

For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Forms and Reports installation. Only the relevant homes from those tables need to be patched.

Patch Availability for Oracle Forms and Reports

Product Home

Patches

Comments

FMW 12c home

See "Oracle Fusion Middleware 12c"

 

Oracle Forms and Reports 11.1.2.2 home

See "Oracle Forms and Reports 11.1.2.2"

 

3.3.19 Oracle Fusion Middleware

For more information on how to identify the components in an Oracle home, see Note 1591483.1What is Installed in My Middleware or Oracle home?.

This section contains the following:

3.3.19.1 Oracle Fusion Middleware 12c

The sections below cover Oracle Fusion Middleware version 12.2.x and 12.1.x

3.3.19.1.1 Oracle Fusion Middleware 12.2.1.3

Error Correction information for Oracle Fusion Middleware 12.2.1.3

Patch Information

12.2.1.3

Comments

Final CPU

-

 

On-Request platforms

-

 

Patch Availability for Oracle Fusion Middleware 12.2.1.3

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

12.2.1.3 home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

Oracle WebLogic Server patch

12.2.1.3 home

OAM webgate bundle patch 12.2.1.3.180622 Patch 28243743

Released July 2018

No new CVEs

12.2.1.3 home

OAM bundle patch 12.2.1.3.180622 Patch 28305164

Released July 2018

OAM Webgates BP April 2018 or later has to be applied. Also refer to the MOS Note 2386496.1. Includes additional fixes released post April CPU as one offs.

12.2.1.3 home

OHS (native) bundle patch 12.2.1.3.171117 Patch 27149535

Released January 2018

Oracle HTTP Server Patch

Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates

Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates

12.2.1.3 home

OBI bundle patch 12.2.1.3.180717 Patch 27329720 or higher

CVE-2018-2925, CVE-2018-2958

Jan BP contains this fix for CVE-2017-5662. No action required if it is already applied.

12.2.1.3 home

WCC BP 12.2.1.3.180417 Patch 27393392

Released April 2018

WebCenter Content Patch

12.2.1.3 home

Oracle WebCenter Portal BP 12.2.1.3.180716 Patch 27989235 or later AND WebCenter Core Bundle Patch 12.2.1.3.180710 Patch 28330217 or later

CVE-2018-7489, CVE-2018-3101

Please apply both WebCenter Portal and WebCenter Core Patches.

12.2.1.3 home

Oracle WebCenter Sites 12.2.1.3.180215 Patch 27562268

Released April 2018

 

12.2.1.3 home

Patch 27210544 - OSS security patch update 12.2.1.3.0

Released April 2018

Oracle Security Service Patch

12.2.1.3 home

OID Bundle Patch 12.2.1.3.180116 Patch 27396651

Released January 2018

 

12.2.1.3. home

SOA Bundle Patch 12.2.1.3.180705 Patch 28300397

CVE-2018-3105, CVE-2018-3100

 

12.2.1.3 home

Mapviewer 12.2.1.3.0 SPU JULCPU2018 Patch 28215668

CVE-2018-2943, CVE-2017-5645, CVE-2018-3109, CVE-2018-8013

12.2.1.3 patch can be applied to 12.2.1.2 homes as well to address these CVEs

12.2.1.3 home

ADF bundle patch 12.2.1.3.180607 Patch 28151020

CVE-2015-7940

 

12.2.1.3 home

EDQ 12.2.1.3.0 SPU for JULCPU2018 patch 28263628

CVE-2017-5645

 

12.2.1.3. home

FMW platform 12.2.1.3.0 SPU for JULCPU2018 Patch 26937035

CVE-2017-12617

 

12.2.1.3 home

Oracle Fusion Middleware 12.2.1.3.0 SPU JulCPU2018 Patch 27323998

CVE-2018-3108

ONS Patch (WebLogic Plugin for OHS)

3.3.19.1.2 Oracle Fusion Middleware 12.2.1.2

Error Correction information for Oracle Fusion Middleware 12.2.1.2

Patch Information

12.2.1.2

Comments

Final CPU

Jul 2018

 

On-Request platforms

-

 

Patch Availability for Oracle Fusion Middleware 12.2.1.2

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

12.2.1.2 home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

Oracle WebLogic Server patch

12.2.1.2 home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

12.2.1.2 home

ADF bundle patch 12.2.1.2.180525 patch 27783350

CVE-2015-7940

ADF (Infrastructure) Patch

12.2.1.2 home

OHS bundle patch 12.2.1.2.171220 Patch 27198002

Released January 2018 (includes CVE-2018-2760)

Oracle HTTP Server Patch

Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates

Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates

12.2.1.2 home

OBIE bundle patch 12.2.1.2.180717 Patch 27916905 or higher

CVE-2018-2925, CVE-2018-2958

 

12.2.1.2 home

OBIEE MOS Note: Note 2310021.1

Released October 2017

 

12.2.1.2 home

OBIEE MOS Note: Note 2310008.1

Released October 2017

 

12.2.1.2 home

SOA Bundle Patch 12.2.1.2.180717 Patch 27647358

CVE-2018-3105, CVE-2018-3100

SOA Patch

12.2.1.2 home

WCC BP 12.2.1.2.180417 Patch 27393378

Released April 2018

WebCenter Content Patch

12.2.1.2 home

Oracle WebCenter Portal BP 12.2.1.2.180417 Patch 27430719 or later

Released April 2018

Webcenter Portal Patch

12.2.1.2. home

WebCenter Core Bundle Patch 12.2.1.2.180710 Patch 28329830

CVE-2018-3101

Webcenter Core Patch for the Web Center Portal Home

12.2.1.2 home

OSB BP 12.2.1.2.170418 Patch 25439629

Released April 2017

OSB Patch

12.2.1.2 home

Patch 27210537 - OSS security patch update 12.2.1.2.0

Released April 2018

Oracle Security Service Patch

12.2.1.2 home

Oracle WebCenter Sites 12.2.1.2.0 Patch 3 Patch 27589545

Released April 2018

WebCenter Sites Patch.

12.2.1.2 home

Patch 25375317
Patch 24908939

Released April 2017

Oracle Stream Analytics Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.2.1.2. home

FMW platform 12.2.1.2.0 SPU for JULCPU2018 Patch 26937036

CVE-2017-12617

 

12.2.1.2 home

Oracle Fusion Middleware 12.2.1.2.0 SPU JulCPU2018 Patch 27368779

CVE-2018-3108

ONS Patch (WebLogic Plugin for OHS)

3.3.19.1.3 Oracle Fusion Middleware 12.1.3.0

Error Correction information for Oracle Fusion Middleware 12.1.3.0

Patch Information

12.1.3.0

Comments

Final CPU

October 2019

 

On-Request platforms

-

 

Patch Availability for Oracle Fusion Middleware 12.1.3.0

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products

12.1.3.0.0 home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

Oracle WebLogic Server patch

12.1.3.0.0 home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

12.1.3.0.0 home

ADF bundle patch 12.1.3.0.180525 Patch 27800100

CVE-2015-7940

Oracle JDeveloper (ADF) Patch

12.1.3 home

Patch 27369653 - OSS security patch update 12.1.3.0.0

Released April 2018

Oracle Security Service (SSL/Network) Patch

12.1.3.0.0 home

SOA Bundle Patch 12.1.3.0.180717 Patch 28206019

CVE-2018-3105

SOA Patch

12.1.3.0.0 home

OHS SPU for Jan2018CPU Patch 27244723

Released January 2018 (includes CVE-2018-2760)

Oracle HTTP Server Patch

Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates

Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates

12.1.3.0.0 home

OER BP Patch 25184722

Released July 2017

Oracle Enterprise Repository Patch

12.1.3.0.0 home

EDQ BP 12.1.3.0.1 Patch 24672265

Released April 2017

Enterprise Data Quality patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.1.3.0.0 home

ODI BP 12.1.3.0.170418 Patch 25774021

Released July 2017

Oracle Data Integrator Patch

Install prior to Java CPUApr2017 JDK/JRE or later version.

12.1.3.0.0 home

Patch 25375317

Released April 2017

Oracle Stream Analytics Patch

Install prior to Java CPUApr2017 JDK/JRE or later version

12.1.3.0.0 home

OSB BP 12.1.3.0.170418 patch 23133629

Released April 2017

OSB patch

12.1.3.0.0 home

BP Patch 27074880, or later

Released January 2018

Platform Security for Java patch

12.1.3.0.0 home

SPU Patch 24327938

Released July 2016

Oracle TopLink patch

12.1.3.0.0 home

See Note 1936300.1

Released October 2014

SSL V3.0 "Poodle" Advisory

 

3.3.19.2 Oracle Forms and Reports 11.1.2.2

Error Correction information for Oracle Forms and Reports 11.1.2.2

Patch Information

11.1.2.2

Comments

Final CPU

October 2018

 

On-Request platforms

-

 

Patch Availability for Oracle Forms and Reports 11.1.2.2

Product Home

Patches

Advisory Number

Comments

Oracle Database home

See "Oracle Database"

See "Oracle Database"

Patch any Database Server associated to a Fusion Middleware installation

Oracle Java SE home

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 2420122.1, Critical Patch Update July 2018 Patch Availability Document for Oracle Java SE

See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle JRockit 28.x home

See "Oracle JRockit"

See "Oracle JRockit"

 

Oracle WebLogic Server home

See "Oracle WebLogic Server"

See "Oracle WebLogic Server"

See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

Oracle WebLogic Server Proxy Plug-ins home

See "Oracle WebLogic Server Plug-ins"

See "Oracle WebLogic Server Plug-ins"

WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet

Oracle Forms and Reports 11.1.2.2 home

BP Patch 24486705

Released October 2016

Web Services BP

Oracle Forms and Reports 11.1.2.2 home

DB PSU Patch 22290164 for Unix

DB BP Patch 22607089 for Windows 32-Bit

DB BP Patch 22607090 for Windows x64