Oracle Database - Enterprise Edition -
Version 11.2.0.4 and later
Oracle WebLogic Server - Version 10.3.6 and later
Oracle Database - Standard Edition - Version 11.2.0.4 and later
Oracle Fusion Middleware - Version 11.1.1.7.0 and later
Information in this document applies to any platform.
This document defines the patches and minimum
releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch
Updates and Patch Set Updates released on January 16, 2018.
The document is for Database Administrators
and/or others tasked with Quarterly Security Patching.
Database,
Fusion Middleware, and Enterprise Manager Critical Patch Update January
2018 Patch Availability Document
My Oracle Support Note 2325393.1
Released January 16, 2018
This document contains the following sections:
1 Overview
Oracle provides quarterly cumulative patches to
address security vulnerabilities. The patches may include critical fixes in
addition to the security fixes. The security vulnerabilities addressed are
announced in the Advisory for January 2018, available at:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
This document lists the Oracle Database, Fusion
Middleware and Enterprise Manager CPU program cumulative patches for
product releases under error correction. The January 2018 release
supersedes earlier CPU program cumulative patches for the same product
releases. This document is subject to continual update after the initial
release, and the changes are listed in "Modification History." If
you print this document, check My Oracle Support to ensure you have the
latest version.
This section contains the following:
1.1 How To Use This Document
The following steps explain how to use this document.
Step 1 Assess your
Environments
Determine the Oracle product suites
and products and their release numbers for each of your environments.
Step 2 Read Important
Announcements
Review "What's New in January 2018," as
it lists documentation and packaging changes along with important
announcements such as upcoming final CPUs.
Step 3 Determine
Patches to be Applied
For each environment, determine which
patches need to be applied by using the tables in "Patch Availability for Oracle Products." There
is one availability table for each product suite release, such as Oracle
Database 11.1.0.7, Oracle Identity Access Management 11.1.1.5, and
Enterprise Manager Grid Control 10.2.0.5
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database, FMW, EM
Grid Control, and OCS Software Error Correction Support Policy. Patches
are provided only for these releases. If you do not see the release that
you have installed, then check "Final CPU History" and
contact Oracle Support for further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from
previous quarterly releases, or the current one without any security fixes,
the column indicates "Released MMM YYYY"
·
When
a section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is
referenced, determine the Oracle Database release that is installed, and
find the patches to apply in the table for that Oracle Database release in "Oracle Database."
Step 4 Apply the
Patches
Download the patches, review the
READMEs, and apply the patches according to the instructions.
Step 5 Planning for
Future Critical Patch Updates
To help you plan for future Critical
Patch Updates, this document includes Final CPU information based on
Oracle's Lifetime Support Policy and error correction policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in January 2018," documents
product releases for which final Critical Patch Updates are upcoming or are
being announced. In each product section, there is also an Error Correction
Information Table that documents the final CPU program patch for the
product. Products that have reached the end of error correction are
documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used in this patch
availability document and in the subsequent tables.
- Update - Release Update
- Revision -Release Update Revision
- BP - Bundle Patch
- Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
- NA Not Applicable.
- OR On-Request. The patch is made available
through the On-Request program.
- PSU - Patch Set Update
- SPU - Security Patch Update. An iterative,
cumulative patch consisting of security fixes.
- Overlay
SPU patch provided
as an overlay on top of a PSU or BP instead of a base/patch set
release.
1.3 On-Request Patches
Oracle does not proactively release patches for
historically inactive platforms. However, Oracle will deliver these patches
when requested.
The following guidelines describe how to initiate an
on-request (OR) patch.
A request may be made:
- At any
time. However, a patch for a specific quarterly release, such as
CPUOct2012, cannot be requested. Depending on when the request is
received and processed, either the patch for the current quarterly
release or the next quarterly release will be provided. Your Service
Request (SR) will provide you the planned availability date for the
patch.
- As long
as the version is in either Premier Support or Extended Support and
error correction support has not expired. For example, if a product
release is under Extended Support through the release of CPUJan2013 on
January 15, 2013, then you can file a request for the product release
through January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW,
EM Grid Control, and OCS Software Error Correction Support Policy.
- For a
platform-version combination when a major release or patch set is
released on a platform after a quarterly release date. Oracle will
provide the next patch for that platform-version combination,
however you may request the current patch by following the on-request
process. For example, if a patch is released for a platform on August
1, 2012, Oracle will provide the CPUOct2012 patch for that platform.
You may request a CPUOct2012 patch for the platform, and Oracle will
review the request and determine whether to provide CPUOct2012 or
CPUOct2012.
A patch that is marked as on-request (OR) may already have
been requested by another customer and be available on My Oracle Support.
Before you file a Service Request (SR), check on My Oracle Support to see
if the patch is already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch recommendation features are
available on the Patches & Update tab. The patches announced in this
document as part of the CPU program are classified as "Security"
patch recommendations in My Oracle Support. If a new patch is being
announced in this document, then the classification on any earlier patch is
changed to "General", causing it to be removed from the My Oracle
Support patch recommendations. If a patch has a "Security"
classification, and a subsequent bundle, SPU, or PSU is released with a
recommendation classification, then it will be classified as a
"Security" recommendation in My Oracle Support.
Once a product release is no longer in error
correction, its CPU patch information is removed from this document, but
the last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS) Conflict
Checker Tool
The My Oracle Support (MOS) Conflict Checker tool is
available as of July 21, 2014.
You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck.
This tool is also accessible from the Patch Search results screen
("Analyze with OPatch" button).
The MOS Conflict Checker Tool allows you to upload an
OPatch inventory to check for conflicts with
patches to apply to your environment. If no conflicts are found, you can
download the patches. If conflicts are found, the tool finds an existing
resolution to download. If no resolution is found, you can request a
solution, and monitor your request in the Plans region.
For more information and a demonstration video, see
Knowledge Document Note 1091294.1, How to use the My
Oracle Support Conflict Checker Tool.
2 What's New in January 2018
This section describes important changes in January
2018:
2.1 Final CPU Information (Error
Correction Policies)
The final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. Final CPUs for upcoming releases, as well as newly
scheduled final CPUs, are listed in the following sections.
Final CPUs scheduled for April 2018
- Oracle
Enterprise Manager Grid Control 11.1.0.1
- Oracle
Outside In Technology 8.5.3
- Oracle
Service Architecture Leveraging Tuxedo (SALT) 11.1.1.2.x
- Oracle
Tuxedo System and Applications Monitor Plus (TSAM Plus) 11.1.1.2.x
- Oracle
Hyperion BI+ 11.1.2.x
- Oracle
Hyperion Common Admin 11.1.2.x
- Oracle
Hyperion EAS 11.1.2.x
- Oracle
Hyperion Financial Reporting 11.1.2.x
- Oracle
Hyperion Installation Technology 11.1.2.x
- Oracle
Hyperion Smart View For Office 11.1.2.x
Final CPUs scheduled for January 2018
- Oracle Endeca Server 7.5
- Oracle Endeca Information Discovery Studio 3.1, 3.0, 2.4
- Oracle Endeca Information Discovery Studio Integrator
3.1, 3.0, 2.4
- Oracle
Secure Enterprise Search 11.2.2.2
- iPlanet Web Server 7.0
2.2 Post Release Patches
Oracle strives to complete preparations and testing
of each Quarterly Security Patch for each platform by the quarterly release
date. Occasionally, circumstances beyond our control dictate that a
particular patch be delayed and be released a few days after the quarterly
release date. The following table lists any current patch delays and the
estimated date of availability.
Patch Number
|
Patch
|
Platform
|
Availability
|
Patch 27340965
|
OID bundle patch 11.1.1.7.180116
|
Linux.x64,Solaris.x64, Solaris.sparc
|
Available
|
Patch 27340965
|
OID bundle patch 11.1.1.7.180116
|
Linux x86, HPUX, AIX
|
Available
|
Patch 27396651
|
OID bundle patch 12.2.1.3.180116
|
Linux.x64, Solaris.x64, Solaris.sparc
and Windows
|
Available
|
Patch 27396651
|
OID bundle patch 12.2.1.3.180116
|
AIX and HPUX
|
Available
|
Patch 27438258
|
WLS PSU 12.2.1.3.180116
|
All Platforms
|
Available
|
Patch 27011072
|
11.2.0.4 QFSDP for Exadata
|
Linux.x64, Solaris.x64
|
Available
|
Patch 27011087
|
11.2.0.4 QFSDP for SuperCluster
|
Solaris.sparc
|
Available
|
Patch 27011100
|
12.1.0.2 QFSDP for Exadata
|
Linux.x64, Solaris.x64
|
Available
|
Patch 27011111
|
12.1.0.2 QFSDP for SuperCluster
|
Solaris.sparc
|
Available
|
Patch 27011122
|
12.2.0.1 QFSDP for Exadata
|
Linux.x64, Solaris.x64
|
Available
|
Patch 27011128
|
12.2.0.1 QFSDP for SuperCluster
|
Solaris.sparc
|
Available
|
Patch 26865623
|
Oracle Hyperion BI+ 11.1.2.4.007
|
All Platforms
|
Available
|
2.3 New Database Master Note
Information that is specific to the Database
proactive patch program has been moved to Note 756671.1, Master Note for Database
Proactive Patch Program. Patches that are announced as part of the CPU
program continue to be listed here.
2.4 Updates and
Revisions bundle Strategy for 12.2.0.1 and later Database versions
Information on the Update and Revision bundle patches
is also found in the Database Master Note, as well as in Note 2285040.1 Release Update
Introduction and FAQ
2.5 Database Bundle
client applicability moving to this Patch Availability Document (PAD)
Database bundle patch README files have historically
had a section indicating for each installation type, the most recent
patches, which includes new security fixes that are pertinent to that
installation type. If a specific patch is listed, then apply that or any
later patch to be current with security fixes.
This information will be moved from the README files
to the Patch Availability Document (PAD) from April 2018 onwards.
3 Patch Availability for Oracle Products
This section contains the following:
3.1 Oracle Database
This section contains the following:
3.1.1 Oracle
REST Data Services (formally called Oracle APEX Listener)
Error Correction information for Oracle REST
Data Services 3.0
Patch Information
|
3.0
|
Comments
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle REST
Data Services
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle REST Data Services downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle REST Data Services
|
3.0.10.25.02.36
|
Released July 2017
|
|
3.1.2 Oracle Application Express
Minimum Product Requirements for Oracle Application
Express
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Application Express downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
Component
|
Release
|
Advisory Number
|
Comments
|
Oracle Application Express
|
5.1.4.00.08
|
CVE-2018-2699
|
|
3.1.3 Oracle Big Data Spatial and Graph
Error Correction information for Oracle
Big Data Spatial and Graph
Patch Information
|
2.0
|
1.2
|
Comments
|
Final CPU
|
-
|
-
|
|
Minimum
Product Requirements for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Big Data
Spatial and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Big Data Spatial and Graph
|
2.0
|
Released January 2017
|
|
Oracle Big Data Spatial and Graph
|
1.2
|
Released January 2017
|
|
3.1.4 Oracle Database
This section contains the following:
3.1.4.1 Patch
Availability for Oracle Database
For information regarding the different types of
patches for Database, refer to Oracle Database - Overview of Database Patch
Delivery Methods, Note 1962125.1.
3.1.4.2 Oracle
Database 12.2.0.1
Patch Information
|
12.2.0.1
|
Comments
|
Final CPU
|
-
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.2.0.1
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
Combo OJVM Update 12.2.0.1.180116 and Database
Update 12.2.0.1.180116 Patch 27010695 for
UNIX, or
Combo OJVM Update 12.2.0.1.180116 and GI Update
12.2.0.1.180116 Patch 27010711, or
Quarterly Full Stack download for Exadata (Jan2018) 12.2.0.1 Patch 27011122 for
Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Jan2018) 12.2.0.1 Patch 27011128 for
Solaris SPARC 64-Bit
|
CVE-2017-10282, CVE-2018-2680, CVE-2017-12617
(GI Specific)
|
For availability dates, see Post Release Patches
OJVM Update Patches are not RAC Rolling installable
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU
(OJVM PSU) Patches
|
Oracle Database home
|
Database Jan 2018 Update 12.2.0.1.180116 Patch 27105253 for
UNIX, or
Database Jul 2017 Revision 12.2.0.1.180116 Patch 27013506, or
Database Oct 2017 Revision 12.2.0.1.180116 Patch 27013510, or
GI Update 12.2.0.1.180116 Patch 27100009, or
GI Jul 2017 Revision 12.2.0.1.180116 Patch 27224023, or
GI Oct 2017 Revision 12.2.0.1.180116 Patch 27224075, or
Microsoft Windows 32-Bit and x86-64 BP
12.2.0.1.180116 Patch 27162931, or later;
Quarterly Full Stack download for Exadata (Jan2018) 12.2.0.1 Patch 27011122 for
Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Jan2018) 12.2.0.1 Patch 27011128 for
Solaris SPARC 64-Bit
|
CVE-2017-10282, CVE-2017-12617 (GI Specific)
|
For availability dates, see Post Release Patches
|
Oracle Database home
|
OJVM Update 12.2.0.1.180116 Patch 27001739 for
UNIX, or
OJVM Microsoft Windows Bundle Patch 12.2.0.1.180116 Patch 27162975
|
CVE-2018-2680
|
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU
(OJVM PSU) Patches
|
3.1.4.3 Oracle
Database 12.1.0.2
Error Correction information for Oracle Database
12.1.0.2
Patch Information
|
12.1.0.2
|
Comments
|
Final CPU
|
July 2021
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
Combo OJVM PSU 12.1.0.2.180116 and Database PSU
12.1.0.2.180116 Patch 27010839 for
UNIX, or
Combo OJVM PSU 12.1.0.2.180116 and GI PSU
12.1.0.2.180116 Patch 27010888, or
Combo OJVM PSU 12.1.0.2.180116 and database
Proactive BP 12.1.0.2.180116 Patch 27010941 for
UNIX, or
Quarterly Full Stack download for Exadata (Jan2018) BP 12.1.0.2 Patch 27011100 for
Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Jan2018) BP 12.1.0.2 Patch 27011111 for
Solaris SPARC 64-Bit
|
CVE-2017-10282, CVE-2018-2680
|
For availability dates, see Post Release Patches
OJVM PSU Patches are not RAC Rolling installable
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU
(OJVM PSU) Patches
|
Oracle Database home
|
Database PSU 12.1.0.2.180116 Patch 26925311 for
UNIX, or
GI PSU 12.1.0.2.180116 Patch 27010872
or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.180116 Patch 27162953, or later;
Database Proactive Bundle Patch 12.1.0.2.180116 Patch 27010930 or
Quarterly Full Stack download for Exadata (Jan2018) BP 12.1.0.2 Patch 27011100 for
Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Jan2018) BP 12.1.0.2 Patch 27011111 for
Solaris SPARC 64-Bit
|
CVE-2017-10282, CVE-2018-2575 (Windows specific)
|
For availability dates, see Post Release Patches
|
Oracle Database home
|
Oracle JavaVM Component
Database PSU 12.1.0.2.180116 Patch 27001733 for
UNIX, or
Oracle JavaVM Component
Microsoft Windows Bundle Patch 12.1.0.2.180116 Patch 27162998
|
CVE-2018-2680
|
OJVM PSU Patches are not RAC Rolling installable
All OJVM PSU since 12.1.0.2.161018 includes Generic
JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended
Patches -- Oracle JavaVM Component Database PSU
(OJVM PSU) Patches
|
Oracle Database home
|
Oracle JavaVM
Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
3.1.4.4 Oracle Database 11.2.0.4
Error Correction information for Oracle Database
11.2.0.4
Patch Information
|
11.2.0.4
|
Comments
|
Final CPU
|
October 2020
|
|
On-Request platforms
|
HP-UX PA RISC
IBM: Linux on System Z
32-bit client-only platforms except Linux x86
|
|
On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Patch Availability for Oracle Database 11.2.0.4
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
Combo OJVM PSU 11.2.0.4.180116 (CPUJan2018) and
Database SPU 11.2.0.4.171017 (CPUOct2017) Patch 27010991 for
UNIX, or
Combo OJVM PSU 11.2.0.4.180116 and Database PSU
11.2.0.4.180116 Patch 27011017 for
UNIX, or
Combo OJVM PSU 11.2.0.4.180116 and GI PSU
11.2.0.4.180116 Patch 27282436, or
Combo OJVM PSU 11.2.0.4.180116 and Exadata BP 11.2.0.4.180116 Patch 27011053
|
CVE-2018-2680
|
For availability dates, see Post Release Patches
OJVM PSU Patches are not RAC Rolling installable.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
Oracle Database home
|
Database SPU 11.2.0.4.171017 (CPUOct2017) Patch 26474853 for
UNIX,, or
Database PSU 11.2.0.4.180116 Patch 26925576 for
UNIX, or
GI PSU 11.2.0.4.180116 Patch 27107360 for
UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP
11.2.0.4.180116 Patch 27162965, or later;
Quarterly Database Patch for Exadata
BP 11.2.0.4.180116 Patch 27011043 for
UNIX, or
Quarterly Full Stack download for Exadata (Apr2017) BP 11.2.0.4 Patch 27011072, or
Quarterly Full Stack download for Supercluster (Apr2017) BP 11.2.0.4 Patch 26635432
|
CVE-2018-2575 (Windows Specific)
|
For availability dates, see Post Release Patches
There is no Database SPU for 11.2.0.4 for the Jan
2018 cycle as there are no new CPU security vulnerabilities applicable.
Future patches are planned until end of Error Correction listed in the
table above.
|
Oracle Database home
|
Oracle JavaVM (OJVM)
Component Database PSU 11.2.0.4.180116 Patch 26925532 for
UNIX, or
Oracle JavaVM (OJVM)
Component Database PSU 11.2.0.4.180116 Patch 27163009 for
Microsoft Windows
|
CVE-2018-2680
|
OJVM PSU 11.2.0.4.161018 and greater includes
Generic JDBC Patch 23727132
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
Oracle Database home
|
Oracle JavaVM Component
Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied
to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note 1929745.1, Oracle
Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
3.1.5 Oracle Database Mobile/Lite
Server
Error Correction Information for Oracle Database
Mobile Server
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
Final CPU
|
-
|
October 2021
|
|
Patch Availability for Oracle Database Mobile Server
12.1.x
Product Home
|
Patch
|
Advisory Number
|
Comments
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch Availability for Oracle Database Mobile Server
11.3.x
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle GoldenGate
Error Correction information for Oracle GoldenGate
Component
|
12.2.0.1
|
12.1.2.1
|
11.2.1.0
|
Comments
|
Final CPU
|
-
|
October 2021
|
January 2020
|
|
Patch Availability for Oracle GoldenGate
3.1.7 Oracle GoldenGate
Veridata
Error Correction information for Oracle GoldenGate Veridata
Component
|
11.2.1.0
|
Comments
|
Final CPU
|
October 2020
|
|
Patch Availability for Oracle GoldenGate
Veridata
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.2.1.0
|
BP 11.2.1.0.12 Patch 25137470
|
Released October 2017
|
|
3.1.8 Oracle Secure Backup
Error Correction information for Oracle Secure Backup
Patch Information
|
12.1.x
|
Comments
|
Final CPU
|
January 2020
|
|
Minimum Product Requirements for Oracle Secure
Backup
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Secure Backup downloads and
installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Secure Backup
|
12.1.0.3
|
Released April 2017
|
|
3.2 Oracle Enterprise Manager
This section contains the following:
3.2.1 Oracle
Application Performance Management
Error Correction information for Oracle Application
Performance Management
Patch Information
|
12.1.0.7
|
11.1.x
|
Comments
|
Final CPU
|
-
|
January 2019
|
|
On-Request platforms
|
-
|
|
|
Minimum Product Requirements for Oracle Application
Performance Management
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For more information on Oracle Application
Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
Product Version
|
Patch
|
Advisory Number
|
Comments
|
12.1.0.7
|
12.1.0.7.11 Release Patch 25244272
|
Released July 2017
|
|
11.1.x
|
11.1.0.5.7 Release Patch 26290928
|
Released July 2017
|
|
3.2.2 Oracle Application Testing
Suite
Error Correction information for Oracle Application
Testing Suite
Patch Information
|
12.5.0.3
|
12.5.0.2
|
Comments
|
Final CPU
|
-
|
-
|
|
On-Request platforms
|
-
|
-
|
|
Patch Availability for Oracle Application Testing
Suite
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Application Testing
Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
3.2.3 Oracle Enterprise Manager
Cloud Control
Error Correction information for Oracle Enterprise
Manager Cloud Control
Patch Information
|
13.2.0.0
|
13.1.0.0
|
12.1.0.5
|
Comments
|
Final CPU
|
-
|
July 2017
|
October 2019
|
|
On-Request platforms
|
-
|
-
|
-
|
|
Patch Availability for Oracle Enterprise Manager
Cloud Control 13c Release 1 (13.2.0.0)
Patch Availability for Oracle Enterprise Manager
Cloud Control 13c Release 1 (13.1.0.0)
Patch Availability for Oracle Enterprise Manager
Cloud Control 12c Release 5 (12.1.0.5)
3.2.4 Oracle Enterprise Manager
Grid Control 11g (11.1.0.1)
Error Correction information for Oracle Enterprise
Manager Grid Control 11g (11.1.0.1)
Patch Information
|
11.1.0.1
|
Comments
|
Final CPU
|
April 2018
|
|
On-Request platforms
|
-
|
|
Patch Set Update Availability for Oracle Enterprise
Manager Grid Control 11g (11.1.0.1)
The fixes for security Alert for CVE-2015-4852 are
part of Jan2016 WebLogic Server CPU program
patches described in this section.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Base Platform Repository Home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
Base Platform Agent Home
|
Unix PSU 11.1.0.1.160119 Patch 9346289
Windows PSU 11.1.0.1.160119 Patch 22274004
|
Released January 2016
|
|
Base Platform OMS Home
|
PSU 11.1.0.1.160119 Patch 22266340
|
Released January 2016
|
|
Base Platform Fusion Middleware home
|
SPU Patch 14681307
|
Released October 2012
|
WLS 10.3.2.0 JDBC Patch (Not a SU). Before
installing this SPU, see Note 1493990.1, Patching for
CVE-2012-3137
|
Base Platform Fusion Middleware home
|
SPU Patch 18992301
SPU Patch 18992319
SPU Patch 18547380
SPU Patch 23539151
SPU Patch 20926784
SPU Patch 18992399
SPU Patch 23539193
SPU Patch 22808855
SPU Patch 20083974
SPU Patch 22360634
|
Released July 2014
Released July 2014
Released April 2014
Released July 2016
Released July 2015
Released July 2014
Released July 2016
Released April 2016
Released January 2015
Released January 2016
|
WLS 10.3.2.0 JVM Patch (SU ID: DHM2)
WLS 10.3.2.0 Deployment Patch (SU ID: Y5B9)
WLS 10.3.2.0 CSS Patch (SU ID: 9AVS)
WLS 10.3.2.0 JMS+Core
Patch (SU ID: JN9V)
WLS 10.3.2.0 WebServices
Patch (SU IDs: SAGA, L8DT, A4JA, 2HLN, SK77, X8W6, NFFE, BIMC)
WLS 10.3.2.0 Security Patch (SU IDs: VHAC, R4P6,
NSYJ, 8279)
WLS 10.3.2.0 WebApp Patch
(SU ID: RJX5)
WLS 10.3.2.0 Console Patch (SU ID: 7CB7)
WLS 10.3.2.0 CIE Patch (SU ID: GVGW)
WLS 10.3.2.0 Install Patch (SU ID: 8N2J)
For CVE-2014-4256, see Note 1903763.1, Download Request
for Security Configuration
|
Base Platform Repository Home
|
CPU Patch 13705493
|
Released April 2012
|
OC4J 10.1.2.3 one-off Patch
Enterprise Manager Grid Control
|
3.2.5 Oracle Enterprise Manager
Ops Center
Error Correction information for Oracle Enterprise
Manager Ops Center
Patch Information
|
12.3.x
|
12.2.x
|
Comments
|
Final CPU
|
Jun 2020
|
Feb 2019
|
|
On-Request platforms
|
-
|
-
|
|
Patch Availability for Oracle Enterprise Manager Ops
Center
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Enterprise Manager
Ops Center downloads and installation instructions,
see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
12.3.2
|
Solaris 10 Sparc,
Solaris 10 x86 and Linux x86 Patch 26974609
|
Released October 2017
|
|
12.2.2
|
Solaris 10 Sparc, Solaris
10 x86 and Linux x86 Patch 26974609
|
Released October 2017
|
|
3.2.6 OSS Support Tools
Error Correction information for OSS Support Tools
Patch Information
|
8.11.x
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for OSS Support Tools
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
8.11.16.3.8
|
BP Patch 22783063
|
March 2016
|
See My Oracle Support Note 1153444.1, Oracle Services
Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT
|
3.2.7 Oracle Configuration
Manager
Minimum Product Requirements for Oracle Configuration
Manager
Critical Patch Update security vulnerabilities are
fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS
(support.oracle.com). Customer can use collector tab to down the Oracle
Configuration Manager Collector.
Component
|
Release
|
Advisory Number
|
Comments
|
Oracle Configuration Manager
|
12.1.2.0.4
|
Released October 2016
|
Released July 2017
|
3.3 Oracle Fusion Middleware
This section contains the following:
3.3.1 Management
Pack For Oracle GoldenGate
Error Correction information for Management Pack For
Oracle GoldenGate
Patch Information
|
12.1.3.x
|
Comments
|
Final CPU
|
July 2022
|
|
Patch Availability for Management Pack For Oracle GoldenGate
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.1.0
|
BP 11.2.1.0.11 (BP11) or later Patch 19606348
|
Released April 2015
|
Oracle GoldenGate Monitor
patch
|
3.3.2 NetBeans IDE
Minimum Product Requirements for NetBeans
IDE
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For NetBeans IDE
downloads, see https://netbeans.org/downloads/
Product Home
|
Release
|
Advisory Number
|
Comments
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle API Gateway
Error Correction information for Oracle API
Gateway
Patch Information
|
11.1.2.4.0
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for Oracle API Gateway
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.4.0
|
11.1.2.4 SP6 Patch 26129116
|
Released July 2017
|
|
3.3.4 Oracle Big Data Discovery
Minimum Product Requirements for
Oracle Big Data Discovery
Critical Patch Update security
vulnerabilities are fixed in the listed release only and installations with
any prior versions will need to move to the listed version. For Oracle
Big Data Discovery downloads, seehttps://edelivery.oracle.com and
search for "Oracle Big Data Discovery".
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Big Data Discovery
|
1.1.3
|
Released October 2016
|
|
3.3.5 Oracle
Business Intelligence App Mobile Designer
Error Correction information for Oracle Business
Intelligence App Mobile Designer
Patch Information
|
11.1.1.7 iOS
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for Oracle Business Intelligence
App Mobile Designer
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.7
|
SPU Patch 18794832
|
Released July 2014
|
|
3.3.6 Oracle Business
Intelligence Enterprise Edition
Error Correction information for Oracle Business
Intelligence Enterprise Edition
Patch Information
|
12.2.1.3.0
|
12.2.1.2.0
|
11.1.1.9
|
11.1.1.7
|
Comments
|
Final CPU
|
-
|
July 2018
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Business Intelligence
Enterprise Edition
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain
the Java SE Installed or Used with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing
Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server
Proxy Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
FMW 12c home
|
See "Oracle Fusion Middleware 12c"
|
See "Oracle Fusion Middleware 12c"
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.180116 Patch 27281232 or
higher
|
CVE-2016-2179
|
Install prior to the latest Java CPU JDK/JRE
|
11.1.1.9
|
Oracle Business Intelligence Enterprise Edition BP
11.1.1.9.1 Patch 21235195 or
higher
|
Released July 2015
|
BIEE Third Party Bundle Patch
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.171017 Patch 26906772 or
higher
|
Released October 2017
|
Install prior to the latest Java CPU JDK/JRE.
For availability dates, see Post Release Patches
|
11.1.1.7
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
CVE-2017-9798, CVE-2018-2561
|
Oracle HTTP Server 11.1.1.7 Patch
See Note 2350321.1 before applying this
patch.
|
11.1.1.7
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
11.1.1.7
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol
and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS
|
11.1.1.7
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
11.1.1.7
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
3.3.7 Oracle Business
Intelligence Mobile
Error Correction information for Oracle Business
Intelligence Mobile
Patch Information
|
11.1.1.7 iOS
|
Comments
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle Business
Intelligence Mobile
Patch Information
|
11.1.1.7.0 iOS
|
Advisory Number
|
Comments
|
Minimum Version
|
11.1.1.7.0 (11.6.39)
|
Released July 2015
|
|
3.3.8 Oracle Business
Intelligence Publisher
Error Correction information for Oracle Business
Intelligence Publisher
Patch Information
|
11.1.1.9
|
11.1.1.7
|
Comments
|
Final CPU
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Business Intelligence
Publisher
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.170718 Patch 26092391 or
higher
|
Released July 2017
|
|
11.1.1.9
|
BP Patch 24580895
|
Released October 2016
|
Webservice BP
|
11.1.1.9
|
11.1.1.9 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
11.1.1.9
|
WLS 10.3.6 Patch 20671165 -
SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12 (Jul2015) or later WLS PSU
|
Released October 2016
|
WLS 10.3.6 Interim Patch or WLS PSU
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.170718 Patch 26092384 or
higher
|
Released July 2017
|
|
11.1.1.7
|
BP Patch 24486705
|
Released October 2016
|
Webservice BP
|
11.1.1.7
|
11.1.1.7.0 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
11.1.1.7
|
WLS 10.3.6 Patch 20671165 -
SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12 (Jul2015) or later WLS PSU
|
Released October 2016
|
WLS 10.3.6 Interim Patch or WLS PSU
|
3.3.9 Oracle Communications
Converged Application Server
Error Correction information for Oracle
Communications Converged Application Server
Patch Information
|
5.0
|
Comments
|
Final CPU
|
July 2018
|
|
Patch Availability for Oracle Communications
Application Server
See also the underlying product stack tables for any
applicable patches. Refer to comments section and apply the patch to the
respective product home.
Oracle Communications
Converged Application Server
|
Patch
|
Advisory Number
|
Comments
|
5.0
|
SPU Patch 14364893
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 14825824
CPU Patch 10625676
CPU Patch 18767762
|
Released October 2012
Released October 2011
Released October 2011
Released October 2011
Released January 2013
Released January 2011
Released July 2013
|
WLS 10.3.0.0 CSS Patch
WLS 10.3.3.0 JMS Patch
WLS 10.3.3.0 WebServices
Patch
WLS 10.3.3.0 Security Patch
WLS 10.3.3.0 WebApp Patch
WLS 10.3.3.0 Core Patch
WLS 10.3.3.0 Console Patch
|
3.3.10 Oracle Complex Event
Processing
Error Correction information for Oracle Complex Event
Processing
Patch Information
|
CEP 12.1.3
|
CEP 11.1.7
|
Comments
|
Final CPU
|
December 2019
|
October 2018
|
|
Patch Availability for Oracle Complex Event
Processing
See also the underlying product stack tables (JRockit and WLS) for any applicable patches.
3.3.11 Oracle Data Quality for
Oracle Data Integrator
Error Correction information for Oracle Data Quality
for Oracle Data Integrator
Patch Information
|
ODIDQ 11.1.x
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for Oracle Data Quality for Oracle
Data Integrator
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.12 Oracle Endeca
Server
Error Correction information for Oracle Endeca Server
Patch Information
|
7.7
|
7.6
|
7.5
|
7.4
|
7.3
|
Comments
|
Final CPU
|
January 2021
|
October 2018
|
January 2018
|
July 2020
|
-
|
|
Patch availability for Oracle Endeca
Server
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca Server
7.7 home
|
SPU Patch 26318834
|
Released July 2017
|
|
Oracle Endeca Server 7.6
home
|
SPU Patch 26318929
|
Released July 2017
|
|
Oracle Endeca Server 7.5
home
|
SPU Patch 26318963
|
Released July 2017
|
|
Oracle Endeca Server 7.4
home
|
SPU Patch 26318972
|
Released July 2017
|
|
Oracle Endeca Server 7.3
home
|
SPU Patch 26318985
|
Released July 2017
|
|
3.3.13 Oracle Endeca
Information Discovery Studio
Error Correction information for Oracle Endeca Information Discovery Studio
Patch Information
|
3.2
|
3.1
|
3.0
|
2.4
|
Comments
|
Final CPU
|
January 2021
|
October 2018
|
January 2018
|
January 2018
|
|
Patch availability for Oracle Endeca
Information Discovery Studio
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca
Information Discovery Studio 3.2 home
|
SPU Patch 27053356
|
CVE-2017-12617
|
|
Oracle Endeca Information
Discovery Studio 3.1 home
|
SPU Patch 27053370
|
CVE-2017-12617
|
See Note 1906844.1 Transfer/reinstall
Oracle Endeca Information Discovery (EID)
Studio and migrate configuration to a newly-installed latest version of
Apache Tomcat 6.0.x
|
Oracle Endeca Information
Discovery Studio 3.0 home
|
SPU Patch 19663937
|
Released October 2014
|
|
Oracle Endeca Information
Discovery Studio 2.4 home
|
SPU Patch 19663946
|
Released October 2014
|
|
3.3.14 Oracle Endeca
Information Discovery Integrator
Error Correction information for Oracle Endeca Information Discovery Studio Integrator
Patch Information
|
3.2
|
3.1
|
3.0
|
2.4
|
Comments
|
Final CPU
|
-
|
January 2018
|
January 2018
|
January 2018
|
|
Patch availability for Oracle Endeca
Information Discovery Studio Integrator
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca
Information Discovery Integrator 3.2 home
|
SPU Patch 24299733
|
Released October 2017
|
All Patches are cumulative of prior fixes
|
Oracle Endeca Information
Discovery Integrator 3.1 home
|
SPU Patch 24299700
|
Released October 2017
|
All Patches are cumulative of prior fixes
|
Oracle Endeca Information
Discovery Studio Integrator 3.0 home
|
SPU Patch 23854487
|
Released October 2017
|
All Patches are cumulative of prior fixes
|
Oracle Endeca Information
Discovery Studio Integrator 2.4 home
|
SPU Patch 23854491
|
Released October 2017
|
All Patches are cumulative of prior fixes
|
3.3.15 Oracle Enterprise Data
Quality
Error Correction information for Oracle Enterprise
Data Quality
Patch Information
|
11.1.1.x
|
9.0
|
8.1
|
Comments
|
Final CPU
|
October 2021
|
October 2019
|
July 2019
|
|
Patch Availability for Oracle Enterprise Data Quality
3.3.16 Oracle Enterprise
Repository
Error Correction information for Oracle Enterprise
Repository
Patch Information
|
12.1.3
|
11.1.1.7
|
Comments
|
Final CPU
|
October 2018
|
October 2018
|
|
Patch Availability for Oracle Enterprise Repository
Product Home
|
Patch
|
Advisory Number
|
Comments
|
12.1.3.0.0
|
OER SPU Patch 25184722
|
Released July 2017
|
|
11.1.1.7.0
|
OER SPU Patch 26437341
|
Released July 2017
|
|
3.3.17 Oracle Exalogic
Patch Set Update (PSU)
Error Correction information for Oracle Exalogic Patch Set Update (PSU)
Patch Information
|
2.x
|
1.x
|
Comments
|
Final CPU
|
-
|
-
|
|
Patch Set Update Availability for Oracle Exalogic
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
2.x Physical
|
2.0.6.2.170418 Physical Linux x86-64 (for all X2-2,
X3-2, X4-2, X5-2) PSU Patch 25422080
2.0.6.2.170418 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2)
PSU Patch 25422080
|
Released April 2017
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
2.x Virtual
|
2.0.6.2.170418 Virtual (for all X2-2, X3-2, X4-2,
X5-2) PSU Patch 25422070
|
Released April 2017
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013
(15931901)
|
See Patch 14834860 EECS
2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 14834860 Oracle
Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
3.3.18 Oracle Forms and Reports
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Forms and Reports installation. Only the relevant homes from
those tables need to be patched.
Patch Availability for Oracle Forms and Reports
3.3.19 Oracle Fusion Middleware
For more information on how to identify the
components in an Oracle home, see Note 1591483.1, What is Installed
in My Middleware or Oracle home?.
This section contains the following:
3.3.19.1 Oracle Fusion Middleware
12c
The sections below cover Oracle Fusion Middleware
version 12.2.x and 12.1.x
3.3.19.1.1 Oracle Fusion
Middleware 12.2.1.3
Error Correction information for Oracle Fusion
Middleware 12.2.1.3
Patch Information
|
12.2.1.3
|
Comments
|
Final CPU
|
-
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.3
3.3.19.1.2 Oracle Fusion
Middleware 12.2.1.2
Error Correction information for Oracle Fusion
Middleware 12.2.1.2
Patch Information
|
12.2.1.2
|
Comments
|
Final CPU
|
-
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.2
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2337155.1
|
See Note 2337155.1
|
See Note 1492980.1, How to Maintain
the Java SE Installed or Used with FMW 11g/12c Products
|
12.2.1.2 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server
patch
|
12.2.1.2 home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
12.2.1.2 home
|
ADF BP 12.2.1.2.171017 Patch 26752344
|
Released October 2017
|
ADF (Infrastructure) Patch
|
12.2.1.2 home
|
OHS bundle patch 12.2.1.2.171220 Patch 27198002
|
CVE-2017-9798, CVE-2018-2561
|
Oracle HTTP Server Patch
See Note 2350321.1 before applying this
patch.
Note 2314658.1 - SSL Configuration
Required to Secure Oracle HTTP Server After Applying Security Patch
Updates
|
12.2.1.2 home
|
OBIE BP 12.2.1.2.180116 Patch 27072632
|
CVE-2016-2179, CVE-2018-2715
|
OBIEE Patch
Install prior to the latest Java CPU JDK/JRE.
|
12.2.1.2 home
|
OBIEE MOS Note: Note 2310021.1
|
Released October 2017
|
|
12.2.1.2 home
|
OBIEE MOS Note: Note 2310008.1
|
Released October 2017
|
|
12.2.1.2 home
|
SOA BP 12.2.1.2.171017 Patch 26666389
|
Released October 2017
|
SOA Patch
For availability dates, see "Post Release
Patches"
|
12.2.1.2 home
|
WCC BP 12.2.1.2.171211 Patch 27116621
|
CVE-2018-2596, CVE-2018-2716
|
WebCenter Content Patch
|
12.2.1.2 home
|
Oracle WebCenter
Portal BP 12.2.1.2.180116 Patch 27125969 or
later
|
CVE-2018-2713, CVE-2015-7940, CVE-2016-1182
|
Webcenter Portal Patch
|
12.2.1.2. home
|
Oracle Webcenter core
BP 12.2.1.2.180116 Patch 27264041
|
CVE-2015-7940
|
Webcenter Core Patch for the Web Center Portal Home
|
12.2.1.2 home
|
OSB BP 12.2.1.2.170418 Patch 25439629
|
Released April 2017
|
OSB Patch
|
12.2.1.2 home
|
12.2.1.2.170415 Patch 25806946 or
later
|
Released April 2017
|
WebCenter Sites Patch. For availability dates, see "Post Release Patches"
|
12.2.1.2 home
|
Patch 25375317
Patch 24908939
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to the latest Java CPU JDK/JRE
|
3.3.19.1.3 Oracle Fusion
Middleware 12.1.3.0
Error Correction information for Oracle Fusion
Middleware 12.1.3.0
Patch Information
|
12.1.3.0
|
Comments
|
Final CPU
|
October 2019
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.1.3.0
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain
the Java SE Installed or Used with FMW 11g/12c Products
|
12.1.3.0.0 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server
patch
|
12.1.3.0.0 home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
12.1.3.0.0 home
|
ADF BP 12.1.3.0.171218 Patch 27131743
|
CVE-2017-10273, CVE-2018-2711
|
Oracle JDeveloper
(ADF) Patch
|
12.1.3.0.0 home
|
OSS SPU Patch 26591558
|
Released October 2017
|
Oracle Security Service (SSL/Network) Patch
|
12.1.3.0.0 home
|
SOA BP 12.1.3.0.171017 Patch 26581895
|
Released October 2017
|
SOA Patch
For availability dates, see "Post Release
Patches"
|
12.1.3.0.0 home
|
OHS SPU for Jan2018CPU Patch 27244723
|
CVE-2017-9798, CVE-2018-2561
|
Oracle HTTP Server Patch
See Note 2350321.1 before applying this
patch.
Note 2314658.1 - SSL Configuration
Required to Secure Oracle HTTP Server After Applying Security Patch
Updates
|
12.1.3.0.0 home
|
OER BP Patch 25184722
|
Released July 2017
|
Oracle Enterprise Repository Patch
|
12.1.3.0.0 home
|
EDQ BP 12.1.3.0.1 Patch 24672265
|
Released April 2017
|
Enterprise Data Quality patch
Install prior to the latest Java CPU JDK/JRE
|
12.1.3.0.0 home
|
ODI BP 12.1.3.0.170418 Patch 25774021
|
Released July 2017
|
Oracle Data Integrator Patch
Install prior to the latest Java CPU JDK/JRE.
|
12.1.3.0.0 home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to the latest Java CPU JDK/JRE
|
12.1.3.0.0 home
|
OSB BP 12.1.3.0.170418 patch 23133629
|
Released April 2017
|
OSB patch
|
12.1.3.0.0 home
|
BP Patch 24592776
|
Released October 2016
|
Platform Security for Java patch
|
12.1.3.0.0 home
|
SPU Patch 24327938
|
Released July 2016
|
Oracle TopLink patch
|
12.1.3.0.0 home
|
SPU Patch 21773981
|
Released October 2015
|
Oracle ADF Patch
This patch is necessary for any co-located
installations where ADF exists
|
12.1.3.0.0 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.19.2 Oracle Forms and Reports
11.1.2.2
Error Correction information for Oracle Forms and
Reports 11.1.2.2
Patch Information
|
11.1.2.2
|
Comments
|
Final CPU
|
October 2018
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Forms and Reports
11.1.2.2
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java
SE Installed or Used with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing
Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server Proxy
Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
Oracle Forms and Reports 11.1.2.2 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
Oracle Forms and Reports 11.1.2.2 home
|
DB PSU Patch 22290164 for
Unix
DB BP Patch 22607089 for
Windows 32-Bit
DB BP Patch 22607090 for
Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
Oracle Forms and Reports 11.1.2.2 home
|
OHS 11.1.1.7.0 SPU for JanCPU2018 Patch 27197885
|
CVE-2017-9798, CVE-2018-2561
|
Oracle HTTP Server 11.1.1.7 Patch
See Note 2350321.1 before applying this
patch.
Note 2314658.1 - SSL Configuration Required to
Secure Oracle HTTP Server After Applying Security Patch Updates
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 19562319
|
Released January 2015
|
Oracle Forms Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 20002141
|
Released January 2015
|
Oracle Reports, Developer 11.1.2.2 Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol
and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
3.3.19.3 Oracle Fusion Middleware
11.1.1.9
Error Correction information for Oracle Fusion
Middleware 11.1.1.9
Patch Information
|
11.1.1.9
|
Comments
|
Final CPU
|
October 2021
|
Oracle Fusion Middleware 11.1.1.9
|
On-Request platforms
|
OID Bundle Patch AIX, HPUX, and Windows are on
request
|
|
Patch Availability for Oracle Fusion Middleware
11.1.1.9
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain
the Java SE Installed or Used with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing
Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server
Proxy Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
SOA 11.1.1.9 home
|
SOA BP 11.1.1.9.170919 Patch 26830896
|
Released October 2017
|
SOA Patch
|
Oracle Identity Management 11.1.1.9 home
|
OVD 11.1.1.9 Patch 26962279
|
Released October 2017
|
Oracle Virtual Directory (OVD) Patch
|
Oracle Identity Management 11.1.1.9 home
|
OID bundle patch 11.1.1.9.171127 Patch 26850241
|
CVE-2018-2601
|
Oracle Internet Directory Patch
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
Oracle WebCenter 11.1.1.9 home
OSB 11.1.1.9 home
ODI 11.1.1.9 Home
|
OSS SPU Patch 26610710
|
Released October 2017
|
Oracle Security Service (OSS) Patch
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
OHS 11.1.1.9.0 SPU for JanCPU2018 Patch 27301611
|
CVE-2017-9798, CVE-2018-2561
|
Oracle HTTP Server 11.1.1.9 Patch
See Note 2350321.1 before applying this
patch.
Note 2314658.1 - SSL Configuration Required to
Secure Oracle HTTP Server After Applying Security Patch Updates
|
OSB 11.1.1.9 home
|
OSB BP 11.1.1.9.170718 patch 25926992
|
Released July 2017
|
OSB patch
|
ODI 11.1.1.9 Home
|
ODI BP 11.1.1.9.160926 Patch 24675920
|
Released July 2017
|
Oracle Data Integrator Patch
|
Oracle WebCenter
11.1.1.9 home
|
WCC BP 11.1.1.9.171120 Patch 27042562
|
CVE-2018-2716, CVE-2018-2564, CVE-2018-2596
|
WebCenter Content Patch
|
OSB 11.1.1.9 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to the latest Java CPU JDK/JRE
|
Oracle FMW 11.1.1.9 ORACLE_COMMON home
|
JRF BP 11.1.1.9.160905 Patch 23243563 or
later
|
Released January 2017
|
JRF BP
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
|
BP Patch 24580895
|
Released October 2016
|
Web Services BP
|
Oracle Web Tier 11.1.1.9 home
|
SPU Patch 21905371
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache
11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January
2016
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
DB PSU Patch 22290164 for
Unix
DB BP Patch 22607089 for
Windows 32-Bit
DB BP Patch 22607090 for
Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
Oracle WebCenter 11.1.1.9
home
|
Oracle WebCenter Portal
BP 11.1.1.9.171222 Patch 27234777 or
later
|
CVE-2018-2713, CVE-2015-7940, CVE-2016-1182
|
Oracle WebCenter Portal
11.1.1.9 Patch
See Note 2029169.1, Changes to Portlet standards request dispatching of Resource
Requests
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON
home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common
OH for 11.1.1.9.0
|
3.3.19.4 Oracle
Fusion Middleware 11.1.1.7
Error Correction information for Oracle Fusion
Middleware 11.1.1.7
Patch Information
|
11.1.1.7
|
Comments
|
Final CPU
|
October 2018
|
Oracle Fusion Middleware 11.1.1.7
See Note 1585582.1, Extended Fusion
Middleware 11g Lifetime Support Policy Dates, and Note 1290894.1, Error Correction
Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
Oracle Portal, Forms, Reports and Discoverer may
have different support dates, Please refer to Lifetime Support document
for more details
|
On-Request platforms
|
OID Bundle Patch 11.1.1.7.0 Windows platform patch
is on request
|
|
Patch Availability for Oracle Fusion Middleware
11.1.1.7
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 2337155.1, Critical Patch Update
Jan 2018 Patch Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain
the Java SE Installed or Used with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server
home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing
Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server
Proxy Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
Oracle SOA 11.1.1.7 home
|
SOA BP 11.1.1.7.8 Patch 20900797
SOA Overlay SPU 11.1.1.7.8 Patch 26882430
|
Released October 2017
|
SOA Patches
Overlay SPU patch can only be installed after the
base BP has been installed.
|
Oracle Identity Management 11.1.1.7 home
|
OVD 11.1.1.7 Patch 26962267
|
Released October 2017
|
Oracle Virtual Directory (OVD) Patch
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885
|
CVE-2017-9798, CVE-2018-2561
|
Oracle HTTP Server 11.1.1.7 Patch
See Note 2350321.1 before applying this
patch.
Note 2314658.1 - SSL Configuration Required to
Secure Oracle HTTP Server After Applying Security Patch Updates
|
ODI 11.1.1.7 home
|
ODI SPU Patch 24826305
|
Released July 2017
|
Oracle Data Integrator Patch
|
OSB 11.1.1.7 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to the latest Java CPU JDK/JRE
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
Patch 19933795
|
Released April 2017
|
Install prior to the latest Java CPU JDK/JRE
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
ODI Patch 25507109
|
Released April 2017
|
Install prior to the latest Java CPU JDK/JRE
|
FMW 11.1.1.7 ORACLE_COMMON home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to the latest Java CPU JDK/JRE
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
JRF BP 11.1.1.7.160905 Patch 23243559 or
later
|
Released January 2017
|
JRF BP
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 24716502
|
Released October 2016
|
Oracle Discoverer Patch
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
See Note 2155256.1
|
Released July 2016
|
For Oracle Portal 11.1.1.6
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 22218959
|
Released July 2016
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache
11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January
2016
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
DB PSU Patch 22290164 for
Unix
DB BP Patch 22607089 for
Windows 32-Bit
DB BP Patch 22607090 for
Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
| |