Oracle Database Cloud Schema Service -
Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Information in this document applies to any platform.
This document defines the patches and minimum releases
for the Database Product Suite, Fusion Middleware Product Suite, Exalogic,
and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates
released on October 17, 2017.
The document is for Database Administrators
and/or others tasked with Quarterly Security Patching.
Database, Fusion Middleware, and
Enterprise Manager Critical Patch Update October 2017 Patch Availability
Document
My Oracle Support Note 2296870.1
Released October 17, 2017
This document contains the following sections:
1 Overview
Oracle provides quarterly cumulative patches to address
security vulnerabilities. The patches may include critical fixes in addition to
the security fixes. The security vulnerabilities addressed are announced in
the Advisory for October 2017, available at:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
This document lists the Oracle Database, Fusion
Middleware and Enterprise Manager CPU program cumulative patches for product
releases under error correction. The October 2017 release supersedes earlier
CPU program cumulative patches for the same product releases. This document
is subject to continual update after the initial release, and the changes are
listed in "Modification History." If you print this document, check My
Oracle Support to ensure you have the latest version.
This section contains the following:
1.1 How To Use This Document
The following steps explain how to use this document.
Step 1 Assess your
Environments
Determine the Oracle product suites and
products and their release numbers for each of your environments.
Step 2 Read Important
Announcements
Review "What's New in October 2017," as it lists documentation and
packaging changes along with important announcements such as upcoming final
CPUs.
Step 3 Determine Patches
to be Applied
For each environment, determine which
patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for
each product suite release, such as Oracle Database 11.1.0.7, Oracle Identity
Access Management 11.1.1.5, and Enterprise Manager Grid Control 10.2.0.5
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of the
homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or Extended
Support and are under error correction as defined in My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy. Patches are provided only for
these releases. If you do not see the release that you have installed, then
check "Final CPU History" and contact Oracle Support for
further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's CPU
Advisory, list the vulnerability CVE numbers in the Advisory Number column.
If you are interested in the risk matrix for the vulnerabilities fixed in the
patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous
quarterly releases, or the current one without any security fixes, the column
indicates "Released MMM YYYY"
·
When
a section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is referenced, determine the Oracle
Database release that is installed, and find the patches to apply in the
table for that Oracle Database release in "Oracle Database."
Step 4 Apply the Patches
Download the patches, review the READMEs,
and apply the patches according to the instructions.
Step 5 Planning for Future
Critical Patch Updates
To help you plan for future Critical Patch
Updates, this document includes Final CPU information based on Oracle's
Lifetime Support Policy and error correction policies.
"Final CPU Information (Error Correction
Policies)" in "What's New in October 2017," documents product releases for which
final Critical Patch Updates are upcoming or are being announced. In each
product section, there is also an Error Correction Information Table that
documents the final CPU program patch for the product. Products that have
reached the end of error correction are documented in "Final CPU History."
1.2 Terminology in the Tables
The following terminology is used in this patch
availability document and in the subsequent tables.
- RU - Release Update
- RUR -Release Update Revision
- BP - Bundle Patch
- Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended
Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
- NA Not Applicable.
- OR On-Request. The patch is made available
through the On-Request program.
- PSU - Patch Set Update
- SPU - Security Patch Update. An iterative,
cumulative patch consisting of security fixes.
- Overlay SPU patch provided as an overlay on top of a
PSU or BP instead of a base/patch set release.
1.3 On-Request Patches
Oracle does not proactively release patches for
historically inactive platforms. However, Oracle will deliver these patches
when requested.
The following guidelines describe how to initiate an
on-request (OR) patch.
A request may be made:
- At any
time. However, a patch for a specific quarterly release, such as
CPUOct2012, cannot be requested. Depending on when the request is
received and processed, either the patch for the current quarterly
release or the next quarterly release will be provided. Your Service
Request (SR) will provide you the planned availability date for the
patch.
- As long as
the version is in either Premier Support or Extended Support and error
correction support has not expired. For example, if a product release is
under Extended Support through the release of CPUJan2013 on January 15,
2013, then you can file a request for the product release through
January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, EM Grid Control, and
OCS Software Error Correction Support Policy.
- For a
platform-version combination when a major release or patch set is
released on a platform after a quarterly release date. Oracle will
provide the next patch for that platform-version combination,
however you may request the current patch by following the on-request
process. For example, if a patch is released for a platform on August 1,
2012, Oracle will provide the CPUOct2012 patch for that platform. You
may request a CPUOct2012 patch for the platform, and Oracle will review
the request and determine whether to provide CPUOct2012 or CPUOct2012.
A patch that is marked as on-request (OR) may already have
been requested by another customer and be available on My Oracle Support.
Before you file a Service Request (SR), check on My Oracle Support to see if
the patch is already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support patch recommendation features are
available on the Patches & Update tab. The patches announced in this
document as part of the CPU program are classified as "Security"
patch recommendations in My Oracle Support. If a new patch is being announced
in this document, then the classification on any earlier patch is changed to
"General", causing it to be removed from the My Oracle Support
patch recommendations. If a patch has a "Security" classification,
and a subsequent bundle, SPU, or PSU is released with a recommendation
classification, then it will be classified as a "Security"
recommendation in My Oracle Support.
Once a product release is no longer in error
correction, its CPU patch information is removed from this document, but the
last patch recommendation continues to be available in My Oracle
Support. Ensure to select each of the products installed in your
environment to obtain all patches.
1.5 My Oracle Support (MOS) Conflict
Checker Tool
The My Oracle Support (MOS) Conflict Checker tool is
available as of July 21, 2014.
You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the
Patch Search results screen ("Analyze with OPatch" button).
The MOS Conflict Checker Tool allows you to upload an
OPatch inventory to check for conflicts with patches to apply to your
environment. If no conflicts are found, you can download the patches. If
conflicts are found, the tool finds an existing resolution to download. If no
resolution is found, you can request a solution, and monitor your request in
the Plans region.
For more information and a demonstration video, see
Knowledge Document Note 1091294.1, How to use the My Oracle Support Conflict
Checker Tool.
2 What's New in October 2017
This section describes important changes in October
2017:
2.1 Final CPU Information (Error
Correction Policies)
The final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended Support
policies. Final CPUs for upcoming releases, as well as newly scheduled final
CPUs, are listed in the following sections.
Final CPUs scheduled for January 2018
- Oracle
Endeca Server 7.5
- Oracle
Endeca Information Discovery Studio 3.1, 3.0, 2.4
- Oracle
Endeca Information Discovery Studio Integrator 3.1, 3.0, 2.4
- Oracle
Secure Enterprise Search 11.2.2.2
- iPlanet Web
Server 7.0
Final CPUs scheduled for October 2017
- Oracle
Fusion Middleware 12.2.1.1
- Oracle
Identity Analytics 11.1.1.5.0
- Oracle Map
Viewer 12.2.1.1
- Oracle
Waveset 8.1.1.0
- Oracle
WebLogic Server 12.2.1.1.0
- Directory
Server Enterprise Edition 7.0
- Oracle
GlassFish Communications Server 2.0
- Oracle
GlassFish Server 3.0.1
- Oracle
OpenSSO Agents 3.0
- Sun Role
Manager 5.0.3.2
2.2 Post Release Patches
Oracle strives to complete preparations and testing of
each Quarterly Security Patch for each platform by the quarterly release
date. Occasionally, circumstances beyond our control dictate that a
particular patch be delayed and be released a few days after the quarterly
release date. The following table lists any current patch delays and the
estimated date of availability.
Patch Number
|
Patch
|
Platform
|
Availability
|
Patch 26906772
|
Oracle BI Suite BP 11.1.1.7.171017
|
All platforms
|
Available
|
Patch 26750055
|
Oracle Access Manager WebGates BP 10.1.4.3.171017
|
All platforms
|
Available
|
Patch 26906772
|
Oracle Business Intelligence Enterprise Edition
Suite BP 11.1.1.7.171017
|
All platforms
|
Available
|
Patch 26666397
|
Oracle SOA Suite BP 12.2.1.1.171017
|
All platforms
|
Available
|
Patch 26666389
|
Oracle SOA Suite BP 12.2.1.2.171017
|
All platforms
|
Available
|
Patch 27001569
|
WLS 12.2.1.3.0 SPU
|
Generic
|
Available
|
Patch 26737266
|
GI RU 12.2.0.1.171017
|
Solaris.Sparc, Solaris.x64
|
Available
|
Patch 26737266
|
GI RU 12.2.0.1.171017
|
AIX, and HP-IA
|
Available
|
Patch 26635815
|
GI PSU 12.1.0.2.171017
|
Solaris.Sparc
|
Available
|
Patch 26635880
|
DB PB 12.1.0.2.171017
|
HPIA
|
Available
|
Patch 26581376
|
Windows Bundle 11.2.0.4.171017
|
Win32
|
Available
|
Patch 26581376
|
Windows Bundle 11.2.0.4.171017
|
Win64
|
Available
|
Patch 26720785
|
Windows Bundle 12.1.0.2.171017
|
Win32
|
Available
|
Patch 26792358
|
11.2.0.4 OJVM Bundle
|
Win32, Win64
|
Available
|
Patch 26635341
|
12.2.0.1 QFSDP for Exadata
|
Linux.x64, Solaris.x64
|
Available
|
Patch 26635325
|
12.2.0.1 QFSDP FOR SUPERCLUSTER
|
Solaris.sparc
|
Available
|
Patch 26635363
|
12.1.0.2 QFSDP for Exadata
|
Linux.x64, Solaris.x64
|
Available
|
Patch 26635386
|
12.1.0.2 QFSDP FOR SUPERCLUSTER
|
Solaris.sparc
|
Available
|
Patch 26635418
|
11.2.0.4 QFSDP for Exadata
|
Linux.x64, Solaris.x64
|
Available
|
Patch 26635432
|
11.2.0.4 QFSDP FOR SUPERCLUSTER
|
Solaris.sparc
|
Available
|
2.3 New Database Master Note
Information that is specific to the Database proactive
patch program has been moved to Note 756671.1, Master Note for Database Proactive Patch Program.
Patches that are announced as part of the CPU program continue to be listed
here.
2.4 New Release Update and Release
Update Revision Strategy
Information on the new Release Update patches is also
found in the Database Master Note, as well as in Note 2285040.1 Release Update and Release Update Revisions for
Database Proactive Patch Program
3 Patch Availability for Oracle Products
This section contains the following:
3.1 Oracle Database
This section contains the following:
3.1.1 Oracle
REST Data Services (formally called Oracle APEX Listener)
Error Correction information for Oracle REST Data
Services 3.0
Patch Information
|
3.0
|
Comments
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle REST Data
Services
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle REST Data Services downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle REST Data Services
|
3.0.10.25.02.36
|
Released July 2017
|
|
3.1.2 Oracle Application Express
Minimum Product Requirements for Oracle Application
Express
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Application Express downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
Component
|
Release
|
Advisory Number
|
Comments
|
Oracle Application Express
|
5.0.4.00.12
|
Released Oct 2016
|
|
3.1.3 Oracle Big Data Spatial and Graph
Error Correction information
for Oracle Big Data Spatial and Graph
Patch Information
|
2.0
|
1.2
|
Comments
|
Final CPU
|
-
|
-
|
|
Minimum Product
Requirements for Oracle Big Data Spatial and Graph
Critical Patch Update security
vulnerabilities are fixed in the listed releases. For Oracle Big Data Spatial
and Graph downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Big Data Spatial and Graph
|
2.0
|
Released January 2017
|
|
Oracle Big Data Spatial and Graph
|
1.2
|
Released January 2017
|
|
3.1.4 Oracle Database
This section contains the following:
3.1.4.1 Patch
Availability for Oracle Database
For information regarding the different types of
patches for Database, refer to Oracle Database - Overview of Database Patch
Delivery Methods, Note 1962125.1.
3.1.4.2 Oracle
Database 12.2.0.1
Patch Information
|
12.2.0.1
|
Comments
|
Final CPU
|
-
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.2.0.1
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
Combo OJVM RU 12.2.0.1.171017 and Database RU 12.2.0.1.171017 Patch 26636004 for UNIX, or
Combo OJVM RU 12.2.0.1.171017 and GI RU 12.2.0.1.171017 Patch 26636246, or
Quarterly Full Stack download for Exadata (Oct2017) 12.2.0.1 Patch 26635341 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Oct2017)
12.2.0.1 Patch 26635325 for Solaris SPARC 64-Bit
|
CVE-2016-6814, CVE-2016-8735, CVE-2017-10321,
CVE-2017-10292, CVE-2017-10190
|
For availability dates, see Post Release Patches
OJVM RU Patches are not RAC Rolling installable
Combos are for environments that take a single downtime to apply all
patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU
(OJVM PSU) Patches
|
Oracle Database home
|
Database RU 12.2.0.1.171017 Patch 26710464 for UNIX, or
Database RUR 12.2.0.1.171017 Patch 26518812, or
GI RU 12.2.0.1.171017 Patch 26737266, or
GI RUR 12.2.0.1.171017 Patch 26878187, or
Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.171017 Patch 26758841, or later;
Quarterly Full Stack download for Exadata (Oct2017) 12.2.0.1 Patch 26635341 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Oct2017)
12.2.0.1 Patch 26635325 for Solaris SPARC 64-Bit
|
CVE-2016-6814, CVE-2016-8735, CVE-2017-10321,
CVE-2017-10292
|
For availability dates, see Post Release Patches
|
Oracle Database home
|
OJVM RU 12.2.0.1.171017 Patch 26635944 for UNIX, or
OJVM Microsoft Windows Bundle Patch 12.2.0.1.171017 Patch 26792369
|
CVE-2017-10190
|
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU
(OJVM PSU) Patches
|
3.1.4.3 Oracle
Database 12.1.0.2
Error Correction information for Oracle Database
12.1.0.2
Patch Information
|
12.1.0.2
|
Comments
|
Final CPU
|
July 2021
|
|
On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
Combo OJVM PSU 12.1.0.2.171017 and Database PSU 12.1.0.2.171017 Patch 26636270 for UNIX, or
Combo OJVM PSU 12.1.0.2.171017 and GI PSU 12.1.0.2.171017 Patch 26636286, or
Combo OJVM PSU 12.1.0.2.171017 and database Proactive BP
12.1.0.2.171017 Patch 26636295 for UNIX, or
Quarterly Full Stack download for Exadata (Oct2017) BP 12.1.0.2 Patch 26635363 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Oct2017) BP
12.1.0.2 Patch 26635386 for Solaris SPARC 64-Bit
|
CVE-2017-10321, CVE-2017-10292, CVE-2017-10261,
CVE-2017-10190
|
For availability dates, see Post Release Patches
OJVM PSU Patches are not RAC Rolling installable
Combos are for environments that take a single downtime to apply all
patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM
PSU) Patches
|
Oracle Database home
|
Database PSU 12.1.0.2.171017 Patch 26713565 for UNIX, or
GI PSU 12.1.0.2.171017 Patch 26635815
or
Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.171017 Patch 26720785, or later;
Database Proactive Bundle Patch 12.1.0.2.171017 Patch 26635880 or
Quarterly Full Stack download for Exadata (Oct2017) BP 12.1.0.2 Patch 26635363 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster (Oct2017) BP
12.1.0.2 Patch 26635386 for Solaris SPARC 64-Bit
|
CVE-2017-10321, CVE-2017-10292, CVE-2017-10261
|
For availability dates, see Post Release Patches
|
Oracle Database home
|
Oracle JavaVM Component Database PSU 12.1.0.2.171017 Patch 26635845 for UNIX, or
Oracle JavaVM Component Microsoft Windows Bundle Patch
12.1.0.2.171017 Patch 26792364
|
CVE-2017-10190
|
OJVM PSU Patches are not RAC Rolling installable
All OJVM PSU since 12.1.0.2.161018 includes Generic JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU
(OJVM PSU) Patches
|
Oracle Database home
|
Oracle JavaVM Component Database PSU - Generic
JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
3.1.4.4 Oracle Database 11.2.0.4
Error Correction information for Oracle Database
11.2.0.4
Patch Information
|
11.2.0.4
|
Comments
|
Final CPU
|
October 2020
|
|
On-Request platforms
|
HP-UX PA RISC
IBM: Linux on System Z
32-bit client-only platforms except Linux x86
|
|
On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Patch Availability for Oracle Database 11.2.0.4
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
Combo OJVM PSU 11.2.0.4.171017 (CPUOct2017) and Database SPU
11.2.0.4.171017 (CPUOct2017) Patch 26636315 for UNIX, or
Combo OJVM PSU 11.2.0.4.171017 and Database PSU 11.2.0.4.171017 Patch 26636031 for UNIX, or
Combo OJVM PSU 11.2.0.4.171017 and GI PSU 11.2.0.4.171017 Patch 26636028, or
Combo OJVM PSU 11.2.0.4.171017 and Exadata BP 11.2.0.4.171017 Patch 26636022
|
CVE-2017-10321, CVE-2017-10292, CVE-2017-10261, CVE-2017-10190
|
For availability dates, see Post Release Patches
OJVM PSU Patches are not RAC Rolling installable.
Combos are for environments that take a single downtime to apply all
patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
Oracle Database home
|
Database SPU 11.2.0.4.171017 (CPUOct2017) Patch 26474853 for UNIX, or
Database PSU 11.2.0.4.171017 Patch 26392168 for UNIX, or
GI PSU 11.2.0.4.171017 Patch 26635745 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.171017 Patch 26581376, or later;
Quarterly Database Patch for Exadata BP 11.2.0.4.171017 Patch 26635694 for UNIX, or
Quarterly Full Stack download for Exadata (Apr2017) BP 11.2.0.4 Patch 26635418, or
Quarterly Full Stack download for Supercluster (Apr2017) BP
11.2.0.4 Patch 26635432
|
CVE-2017-10321, CVE-2017-10292, CVE-2017-10261
|
For availability dates, see Post Release Patches
|
Oracle Database home
|
Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.171017 Patch 26635834 for UNIX, or
Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.171017 Patch 26792358 for Microsoft Windows
|
CVE-2017-10190
|
OJVM PSU 11.2.0.4.161018 and greater includes Generic JDBC Patch 23727132
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
Oracle Database home
|
Oracle JavaVM Component Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied to Grid Infrastructure
Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component
Database PSU (OJVM PSU) Patches
|
3.1.5 Oracle Database Mobile/Lite
Server
Error Correction Information for Oracle Database Mobile
Server
Patch Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
Final CPU
|
-
|
October 2021
|
|
Patch Availability for Oracle Database Mobile Server
12.1.x
Product Home
|
Patch
|
Advisory Number
|
Comments
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch Availability for Oracle Database Mobile Server
11.3.x
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle GoldenGate
Error Correction information for Oracle GoldenGate
Component
|
12.2.0.1
|
12.1.2.1
|
11.2.1.0
|
Comments
|
Final CPU
|
-
|
October 2021
|
January 2020
|
|
Patch Availability for Oracle GoldenGate
3.1.7 Oracle GoldenGate Veridata
Error Correction information for Oracle GoldenGate
Veridata
Component
|
11.2.1.0
|
Comments
|
Final CPU
|
October 2020
|
|
Patch Availability for Oracle GoldenGate Veridata
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.2.1.0
|
BP 11.2.1.0.12 Patch 25137470
|
CVE-2015-7501, CVE-2016-0714
|
|
3.1.8 Oracle Secure Backup
Error Correction information for Oracle Secure Backup
Patch Information
|
12.1.x
|
Comments
|
Final CPU
|
January 2020
|
|
Minimum Product Requirements for Oracle Secure
Backup
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Secure Backup downloads and
installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Secure Backup
|
12.1.0.3
|
Released April 2017
|
|
3.2 Oracle Enterprise Manager
This section contains the following:
3.2.1 Oracle
Application Performance Management
Error Correction information for Oracle Application
Performance Management
Patch Information
|
12.1.0.7
|
11.1.x
|
Comments
|
Final CPU
|
-
|
January 2019
|
|
On-Request platforms
|
-
|
|
|
Minimum Product Requirements for Oracle Application
Performance Management
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For more information on Oracle Application
Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
Product Version
|
Patch
|
Advisory Number
|
Comments
|
12.1.0.7
|
12.1.0.7.11 Release Patch 25244272
|
Released July 2017
|
|
11.1.x
|
11.1.0.5.7 Release Patch 26290928
|
Released July 2017
|
|
3.2.2 Oracle Application Testing Suite
Error Correction information for Oracle Application
Testing Suite
Patch Information
|
12.5.0.3
|
12.5.0.2
|
Comments
|
Final CPU
|
-
|
-
|
|
On-Request platforms
|
-
|
-
|
|
Patch Availability for Oracle Application Testing Suite
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to be
upgraded to the minimum version. Then, apply the following patches to fix the
announced security vulnerabilities. For Oracle Application Testing Suite
downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
3.2.3 Oracle Enterprise Manager Cloud
Control
Error Correction information for Oracle Enterprise
Manager Cloud Control
Patch Information
|
13.2.0.0
|
13.1.0.0
|
12.1.0.5
|
Comments
|
Final CPU
|
-
|
July 2017
|
October 2019
|
|
On-Request platforms
|
-
|
-
|
-
|
|
Patch Availability for Oracle Enterprise Manager Cloud
Control 13c Release 1 (13.2.0.0)
Patch Availability for Oracle Enterprise Manager Cloud
Control 13c Release 1 (13.1.0.0)
Patch Availability for Oracle Enterprise Manager Cloud
Control 12c Release 5 (12.1.0.5)
3.2.4 Oracle Enterprise Manager Grid
Control 11g (11.1.0.1)
Error Correction information for Oracle Enterprise
Manager Grid Control 11g (11.1.0.1)
Patch Information
|
11.1.0.1
|
Comments
|
Final CPU
|
April 2018
|
|
On-Request platforms
|
-
|
|
Patch Set Update Availability for Oracle Enterprise
Manager Grid Control 11g (11.1.0.1)
The fixes for security Alert for CVE-2015-4852 are part
of Jan2016 WebLogic Server CPU program patches described in this section.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Base Platform Repository Home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
Base Platform Agent Home
|
Unix PSU 11.1.0.1.160119 Patch 9346289
Windows PSU 11.1.0.1.160119 Patch 22274004
|
Released January 2016
|
|
Base Platform OMS Home
|
PSU 11.1.0.1.160119 Patch 22266340
|
Released January 2016
|
|
Base Platform Fusion Middleware home
|
SPU Patch 14681307
|
Released October 2012
|
WLS 10.3.2.0 JDBC Patch (Not a SU). Before installing this SPU,
see Note 1493990.1, Patching for CVE-2012-3137
|
Base Platform Fusion Middleware home
|
SPU Patch 18992301
SPU Patch 18992319
SPU Patch 18547380
SPU Patch 23539151
SPU Patch 20926784
SPU Patch 18992399
SPU Patch 23539193
SPU Patch 22808855
SPU Patch 20083974
SPU Patch 22360634
|
Released July 2014
Released July 2014
Released April 2014
Released July 2016
Released July 2015
Released July 2014
Released July 2016
Released April 2016
Released January 2015
Released January 2016
|
WLS 10.3.2.0 JVM Patch (SU ID: DHM2)
WLS 10.3.2.0 Deployment Patch (SU ID: Y5B9)
WLS 10.3.2.0 CSS Patch (SU ID: 9AVS)
WLS 10.3.2.0 JMS+Core Patch (SU ID: JN9V)
WLS 10.3.2.0 WebServices Patch (SU IDs: SAGA, L8DT, A4JA, 2HLN, SK77,
X8W6, NFFE, BIMC)
WLS 10.3.2.0 Security Patch (SU IDs: VHAC, R4P6, NSYJ, 8279)
WLS 10.3.2.0 WebApp Patch (SU ID: RJX5)
WLS 10.3.2.0 Console Patch (SU ID: 7CB7)
WLS 10.3.2.0 CIE Patch (SU ID: GVGW)
WLS 10.3.2.0 Install Patch (SU ID: 8N2J)
For CVE-2014-4256, see Note 1903763.1, Download Request for Security Configuration
|
Base Platform Repository Home
|
CPU Patch 13705493
|
Released April 2012
|
OC4J 10.1.2.3 one-off Patch
Enterprise Manager Grid Control
|
3.2.5 Oracle Enterprise Manager Ops
Center
Error Correction information for Oracle Enterprise
Manager Ops Center
Patch Information
|
12.3.x
|
12.2.x
|
Comments
|
Final CPU
|
Jun 2020
|
Feb 2019
|
|
On-Request platforms
|
-
|
-
|
|
Patch Availability for Oracle Enterprise Manager Ops
Center
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to be
upgraded to the minimum version. Then, apply the following patches to fix the
announced security vulnerabilities. For Oracle Enterprise Manager Ops Center
downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
12.3.2
|
Solaris 10 Sparc, Solaris 10 x86 and Linux
x86 Patch 26974609
|
CVE-2016-6814
|
|
12.2.2
|
Solaris 10 Sparc, Solaris 10 x86 and Linux x86 Patch 26974609
|
CVE-2016-6814
|
|
3.2.6 OSS Support Tools
Error Correction information for OSS Support Tools
Patch Information
|
8.11.x
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for OSS Support Tools
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
8.11.16.3.8
|
BP Patch 22783063
|
March 2016
|
See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP,
ACT
|
3.2.7 Oracle Configuration Manager
Minimum Product Requirements for Oracle Configuration
Manager
Critical Patch Update security vulnerabilities are
fixed in the listed releases.
Oracle Configuration Manager can be downloaded from MOS (support.oracle.com).
Customer can use collector tab to down the Oracle Configuration Manager
Collector.
Component
|
Release
|
Advisory Number
|
Comments
|
Oracle Configuration Manager
|
12.1.2.0.4
|
Released Oct 2016
|
Released July 2017
|
3.3 Oracle Fusion Middleware
This section contains the following:
3.3.1 Management
Pack For Oracle GoldenGate
Error Correction information for Management Pack For
Oracle GoldenGate
Patch Information
|
12.1.3.x
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Management Pack For Oracle
GoldenGate
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.1.0
|
BP 11.2.1.0.11 (BP11) or later Patch 19606348
|
Released April 2015
|
Oracle GoldenGate Monitor patch
|
3.3.2 NetBeans IDE
Minimum Product Requirements for NetBeans IDE
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/
Product Home
|
Release
|
Advisory Number
|
Comments
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle API Gateway
Error Correction information for Oracle API
Gateway
Patch Information
|
11.1.2.4.0
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for Oracle API Gateway
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.4.0
|
11.1.2.4 SP6 Patch 26129116
|
Released July 2017
|
|
3.3.4 Oracle Big Data Discovery
Minimum Product Requirements for Oracle
Big Data Discovery
Critical Patch Update security
vulnerabilities are fixed in the listed release only and installations with
any prior versions will need to move to the listed version. For Oracle
Big Data Discovery downloads, seehttps://edelivery.oracle.com and search
for "Oracle Big Data Discovery".
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Big Data Discovery
|
1.1.3
|
Released October 2016
|
|
3.3.5 Oracle
Business Intelligence App Mobile Designer
Error Correction information for Oracle Business
Intelligence App Mobile Designer
Patch Information
|
11.1.1.7 iOS
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for Oracle Business Intelligence App
Mobile Designer
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.7
|
SPU Patch 18794832
|
Released July 2014
|
|
3.3.6 Oracle Business Intelligence
Enterprise Edition
Error Correction information for Oracle Business
Intelligence Enterprise Edition
Patch Information
|
12.2.1.1.0
|
11.1.1.9
|
11.1.1.7
|
Comments
|
Final CPU
|
-
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Business Intelligence
Enterprise Edition
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion Middleware
installation
|
Oracle Java SE home
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g
Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
FMW 12c home
|
See "Oracle Fusion Middleware 12c"
|
See "Oracle Fusion Middleware 12c"
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.171017 Patch 26909117 or higher
|
CVE-2017-10060, CVE-2017-10034
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.171017 Patch 26906772 or higher
|
CVE-2017-10060
|
Install prior to Java CPUApr2017 JDK/JRE or later version.
For availability dates, see Post Release Patches
|
11.1.1.7
|
SPU Patch 21640624
|
Released October 2015
|
Oracle HTTP Server 11.1.1.7 Patch
|
11.1.1.9
|
Oracle Business Intelligence Enterprise Edition BP 11.1.1.9.1 Patch 21235195 or higher
|
Released July 2015
|
BIEE Third Party Bundle Patch
|
11.1.1.7
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
11.1.1.7
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN) Patch
See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion
Middleware 11g OPMN/ONS
|
11.1.1.7
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
11.1.1.7
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
3.3.7 Oracle Business Intelligence
Mobile
Error Correction information for Oracle Business
Intelligence Mobile
Patch Information
|
11.1.1.7 iOS
|
Comments
|
Final CPU
|
-
|
|
Minimum Product Requirements for Oracle Business
Intelligence Mobile
Patch Information
|
11.1.1.7.0 iOS
|
Advisory Number
|
Comments
|
Minimum Version
|
11.1.1.7.0 (11.6.39)
|
Released July 2015
|
|
3.3.8 Oracle Business Intelligence
Publisher
Error Correction information for Oracle Business
Intelligence Publisher
Patch Information
|
11.1.1.9
|
11.1.1.7
|
Comments
|
Final CPU
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Business Intelligence
Publisher
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.170718 Patch 26092391 or higher
|
Released July 2017
|
|
11.1.1.9
|
BP Patch 24580895
|
Released October 2016
|
Webservice BP
|
11.1.1.9
|
11.1.1.9 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
11.1.1.9
|
WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12
(Jul2015) or later WLS PSU
|
Released October 2016
|
WLS 10.3.6 Interim Patch or WLS PSU
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.170718 Patch 26092384 or higher
|
Released July 2017
|
|
11.1.1.7
|
BP Patch 24486705
|
Released October 2016
|
Webservice BP
|
11.1.1.7
|
11.1.1.7.0 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
11.1.1.7
|
WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12
(Jul2015) or later WLS PSU
|
Released October 2016
|
WLS 10.3.6 Interim Patch or WLS PSU
|
3.3.9 Oracle Communications Converged
Application Server
Error Correction information for Oracle Communications
Converged Application Server
Patch Information
|
5.0
|
Comments
|
Final CPU
|
July 2018
|
|
Patch Availability for Oracle Communications
Application Server
See also the underlying product stack tables for any
applicable patches. Refer to comments section and apply the patch to the
respective product home.
Oracle Communications Converged Application
Server
|
Patch
|
Advisory Number
|
Comments
|
5.0
|
SPU Patch 14364893
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 14825824
CPU Patch 10625676
CPU Patch 18767762
|
Released October 2012
Released October 2011
Released October 2011
Released October 2011
Released January 2013
Released January 2011
Released July 2013
|
WLS 10.3.0.0 CSS Patch
WLS 10.3.3.0 JMS Patch
WLS 10.3.3.0 WebServices Patch
WLS 10.3.3.0 Security Patch
WLS 10.3.3.0 WebApp Patch
WLS 10.3.3.0 Core Patch
WLS 10.3.3.0 Console Patch
|
3.3.10 Oracle Complex Event Processing
Error Correction information for Oracle Complex Event
Processing
Patch Information
|
CEP 12.1.3
|
CEP 11.1.7
|
Comments
|
Final CPU
|
December 2019
|
October 2018
|
|
Patch Availability for Oracle Complex Event Processing
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
3.3.11 Oracle Data Quality for Oracle
Data Integrator
Error Correction information for Oracle Data Quality
for Oracle Data Integrator
Patch Information
|
ODIDQ 11.1.x
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for Oracle Data Quality for Oracle
Data Integrator
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.12 Oracle Endeca Server
Error Correction information for Oracle Endeca Server
Patch Information
|
7.7
|
7.6
|
7.5
|
7.4
|
7.3
|
Comments
|
Final CPU
|
January 2021
|
October 2018
|
January 2018
|
July 2020
|
-
|
|
Patch availability for Oracle Endeca Server
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca Server 7.7 home
|
SPU Patch 26318834
|
Released July 2017
|
|
Oracle Endeca Server 7.6 home
|
SPU Patch 26318929
|
Released July 2017
|
|
Oracle Endeca Server 7.5 home
|
SPU Patch 26318963
|
Released July 2017
|
|
Oracle Endeca Server 7.4 home
|
SPU Patch 26318972
|
Released July 2017
|
|
Oracle Endeca Server 7.3 home
|
SPU Patch 26318985
|
Released July 2017
|
|
3.3.13 Oracle Endeca Information
Discovery Studio
Error Correction information for Oracle Endeca
Information Discovery Studio
Patch Information
|
3.1
|
3.0
|
2.4
|
Comments
|
Final CPU
|
January 2018
|
January 2018
|
January 2018
|
|
Patch availability for Oracle Endeca Information
Discovery Studio
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca Information Discovery Studio 3.1 home
|
SPU Patch 19663929
|
Released October 2014
|
See Note 1906844.1 Transfer/reinstall Oracle Endeca Information Discovery (EID)
Studio and migrate configuration to a newly-installed latest version of
Apache Tomcat 6.0.x
|
Oracle Endeca Information Discovery Studio 3.0 home
|
SPU Patch 19663937
|
Released October 2014
|
|
Oracle Endeca Information Discovery Studio 2.4 home
|
SPU Patch 19663946
|
Released October 2014
|
|
3.3.14 Oracle Endeca Information
Discovery Integrator
Error Correction information for Oracle Endeca
Information Discovery Studio Integrator
Patch Information
|
3.2
|
3.1
|
3.0
|
2.4
|
Comments
|
Final CPU
|
-
|
January 2018
|
January 2018
|
January 2018
|
|
Patch availability for Oracle Endeca Information
Discovery Studio Integrator
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca Information Discovery Integrator 3.2
home
|
SPU Patch 24299733
|
CVE-2016-0635, CVE-2015-7501
|
All Patches are cumulative of prior fixes
|
Oracle Endeca Information Discovery Integrator 3.1 home
|
SPU Patch 24299700
|
CVE-2015-7501
|
All Patches are cumulative of prior fixes
|
Oracle Endeca Information Discovery Studio Integrator 3.0 home
|
SPU Patch 23854487
|
CVE-2015-7501
|
All Patches are cumulative of prior fixes
|
Oracle Endeca Information Discovery Studio Integrator 2.4 home
|
SPU Patch 23854491
|
CVE-2015-7501
|
All Patches are cumulative of prior fixes
|
3.3.15 Oracle Enterprise Data Quality
Error Correction information for Oracle Enterprise Data
Quality
Patch Information
|
11.1.1.x
|
9.0
|
8.1
|
Comments
|
Final CPU
|
October 2021
|
October 2019
|
July 2019
|
|
Patch Availability for Oracle Enterprise Data Quality
3.3.16 Oracle Enterprise Repository
Error Correction information for Oracle Enterprise
Repository
Patch Information
|
12.1.3
|
11.1.1.7
|
Comments
|
Final CPU
|
October 2018
|
October 2018
|
|
Patch Availability for Oracle Enterprise Repository
Product Home
|
Patch
|
Advisory Number
|
Comments
|
12.1.3.0.0
|
OER SPU Patch 25184722
|
Released July 2017
|
|
11.1.1.7.0
|
OER SPU Patch 26437341
|
Released July 2017
|
|
3.3.17 Oracle Exalogic Patch Set
Update (PSU)
Error Correction information for Oracle Exalogic Patch
Set Update (PSU)
Patch Information
|
2.x
|
1.x
|
Comments
|
Final CPU
|
-
|
-
|
|
Patch Set Update Availability for Oracle Exalogic
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
2.x Physical
|
2.0.6.2.170418 Physical Linux x86-64 (for all X2-2, X3-2, X4-2, X5-2)
PSU Patch 25422080
2.0.6.2.170418 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2)
PSU Patch 25422080
|
Released April 2017
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
2.x Virtual
|
2.0.6.2.170418 Virtual (for all X2-2, X3-2, X4-2, X5-2) PSU Patch 25422070
|
Released April 2017
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
1.x
|
Upgrade to 2.x based on information in the Comments column. Then apply
the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013 (15931901)
|
See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT
(V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 14834860 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for
Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
3.3.18 Oracle Forms and Reports
For the appropriate product versions listed below, refer
to the corresponding Oracle Fusion Middleware patch availability sections
that contain information on Error Correction, and for the patches to apply.
Not all homes that are listed in those sections might be present in the
Oracle Forms and Reports installation. Only the relevant homes from those
tables need to be patched.
Patch Availability for Oracle Forms and Reports
3.3.19 Oracle Fusion Middleware
For more information on how to identify the components
in an Oracle home, see Note 1591483.1, What is Installed in My Middleware or Oracle
home?.
This section contains the following:
3.3.19.1 Oracle Fusion Middleware 12c
The sections below cover Oracle Fusion Middleware
version 12.2.x and 12.1.x
3.3.19.1.1 Oracle Fusion Middleware
12.2.1.3
Error Correction information for Oracle Fusion
Middleware 12.2.1.3
Patch Information
|
12.2.1.3
|
Comments
|
Final CPU
|
-
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.3
3.3.19.1.2 Oracle Fusion Middleware
12.2.1.2
Error Correction information for Oracle Fusion
Middleware 12.2.1.2
Patch Information
|
12.2.1.2
|
Comments
|
Final CPU
|
-
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.2
3.3.19.1.3 Oracle Fusion Middleware
12.2.1.1
Error Correction information for Oracle Fusion
Middleware 12.2.1.1
Patch Information
|
12.2.1.1
|
Comments
|
Final CPU
|
October 2017
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.1
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion Middleware
installation
|
Oracle Java SE home
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
12.2.1.1 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server patch
|
12.2.1.1 home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
12.2.1.1 home
|
ADF BP 12.2.1.1.171017 Patch 26752339
|
CVE-2016-6814
|
Oracle JDeveloper (ADF) Patch
|
12.2.1.1 home
|
SPU patch 26436206
|
CVE-2015-2808, CVE-2016-2183
|
Oracle HTTP Server Patch
Note 2314658.1 - SSL Configuration Required to Secure Oracle HTTP Server After
Applying Security Patch Updates
|
12.2.1.1 home
|
WCC BP 12.2.1.1.171017 Patch 26718773
|
CVE-2017-10360
|
WebCenter Content Patch
|
12.2.1.1 home
|
OBIEE BP 12.2.1.1.171017 Patch 26642678
|
CVE-2017-10060
|
OBIEE Patch
Install prior to Java CPUApr2017 JDK/JRE or later version.
|
12.2.1.1 home
|
OBIEE MOS Note: Note 2310021.1
|
CVE-2017-10163
|
|
12.2.1.1 home
|
OBIEE MOS Note: Note 2310008.1
|
CVE-2015-5254
|
|
12.2.1.1 home
|
SOA BP 12.2.1.1.171017 Patch 26666397
|
CVE-2015-7940, CVE-2015-7501, CVE-2015-7940,
CVE-2015-7501
|
SOA Patch
For availability dates, see "Post Release Patches"
|
12.2.1.1 home
|
ODI BP 12.2.1.1.170418 Patch 25683635
|
Released April 2017
|
Oracle Data Integrator Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
12.2.1.1 home
|
Patch 25375317
Patch 25714997
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
12.2.1.1 home
|
OSB SPU 12.2.1.1.170418 patch 25491960
|
Released April 2017
|
OSB patch
|
12.2.1.1 home
|
12.2.1.1.170415 Patch 25806943 or later
|
Released April 2017
|
WebCenter Sites Patch.
|
12.2.1.1 home
|
SPU Patch 24618613
|
Released October 2016
|
Platform Security for Java patch
|
12.2.1.1 home
|
SPU Patch 24327938
|
Released July 2016
|
Oracle TopLink patch
|
3.3.19.1.4 Oracle Fusion Middleware
12.1.3.0
Error Correction information for Oracle Fusion
Middleware 12.1.3.0
Patch Information
|
12.1.3.0
|
Comments
|
Final CPU
|
October 2019
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.1.3.0
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion Middleware
installation
|
Oracle Java SE home
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW
11g/12c Products
|
12.1.3.0.0 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server patch
|
12.1.3.0.0 home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
12.1.3.0.0 home
|
ADF BP 12.1.3.0.0 Patch 26826138
|
CVE-2016-6814
|
Oracle JDeveloper (ADF) Patch
|
12.1.3.0.0 home
|
OSS SPU Patch 26591558
|
CVE-2017-10166
|
Oracle Security Service (SSL/Network) Patch
|
12.1.3.0.0 home
|
SOA BP 12.1.3.0.171017 Patch 26581895
|
CVE-2015-7940, CVE-2015-7501, CVE-2015-7940
|
SOA Patch
For availability dates, see "Post Release Patches"
|
12.1.3.0.0 home
|
SPU Patch 26398022
|
CVE-2015-2808, CVE-2003-1418, CVE-2016-2183
|
Oracle HTTP Server Patch
Note 2314658.1 - SSL Configuration Required to Secure Oracle HTTP Server After
Applying Security Patch Updates
|
12.1.3.0.0 home
|
OER BP Patch 25184722
|
Released July 2017
|
Oracle Enterprise Repository Patch
|
12.1.3.0.0 home
|
EDQ BP 12.1.3.0.1 Patch 24672265
|
Released April 2017
|
Enterprise Data Quality patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
12.1.3.0.0 home
|
ODI BP 12.1.3.0.170418 Patch 25774021
|
Released July 2017
|
Oracle Data Integrator Patch
Install prior to Java CPUApr2017 JDK/JRE or later version.
|
12.1.3.0.0 home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
12.1.3.0.0 home
|
OSB BP 12.1.3.0.170418 patch 23133629
|
Released April 2017
|
OSB patch
|
12.1.3.0.0 home
|
BP Patch 24592776
|
Released October 2016
|
Platform Security for Java patch
|
12.1.3.0.0 home
|
SPU Patch 24327938
|
Released July 2016
|
Oracle TopLink patch
|
12.1.3.0.0 home
|
SPU Patch 21773981
|
Released October 2015
|
Oracle ADF Patch
This patch is necessary for any co-located installations where ADF
exists
|
12.1.3.0.0 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.19.2 Oracle Forms and Reports 11.1.2.2
Error Correction information for Oracle Forms and
Reports 11.1.2.2
Patch Information
|
11.1.2.2
|
Comments
|
Final CPU
|
October 2018
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Forms and Reports
11.1.2.2
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion Middleware
installation
|
Oracle Java SE home
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
Oracle Forms and Reports 11.1.2.2 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
Oracle Forms and Reports 11.1.2.2 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 26669560
|
CVE-2015-2808, CVE-2016-2183
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 - SSL Configuration Required to Secure Oracle HTTP
Server After Applying Security Patch Updates
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 19562319
|
Released January 2015
|
Oracle Forms Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 20002141
|
Released January 2015
|
Oracle Reports, Developer 11.1.2.2 Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN) Patch
See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion
Middleware 11g OPMN/ONS
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
3.3.19.3 Oracle Fusion Middleware
11.1.1.9
Error Correction information for Oracle Fusion
Middleware 11.1.1.9
Patch Information
|
11.1.1.9
|
Comments
|
Final CPU
|
October 2021
|
Oracle Fusion Middleware 11.1.1.9
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
11.1.1.9
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion Middleware
installation
|
Oracle Java SE home
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g
Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
SOA 11.1.1.9 home
|
SOA BP 11.1.1.9.170919 Patch 26830896
|
CVE-2015-7501, CVE-2015-7940, CVE-2015-7501
|
SOA Patch
|
Oracle Identity Management 11.1.1.9 home
|
OVD 11.1.1.9 Patch 26962279
|
CVE-2017-10369
|
Oracle Virtual Directory (OVD) Patch
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
|
OSS SPU Patch 26610710
|
CVE-2017-10166
|
Oracle Security Service (OSS) Patch
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
OHS 11.1.1.9.0 Patch 26367394
|
CVE-2015-2808, CVE-2003-1418, CVE-2016-2183
|
Oracle HTTP Server 11.1.1.9 Patch
Note 2314658.1 - SSL Configuration Required to Secure Oracle HTTP
Server After Applying Security Patch Updates
|
OSB 11.1.1.9 home
|
OSB BP 11.1.1.9.170718 patch 25926992
|
Released July 2017
|
OSB patch
|
ODI 11.1.1.9 Home
|
ODI BP 11.1.1.9.160926 Patch 24675920
|
Released July 2017
|
Oracle Data Integrator Patch
|
Oracle WebCenter 11.1.1.9 home
|
WCC BP 11.1.1.9.170925 Patch 26781599
|
CVE-2017-10360
|
WebCenter Content Patch
|
OSB 11.1.1.9 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
Oracle FMW 11.1.1.9 ORACLE_COMMON home
|
JRF BP 11.1.1.9.160905 Patch 23243563 or later
|
Released January 2017
|
JRF BP
|
Oracle Identity Management 11.1.1.9 home
Oracle Web Tier 11.1.1.9 home
|
BP Patch 24580895
|
Released October 2016
|
Web Services BP
|
Oracle Web Tier 11.1.1.9 home
|
SPU Patch 21905371
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes
Beginning with CPU January 2016
|
Oracle Web Tier 11.1.1.9 home
Identity Management 11.1.1.9 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only
|
Oracle WebCenter 11.1.1.9 home
|
Oracle WebCenter Portal BP 11.1.1.9.2 Patch 21354925 or later
|
Released July 2015
|
Oracle WebCenter Portal 11.1.1.9 Patch
See Note 2029169.1, Changes to Portlet standards request dispatching of Resource
Requests
|
Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for 11.1.1.9.0
|
3.3.19.4 Oracle
Fusion Middleware 11.1.1.7
Error Correction information for Oracle Fusion
Middleware 11.1.1.7
Patch Information
|
11.1.1.7
|
Comments
|
Final CPU
|
October 2018
|
Oracle Fusion Middleware 11.1.1.7
See Note 1585582.1, Extended Fusion Middleware 11g Lifetime Support Policy Dates,
and Note 1290894.1, Error Correction Support Dates for Oracle Fusion Middleware
11g (11.1.1/11.1.2)
Oracle Portal, Forms, Reports and Discoverer may have different
support dates, Please refer to Lifetime Support document for more details
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
11.1.1.7
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion Middleware
installation
|
Oracle Java SE home
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g
Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
Oracle SOA 11.1.1.7 home
|
SOA BP 11.1.1.7.8 Patch 20900797
SOA Overlay SPU 11.1.1.7.8 Patch 26882430
|
CVE-2015-7501 , CVE-2017-10026, CVE-2015-7940
|
SOA Patches
Overlay SPU patch can only be installed after the base BP has been
installed.
|
Oracle Identity Management 11.1.1.7 home
|
OVD 11.1.1.7 Patch 26962267
|
CVE-2017-10369
|
Oracle Virtual Directory (OVD) Patch
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
SPU Patch 26669560
|
CVE-2015-2808, CVE-2016-2183
|
Oracle HTTP Server 11.1.1.7 Patch
Note 2314658.1 - SSL Configuration Required to Secure Oracle HTTP
Server After Applying Security Patch Updates
|
ODI 11.1.1.7 home
|
ODI SPU Patch 24826305
|
Released July 2017
|
Oracle Data Integrator Patch
|
OSB 11.1.1.7 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
Patch 19933795
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
ODI Patch 25507109
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
FMW 11.1.1.7 ORACLE_COMMON home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
JRF BP 11.1.1.7.160905 Patch 23243559 or later
|
Released January 2017
|
JRF BP
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
SPU Patch 24716502
|
Released October 2016
|
Oracle Discoverer Patch
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
See Note 2155256.1
|
Released July 2016
|
For Oracle Portal 11.1.1.6
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 22218959
|
Released July 2016
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes
Beginning with CPU January 2016
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Identity Manager BP 2 (11.1.1.7.2) Patch 21881425 and OIM OVERLAY SPU 11.1.1.7.161018 Patch 24816127
|
Overlay SPU: Released October 2016
OIM BP2: Released October 2015
|
Oracle Identity Manager Patch
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Access Manager BP 5 (11.1.1.7.5) Patch 21033489 or later
|
Released July 2015
|
Oracle Access Manager (OAM 11.1.1.7.5) Patch
See Note 1952939.1, Oracle Access Manager 11g Logout Confirmation Features and
Configuration
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
SPU Patch 19562278
|
Released January 2015
|
Oracle Forms 11.1.1.7 Patch
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
SPU Patch 20002159
|
Released January 2015
|
Oracle Reports, Developer 11.1.1.7 Patch
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 20060599
|
Released January 2015
|
Oracle Adaptive Access Manager Patch
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
Oracle Identity Management 11.1.1.7 home
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 19666962
|
Released October 2014
|
Oracle Identity Manager Patch
See Note 1927796.1, Instructions For Enabling OIM CPU Bug 17937383 Fix For OIM
BPs (11.1.2.1.9 and 11.1.2.2.4 Versions) / Overlay SPU (11.1.1.7 and
11.1.1.5 Versions)
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN) Patch
See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion
Middleware 11g OPMN/ONS
|
Oracle WebCenter 11.1.1.7 home
|
Overlay SPU Patch 18792010 and 11.1.1.7 BP 1 Patch 16761779
|
Released July 2014
|
WebCenter Portal 11.1.1.7 Overlay SPU patch
|
Oracle Identity Access Management 11.1.1.7 home
|
See Note 1643382.1
|
Released April 2014
|
OAM/WebGate Advisory
|
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
Oracle Identity Management 11.1.1.7 home
|
CPU Patch 17842883 and
CPU Patch 17839633
|
Released January 2014
|
Oracle Internet Directory Patch
Patch 17842883 for HP-UX Itanium, HP-UX PA-RISC (64-bit),
Linux x86, Microsoft Windows (32-bit)
Patch 17839633 for Linux x86-64, IBM AIX Based Systems
(64-bit), Sun Solaris x86-64 (64-bit), Sun Solaris SPARC (64-bit),
Microsoft Windows x64 (64-bit)
See "Oracle Internet Directory (OID) Version 11g Bundle Patch
(Including Directory Integration Platform / DIP) / Bundle Patches For
Non-Fusion Applications (NonFA / NonP4FA) Customers" (Note 1614114.1) for Bundles that include these and other fixes.
|
Oracle Identity Management 11.1.1.7 home
Oracle Identity Access Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer 11.1.1.7 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
Oracle WebCenter Content 11.1.1.7 home
|
BP 2 Patch 17180477 or higher
|
Released October 2013
|
|
Oracle Fusion Middleware 11.1.1.7.0 ORACLE_COMMON home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for 11.1.1.7.0
|
3.3.19.5 Oracle Identity Access
Management 11.1.2.3
Error Correction information for Oracle Identity Access
Management 11.1.2.3
Patch Information
|
11.1.2.3
|
Comments
|
Final CPU
|
-
|
|
On-Request platforms
|
-
|
|
Patch Availability for Oracle Identity Access
Management 11.1.2.3
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion Middleware
installation
|
Oracle Java SE home
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Identity Federation SPU 1 (11.1.1.7.1) Patch 22321057 or later
|
Released January 2016
|
Oracle Identity Federation (OIF 11.1.1.7.1) Patch
|
Oracle Identity Management 11.1.2.3 home
|
OIM BP 11.1.2.3.0(id:160711.1901)
|
CVE-2016-1181
|
Oracle Identity Manager Patch
Install prior to Java CPUApr2017 JDK/JRE or later version
For availability dates, see "Post Release Patches"
|
Oracle Identity Access Management 11.1.2.3 home
|
Oracle Identity Management Suite BP 11.1.2.3.170418 Patch 25654150
or
Oracle Identity Management BP 11.1.2.3.170418 Patch 25348617
|
Released April 2017
|
Oracle Access Manager Patch
Oracle Identity Manager Patch
|
3.3.20 Oracle Hyperion Analytic Provider
Services
Error Correction information for Oracle Hyperion
Analytic Provider Services
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Analytic
Provider Services
3.3.21 Oracle Hyperion BI+
Error Correction information for Oracle Hyperion BI+
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion BI+
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2 Home
|
11.1.2.4 SPU Patch 26950214
|
CVE-2017-10312, CVE-2017-10359
|
|
3.3.22 Oracle Hyperion Common Admin
Error Correction information for Oracle Hyperion Common
Admin
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion Common Admin
3.3.23 Oracle Hyperion Common Security
Error Correction information for Oracle Hyperion Common
Security
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion Common Security
3.3.24 Oracle Hyperion EAS
Error Correction information for Oracle Hyperion EAS
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion EAS
3.3.25 Oracle Hyperion Enterprise
Performance Management Architect
Error Correction information for Oracle Hyperion
Enterprise Performance Management Architect
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Enterprise
Performance Management Architect
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.3
|
SPU Patch 19466859
SPU Patch 20929659
|
Released July 2015
|
|
11.1.2.2
|
SPU On-Request
|
Released July 2015
|
|
3.3.26 Oracle Hyperion Essbase
Error Correction information for Oracle Hyperion
Essbase
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2021
|
|
Patch Availability for Oracle Hyperion Essbase
3.3.27 Oracle Hyperion Financial Reporting
Error Correction information for Oracle
Hyperion Financial Reporting
Patch Information
|
11.1.2.4
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion
Financial Reporting
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Hyperion Financial Reporting 11.1.2.4
|
FR 11.1.2.4.707 PSU patch 26386614
|
CVE-2017-10310, CVE-2017-10358
|
|
3.3.28 Oracle Hyperion Installation
Technology
Error Correction information for Oracle Hyperion
Installation Technology
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion Installation
Technology
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.3
|
SPU Patch 17424524
|
Released October 2015
|
|
3.3.29 Oracle Hyperion Smart View For
Office
Error Correction information for Oracle Hyperion Smart
View For Office
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion Smart View For
Office
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.x
|
SPU Patch 20327649
|
Released April 2015
|
|
3.3.30 Oracle Hyperion Strategic
Finance
Error Correction information for Oracle Hyperion
Strategic Finance
Patch Information
|
11.1.2.x
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Hyperion Strategic
Finance
3.3.31 Oracle Identity Access
Management
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches to
apply. Not all homes that are listed in those sections might be present in
the Oracle Identity Access Management installation. Only the relevant homes
from those tables need to be patched.
Patch Availability for Oracle Identity Access
Management
3.3.32 Oracle Identity Analytics
Error Correction Information for Oracle Identity
Analytics
Patch Information
|
11.1.1.5.0
|
Comments
|
Final CPU
|
October 2017
|
|
Patch Availability for Oracle Identity Analytics
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.5.0
|
Patch 25155306
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
3.3.33 Oracle Identity Management
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches to
apply. Not all homes that are listed in those sections might be present in
the Oracle Identity Management installation. Only the relevant homes from
those tables need to be patched.
Patch Availability for Oracle Identity Management
3.3.34 Oracle Identity Management
Connector
Error Correction
information for Oracle Identity Management Connector
Patch
Information
|
9.1.1.5
|
Comments
|
Final CPU
|
-
|
|
Patch Availability
for Oracle Identity Management Connector
Product
Version
|
Patch
|
Advisory Number
|
Comments
|
9.1.1.5
|
OIM Connector 9.1.1.5.15 Patch 25028999
|
CVE-2017-10270
|
|
3.3.35 Oracle JDeveloper
and Oracle ADF
Error Correction
information for Oracle JDeveloper and Oracle ADF
Patch
Information
|
12.2.1.0
|
12.1.3.0
|
11.1.2.4
|
11.1.1.7
|
Comments
|
Final CPU
|
-
|
-
|
October 2021
|
October 2018
|
|
Critical Patch Update Availability for Oracle
JDeveloper and Oracle ADF
Release
|
Patch
|
Advisory Number
|
Comments
|
12.2.1.2.0
|
ADF BP 12.2.1.2.170117 Patch 23622699
|
Released January 2017
|
|
12.2.1.1.0
|
ADF BP 12.2.1.1.170418 Patch 25639913
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
12.2.1.0.0
|
ADF BP 12.2.1.0.170418 Patch 25637372
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
For availability dates, see "Post Release Patches"
|
12.1.3.0.0
|
ADF BP 12.1.3.0.170418 Patch 25635721
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
For availability dates, see "Post Release Patches"
|
11.1.2.4.0
|
SPU Patch 24730407
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
11.1.1.9.0
|
SPU Patch 25245227
|
Released January 2017
|
|
11.1.1.7.0
|
SPU Patch 25264940
|
Released January 2017
|
|
Oracle JDeveloper 11.1.7.0.0 home
Oracle ADF 11.1.7.0 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technology Patch
|
3.3.36 Oracle JRockit
Critical Patch Update Availability for Oracle JRockit
Oracle JRockit R28.3.13 includes fixes for all security advisories that have
been released through CPUjan2017.
Product
|
Patch
|
Advisory Number
|
Comments
|
Oracle JRockit JRE and JDK 6
|
R28.3.13 Patch 25061582
|
Released January 2017
|
|
3.3.37 Oracle Map Viewer
Error Correction information for Oracle Map Viewer
Patch Information
|
12.2.1.1
|
11.1.1.9
|
Comments
|
Final CPU
|
October 2017
|
October 2021
|
|
Patch Availability for Oracle Map Viewer
Product Home
|
Patch
|
Advisory Number
|
Comments
|
12.2.1.2
|
Patch 25779681
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
12.2.1.1
|
BP Patch 25451397
Patch 25779583
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
12.1.3
|
Patch 25506781
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
11.1.1.9
|
BP Patch 25451337
|
Released April 2017
|
|
3.3.38 Oracle Mobile Security Suite
Error Correction information for Oracle Mobile Security
Suite
Patch Information
|
11.1.2.3
|
3.0.5
|
Comments
|
Final CPU
|
-
|
July 2016
|
|
Patch Availability for Oracle Mobile Security Suite
Product Home
|
Patch
|
Advisory Number
|
Comments
|
3.0.5
|
CPU Patch 21639665
|
Released October 2015
|
|
3.3.39 Oracle Outside In Technology
Error Correction information for Oracle Outside In
Technology
Patch Information
|
8.5.3
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Outside In Technology
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Outside In Technology 8.5.3
|
OIT SPU Patch 26953696
|
CVE-2017-10051
|
|
Oracle Outside In Technology 8.5.3
|
BP 8.5.3.57 Patch 26438252
|
Released July 2017
|
|
3.3.40 Oracle Portal, Forms, Reports,
and Discoverer 11g Release 1
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches to
apply. Not all homes that are listed in those sections might be present in
the Oracle Portal, Forms, Reports, and Discoverer 11g Release 1
installation. Only the relevant homes from those tables need to be patched.
Patch Availability for Oracle Portal, Forms, Reports,
and Discoverer 11g Release 1
3.3.41 Oracle Real Time Decisions Server
Error Correction information for Oracle Real Time
Decisions Server
Patch Information
|
11.1.1.7
|
Comments
|
Final CPU
|
October 2018
|
|
Patch Availability for Oracle Real Time Decisions
Server
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Real Time Decisions Server 11.1.1.7.0 home
|
BP 11.1.1.7.150120 Patch 19823874
|
Released January 2015
|
|
3.3.42 Oracle Secure Enterprise Search
Error Correction information for Oracle Secure
Enterprise Search
Patch Information
|
11.2.2.2
|
Comments
|
Final CPU
|
January 2018
|
|
Patch Availability for Oracle Secure Enterprise Search
Product Home
|
Patch
|
Advisory Number
|
Comments
|
SES 11.2.2.2
|
SES BP Patch 23138553
|
Released July 2017
|
|
3.3.43 Oracle Service Architecture
Leveraging Tuxedo (SALT)
Error Correction information for Oracle Service
Architecture Leveraging Tuxedo (SALT)
Patch Information
|
11.1.1.2.2
|
Comments
|
Final CPU
|
April 2018
|
|
Patch Availability for Oracle Service Architecture
Leveraging Tuxedo (SALT)
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Service Architecture Leveraging Tuxedo (SALT) 11.1.1.2.2 home
|
Patch 20014357
|
Released October 2015
|
|
3.3.44 Oracle SOA Suite
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches to
apply. Not all homes that are listed in those sections might be present in
the Oracle SOA Suite installation. Only the relevant homes from those tables
need to be patched.
Patch Availability for Oracle SOA Suite
3.3.45 Oracle Traffic Director
Error Correction information for Oracle Traffic
Director
Patch Information
|
11.1.1.9
|
11.1.1.7
|
Comments
|
Final CPU
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Traffic Director
3.3.46 Oracle Tuxedo
Error Correction information for Oracle Tuxedo
Patch Information
|
12.1.1.0
|
Comments
|
Final CPU
|
July 2020
|
|
Patch Availability for Oracle Tuxedo
Product Home
|
Patches
|
Advisory Number
|
Comments
|
12.1.1.0
|
SPU Patch 25707009 Microsoft Windows x64 (64-bit) patch with
VS2010
SPU Patch 25706818 All Other Platforms
|
Released July 2017
|
|
3.3.47 Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)
Error Correction Information for Oracle Tuxedo System
and Applications Monitor Plus (TSAM Plus)
Patch Information
|
12.2.2
|
12.1.3
|
12.1.1.1
|
11.1.1.2.2
|
11.1.1.2.1
|
11.1.1.2.0
|
Comments
|
Final CPU
|
|
|
|
|
|
|
|
April 2024April 2022July 2020April 2018April 2018April
2018
Patch Availability for Oracle Tuxedo System and
Applications Monitor Plus (TSAM Plus)
3.3.48 Oracle Waveset
Error Correction information for Oracle Waveset
Patch Information
|
8.1.1.0
|
Comments
|
Final CPU
|
October 2017
|
|
Patch Availability for Oracle Waveset
Product Home
|
Patch
|
Advisory Number
|
Comments
|
8.1.1.0
|
Patch 24948332
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
8.1.1.0
|
Oracle Waveset 8.1.1.10 BP Patch 19428350
|
Released January 2015
|
|
3.3.49 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches to
apply. Not all homes that are listed in those sections might be present in
the Oracle Web-Tier 11g Utilities installation. Only the relevant
homes from those tables need to be patched.
Patch Availability for Oracle Web-Tier 11g Utilities
3.3.50 Oracle WebCenter
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches to
apply. Not all homes that are listed in those sections might be present in
the Oracle WebCenter installation. Only the relevant homes from those tables
need to be patched.
Patch Availability for Oracle WebCenter
3.3.51 Oracle WebCenter Content (Formerly
Oracle Universal Content Management)
Patch Availability for Oracle WebCenter Content
3.3.52 Oracle WebCenter Portal
Error Correction information for Oracle WebCenter
Portal
Patch Information
|
11.1.1.9
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for Oracle WebCenter Portal
3.3.53 Oracle WebCenter Sites
(Formerly FatWire Content Server)
Error Correction information for Oracle WebCenter Sites
(formerly FatWire Content Server)
Patch Information
|
12.2.1.0.0
|
11.1.1.8
|
Comments
|
Final CPU
|
-
|
|
|
Patch Availability for Oracle WebCenter Sites
3.3.54 Oracle WebCenter Sites
Community
Error Correction information for Oracle WebCenter Sites
Community
Patch Information
|
11.1.1.8
|
Comments
|
Final CPU
|
-
|
|
Patch Availability for Oracle WebCenter Sites Community
3.3.55 Oracle WebCenter Suite
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches to
apply. Not all homes that are listed in those sections might be present in
the Oracle WebCenter Suite installation. Only the relevant homes from those
tables need to be patched.
Patch Availability for Oracle WebCenter Suite
3.3.56 Oracle WebGate
Error Correction information for Oracle
WebGate
Patch Information
|
10.1.4.3.0
|
Comments
|
Final CPU
|
October 2018
|
For Oracle Access Manager 10g WebGates / ASDK working with Oracle
Access Manager 11gR1 (11.1.1.x) and Oracle Access Manager 11gR2 (11.1.2.x)
|
On-Request platforms
|
Platform and Server combinations that are
historically inactive for patching are available on-request. If the patch
is not available for a particular platform, see Section 1.3, "On-Request Patches" on how to request them.
|
Post-Release on-Request patches will be documented
on My Oracle Support Note 1563072.1
|
Patch Availability for
Oracle WebGate
See also
the underlying product stack tables for any applicable patches. Refer to
comments section and apply the patch to the respective product home.
Oracle WebGate
|
Patch
|
Advisory Number
|
Comments
|
10.1.4.3.0 home
|
OAM 10.1.4.3.42-PIT42 or later
Patch 23761275 - OAM 10gR3 Access Server
Patch 23762129 - OAM 10gR3 Identity Server
Patch 24303301 - OAM Policy Manager 10gR3 OHS 11g
Patch 26750055 - OAM Webgate 10gR3 Patch
|
CVE-2017-10259, CVE-2017-10154
|
Post-Release on-Request patches will be documented on My Oracle
Support Note 1563072.1
|
3.3.57 Oracle WebLogic Portal
Error Correction information for Oracle WebLogic Portal
Patch Information
|
10.3.6.0
|
Comments
|
Final CPU
|
October 2021
|
|
Critical Patch Update Availability for WebLogic Portal
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
WebLogic Portal patches are cumulative to include all
the prior published advisories. For more information, see My Oracle
Support Note 1355929.1, October 2011 Updates Introduce New WebLogic
Portal (WLP) Configuration Options for SSL Session ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled with WebLogic Server
9.2.3.0, which is out of error correction. Contact Oracle support for
security patches needed for WebLogic Server 9.2.3.0
Product Home
|
Patch
|
Advisory Number
|
Comments
|
10.3.6.0
|
SPU Patch 21871537
|
Released January 2016
|
WebLogic Portal Patch for WebLogic Portal 10.3.6.0 home
|
3.3.58 Oracle WebLogic Server
Error Correction information for Oracle WebLogic Server
Patch Set Update
Patch Information
|
12.2.1.1.0
|
12.1.3.0
|
10.3.6.0
|
Comments
|
Final CPU
|
October 2017
|
October 2019
|
October 2021
|
|
Patch Set Update Availability for Oracle WebLogic
Server
For more information, see MyOracleSupport Note 1470197.1, Master Note on WebLogic Server Patch Set
Updates (PSUs). See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set
Updates)
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Java SE home
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 2305932.1, Critical Patch Update Oct 2017 Patch Availability Document for
Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g
Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server Plug-ins home
|
See "Oracle WebLogic Server Plug-ins"
|
See "Oracle WebLogic Server Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache, IIS, and iPlanet
|
WebLogic Server 12.2.1.3 home
|
WLS SPU 12.2.1.3.0 SPU Patch 27001569
|
CVE-2017-10352
|
Fix for CVE-2017-5638 and CVE-2017-9805 is not
included in the WLS PSU patches. See Note 2255054.1, "Oracle WebLogic Server Requirements for Apache Struts 2 and
CVE-2017-5638 / CVE-2017-9805"
|
WebLogic Server 12.2.1.2 home
|
WLS PSU 12.2.1.2.171017 Patch 26485996
|
CVE-2017-10271, CVE-2017-10336, CVE-2017-10352,
CVE-2017-10334
|
Fix for CVE-2017-5638 and CVE-2017-9805 is
not included in the WLS PSU patches. See Note 2255054.1, "Oracle WebLogic Server Requirements for Apache Struts 2 and
CVE-2017-5638 / CVE-2017-9805"
|
WebLogic Server 12.2.1.1 home
|
WLS PSU 12.2.1.1.171017 Patch 26519400
|
CVE-2017-10271, CVE-2017-10336, CVE-2017-10352, CVE-2017-10334
|
Fix for CVE-2017-5638 and CVE-2017-9805 is
not included in the WLS PSU patches. See Note 2255054.1, "Oracle WebLogic Server Requirements for Apache Struts 2 and
CVE-2017-5638 / CVE-2017-9805"
|
WebLogic Server 12.1.3.0 home
|
WLS PSU 12.1.3.0.171017 Patch 26519417
|
CVE-2017-10271, CVE-2017-10336, CVE-2017-10152, CVE-2017-10352,
CVE-2017-10334
|
Fix for CVE-2017-5638 and CVE-2017-9805 is
not included in the WLS PSU patches. See Note 2255054.1, "Oracle WebLogic Server Requirements for Apache Struts 2 and
CVE-2017-5638 / CVE-2017-9805"
|
WebLogic Server 10.3.6.0 home
|
WLS PSU 10.3.6.0.171017 Patch 26519424
|
CVE-2017-10271, CVE-2017-10336, CVE-2017-10152,
CVE-2017-10352, CVE-2017-10334
|
See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With
JDK1.7.0_40 or Higher
Fix for CVE-2017-5638 is not included in the WLS
PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version 2.3.32 for WebLogic Code
Example"
|
WebLogic Server 12.2.1.1 home
WebLogic Server 12.2.1.0 home
WebLogic Server 12.1.3.0 home
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS patch
|
WebLogic Server 12.1.3.0 home
WebLogic Server 12.1.2.0 home
WebLogic Server 12.1.1.0 home
WebLogic Server 10.3.6.0 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.59 Oracle WebLogic Server Plug-ins
Critical Patch Update Availability for Oracle WebLogic
Server Plug-ins
The available patches for Oracle WebLogic Server
Plug-ins (Oracle HTTP Server/Apache/IIS/iPlanet).
The WebLogic plug-ins include
all cumulative bug fixes and thus include fixes for all previously released
advisories. For more information, see My Oracle Support Note 1111903.1.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
WLS Plugin 12c (12.1.2.0)
|
SPU Patch 18423842
SPU Patch 18603723
SPU Patch 18603725
SPU Patch 18603728
|
Released July 2014
|
WLS Plug-in for Oracle HTTP Server (mod_wl_ohs)
WLS Plug-in for Apache (mod_wl)
WLS Plug-in for NSAPI (iPlanet)
WLS Plug-in for ISAPI (Microsoft IIS)
|
WLS Plugin 1.1 (11.1.1.7)
|
SPU Patch 18423831
SPU Patch 18603703
SPU Patch 18603707
SPU Patch 18603714
|
Released July 2014
|
WLS Plug-in for Oracle HTTP Server (mod_wl_ohs)
WLS Plug-in for Apache (mod_wl)
WLS Plug-in for NSAPI (iPlanet)
WLS Plug-in for ISAPI (Microsoft IIS)
|
WLS Plugin 1.0 (10.3.4 and older)
|
CPU Patch 11845433
|
Released April 2011
|
See Note 1111903.1, WebLogic Server Web Server Plug-In Support
|
3.4 Oracle Sun Middleware
This section contains the following:
3.4.1 Directory Server Enterprise
Edition
Error Correction information for Directory Server
Enterprise Edition
Patch Information
|
7.0
|
Comments
|
Final CPU
|
October 2017
|
|
Patch Availability for Directory Server Enterprise
Edition
3.4.2 iPlanet Web Server
Error Correction information for iPlanet Web Server
Patch Information
|
7.0
|
Comments
|
Final CPU
|
January 2018
|
|
Patch Availability for iPlanet Web Server
Product Home
|
Patch
|
Advisory Number
|
Comments
|
7.0
|
BP 7.0.26.0.170418 Patch 25542055
|
CVE-2017-10055
|
Install prior to Java CPUApr2017 JDK/JRE or later
version. Previously released patch Patch 25542055 already
included CVE-2017-10055.
|
3.4.3 Oracle GlassFish Communications
Server
Error Correction information for Oracle GlassFish
Communications Server
Patch Information
|
2.0
|
Comments
|
Final CPU
|
October 2017
|
|
Patch Availability for Oracle GlassFish Communications
Server
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle GlassFish Communications Server 2.0
|
Linux x86: 143477-19
Linux x86-64: 143478-19
Solaris x86 and x86-64: 143476-07
Solaris SPARC 32 and 64 bit: 143475-16
|
Released July 2015
|
|
3.4.4 Oracle GlassFish Server
Error Correction information for Oracle GlassFish
Server
Patch Information
|
3.1.2
|
3.0.1
|
Comments
|
Final CPU
|
January 2019
|
October 2017
|
|
Patch Availability for Oracle GlassFish Server
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle GlassFish Server 3.1.2
|
BP 3.1.2.18 (Closed Network) Patch 26664433 or later
BP 3.1.2.18 (Full Profile) Patch 26664410 or later
BP 3.1.2.18 (Web Profile) Patch 26664429 or later
|
CVE-2016-3092, CVE-2017-10385, CVE-2017-10391, CVE-2017-10393.
CVE-2017-10400
|
|
Oracle GlassFish Server 3.1.2
|
Patch 25650533
|
Released April 2017
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
Oracle GlassFish Server 3.0.1
|
BP 3.0.1.17 Patch 26664441
|
CVE-2017-10393, CVE-2017-10385, CVE-2017-10391
|
Install prior to Java CPUApr2017 JDK/JRE or later
version
|
3.4.5 Oracle OpenSSO Agents
On-Request information for Oracle OpenSSO Server
Platforms
Apache Web Server 2.0.5x
|
Apache Web Server 2.2
|
iPlanet Web Server 7.0
|
Domino 8.5.2
|
IIS 6
|
IIS 7/7.5
|
iPlanet Web Proxy Server 4.0
|
Comments
|
Solaris SPARC 9/10 (32/64 bit)
Solaris x86 9/10 (32/64 bit)
Windows 2003 (32 bit)
Windows 2008 (32 bit)
Linux RHEL 4.0/5.0 (32/64 bit)
Linux Debian/GNU 4.x (32/64 bit)
Linux SUSE 9.x (32/64 bit)
Linux Ubantu 8.x (32/64 bit)
AIX 5.x/6.1
HPUX 11iv2
|
Solaris SPARC 9/10 (32 bit)
Solaris x86 9/10 (32/64 bit)
Windows 2008 (32 bit)
Linux Debian/GNU 4.x (32/64 bit)
Linux SUSE 9.x (32/64 bit)
Linux Ubantu 8.x (32/64 bit)
AIX 5.x/6.1HPUX 11iv2
|
Solaris SPARC 9/10 (32 bit)
Solaris x86 9/10 (32 bit)
Windows 2003 (32 bit)
Linux RHEL 4.0/5.0 (32 bit)
Linux SUSE 10.3/11.1 (64 bit)
|
Solaris SPARC 10 (32 bit)
Windows 2003 (32 bit)
Windows 2008 (32 bit)
Linux RHEL 5.5 (32/64 bit)
|
NA
|
NA
|
Solaris SPARC 9/10 (32 bit)
Solaris x86 9/10 (32 bit)
Windows 2003 (32 bit)
Linux RHEL 4.0/5.0 (32 bit)
Linux Sue 10.3/11.1 (64 bit)
|
|
Error Correction information for Oracle OpenSSO Agents
Patch Information
|
3.0
|
Comments
|
Final CPU
|
October 2017
|
|
Patch Availability for Oracle OpenSSO Agents
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.8 Patch 25544365
|
Released July 2017
|
Apache HTTP Server 2.2.X Patch
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.8 Patch 25544471
|
Released July 2017
|
Sun Java System Web Server 7.0
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.8 Patch 25546746
|
Released July 2017
|
IIS 7 Patch
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.8 Patch 25546774
|
Released July 2017
|
IBM Lotus Domino Server 8.5 Patch
|
3.4.6 Sun Role Manager
Error Correction information for Sun Role Manager
Patch Information
|
5.0.3.2
|
Comments
|
Final CPU
|
October 2017
|
|
On-Request platforms
|
|
|
Patch Availability for Sun Role Manager
See also the underlying product stack tables for any
applicable patches. Refer to comments section and apply the patch to the
respective product home.
Oracle Sun Role Manager
|
Patch
|
Advisory Number
|
Comments
|
Sun Role Manager 5.0.3.3 home
|
BP 3 Patch 18175969 or higher
|
Released April 2014
|
|
3.5 Tools
This section contains the following:
3.5.1 Oracle OPatch
Minimum Product Requirements for Oracle OPatch
The CPU security vulnerabilities are fixed in the
listed release and later releases. The Oracle OPatch downloads can be found
at Patch 6880880.
Component
|
Release
|
Advisory Number
|
Comments
|
Oracle OPatch
|
1.0.0.0.64
|
Announced July 2011
|
|
4 Final CPU History
Final CPU History
The Final CPU is the last quarter that a product is
supported in the CPU program as per the Premier Support and Extended Support
policies. For more information, see My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy.
Release
|
Final CPUs
|
Comments
|
Jul 2017
|
Oracle Enterprise Manager Cloud Control 13.1.0.0
|
|
April 2017
|
Oracle TimesTen 11.2.1.x
Oracle Business Intelligence Enterprise Edition 12.2.1.0.0
Business Intelligence Publisher 12.2.1.0.0
Oracle Fusion Middleware 12.2.1.0
Oracle Fusion Middleware 10.1.3.5
Oracle Identity Management Connector 9.1.0.4
Oracle JDeveloper and Oracle ADF 10.1.3.5
Oracle WebLogic Server 12.2.1.0.0
Directory Server Enterprise Edition 11.1.1.7
|
|
January 2017
|
Oracle Business Process Management 10.3.2
Oracle Data Service Integrator 10.3.0
Oracle Outside In Technology 8.5.2
Oracle Service Architecture Leveraging Tuxedo (SALT) 10.3
Oracle WebCenter Interaction 10.3.3.0
Oracle WebLogic Integration 10.3.1.0
iPlanet Web Server 7.0
iPlanet Web Proxy Server 4.0
Oracle GlassFish Server 2.1.1
|
|
October 2016
|
Oracle Access Manager 10gR3 (10.1.4.x)
Oracle Access Manager 10g WebGates / ASDK working with OAM 10gR3 (10.1.4.x)
Oracle WebLogic Server Proxy Plug-In 10gR3 (formerly known as WebLogic
Server Proxy Plug-In 1.0)
Oracle Outside In Technology 8.5.1
Oracle Audit Vault 10.3
Oracle Secure Backup 10.4.x
|
|
July 2016
|
Oracle Outside In Technology 8.5.0
Oracle Mobile Security Suite 3.0.5
Oracle Database 12.1.0.1 (See MOS Note 742060.1)
|
|
April 2016
|
AquaLogic Data Services Platform 3.2
AquaLogic Data Services Platform 3.0.1
Oracle Business Intelligence Enterprise Edition 11.1.1.7
Oracle Endeca Information Discovery 2.3
Oracle Endeca Information Discovery 2.2.2 (Formerly Latitude)
Oracle Enterprise Manager Cloud Control 12.1.0.4
Oracle Fusion Middleware 12.1.2.0
Oracle Identity Access Management 11.1.2.2
Oracle Tuxedo 11.1.1
Oracle WebCenter 11.1.1.8
Oracle WebCenter Portal 11.1.1.8
Oracle WebCenter Sites 7.6.2
|
|
January 2016
|
Oracle Real Time Decisions Server 3.0.0.1
Oracle WebCenter Interaction 6.5.1
|
|
July 2015
|
Oracle API Gateway 11.1.2.2.0
Oracle Business Intelligence EE and Publisher 10.1.3.4.2
Oracle Communications Converged Application Server 4.0
Oracle Database 11.2.0.3
Oracle Database 11.1.0.7
Oracle Fusion Middleware 12.1.1.0.0
Oracle Identity and Access Management 11.1.1.5.0
Oracle iPlanet Web Server 6.1.x
Oracle iPlanet Web Server (Java System Web Server 6.1.x)
Oracle WebLogic Server 12.1.1.0
|
|
5 Sources of Additional Information
The following documents provide additional information
about Critical Patch Updates:
- My Oracle Support Note 756671.1, Master Note for Database Proactive
Patch Program
- My Oracle Support Note 822485.1, Master Note for Enterprise Manager
Proactive Patch Program
- My Oracle
Support Note 1494151.1, Master Note on Fusion Middleware
Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs)
- My Oracle
Support Note 209768.1, Database, FMW, Enterprise Manager,
TimesTen In-Memory Database, and OCS Software Error Correction Support
Policy
6 Modification History
Modification History
Date
|
Modification
|
17 October 2017
|
Released
|
17 October 2017
|
updated TBD details in sections 3.3.19.2,
3.3.19.3, & 3.3.19.4
|
18 October 2017
|
10 rows added to section 2.2
Made 'Availability' formats consistent in section 2.2
|
19 October 2017
|
Added row for 11.2.0.4 OJVM Bundle to section 2.2
Added DB RUR and GI RUR to section 3.1.4.2
|
23 October 2017
|
updated 'Patch Availability' table in section
3.3.27
fixed broken link for WLS PSU 10.3.6.0.171017 Patch 26519424
updated ETA for Patch 26635815 in section 2.2
updated ETA for Patch 26635880 in section 2.2
updated ETA for Patch 26720785 in section 2.2
|
24 October 2017
|
added third CVE reference for Oracle GlassFish
Server 3.0.1 in section 3.4.4
four patch links corrected in section 3.3.58
updated Availability dates in section 2.2
|
25 October 2017
|
added CVE-2017-10334 to rows for 12.2.1.2,
12.2.1.1, 12.1.3 and 10.3.6.0 in section 3.3.58
|
27 October 2017
|
Patch 25604440 changed to Patch 19933795 in
section 3.3.19.4
updated ETAs in section 2.2
added "or later" for PSU 13.2.0.0.170718 row in section 3.2.3
Updated references of April Oracle Java SE PAD NOTE 2253297.1 to Oct Oracle
Java SE PAD NOTE 2305932.1 throughout this document.
Update Patch Availability in section 3.3.21
|
30 October 2017
|
updated availability for patch 26750055 in section
2.2
updated availability for patch 26581376 in section 2.2
updated availability for patch 26720785 in section 2.2
updated availability for patch 26792358 in section 2.2
|
1 November 2017
|
updated availability for patch 26906772 in section
2.2
updated availability for patch 26666397 in section 2.2
updated availability for patch 26666389 in section 2.2
updated availability for patch 26635325 in section 2.2
updated availability for patch 26635386 in section 2.2
updated availability for patch 26635432 in section 2.2
|
6 November 2017
|
updated availability for patch 26581376 in section
2.2
updated availability for patch 26720785 in section 2.2
updated availability for patch 26792358 in section 2.2
|
8 November 2017
|
Updated title for Note 1614114.1
|
13 November 2017
|
updated availability for SPARC SuperCluster
patches in section 2.2
|
27 November 2017
|
added row for SOA 11.1.1.9 home to table 3.3.19.3
|
21 December 2017
|
modified the eighth row of the second table in
section 3.3.19.3
|
17 January 2018
|
added patch Patch 27001569 to Section 2.2
added row for "WebLogic Server 12.2.1.3 home" to section 3.3.58
|
18 January 2018
|
corrected "wls 12.2.1.2.3 spu" to
"WLS 12.2.1.3.0 SPU" in section 2.2
|
04 April 2018
|
removed the 11.1.2.3. row from section 3.3.56
updated the '10.1.4.3.0 home' row in section 3.3.56
|
02 July 2018
|
Changed reference to NOTE 1984662.1 to NOTE
2400141.1 in section 3.2.3.
|
7 Documentation Accessibility
For information about Oracle's commitment to
accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers have access to electronic support
through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Patch Set Update and Critical Patch Update Availability
Document October 2017
Copyright ) 2016, Oracle and/or its affiliates. All rights
reserved.
This software and related documentation are provided
under a license agreement containing restrictions on use and disclosure and
are protected by intellectual property laws. Except as expressly permitted in
your license agreement or allowed by law, you may not use, copy, reproduce,
translate, broadcast, modify, license, transmit, distribute, exhibit,
perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required
by law for interoperability, is prohibited.
The information contained herein is subject to change
without notice and is not warranted to be error-free. If you find any errors,
please report them to us in writing.
If this is software or related documentation that is
delivered to the U.S. Government or anyone licensing it on behalf of the U.S.
Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases,
and related documentation and technical data delivered to U.S. Government
customers are "commercial computer software" or "commercial
technical data" pursuant to the applicable Federal Acquisition
Regulation and agency-specific supplemental regulations. As such, the use,
duplication, disclosure, modification, and adaptation shall be subject to the
restrictions and license terms set forth in the applicable Government
contract, and, to the extent applicable by the terms of the Government
contract, the additional rights set forth in FAR 52.227-19, Commercial
Computer Software License (December 2007). Oracle America, Inc., 500 Oracle
Parkway, Redwood City, CA 94065.
This software or hardware is developed for general use
in a variety of information management applications. It is not developed or
intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this
software or hardware in dangerous applications, then you shall be responsible
to take all appropriate fail-safe, backup, redundancy, and other measures to
ensure its safe use. Oracle Corporation and its affiliates disclaim any
liability for any damages caused by use of this software or hardware in
dangerous applications.
|