Oracle Database - Enterprise Edition -
Version 11.2.0.4 to 12.2.0.1 [Release 11.2 to 12.2]
Oracle WebLogic Server - Version 10.3.6 to 10.3.6
Oracle WebLogic Server - Version 12.1.3.0.0 to 12.1.3.0.0 [Release 12c]
Oracle WebLogic Server - Version 11.1.1.7.0 to 11.1.1.7.0 [Release 11g]
Information in this document applies to any platform.
This document defines the patches and minimum
releases for the Database Product Suite, Fusion Middleware Product Suite,
Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set
Updates released on April 18, 2017.
The document is for Database Administrators
and/or others tasked with Quarterly Security Patching.
Patch Set Update and Critical Patch Update Availability Document
April 2017
My Oracle
Support Note
2228898.1
Released April
18, 2017
This document contains the following sections:
1 Overview
Oracle provides quarterly Security Patch Updates
(SPU) to address security vulnerabilities, and Patch Set Updates (PSU) to
address proactive, critical fixes and security vulnerabilities. The
security vulnerabilities addressed are announced in the Advisory for April
2017, available at:
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
This document lists the Oracle Database, Fusion
Middleware and Enterprise Manager SPU and PSU patches for product releases
under error correction. The April 2017 release supersedes earlier Critical
Patch Updates and Patch Set Updates for the same product releases. This document
is subject to continual update after the initial release, and the changes
are listed in "Modification History." If you print this document,
check My Oracle Support to ensure you have the latest version.
This section contains the following:
1.1 How To Use This Document
The following steps explain how to use this document.
Step
1 Assess your Environments
Determine the Oracle product suites
and products and their release numbers for each of your environments.
Step
2 Read Important Announcements
Review "What's New in April 2017," as it lists documentation and
packaging changes along with important announcements such as upcoming final
patches.
Step
3 Determine Patches to be Applied
For each environment, determine which
patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table
for each product suite release, such as Oracle Database 11.1.0.7, Oracle
Identity Access Management 11.1.1.5, and Enterprise Manager Grid Control
10.2.0.5
·
The
table lists the patches to be applied either to the product or to the
appropriate product Oracle homes that are associated with the product suite
·
The
patches are listed in the order released, with newest patches listed first
·
For
some patches, multiple Oracle homes are listed. Apply the patch to all of
the homes indicated that are applicable to your environment and only to the
listed Oracle homes
·
The
table lists only product releases that are under Premier Support or
Extended Support and are under error correction as defined in My Oracle
Support Note 209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy. Patches are provided only for
these releases. If you do not see the release that you have installed, then
check "Final Patch History" and contact Oracle Support for
further assistance
·
Patches
that include security vulnerabilities announced in the current quarter's
CPU Advisory, list the vulnerability CVE numbers in the Advisory Number
column. If you are interested in the risk matrix for the vulnerabilities
fixed in the patch, then see the CPU Advisory at http://www.oracle.com/technetwork/topics/security/alerts-086861.html. For patches that are listed from previous
quarterly releases, or the current one without any security fixes, the
column indicates "Released MMM YYYY"
·
When
a section is referenced in a table, follow the link to determine which
patches to install. For example, when "Oracle Database" is referenced, determine the
Oracle Database release that is installed, and find the patches to apply in
the table for that Oracle Database release in "Oracle Database."
Step
4 Apply the Patches
Download the patches, review the
READMEs, and apply the patches according to the instructions.
Step
5 Planning for Future Critical Patch Updates
To help you plan for future Critical
Patch Updates, this document includes final patch information based on
Oracle's Lifetime Support Policy and error correction policies.
"Final Patch Information (Error Correction
Policies)" in "What's New in April 2017," documents product releases for
which final Critical Patch Updates are upcoming or are being announced. In
each product section, there is also an Error Correction Information Table
that documents the final CPU patch for the product. Products that have
reached the end of error correction are documented in "Final Patch History."
1.2 Terminology in the Tables
The following
terminology is used in this patch availability document and in the
subsequent tables.
- BP Bundle Patch.
An iterative, cumulative patch that is issued between patch sets.
Bundle patches usually include only fixes, but some products may
include minor enhancements.
- CPU Critical Patch
Update patch. Prior to October 2012, Security Patch Update (SPU)
patches were called Critical Patch Update (CPU) patches. For patches
that were previously released as CPU patches, this Patch Availability
Document will continue to reference them as CPUs.
- Final Patch is the last quarterly cycle until when
patches will be provided as per the Premier Support or Extended
Support policies. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html.
- NA Not Applicable.
- OR On-Request. The patch is made available
through the On-Request program.
- Proactive
BP An iterative,
cumulative patch (available in 12.1.0.2 and beyond) that contains both
security fixes and non-security fixes to address bugs in a given
feature, product, or configuration. Formerly known as the Database
Patch for Engineered Systems and Database In-Memory. It includes all
PSU fixes along with fixes targeted at the specific BP environment.
12.1.0.2 Customers wanting a more comprehensive set of fixes should
install the Database Proactive Bundle patch. This requires a bit more
testing than a Patch Set Update (PSU), but delivers a larger set of
fixes.
- PSU Patch Set Update. An iterative,
cumulative patch that contains both security fixes and non-security
critical fixes that are high-value and low-risk.
- SPU Security Patch Update. An iterative,
cumulative patch consisting of security fixes. Formerly known as a
Critical Patch Update. Note that Oracle's program for quarterly
release of security fixes continues to be called the Critical Patch
Update. Patches released as part of this program may be Patch Set
Updates, Security Patch Updates, and Bundle Patches. Regardless of the
patch type, the patches are cumulative.
- Overlay
SPU patch provided
as an overlay on top of a PSU or BP instead of a base/patch set
release.
1.3 On-Request Patches
Oracle does not
proactively release patches for historically inactive platforms. However,
Oracle will deliver these patches when requested.
The following guidelines
describe how to initiate an on-request (OR) patch.
A request may be
made:
- At any time. However, a patch for a specific
quarterly release, such as CPUOct2012, cannot be requested. Depending
on when the request is received and processed, either the patch for
the current quarterly release or the next quarterly release will be
provided. Your Service Request (SR) will provide you the planned
availability date for the patch.
- As long
as the version is in either Premier Support or Extended Support and error
correction support has not expired. For example, if a product release
is under Extended Support through the release of CPUJan2013 on January
15, 2013, then you can file a request for the product release through
January 29, 2013. For more information, see Oracle Lifetime Support Policies at http://www.oracle.com/us/support/lifetime-support/index.html, and Note 209768.1, Database, FMW, EM Grid Control, and
OCS Software Error Correction Support Policy.
- For a
platform-version combination when a major release or patch set is
released on a platform after a quarterly release date. Oracle will
provide the next patch for that platform-version combination, however
you may request the current patch by following the on-request process.
For example, if a patch is released for a platform on August 1, 2012,
Oracle will provide the CPUOct2012 patch for that platform. You may
request a CPUJul2012 patch for the platform, and Oracle will review
the request and determine whether to provide CPUJul2012 or CPUOct2012.
A patch that is marked as on-request (OR) may already
have been requested by another customer and be available on My Oracle
Support. Before you file a Service Request (SR), check on My Oracle Support
to see if the patch is already available for your platform.
1.4 CPU Program and My Oracle
Support Patch Recommendations
My Oracle Support
patch recommendation features are available on the Patches & Update
tab. The patches announced in this document as part of the CPU program are
classified as "Security" patch recommendations in My Oracle
Support. If a new patch is being announced in this document, then the
classification on any earlier patch is changed to "General",
causing it to be removed from the My Oracle Support patch recommendations.
If a patch has a "Security" classification, and a subsequent
bundle, SPU, or PSU is released with a recommendation classification, then
it will be classified as a "Security" recommendation in My Oracle
Support.
Once a product
release is no longer in error correction, its CPU patch information is
removed from this document, but the last patch recommendation continues to
be available in My Oracle Support. Ensure to select each of the
products installed in your environment to obtain all patches.
1.5 Oracle Database Patching - SPU vs PSU/BP
The
Database Security Patch Updates (SPU) and Patch Set Updates (PSU) / Bundle
Patches (BP) that are released each quarter contain the same security
fixes. However, they use different patching mechanisms, and PSU/BP include
both security and critical fixes.
For more information on Database Patch Delivery Methods see My Oracle
Support Note
1962125.1, Oracle Database - Overview of Database
Patch Delivery Methods.
NOTE: Applying a
SPU on an installation with an installed PSU/BP is not supported
1.6 Pro-Active Replacement Interim
Patches For Conflicts With Critical Patch Update Program Patches (PSUs and
Bundles)
Oracle produces
new pro-active patches every quarter as part of the Critical Patch Update
program. On Unix platforms, these pro-active patches or bundles may
conflict with already installed interim patches. In order to allow such
conflicts to be resolved quickly, Oracle pro-actively produces new interim
patches for existing patches that would cause conflicts. Replacement
patches are made available on the same date that the Database Patch Set
Update or Bundle is released.
For more
information, see My Oracle Support Note
1998563.1 Pro-Active Replacement
Interim Patches For Conflicts With Critical Patch Update Program Patches
(PSUs and Bundles).
1.7 My Oracle Support (MOS)
Conflict Checker Tool
The My Oracle
Support (MOS) Conflict Checker tool is available as of July 21, 2014.
You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from
the Patch Search results screen ("Analyze with OPatch" button).
The MOS Conflict Checker Tool allows you to upload an
OPatch inventory to check for conflicts with patches to apply to your
environment. If no conflicts are found, you can download the patches. If
conflicts are found, the tool finds an existing resolution to download. If
no resolution is found, you can request a solution, and monitor your
request in the Plans region.
For more information and a demonstration video, see
Knowledge Document Note 1091294.1, How to use the My Oracle Support Conflict
Checker Tool.
2 What's New in April 2017
This section describes important changes in April
2017:
2.1 OJVM PSU
can be installed in "Conditional Rolling Install" manner in
certain use cases
Starting in January 2017, the OJVM PSU for 12.1.0.2
and 11.2.0.4 may be installed in a "Conditional Rolling Install"
fashion for the following use cases:
* No OJVM usage
* OJVM used by non-critical jobs and programs
* OJVM used by critical functions isolated as services
* OJVM used extensively, not isolated, and downtime is
tolerated
* OJVM used by critical functions and minimal downtime is
required
See My Oracle Support Note 2217053.1 for more details.
2.2 Required Database and FMW
patches when installing Java CPUs
The Java CPUApr2017 JDK/JRE release introduces a new
restriction on how MD5 signed JAR files are verified. If the signed JAR file
uses MD5, signature verification operations will ignore the signature and
treat the JAR as if it were unsigned. More detailed information is listed
in the Java CPUApr2017 Release Note on OTN. See JDK/JRE 8 Update 131 , JDK/JRE 7 Update 141 and JDK/JRE 6 Update 151.
Database and FMW jars that are no longer signed with
MD5 are also being released as part of CPUApr2017 cycle. The patches are
listed in the various Product tables below and have a comment of
"Install prior to Java CPUApr2017 JDK/JRE".
Some Product/Version patches will be available only
on request and those are listed below. A Service Request will need to be
filed if any of these patches are required in conjunction with any JDK/JRE
being updated to CPUApr2017 or later versions.
- BIFNDN-EPM
11.1.1.7.0
- Oracle
Enterprise Data Quality 12.2.1.0.0, 9.0.12, 8.1.13
- Oracle
Enterprise Data Quality - CDS 9.0.5
- Oracle
Watchlist Screening 9.0.1, 8.1.5
- Oracle
JDeveloper/ADF 10.1.3.5
- OpenSSO
8.0.2.0
- Portal
11.1.1.6
- RTD
11.1.1.7/11.1.1.9 for BI
- BPM
10.3.3
2.3 Final Patch Information (Error Correction
Policies)
The Final patch is the last CPU or PSU release for
which the product release is under error correction. Final patches for upcoming
releases, as well as newly scheduled final patches, are listed in the
following sections.
Final patches scheduled for July 2017
- Oracle Enterprise Manager Cloud Control
13.1.0.0
Final patches
scheduled for April 2017
- Oracle TimesTen 11.2.1.x
- Oracle Business Intelligence Enterprise
Edition 12.2.1.0.0
- Business Intelligence Publisher 12.2.1.0.0
- Oracle Fusion Middleware 12.2.1.0
- Oracle Fusion Middleware 10.1.3.5
- Oracle Identity Management Connector 9.1.0.4
- Oracle JDeveloper and Oracle ADF 10.1.3.5
- Oracle WebLogic Server 12.2.1.0.0
- Directory
Server Enterprise Edition 11.1.1.7
Newly Scheduled final patches:
For additional final patch history information,
see "Final Patch History". For information on the error
correction support policy for patches, refer to My Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and OCS
Software Error Correction Support Policy.
2.4 Post
Release Patches
Oracle strives to complete preparations and testing
of each Quarterly Security Patch for each platform by the quarterly release
date. Occasionally, circumstances beyond our control dictate that a
particular patch be delayed and be released a few days after the quarterly
release date. The following table lists any current patch delays and the
estimated date of availability.
Patch Number
|
Patch
|
Platform
|
Availability
|
Patch 25148852
|
EDQ 11.1.1.7.5 BP
|
Generic
|
Available: 28th April, 2017
|
Patch 25440397
|
Quarterly Full Stack download for Exadata
(Apr2017) BP 12.1.0.2
|
Linux x86-64 and Solaris x86-64
|
Available 21st April, 2017
|
Patch 25440393
|
Quarterly Full Stack download for Exadata
(Apr2017) BP 11.2.0.4
|
Linux x86-64 and Solaris x86-64
|
Available 21st April, 2017
|
Patch 25440390
|
Quarterly Full Stack download for Supercluster
(Apr2017) BP 11.2.0.4
|
Solaris SPARC 64-Bit
|
Available 25th April, 2017
|
Patch 25440395
|
Quarterly Full Stack download for SuperCluster
(Apr2017) BP 12.1.0.2
|
Solaris SPARC 64-Bit
|
Available 25th April, 2017
|
Patch 25563341
|
OBIEE 12.2.1.1.170418 BP
|
All
|
Available 2nd May, 2017
|
Patch 25563361
|
OBIEE 12.2.1.0.170418 BP
|
All
|
Available 2nd May, 2017
|
Patch 25610885
|
OBIEE 12.2.1.2.170418 BP
|
All
|
Available 2nd May, 2017
|
Patch 25828931
|
OBIEE 11.1.1.7.170418 BP
|
All
|
Available 25th April, 2017
|
Patch 25635721
|
JDeveloper 12.1.3.0.170418 BP
|
All
|
Available: 29th May, 2017
|
Patch 25637372
|
JDeveloper 12.2.1.0.170418 BP
|
All
|
Available 9th May, 2017
|
Patch 25806935
|
WebCenter Sites 12.2.1.0.170415
|
All
|
Available 25th April, 2017
|
Patch 25806943
|
WebCenter Sites 12.2.1.1.170415
|
All
|
Available 25th April, 2017
|
Patch 25806946
|
WebCenter Sites 12.2.1.2.170415
|
All
|
Available 25th April, 2017
|
Patch 25883419
|
WebCenter Sites 11.1.1.8.0 Patch 17
|
All
|
Available 25th April, 2017
|
Patch 25388866
|
WebLogic Server 12.2.1.2
|
All
|
Available: 28th April, 2017
|
3 Patch Availability
for Oracle Products
This section contains the following:
3.1 Oracle Database
This section contains the following:
3.1.1 Oracle
APEX Listener
Error
Correction information for Oracle APEX Listener 1.1.4
Patch Information
|
1.1.4
|
Comments
|
Final Patch
|
-
|
|
Minimum Product Requirements for
Oracle APEX Listener
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle APEX Listener downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex-listener/downloads/index.html.
Component
|
Release
|
Advisory Number
|
Comments
|
Oracle APEX Listener
|
1.1.4
|
Released July 2012
|
|
3.1.2 Oracle Application Express
Minimum Product Requirements for
Oracle Application Express
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Application Express downloads and
installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.
Component
|
Release
|
Advisory Number
|
Comments
|
Oracle Application Express
|
5.0.4.00.12
|
Released Oct 2016
|
|
3.1.3 Oracle Big Data Spatial and
Graph
Error Correction information
for Oracle Big Data Spatial and Graph
Patch Information
|
2.0
|
1.2
|
Comments
|
Final Patch
|
-
|
-
|
|
Minimum
Product Requirements for Oracle Big Data Spatial and Graph
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For Oracle Big Data Spatial and Graph
downloads and installation instructions, see http://www.oracle.com/technetwork/database/database-technologies/bigdata-spatialandgraph/downloads/index.html.
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Big Data Spatial and Graph
|
2.0
|
Released January 2017
|
|
Oracle Big Data Spatial and Graph
|
1.2
|
Released January 2017
|
|
3.1.4 Oracle Database
This section contains the following:
3.1.4.1 Patch
Availability for Oracle Database
For Oracle
Database 10.2.0.4 and later releases, customers have the option to install
the:
a.) Security
Patch Update (SPU) - a collection of security fixes released as part of
Oracle's Critical Patch Update (CPU) program (available through release
11.2)
b.) Patch Set
Update (PSU) - a collection of fixes for proven high impact bugs
encountered in the field. Refer to My Oracle Support Note
854428.1, Patch Set Updates (PSUs) for Oracle
Products.
c.) Proactive BP
(DBBP) - a collection of fixes to address bugs in a given feature, product,
or configuration (available beginning in release 12.1)
All three patch
types are cumulative patches. The PSU and Proactive BP each include the
same security vulnerability bug fixes, as well as additional non-security
bug fixes. What differentiates the recommended Proactive BP is that many
more non-security bug fixes are included which may span multiple stack
components. More details are available in My Oracle Support NOTE
1962125.1
For the Microsoft Windows platforms, Oracle Database
patches are released as cumulative patch bundles. You may install the
indicated patch or later bundle in the Database Windows bundle series.
The Windows patch bundles include the security vulnerability bug fixes, the
PSU recommended non-security bug fixes, and other customer-requested bug
fixes.
3.1.4.2 Oracle
Database 12.2.0.1
Patch Information
|
12.2.0.1
|
Comments
|
Final Patch
|
TBD
|
|
PSU
On-Request platforms
|
32-bit client-only platforms
|
|
Patch
Availability for Oracle Database 12.2.0.1
There are no
Quarterly Security Patches for 12.2.0.1 for the Apr 2017 cycle as there are
no Database CPU security vulnerabilities, nor any recommended non-security
bug fixes applicable at this time. The July 2017 CPU cycle will be the
first Quarterly Security Patch cycle for 12.2.0.1
3.1.4.3 Oracle Database 12.1.0.2
Error Correction information for Oracle Database 12.1.0.2
Patch
Information
|
12.1.0.2
|
Comments
|
Final Patch
|
July 2021
|
|
PSU On-Request platforms
|
32-bit client-only platforms
|
|
Patch Availability for Oracle Database 12.1.0.2
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be
applied.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
Combo OJVM PSU 12.1.0.2.170418 and Database PSU
12.1.0.2.170418 Patch 25433980 for UNIX, or
Combo OJVM PSU 12.1.0.2.170418 and GI PSU
12.1.0.2.170418 Patch 25434018, or
Combo OJVM PSU 12.1.0.2.170418 and database
Proactive BP 12.1.0.2.170418 Patch 25437795 for UNIX, or
Quarterly Full Stack download for Exadata (Apr2017)
BP 12.1.0.2 Patch 25440397 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Apr2017) BP 12.1.0.2 Patch 25440395 for Solaris SPARC 64-Bit
|
CVE-2017-3486, CVE-2017-3567
|
For availability dates, see Post Release Patches
OJVM PSU Patches are not RAC Rolling installable
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
Install prior to Java CPUApr2017
JDK/JRE
|
Oracle Database home
|
Database PSU 12.1.0.2.170418 Patch 25171037 for UNIX, or
GI PSU 12.1.0.2.170418 Patch 25434003 or
Microsoft Windows 32-Bit and x86-64 BP
12.1.0.2.170418 Patch 25632533, or later;
Database Proactive Bundle Patch
12.1.0.2.170418 Patch 25433352 or
Quarterly Full Stack download for Exadata (Apr2017)
BP 12.1.0.2 Patch 25440397 for Linux x86-64 and Solaris x86-64, or
Quarterly Full Stack download for SuperCluster
(Apr2017) BP 12.1.0.2 Patch 25440395 for Solaris SPARC 64-Bit
|
CVE-2017-3486
|
For availability dates, see Post Release Patches
Install prior to Java CPUApr2017
JDK/JRE
|
Oracle Database home
|
Oracle JavaVM Component Database PSU
12.1.0.2.170418 Patch 25437695 for UNIX, or
Oracle JavaVM Component Microsoft Windows Bundle
Patch 12.1.0.2.170418 Patch 25590993
|
CVE-2017-3567
|
OJVM PSU Patches are not RAC Rolling installable
PSU 12.1.0.2.161018 includes Generic JDBC Patch 23727148
See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM
Component Database PSU (OJVM PSU) Patches
|
Oracle Database home
|
Oracle JavaVM Component Database PSU - Generic
JDBC 12.1.0.2.160719 Patch 23727148
|
Released July 2016
|
|
3.1.4.4 Oracle Database 11.2.0.4
Error
Correction information for Oracle Database 11.2.0.4
Patch Information
|
11.2.0.4
|
Comments
|
Final Patch
|
October 2020
|
|
SPU On-Request platforms
|
HP-UX PA RISC
IBM: Linux on System Z
32-bit client-only platforms except Linux x86
|
|
PSU On-Request platforms
|
32-bit client-only platforms except Linux x86
|
|
Patch Availability for Oracle Database
11.2.0.4
If the Combo patches that are listed in the first row
are applied, then the patches listed in Rows 2 and 3 do not need to be applied.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Database home
|
Combo OJVM PSU 11.2.0.4.170418 (CPUApr2017) and
Database SPU 11.2.0.4.170418 (CPUApr2017) Patch 25476166 for UNIX, or
Combo OJVM PSU 11.2.0.4.170418 and Database PSU
11.2.0.4.170418 Patch 25440428 for UNIX, or
Combo OJVM PSU 11.2.0.4.170418 and GI PSU
11.2.0.4.170418 Patch 25440422, or
Combo OJVM PSU 11.2.0.4.170418 and Exadata BP
11.2.0.4.170418 Patch 25440417
|
CVE-2017-3567, CVE-2017-3486
|
For availability dates, see Post Release Patches
OJVM PSU Patches are not RAC Rolling installable.
Combos are for environments that take a single
downtime to apply all patches
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
Oracle Database home
|
Database SPU 11.2.0.4.170418 (CPUApr2017) Patch 25369547 for UNIX, or
Database PSU 11.2.0.4.170418 Patch 24732075 for UNIX, or
GI PSU 11.2.0.4.170418 Patch 25476126 for UNIX, or
Microsoft Windows (32-Bit) and x64 (64-Bit) BP
11.2.0.4.170418 Patch 25632525, or later;
Quarterly Database Patch for Exadata BP
11.2.0.4.170418 Patch 25440411 for UNIX, or
Quarterly Full Stack download for Exadata (Apr2017)
BP 11.2.0.4 Patch 25440393, or
Quarterly Full Stack download for Supercluster
(Apr2017) BP 11.2.0.4 Patch 25440390
|
CVE-2017-3486
|
For availability dates, see Post Release Patches
|
Oracle Database home
|
Oracle JavaVM (OJVM) Component Database PSU
11.2.0.4.170418 Patch 25434033 for UNIX, or
Oracle JavaVM (OJVM) Component Database PSU
11.2.0.4.170418 Patch 25590979 for Microsoft Windows
|
CVE-2017-3567
|
OJVM PSU 11.2.0.4.161018 and greater includes
Generic JDBC Patch 23727132
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
Oracle Database home
|
Oracle JavaVM Component Database PSU - Generic JDBC
11.2.0.4.160719 Patch 23727132
|
Released July 2016
|
For RAC deployments, this patch should be applied
to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher
See Note 1929745.1, Oracle Recommended Patches -- Oracle
JavaVM Component Database PSU (OJVM PSU) Patches
|
3.1.5 Oracle Database Mobile/Lite
Server
Error Correction Information for
Oracle Database Mobile Server
Patch
Information
|
12.1 (Mobile Server)
|
11.3 (Mobile Server)
|
Comments
|
Final Patch
|
-
|
October 2021
|
|
Patch Availability for Oracle Database Mobile Server
12.1.x
Product Home
|
Patch
|
Advisory Number
|
Comments
|
12.1
|
12.1.0.0 BP Patch 21974980
|
Released October 2015
|
|
Patch
Availability for Oracle Database Mobile Server 11.3.x
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.3
|
11.3.0.2 BP Patch 21950285
|
Released October 2015
|
|
3.1.6 Oracle GoldenGate
Error
Correction information for Oracle GoldenGate
Component
|
12.2.0.1
|
12.1.2.1
|
11.2.1.0
|
Comments
|
Final Patches
|
-
|
October 2021
|
January 2020
|
|
Patch
Availability for Oracle GoldenGate
3.1.7 Oracle GoldenGate Veridata
Error
Correction information for Oracle GoldenGate Veridata
Component
|
11.2.1.0
|
Comments
|
Final Patches
|
-
|
|
Patch
Availability for Oracle GoldenGate Veridata
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.2.1.0
|
BP 11.2.1.0.1 Patch 16291209 or later
|
Released April 2013
|
|
3.1.8 Oracle Secure Backup
Error
Correction information for Oracle Secure Backup
Patch Information
|
12.1.x
|
Comments
|
Final Patch
|
-
|
|
Minimum Product Requirements for
Oracle Secure Backup
Critical Patch Update security vulnerabilities are
fixed in the listed releases. The Oracle Secure Backup downloads and installation
instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Secure Backup
|
12.1.0.3
|
CVE-2016-6290
|
|
3.1.9 Oracle TimesTen
Error
Correction information for Oracle TimesTen
Patch Information
|
11.2.1.x
|
Comments
|
Final Patch
|
April 2017
|
|
Minimum Product Requirements for
Oracle TimesTen
The CPU security
vulnerabilities are fixed in the listed release and later releases.
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle TimesTen 11.2.1.x
|
11.2.1.6.1
|
Released July 2010
|
|
3.2 Oracle Enterprise Manager
This section
contains the following:
3.2.1 Oracle Application Performance Management
Error Correction information for
Oracle Application Performance Management
Patch
Information
|
12.1.0.6
|
Comments
|
Final Patch
|
-
|
|
CPU On-Request platforms
|
-
|
|
Minimum Product Requirements for
Oracle Application Performance Management
Critical Patch Update security vulnerabilities are
fixed in the listed releases. For more information on Oracle Application
Performance Management, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.
Product Version
|
Patch
|
Advisory Number
|
Comments
|
12.1.0.6
|
12.1.0.6.2 Release Patch 19712806
|
Released October 2014
|
|
12.1.0.6
|
12.1.0.6.1 Release Patch 19498441
|
Released October 2014
|
|
3.2.2 Oracle Application Testing
Suite
Error Correction information for
Oracle Application Testing Suite
Patch
Information
|
12.5.0.3
|
12.5.0.2
|
12.5.0.1
|
12.4.0.2
|
Comments
|
Final Patch
|
-
|
-
|
-
|
-
|
|
CPU
On-Request Platforms
|
-
|
-
|
-
|
-
|
|
Patch
Availability for Oracle Application Testing Suite
These patches
contain Critical Patch Update security vulnerabilities fixes for this
release. All previous versions will need to be upgraded to the minimum
version. Then, apply the following patches to fix the announced security
vulnerabilities. For Oracle Application Testing Suite downloads and installation
instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.
3.2.3 Oracle Enterprise Manager
Cloud Control
Error Correction information for
Oracle Enterprise Manager Cloud Control
Patch
Information
|
13.2.0.0
|
13.1.0.0
|
12.1.0.5
|
Comments
|
Final Patch
|
-
|
July 2017
|
October 2019
|
|
PSU On-Request Platforms
|
-
|
-
|
-
|
|
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 1
(13.2.0.0)
Patch
Availability for Oracle Enterprise Manager Cloud Control 13c Release 1
(13.1.0.0)
Patch
Availability for Oracle Enterprise Manager Cloud Control 12c Release 5
(12.1.0.5)
3.2.4 Oracle Enterprise Manager
Grid Control 11g (11.1.0.1)
Error
Correction information for Oracle Enterprise Manager Grid Control 11g
(11.1.0.1)
Patch Information
|
11.1.0.1
|
Comments
|
Final Patch
|
April 2018
|
|
PSU On-Request Platforms
|
-
|
|
Patch Set Update Availability for
Oracle Enterprise Manager Grid Control 11g (11.1.0.1)
The fixes for security Alert for CVE-2015-4852 are
part of Jan2016 WebLogic Server CPU patches described in this section.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Base Platform Repository Home
|
See "Oracle Database"
|
See "Oracle Database"
|
|
Base Platform Agent Home
|
Unix PSU 11.1.0.1.160119 Patch 9346289
Windows PSU 11.1.0.1.160119 Patch 22274004
|
Released January 2016
|
|
Base Platform OMS Home
|
PSU 11.1.0.1.160119 Patch 22266340
|
Released January 2016
|
|
Base Platform Fusion Middleware home
|
SPU Patch 14681307
|
Released October 2012
|
WLS 10.3.2.0 JDBC Patch (Not a SU). Before
installing this SPU, see Note 1493990.1, Patching for CVE-2012-3137
|
Base Platform Fusion Middleware home
|
SPU Patch 18992301
SPU Patch 18992319
SPU Patch 18547380
SPU Patch 23539151
SPU Patch 20926784
SPU Patch 18992399
SPU Patch 23539193
SPU Patch 22808855
SPU Patch 20083974
SPU Patch 22360634
|
Released July 2014
Released July 2014
Released April 2014
Released July 2016
Released July 2015
Released July 2014
Released July 2016
Released April 2016
Released January 2015
Released January 2016
|
WLS 10.3.2.0 JVM Patch (SU ID: DHM2)
WLS 10.3.2.0 Deployment Patch (SU ID: Y5B9)
WLS 10.3.2.0 CSS Patch (SU ID: 9AVS)
WLS 10.3.2.0 JMS+Core Patch (SU ID: JN9V)
WLS 10.3.2.0 WebServices Patch (SU IDs: SAGA, L8DT,
A4JA, 2HLN, SK77, X8W6, NFFE, BIMC)
WLS 10.3.2.0 Security Patch (SU IDs: VHAC, R4P6,
NSYJ, 8279)
WLS 10.3.2.0 WebApp Patch (SU ID: RJX5)
WLS 10.3.2.0 Console Patch (SU ID: 7CB7)
WLS 10.3.2.0 CIE Patch (SU ID: GVGW)
WLS 10.3.2.0 Install Patch (SU ID: 8N2J)
For CVE-2014-4256, see Note 1903763.1, Download Request for Security
Configuration
|
Base Platform Repository Home
|
CPU Patch 13705493
|
Released April 2012
|
OC4J 10.1.2.3 one-off Patch
Enterprise Manager Grid Control
|
3.2.5 Oracle Enterprise Manager
Ops Center
Error
Correction information for Oracle Enterprise Manager Ops Center
Patch Information
|
12.3.x
|
12.2.x
|
12.2.x
|
Comments
|
Final Patch
|
Jun 2020
|
Feb 2019
|
Apr 2017
|
|
CPU On-Request Platforms
|
|
-
|
-
|
|
Patch Availability for Oracle Enterprise
Manager Ops Center
These patches contain Critical Patch Update security
vulnerabilities fixes for this release. All previous versions will need to
be upgraded to the minimum version. Then, apply the following patches to
fix the announced security vulnerabilities. For Oracle Enterprise Manager
Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.
Product Home
|
UNIX
|
Advisory Number
|
Comments
|
12.3.2, 12.2.2, 12.1.4
|
Solaris 10 Sparc, Solaris 10 x86 and Linux
x86 Patch 25382567
|
Released January 2017
|
|
12.3.2, 12.2.2, 12.1.4
|
Solaris 10 Sparc, Solaris 10 x86 and Linux
x86 Patch 25382572
|
Released January 2017
|
|
3.2.6 OSS Support Tools
Error
Correction information for OSS Support Tools
Patch Information
|
8.11.x
|
Comments
|
Final Patch
|
-
|
|
Patch Availability for OSS Support
Tools
Product Home
|
Solaris
|
Advisory Number
|
Comments
|
8.11.16.3.8
|
BP Patch 22783063
|
March 2016
|
See My Oracle Support Note 1153444.1, Oracle Services Tools Bundle (STB) -
RDA/Explorer, SNEEP, ACT
|
3.3 Oracle Fusion Middleware
This section
contains the following:
3.3.1 Management Pack For Oracle GoldenGate
Error Correction information for Management Pack For
Oracle GoldenGate
Patch Information
|
12.1.3.x
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Management Pack For Oracle GoldenGate
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.1.0
|
BP 11.2.1.0.11 (BP11) or later Patch 19606348
|
Released April 2015
|
Oracle GoldenGate Monitor patch
|
3.3.2 NetBeans IDE
Minimum Product Requirements for NetBeans IDE
Critical Patch
Update security vulnerabilities are fixed in the listed releases. For
NetBeans IDE downloads, see https://netbeans.org/downloads/
Product Home
|
Release
|
Advisory Number
|
Comments
|
NetBeans IDE
|
8.2
|
Released October 2016
|
|
3.3.3 Oracle
API Gateway
Error Correction
information for Oracle API Gateway
Patch
Information
|
11.1.2.4.0
|
Comments
|
Final Patch
|
-
|
|
Patch Availability for Oracle API Gateway
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.4.0
|
11.1.2.4 SP5 Patch 25028626
|
CVE-2016-6303, CVE-2017-3601
|
|
3.3.4 Oracle Big Data Discovery
Minimum
Product Requirements for Oracle Big Data Discovery
Critical
Patch Update security vulnerabilities are fixed in the listed release only
and installations with any prior versions will need to move to the listed
version. For Oracle Big Data Discovery downloads, seehttps://edelivery.oracle.com and
search for "Oracle Big Data Discovery".
Product
|
Release
|
Advisory Number
|
Comments
|
Oracle Big Data Discovery
|
1.1.3
|
Released October 2016
|
|
3.3.5 Oracle
Business Intelligence App Mobile Designer
Error
Correction information for Oracle Business Intelligence App Mobile Designer
Patch Information
|
11.1.1.7 iOS
|
Comments
|
Final Patch
|
-
|
|
Patch
Availability for Oracle Business Intelligence App Mobile Designer
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.7
|
SPU Patch 18794832
|
Released July 2014
|
|
3.3.6 Oracle Business
Intelligence Enterprise Edition
Error Correction information for
Oracle Business Intelligence Enterprise Edition
Patch
Information
|
12.2.1.1.0
|
12.2.1.0.0
|
11.1.1.9
|
11.1.1.7
|
Comments
|
Final Patch
|
-
|
April 2017
|
October 2021
|
October 2018
|
|
Patch Availability for Oracle Business
Intelligence Enterprise Edition
3.3.7 Oracle Business
Intelligence Mobile
Error
Correction information for Oracle Business Intelligence Mobile
Patch Information
|
11.1.1.7 iOS
|
Comments
|
Final Patch
|
-
|
|
Minimum
Product Requirements for Oracle Business Intelligence Mobile
Patch Information
|
11.1.1.7.0 iOS
|
Advisory Number
|
Comments
|
Minimum Version
|
11.1.1.7.0 (11.6.39)
|
Released July 2015
|
|
3.3.8 Oracle Business
Intelligence Publisher
Error
Correction information for Oracle Business Intelligence Publisher
Patch Information
|
12.2.1.0
|
11.1.1.9
|
11.1.1.7
|
Comments
|
Final Patch
|
April 2017
|
October 2021
|
October 2018
|
|
Patch
Availability for Oracle Business Intelligence Publisher
Product Home
|
Patch
|
Advisory Number
|
Comments
|
12.2.1.0
|
Oracle BI Suite BP 12.2.1.0.161018 Patch 24695761 or higher
|
Released October 2016
|
|
11.1.1.9
|
Oracle BI Suite BP 11.1.1.9.161018 Patch 24668000 or higher
|
Released October 2016
|
|
11.1.1.9
|
BP Patch 24580895
|
Released October 2016
|
Webservice BP
|
11.1.1.9
|
11.1.1.9 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
11.1.1.9
|
WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12
(Jul2015) or later WLS PSU
|
Released October 2016
|
WLS 10.3.6 Interim Patch or WLS PSU
|
11.1.1.7
|
Oracle BI Suite BP 11.1.1.7.160719 Patch 23703041 or higher
|
Released October 2016
|
|
11.1.1.7
|
BP Patch 24486705
|
Released October 2016
|
Webservice BP
|
11.1.1.7
|
11.1.1.7.0 Interim Patch 17081528
|
Released October 2016
|
XDK Interim Patch
|
11.1.1.7
|
WLS 10.3.6 Patch 20671165 - SU Patch [7Y5Z] or WLS PSU 10.3.6.0.12
(Jul2015) or later WLS PSU
|
Released October 2016
|
WLS 10.3.6 Interim Patch or WLS PSU
|
3.3.9 Oracle Communications
Converged Application Server
Error
Correction information for Oracle Communications Converged Application
Server
Patch Information
|
5.0
|
Comments
|
Final Patch
|
July 2018
|
|
Patch Availability for Oracle
Communications Application Server
See also the underlying product stack tables for any
applicable patches. Refer to comments section and apply the patch to the
respective product home.
Oracle Communications
Converged Application Server
|
Patch
|
Advisory Number
|
Comments
|
5.0
|
SPU Patch 14364893
CPU Patch 12875001
CPU Patch 12875006
CPU Patch 12874981
CPU Patch 14825824
CPU Patch 10625676
CPU Patch 18767762
|
Released October 2012
Released October 2011
Released October 2011
Released October 2011
Released January 2013
Released January 2011
Released July 2013
|
WLS 10.3.0.0 CSS Patch
WLS 10.3.3.0 JMS Patch
WLS 10.3.3.0 WebServices Patch
WLS 10.3.3.0 Security Patch
WLS 10.3.3.0 WebApp Patch
WLS 10.3.3.0 Core Patch
WLS 10.3.3.0 Console Patch
|
3.3.10 Oracle Complex Event
Processing
Error
Correction information for Oracle Complex Event Processing
Patch Information
|
CEP 12.1.3
|
CEP 11.1.7
|
Comments
|
Final Patch
|
December 2019
|
October 2018
|
|
Patch Availability for Oracle Complex
Event Processing
See also the underlying product stack tables (JRockit
and WLS) for any applicable patches.
3.3.11 Oracle Data Quality for
Oracle Data Integrator
Error
Correction information for Oracle Data Quality for Oracle Data Integrator
Patch Information
|
ODIDQ 11.1.x
|
Comments
|
Final Patch
|
-
|
|
Patch
Availability for Oracle Data Quality for Oracle Data Integrator
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.1.3.0
|
CPU Patch 21418574
|
Released July 2015
|
|
3.3.12 Oracle Endeca Server
Error
Correction information for Oracle Endeca Server
Patch Information
|
7.6
|
7.5
|
7.4
|
7.3
|
Comments
|
Final Patch
|
-
|
-
|
July 2020
|
-
|
|
Minimum
Product Requirements for Oracle Endeca Server 7.5.x
Patch Information
|
7.5.x
|
Advisory Number
|
Comments
|
Minimum Version
|
7.5.1.1
|
Released July 2013
|
|
Patch
availability for Oracle Endeca Server
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca Server 7.6 home
|
SPU Patch 22159508
|
Released January 2016
|
|
Oracle Endeca Server 7.5 home
|
SPU Patch 22159522
|
Released January 2016
|
|
Oracle Endeca Server 7.4 home
|
SPU Patch 22159534
|
Released January 2016
|
|
Oracle Endeca Server 7.3 home
|
SPU Patch 22159539
|
Released January 2016
|
|
3.3.13 Oracle Endeca Information
Discovery Studio
Error Correction information for
Oracle Endeca Information Discovery Studio
Patch
Information
|
3.1
|
3.0
|
2.4
|
Comments
|
Final Patch
|
January 2018
|
January 2018
|
January 2018
|
|
Patch availability for Oracle Endeca Information
Discovery Studio
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca Information Discovery Studio 3.1 home
|
SPU Patch 19663929
|
Released October 2014
|
See Note 1906844.1 Transfer/reinstall Oracle Endeca
Information Discovery (EID) Studio and migrate configuration to a
newly-installed latest version of Apache Tomcat 6.0.x
|
Oracle Endeca Information Discovery Studio 3.0 home
|
SPU Patch 19663937
|
Released October 2014
|
|
Oracle Endeca Information Discovery Studio 2.4 home
|
SPU Patch 19663946
|
Released October 2014
|
|
3.3.14 Oracle Endeca Information
Discovery Studio Integrator
Error Correction information for
Oracle Endeca Information Discovery Studio Integrator
Patch
Information
|
3.1
|
3.0
|
2.4
|
Comments
|
Final Patch
|
January 2018
|
January 2018
|
January 2018
|
|
Patch availability for Oracle Endeca Information
Discovery Studio Integrator
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Endeca Information Discovery Studio
Integrator 3.1 home
|
SPU Patch 21131619
|
Released July 2015
|
|
Oracle Endeca Information Discovery Studio
Integrator 3.0 home
|
SPU Patch 21131630
|
Released July 2015
|
|
Oracle Endeca Information Discovery Studio
Integrator 2.4 home
|
SPU Patch 21131634
|
Released July 2015
|
|
3.3.15 Oracle Enterprise Data
Quality
Error
Correction information for Oracle Enterprise Data Quality
Patch Information
|
9.0.11
|
8.1.12
|
Comments
|
Final Patch
|
October 2019
|
July 2019
|
|
Patch
Availability for Oracle Enterprise Data Quality
3.3.16 Oracle Exalogic Patch Set
Update (PSU)
Error
Correction information for Oracle Exalogic Patch Set Update (PSU)
Patch Information
|
2.x
|
1.x
|
Comments
|
Final Patch
|
-
|
-
|
|
Patch
Set Update Availability for Oracle Exalogic
Oracle Exalogic
|
Patch
|
Advisory Number
|
Comments
|
2.x Physical
|
2.0.6.2.170418 Physical Linux x86-64 (for all X2-2,
X3-2, X4-2, X5-2) PSU Patch 25422080
2.0.6.2.170418 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2)
PSU Patch 25422080
|
Released April 2017
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
2.x Virtual
|
2.0.6.2.170418 Virtual (for all X2-2, X3-2, X4-2,
X5-2) PSU Patch 25422070
|
Released April 2017
|
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
|
1.x
|
Upgrade to 2.x based on information in the Comments
column. Then apply the patches listed above.
|
Released March 2012 (13795376)
Released Februrary 2013 (15931901)
|
See Patch 14834860 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE
KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)
See Patch 14834860 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for
Exalogic Solaris x86-64 (64 bit)
See Note 1314535.1, Announcing Exalogic PSUs (Patch Set
Updates)
|
3.3.17 Oracle Forms and Reports
For the appropriate product versions listed below, refer
to the corresponding Oracle Fusion Middleware patch availability sections
that contain information on Error Correction, and for the patches to apply.
Not all homes that are listed in those sections might be present in the
Oracle Forms and Reports installation. Only the relevant homes from those
tables need to be patched.
Patch
Availability for Oracle Forms and Reports
3.3.18 Oracle Fusion Middleware
For more
information on how to identify the components in an Oracle home, see Note
1591483.1, What is Installed in My
Middleware or Oracle home?.
This section contains the following:
3.3.18.1 Oracle Fusion Middleware
12c
The sections below cover Oracle Fusion Middleware
version 12.2.x and 12.1.x
3.3.18.1.1 Oracle Fusion
Middleware 12.2.1.2
Error Correction information for Oracle Fusion
Middleware 12.2.1.2
Patch Information
|
12.2.1.2
|
Comments
|
Final Patch
|
-
|
|
CPU On-Request Platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.2
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2253297.1<=""
a="">
|
See Note 2253297.1<=""
a="">
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
12.2.1.2 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server patch
|
12.2.1.2 home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
12.2.1.2 home
|
WCC BP 12.2.1.2.170418 Patch 25694492
|
CVE-2017-3625
|
WebCenter Content Patch
|
12.2.1.2 home
|
OSB BP 12.2.1.2.170418 Patch 25439629
|
CVE-2017-3507
|
OSB Patch
|
12.2.1.2 home
|
12.2.1.2.170415 Patch 25806946 or later
|
CVE-2017-5638, CVE-2015-7501, CVE-2017-3540,
CVE-2017-3542, CVE-2017-3543, CVE-2017-3545, CVE-2017-3541,
CVE-2017-3602, CVE-2017-3554, CVE-2017-3596, CVE-2017-3593,
CVE-2017-3595, CVE-2017-3591, CVE-2017-3594, CVE-2017-3597,
CVE-2017-3598, CVE-2017-3603
|
WebCenter Sites Patch. For availability dates, see
"Post Release Patches"
|
12.2.1.2 home
|
OBIEE BP 12.2.1.2.170418 Patch 25610885
|
Released April 2017
|
OBIEE Patch
Install prior to Java CPUApr2017
JDK/JRE
For availability dates, see "Post Release Patches"
|
12.2.1.2 home
|
Patch 25375317
Patch 24908939
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017
JDK/JRE
|
3.3.18.1.2 Oracle Fusion
Middleware 12.2.1.1
Error Correction information for Oracle Fusion
Middleware 12.2.1.1
Patch Information
|
12.2.1.1
|
Comments
|
Final Patch
|
October 2017
|
|
CPU On-Request Platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.1
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
12.2.1.1 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server patch
|
12.2.1.1 home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
12.2.1.1 home
|
OBIEE BP 2.2.1.1.170418 Patch 25563341
|
Released April 2017
|
OBIEE Patch
Install prior to Java CPUApr2017
JDK/JRE
For availability dates, see "Post Release Patches"
|
12.2.1.1 home
|
ODI BP 12.2.1.1.170418 Patch 25683635
|
Released April 2017
|
Oracle Data Integrator Patch
Install prior to Java CPUApr2017 JDK/JRE
|
12.2.1.1 home
|
Patch 25375317
Patch 25714997
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017
JDK/JRE
|
12.2.1.1 home
|
WCC BP 12.2.1.1.170418 Patch 25699709
|
CVE-2017-3625
|
WebCenter Content Patch
|
12.2.1.1 home
|
OSB SPU 12.2.1.1.170418 patch 25491960
|
CVE-2017-3507
|
OSB patch
|
12.2.1.1 home
|
12.2.1.1.170415 Patch 25806943 or later
|
CVE-2017-5638, CVE-2015-7501, CVE-2017-3540,
CVE-2017-3542, CVE-2017-3543, CVE-2017-3545, CVE-2017-3541,
CVE-2017-3602, CVE-2017-3554, CVE-2017-3596, CVE-2017-3593,
CVE-2017-3595, CVE-2017-3591, CVE-2017-3594, CVE-2017-3597,
CVE-2017-3598, CVE-2017-3603
|
WebCenter Sites Patch. For availability dates,
see "Post Release Patches"
|
12.2.1.1 home
|
SPU Patch 24618613
|
Released October 2016
|
Platform Security for Java patch
|
12.2.1.1 home
|
SPU Patch 24327938
|
Released July 2016
|
Oracle TopLink patch
|
3.3.18.1.3 Oracle Fusion
Middleware 12.2.1.0
Error Correction information for Oracle Fusion
Middleware 12.2.1.0
Patch Information
|
12.2.1.0
|
Comments
|
Final Patch
|
April 2017
|
|
CPU On-Request Platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.2.1.0
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g/12c Products
|
12.2.1.0 home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
Oracle WebLogic Server patch
|
12.2.1.0 home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
12.2.1.0 home
|
OWS Patch 25534417
|
Release April 2017
|
Oracle Watchlist Screening Patch
Install prior to Java CPUApr2017
JDK/JRE
|
12.2.1.0 home
|
ODI BP 12.2.1.0.170418 Patch 25491696
|
Released April 2017
|
Oracle Data Integrator Patch
Install prior to Java CPUApr2017
JDK/JRE
|
12.2.1.0 home
|
OBIEE BP 12.2.1.0.170418 Patch 25563361
|
Released April 2017
|
OBIEE Patch
Install prior to Java CPUApr2017
JDK/JRE
For availability dates, see "Post Release Patches"
|
12.2.1.0 home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017
JDK/JRE
|
12.2.1.0 home
|
WCC BP 12.2.1.0.170418 Patch 25671649
|
CVE-2017-3625
|
WebCenter Content Patch
|
12.2.1.0 home
|
OSB BP 12.2.1.0.170418 patch 25527688
|
CVE-2017-3507
|
OSB patch
|
12.2.1.0 home
|
12.2.1.0.170415 Patch 25806935 or later
|
CVE-2017-5638, CVE-2015-7501, CVE-2017-3540,
CVE-2017-3542, CVE-2017-3543, CVE-2017-3545, CVE-2017-3541,
CVE-2017-3602, CVE-2017-3554, CVE-2017-3596, CVE-2017-3593,
CVE-2017-3595, CVE-2017-3591, CVE-2017-3594, CVE-2017-3597,
CVE-2017-3598, CVE-2017-3603
|
WebCenter Sites Patch. For availability dates,
see "Post Release Patches"
|
12.2.1.0 home
|
SPU Patch 24618494
|
Released October 2016
|
Platform Security for Java Patch
|
12.2.1.0 home
|
Oracle BI Suite BP 12.2.1.0.161018 Patch 24695761 or higher
|
Released October 2016
|
OBIEE and BIP BP
|
12.2.1.0 home
|
Patch 1 Patch 22137683 or higher
|
Released July 2016
|
Oracle WebCenter Sites patch
|
12.2.1.0 home
|
SPU Patch 24327938
|
Released July 2016
|
Oracle TopLink patch
|
3.3.18.1.4 Oracle Fusion
Middleware 12.1.3.0
Error Correction information for Oracle Fusion
Middleware 12.1.3.0
Patch Information
|
12.1.3.0
|
Comments
|
Final Patch
|
October 2019
|
|
CPU On-Request Platforms
|
-
|
|
Patch Availability for Oracle Fusion Middleware
12.1.3.0
3.3.18.2 Oracle Forms and Reports
11.1.2.2
Error
Correction information for Oracle Forms and Reports 11.1.2.2
Patch Information
|
11.1.2.2
|
Comments
|
Final Patch
|
October 2017
|
|
CPU On-Request Platforms
|
-
|
|
Patch
Availability for Oracle Forms and Reports 11.1.2.2
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed or Used
with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing Oracle WebLogic Server PSUs
(Patch Set Updates)
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
Oracle Forms and Reports 11.1.2.2 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 21640624
|
Released October 2015
|
Oracle HTTP Server 11.1.1.7 Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 19562319
|
Released January 2015
|
Oracle Forms Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 20002141
|
Released January 2015
|
Oracle Reports, Developer 11.1.2.2 Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware 11g OPMN/ONS
|
Oracle Forms and Reports 11.1.2.2 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
Oracle Forms and Reports 11.1.2.2 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
3.3.18.3 Oracle Fusion Middleware
11.1.1.9
Error
Correction information for Oracle Fusion Middleware 11.1.1.9
Patch Information
|
11.1.1.9
|
Comments
|
Final Patch
|
October 2021
|
Oracle Fusion Middleware 11.1.1.9
|
CPU On-Request Platforms
|
-
|
|
Patch Availability for Oracle Fusion
Middleware 11.1.1.9
3.3.18.4 Oracle
Fusion Middleware 11.1.1.7
Error Correction information for Oracle Fusion
Middleware 11.1.1.7
Patch Information
|
11.1.1.7
|
Comments
|
Final Patch
|
October 2018
|
Oracle Fusion Middleware 11.1.1.7
See Note 1585582.1, Extended Fusion Middleware 11g
Lifetime Support Policy Dates, and Note 1290894.1, Error Correction Support Dates for
Oracle Fusion Middleware 11g (11.1.1/11.1.2)
Oracle Portal, Forms, Reports and Discoverer may
have different support dates, Please refer to Lifetime Support document
for more details
|
CPU On-Request Platforms
|
-
|
|
Patch
Availability for Oracle Fusion Middleware 11.1.1.7
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server home
|
See "Oracle WebLogic Server"
|
See "Oracle WebLogic Server"
|
See Note 1306505.1, Announcing Oracle WebLogic Server PSUs
(Patch Set Updates)
|
Oracle WebLogic Server Proxy Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
Oracle Identity Management 11.1.1.7 home
|
Patch 24847972
|
Released April 2017
|
OIM Patch
Install prior to Java CPUApr2017
JDK/JRE
|
OSB 11.1.1.7 home
|
Patch 24847885
|
Released April 2017
|
OSB Patch
Install prior to Java CPUApr2017
JDK/JRE
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
Patch 19933795
|
Released April 2017
|
Install prior to Java CPUApr2017
JDK/JRE
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
ODI Patch 25507109
|
Released April 2017
|
Install prior to Java CPUApr2017
JDK/JRE
|
FMW 11.1.1.7 ORACLE_COMMON home
|
Patch 25375317
|
Released April 2017
|
Oracle Stream Analytics Patch
Install prior to Java CPUApr2017
JDK/JRE
|
Oracle FMW 11.1.1.7 ORACLE_COMMON home
|
JRF BP 11.1.1.7.160905 Patch 23243559 or later
|
Released January 2017
|
JRF BP
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
BP Patch 24486705
|
Released October 2016
|
Web Services BP
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 24716502
|
Released October 2016
|
Oracle Discoverer Patch
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
See Note 2155256.1
|
Released July 2016
|
For Oracle Portal 11.1.1.6
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 22218959
|
Released July 2016
|
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 22013598
|
Released January 2016
|
Web Cache Patch
See Note 2095166.1, Oracle Web Cache 11.1.1.7/11.1.1.9 SSL
Cipher Suite Changes Beginning with CPU January 2016
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
DB PSU Patch 22290164 for Unix
DB BP Patch 22607089 for Windows 32-Bit
DB BP Patch 22607090 for Windows x64
|
Release January 2016
|
Database 11.1.0.7 client patches for FMW
11.1.1.x/11.1.2.x only
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Identity Manager BP 2 (11.1.1.7.2) Patch 21881425 and OIM OVERLAY SPU 11.1.1.7.161018 Patch 24816127
|
Overlay SPU: Released October 2016
OIM BP2: Released October 2015
|
Oracle Identity Manager Patch
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 21640624
|
Released October 2015
|
Oracle HTTP Server 11.1.1.7 Patch
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
SPU Patch 25264940
|
Released January 2017
|
Oracle ADF 11.1.1.7 Patch
|
Oracle Identity Access Management 11.1.1.7 home
|
Oracle Access Manager BP 5 (11.1.1.7.5) Patch 21033489 or later
|
Released July 2015
|
Oracle Access Manager (OAM 11.1.1.7.5) Patch
See Note 1952939.1, Oracle Access Manager 11g Logout
Confirmation Features and Configuration
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 19562278
|
Released January 2015
|
Oracle Forms 11.1.1.7 Patch
|
Oracle SOA Suite 11.1.1.7 home
|
Oracle SOA 11.1.1.7.6 BP Patch 19953598 or later
|
Released January 2015
|
SOA Patch.
For CVE-2014-6548, see Note 1962206.1
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 20002159
|
Released January 2015
|
Oracle Reports, Developer 11.1.1.7 Patch
|
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 20060599
|
Released January 2015
|
Oracle Adaptive Access Manager Patch
|
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
Oracle Identity Management 11.1.1.7 home
Oracle Identity Access Management 11.1.1.7 home
|
SPU Patch 19666962
|
Released October 2014
|
Oracle Identity Manager Patch
See Note 1927796.1, Instructions For Enabling OIM CPU Bug
17937383 Fix For OIM BPs (11.1.2.1.9 and 11.1.2.2.4 Versions) / Overlay
SPU (11.1.1.7 and 11.1.1.5 Versions)
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
SPU Patch 18423801
|
Released July 2014
|
Oracle Process Management and Notification (OPMN)
Patch
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware 11g OPMN/ONS
|
Oracle WebCenter 11.1.1.7 home
|
Overlay SPU Patch 18792010 and 11.1.1.7 BP 1 Patch 16761779
|
Released July 2014
|
WebCenter Portal 11.1.1.7 Overlay SPU patch
|
Oracle Identity Access Management 11.1.1.7 home
|
See Note 1643382.1
|
Released April 2014
|
OAM/WebGate Advisory
|
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
See Note 1608683.1
|
Released January 2014
|
Oracle Reports Advisory
|
Oracle Identity Management 11.1.1.7 home
|
CPU Patch 17842883 and
CPU Patch 17839633
|
Released January 2014
|
Oracle Internet Directory Patch
Patch 17842883 for HP-UX Itanium, HP-UX PA-RISC (64-bit),
Linux x86, Microsoft Windows (32-bit)
Patch 17839633 for Linux x86-64, IBM AIX Based Systems
(64-bit), Sun Solaris x86-64 (64-bit), Sun Solaris SPARC (64-bit),
Microsoft Windows x64 (64-bit)
See Note 1614114.1, "Oracle Internet Directory (OID) Version
11g Bundle Patches For Non-Fusion Applications Customers" for
Bundles that include these and other fixes.
|
Oracle Identity Management 11.1.1.7 home
Oracle Identity Access Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
Oracle SOA Suite 11.1.1.7 home
Oracle WebCenter Suite 11.1.1.7 home
|
SPU Patch 17617649
|
Released January 2014
|
Oracle Help Technologies Patch
|
Oracle Identity Management 11.1.1.7 home
Oracle Web Tier 11.1.1.7 home
Oracle Portal, Forms, Reports and Discoverer
11.1.1.7 home
|
CPU Patch 17337741
|
Released October 2013
|
Oracle Security Service (SSL/Network) Patch
|
Oracle WebCenter Content 11.1.1.7 home
|
BP 2 Patch 17180477 or higher
|
Released October 2013
|
|
Oracle Fusion Middleware 11.1.1.7.0 ORACLE_COMMON
home
|
SPU Patch 22567790
|
Released in July 2016
|
FMW Control Patch applies to oracle_common OH for
11.1.1.7.0
|
3.3.18.5 Oracle Fusion Middleware
10.1.3.5.x
Error
Correction information for Oracle Fusion Middleware 10.1.3.5.x
Patch Information
|
10.1.3.5.x
|
Comments
|
Final Patch
|
Oracle SOA Suite: October 2014
JDeveloper: April 2017
Application Development Framework: April 2017
Oracle HTTP Server: April 2017
Oracle Container for Java (OC4J): April 2017
TopLink: April 2017
For all other components that are NOT listed here,
see the Comments section in the LSP document.
|
For more information, see Lifetime Support Policy for Oracle
Fusion Middleware
|
CPU On-Request Platforms
|
IBM: Linux on System Z
Linux on POWER
Oracle Solaris x86-64
|
|
Patch
Availability for Oracle Fusion Middleware 10.1.3.5.x
Product Home
|
Patches
|
Advisory Number
|
Comments
|
Oracle Database home
|
See "Oracle Database"
|
See "Oracle Database"
|
Patch any Database Server associated to a Fusion
Middleware installation
|
Oracle Java SE home
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
|
Oracle Application Server 10g Release 3 home
|
Patch 25173732
|
Released April 2017
|
Install prior to Java CPUApr2017
JDK/JRE
|
Oracle Application Server 10g Release 3
home
Oracle HTTP Server 2.0 standalone home
Oracle SOA Suite 10g home
Oracle WebCenter Suite 10g home
Oracle SOA Suite 10g for WebLogic
Server home
|
UNIX: CPU Patch 21845960
Microsoft Windows (32-Bit): CPU Patch 21845962
Microsoft Windows Itanium (64-Bit): CPU Patch 21845971
|
Released October 2015
|
See Note 1905314.1, New SSL Protocol and Cipher Options
for Oracle Fusion Middleware's OPMN/ONS Component
See Note 1301699.1, How the SSL/TLS Renegotiation Protocol
Change Affects Oracle HTTP Server
See Note 1936300.1, How to Change SSL Protocols (to
Disable SSL 3.0) in Oracle Fusion Middleware Products
|
OC4J Standalone home
|
SPU Patch 20034769
|
Released January 2015
|
Patch for OC4J Standalone 10.1.3.5 media available
on OTN
|
Oracle Application Server 10g Release 3 home
Oracle HTTP Server 2.0 standalone home
Oracle SOA Suite 10g home
Oracle WebCenter Suite 10g home
Oracle SOA Suite 10g for WebLogic Server home
|
See Note 1586861.1
|
Released October 2013
|
OC4J Advisory
|
Oracle Application Server 10g Release 3
home
OC4J Standalone home
Oracle SOA Suite 10g home
|
SPU Patch 16920865
|
Released October 2013
|
WebServices Patch
|
OC4J Standalone home
|
CPU Patch 14123312
|
Released July 2012
|
Enterprise Manager AS Control Patch
Patch for OC4J Standalone 10.1.3.5 media available
on OTN
|
Oracle SOA Suite 10g for WebLogic
Server home
|
CPU Patch 12539587
|
Released October 2011
|
Oracle Web Services Manager (OWSM) Patch
|
Oracle SOA Suite 10g home
Oracle WebCenter Suite 10g home
|
CPU Patch 12957596
|
Released October 2011
|
Oracle Web Services Manager (OWSM) Patch
|
3.3.18.6 Oracle Identity Access
Management 11.1.2.3
Error
Correction information for Oracle Identity Access Management 11.1.2.3
Patch Information
|
11.1.2.3
|
Comments
|
Final Patch
|
-
|
|
CPU On-Request Platforms
|
-
|
|
Patch Availability for Oracle Identity
Access Management 11.1.2.3
3.3.19 Oracle
Hyperion Analytic Provider Services
Error Correction information for
Oracle Hyperion Analytic Provider Services
Patch Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2021
|
|
Patch
Availability for Oracle Hyperion Analytic Provider Services
3.3.20 Oracle Hyperion BI+
Error
Correction information for Oracle Hyperion BI+
Patch Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Hyperion BI+
3.3.21 Oracle Hyperion Common
Admin
Error
Correction information for Oracle Hyperion Common Admin
Patch Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Hyperion Common Admin
3.3.22 Oracle Hyperion Common
Security
Error
Correction information for Oracle Hyperion Common Security
Patch Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Hyperion Common Security
3.3.23 Oracle Hyperion EAS
Error
Correction information for Oracle Hyperion EAS
Patch Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Hyperion EAS
3.3.24 Oracle Hyperion Enterprise
Performance Management Architect
Error
Correction information for Oracle Hyperion Enterprise Performance
Management Architect
Patch Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2021
|
|
Patch
Availability for Oracle Hyperion Enterprise Performance Management
Architect
Product Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.3
|
SPU Patch 19466859
SPU Patch 20929659
|
Released July 2015
|
|
11.1.2.2
|
SPU On-Request
|
Released July 2015
|
|
3.3.25 Oracle Hyperion Essbase
Error
Correction information for Oracle Hyperion Essbase
Patch Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2021
|
|
Patch Availability for Oracle Hyperion
Essbase
3.3.26 Oracle Hyperion Financial
Reporting
Error
Correction information for Oracle Hyperion Financial Reporting
Patch Information
|
11.1.2.4
|
Comments
|
Final Patch
|
April 2018
|
|
Patch Availability for Oracle Hyperion
Financial Reporting
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Hyperion Financial Reporting 11.1.2.4
|
SPU Patch 23557946
|
Released July 2016
|
|
3.3.27 Oracle Hyperion
Installation Technology
Error
Correction information for Oracle Hyperion Installation Technology
Patch
Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Hyperion Installation Technology
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.3
|
SPU Patch 17424524
|
Released October 2015
|
|
3.3.28 Oracle Hyperion Smart View
For Office
Error
Correction information for Oracle Hyperion Smart View For Office
Patch
Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Hyperion Smart View For Office
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
11.1.2.x
|
SPU Patch 20327649
|
Released April 2015
|
|
3.3.29 Oracle Hyperion Strategic
Finance
Error
Correction information for Oracle Hyperion Strategic Finance
Patch
Information
|
11.1.2.x
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Hyperion Strategic Finance
3.3.30 Oracle Identity Access
Management
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Identity Access Management installation. Only the relevant
homes from those tables need to be patched.
Patch
Availability for Oracle Identity Access Management
3.3.31 Oracle Identity Analytics
Error Correction Information for Oracle Identity
Analytics
Patch
Information
|
11.1.1.5.0
|
Comments
|
Final Patch
|
October 2017
|
|
Patch Availability for Oracle Identity Analytics
3.3.32 Oracle Identity Management
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Identity Management installation. Only the relevant homes
from those tables need to be patched.
Patch
Availability for Oracle Identity Management
3.3.33 Oracle Identity Management
Connector
Error
Correction information for Oracle Identity Management Connector
Patch
Information
|
9.1.0.4
|
Comments
|
Final Patch
|
April 2017
|
|
Patch
Availability for Oracle Identity Management Connector
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
9.1.0.4
|
CPU Patch 13636081
|
Released April 2012
|
|
3.3.34 Oracle JDeveloper and
Oracle ADF
Error
Correction information for Oracle JDeveloper and Oracle ADF
Patch
Information
|
12.2.1.0
|
12.1.3.0
|
11.1.2.4
|
11.1.1.7
|
10.1.3.5
|
Comments
|
Final Patch
|
-
|
-
|
October 2021
|
October 2018
|
April 2017
|
|
Critical
Patch Update Availability for Oracle JDeveloper and Oracle ADF
3.3.35 Oracle JRockit
Critical Patch Update Availability for
Oracle JRockit
Oracle JRockit R28.3.13 includes fixes for all security advisories that
have been released through CPUjan2017.
Product
|
Patch
|
Advisory Number
|
Comments
|
Oracle JRockit JRE and JDK 6
|
R28.3.13 Patch 25061582
|
Released January 2017
|
|
3.3.36 Oracle Map Viewer
Error
Correction information for Oracle Map Viewer
Patch
Information
|
12.2.1.1
|
12.2.1.0
|
11.1.1.9
|
Comments
|
Final Patch
|
October 2017
|
April 2017
|
October 2021
|
|
Patch
Availability for Oracle Map Viewer
3.3.37 Oracle Mobile Security
Suite
Error
Correction information for Oracle Mobile Security Suite
Patch
Information
|
11.1.2.3
|
3.0.5
|
Comments
|
Final Patch
|
-
|
July 2016
|
|
Patch
Availability for Oracle Mobile Security Suite
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
3.0.5
|
CPU Patch 21639665
|
Released October 2015
|
|
3.3.38 Oracle Outside In
Technology
Error
Correction information for Oracle Outside In Technology
Patch
Information
|
8.5.3
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Outside In Technology
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Outside In Technology 8.5.3
|
SPU Patch 25249496
|
Released January 2017
|
|
3.3.39 Oracle Portal, Forms,
Reports, and Discoverer 11g Release 1
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Portal, Forms, Reports, and Discoverer 11g Release
1 installation. Only the relevant homes from those tables need to be
patched.
Patch
Availability for Oracle Portal, Forms, Reports, and Discoverer 11g Release
1
3.3.40 Oracle Real Time Decisions
Server
Error Correction information for
Oracle Real Time Decisions Server
Patch
Information
|
11.1.1.7
|
Comments
|
Final Patch
|
October 2018
|
|
Patch Availability for Oracle Real
Time Decisions Server
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Real Time Decisions Server 11.1.1.7.0 home
|
BP 11.1.1.7.150120 Patch 19823874
|
Released January 2015
|
|
3.3.41 Oracle Service
Architecture Leveraging Tuxedo (SALT)
Error
Correction information for Oracle Service Architecture Leveraging Tuxedo
(SALT)
Patch
Information
|
11.1.1.2.2
|
Comments
|
Final Patch
|
April 2018
|
|
Patch
Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Service Architecture Leveraging Tuxedo
(SALT) 11.1.1.2.2 home
|
Patch 20014357
|
Released October 2015
|
|
3.3.42 Oracle SOA Suite
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle SOA Suite installation. Only the relevant homes from those
tables need to be patched.
Patch
Availability for Oracle SOA Suite
3.3.43 Oracle Traffic Director
Error
Correction information for Oracle Traffic Director
Patch
Information
|
11.1.1.9
|
11.1.1.7
|
Comments
|
Final Patch
|
-
|
October 2018
|
|
Patch
Availability for Oracle Traffic Director
3.3.44 Oracle Tuxedo
Error
Correction information for Oracle Tuxedo
Patch
Information
|
12.1.1.0
|
Comments
|
Final Patch
|
July 2020
|
|
Patch
Availability for Oracle Tuxedo
3.3.45 Oracle Waveset
Error
Correction information for Oracle Waveset
Patch
Information
|
8.1.1.0
|
Comments
|
Final Patch
|
October 2017
|
|
Patch
Availability for Oracle Waveset
3.3.46 Oracle Web-Tier 11g Utilities
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle Web-Tier 11g Utilities installation. Only the
relevant homes from those tables need to be patched.
Patch
Availability for Oracle Web-Tier 11g Utilities
3.3.47 Oracle WebCenter
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle WebCenter installation. Only the relevant homes from those
tables need to be patched.
Patch
Availability for Oracle WebCenter
3.3.48 Oracle WebCenter Content
(Formerly Oracle Universal Content Management)
Patch
Availability for Oracle WebCenter Content
3.3.49 Oracle WebCenter Portal
Error Correction information for
Oracle WebCenter Portal
Patch
Information
|
11.1.1.9
|
Comments
|
Final Patch
|
-
|
|
Patch Availability for Oracle
WebCenter Portal
3.3.50 Oracle WebCenter Sites
(Formerly FatWire Content Server)
Error
Correction information for Oracle WebCenter Sites (formerly FatWire Content
Server)
Patch
Information
|
12.2.1.0.0
|
11.1.1.8
|
Comments
|
Final Patch
|
-
|
|
|
Patch
Availability for Oracle WebCenter Sites
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
12c home
|
See "Oracle Fusion Middleware
12c"
|
See "Oracle Fusion Middleware
12c"
|
|
11.1.1.8 home
|
11.1.1.8.0 Patch 17 Patch 25883419 or later
|
CVE-2017-5638, CVE-2015-7501, CVE-2017-3540,
CVE-2017-3542, CVE-2017-3543, CVE-2017-3545, CVE-2017-3541,
CVE-2017-3602, CVE-2017-3554, CVE-2017-3596, CVE-2017-3593,
CVE-2017-3595, CVE-2017-3591, CVE-2017-3594, CVE-2017-3597,
CVE-2017-3598, CVE-2017-3603, CVE-2016-0714
|
For availability dates, see "Post Release Patches"
|
3.3.51 Oracle WebCenter Sites
Community
Error
Correction information for Oracle WebCenter Sites Community
Patch
Information
|
11.1.1.8
|
Comments
|
Final Patch
|
-
|
|
Patch
Availability for Oracle WebCenter Sites Community
3.3.52 Oracle WebCenter Suite
For the appropriate product versions listed below,
refer to the corresponding Oracle Fusion Middleware patch availability
sections that contain information on Error Correction, and for the patches
to apply. Not all homes that are listed in those sections might be present
in the Oracle WebCenter Suite installation. Only the relevant homes from
those tables need to be patched.
Patch
Availability for Oracle WebCenter Suite
3.3.53 Oracle
WebGate
Error Correction information for Oracle WebGate
Patch Information
|
10.1.4.3.0
|
Comments
|
Final Patch
|
October 2016
|
For Oracle Access Manager 10g WebGates / ASDK
working with Oracle Access Manager 10gR3 (10.1.4.x)
|
Final Patch
|
October 2018
|
For Oracle Access Manager 10g WebGates / ASDK
working with Oracle Access Manager 11gR1 (11.1.1.x) and Oracle Access
Manager 11gR2 (11.1.2.x)
|
On-Request
platforms
|
Platform and Server combinations that are
historically inactive for patching are available on-request. If the patch
is not available for a particular platform, see Section 1.3, "On-Request
Patches" on how
to request them.
|
Post-Release on-Request patches will be
documented on My Oracle Support Note 1563072.1
|
Patch
Availability for Oracle WebGate
See also the underlying product stack tables for
any applicable patches. Refer to comments section and apply the patch
to the respective product home.
Oracle WebGate
|
Patch
|
Advisory Number
|
Comments
|
10.1.4.3.0 home
|
OAM 10.1.4.3.13-PIT28 or later
Patch 23761275 - OAM 10gR3 Access Server
Patch 23762129 - OAM 10gR3 Identity Server
Patch 24303301 - OAM Policy Manager 10gR3 OHS 11g
Patch 23742474 - OAM WebGate 10gR3 OHS 11g
Patch 23742706 - OAM WebGate 10gR3 Apache 2.2
|
Released July 2016
|
Post-Release on-Request patches will be documented
on My Oracle Support Note 1563072.1
|
3.3.54 Oracle WebLogic Portal
Error
Correction information for Oracle WebLogic Portal
Patch
Information
|
10.3.6.0
|
Comments
|
Final Patch
|
October 2021
|
|
Critical Patch Update Availability for
WebLogic Portal
See also the
underlying product stack tables (JRockit and WLS) for any applicable
patches.
WebLogic Portal
patches are cumulative to include all the prior published advisories. For
more information, see My Oracle Support Note
1355929.1, October 2011 Updates
Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session
ID and SSL Filters.
WebLogic Portal 9.2.3.0 is bundled with WebLogic
Server 9.2.3.0, which is out of error correction. Contact Oracle support
for security patches needed for WebLogic Server 9.2.3.0
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
10.3.6.0
|
SPU Patch 21871537
|
Released January 2016
|
WebLogic Portal Patch for WebLogic Portal 10.3.6.0
home
|
3.3.55 Oracle WebLogic Server
Error
Correction information for Oracle WebLogic Server Patch Set Update
Patch Information
|
12.2.1.1.0
|
12.2.1.0
|
12.1.3.0
|
10.3.6.0
|
Comments
|
Final Patch
|
October 2017
|
April 2017
|
October 2019
|
October 2021
|
|
Patch Set Update Availability for
Oracle WebLogic Server
For more information, see MyOracleSupport Note 1470197.1, Master Note on WebLogic
Server Patch Set Updates (PSUs). See Note 1306505.1, Announcing Oracle WebLogic Server
PSUs (Patch Set Updates)
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle Java SE home
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 2253297.1, Critical Patch Update April 2017 Patch
Availability Document for Oracle Java SE
|
See Note 1492980.1, How to Maintain the Java SE Installed
or Used with FMW 11g Products
|
Oracle JRockit 28.x home
|
See "Oracle JRockit"
|
See "Oracle JRockit"
|
|
Oracle WebLogic Server Plug-ins home
|
See "Oracle WebLogic Server
Plug-ins"
|
See "Oracle WebLogic Server
Plug-ins"
|
WLS Plug-In patch for Oracle HTTP Server, Apache,
IIS, and iPlanet
|
WebLogic Server 12.2.1.2 home
|
WLS PSU 12.2.1.2.170418 Patch 25388866
|
CVE-2016-1181, CVE-2017-3506, CVE-2017-3531,
CVE-2017-5638
|
Fix for CVE-2017-5638 is not included in the WLS
PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version
2.3.32 for WebLogic Code Example"
For availability dates, see "Post Release Patches"
|
WebLogic Server 12.2.1.1 home
|
WLS PSU 12.2.1.1.170418 Patch 25388843
|
CVE-2016-1181, CVE-2017-3506, CVE-2017-3531,
CVE-2017-5638
|
Fix for CVE-2017-5638 is not included in the WLS
PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version
2.3.32 for WebLogic Code Example"
|
WebLogic Server 12.2.1.0 home
|
WLS PSU 12.2.1.1.170418 Patch 25388847
|
CVE-2016-1181, CVE-2017-3506, CVE-2017-3531,
CVE-2017-5638
|
Fix for CVE-2017-5638 is not included in the WLS
PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version
2.3.32 for WebLogic Code Example"
|
WebLogic Server 12.1.3.0 home
|
WLS PSU 12.1.3.0.170418 Patch 25388793
|
CVE-2016-1181, CVE-2017-3506, CVE-2017-3531,
CVE-2017-5638
|
Fix for CVE-2017-5638 is not included in the WLS
PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version
2.3.32 for WebLogic Code Example"
|
WebLogic Server 10.3.6.0 home
|
WLS PSU 10.3.6.0.170418 Patch 25388747
|
CVE-2016-1181, CVE-2017-3506, CVE-2017-5638
|
See Note 1607170.1, SSL Authentication Problem Using
WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher
Fix for CVE-2017-5638 is not included in the WLS
PSU patches. See Note 2255054.1, "Upgrade Apache Struts 2 to Version 2.3.32
for WebLogic Code Example"
|
WebLogic Server 12.2.1.1 home
WebLogic Server 12.2.1.0 home
WebLogic Server 12.1.3.0 home
|
SPU Patch 24327938
|
Released July 2016
|
TopLink JPA-RS patch
|
WebLogic Server 12.1.3.0 home
WebLogic Server 12.1.2.0 home
WebLogic Server 12.1.1.0 home
WebLogic Server 10.3.6.0 home
|
See Note 1936300.1
|
Released October 2014
|
SSL V3.0 "Poodle" Advisory
|
3.3.56 Oracle WebLogic Server
Plug-ins
Critical Patch Update Availability for
Oracle WebLogic Server Plug-ins
The available
patches for Oracle WebLogic Server Plug-ins (Oracle HTTP
Server/Apache/IIS/iPlanet).
The WebLogic
plug-ins include all cumulative bug fixes and thus include fixes for all
previously released advisories. For more information, see My Oracle
Support Note
1111903.1.
Product Home
|
Patch
|
Advisory Number
|
Comments
|
WLS Plugin 12c (12.1.2.0)
|
SPU Patch 18423842
SPU Patch 18603723
SPU Patch 18603725
SPU Patch 18603728
|
Released July 2014
|
WLS Plug-in for Oracle HTTP Server (mod_wl_ohs)
WLS Plug-in for Apache (mod_wl)
WLS Plug-in for NSAPI (iPlanet)
WLS Plug-in for ISAPI (Microsoft IIS)
|
WLS Plugin 1.1 (11.1.1.7)
|
SPU Patch 18423831
SPU Patch 18603703
SPU Patch 18603707
SPU Patch 18603714
|
Released July 2014
|
WLS Plug-in for Oracle HTTP Server (mod_wl_ohs)
WLS Plug-in for Apache (mod_wl)
WLS Plug-in for NSAPI (iPlanet)
WLS Plug-in for ISAPI (Microsoft IIS)
|
WLS Plugin 1.0 (10.3.4 and
older)
|
CPU Patch 11845433
|
Released April 2011
|
See Note 1111903.1, WebLogic Server Web Server Plug-In
Support
|
3.4 Oracle Sun Middleware
This section
contains the following:
3.4.1 Directory Server Enterprise Edition
Error Correction information for
Directory Server Enterprise Edition
Patch Information
|
11.1.1.7
|
7.0
|
Comments
|
Final Patch
|
April 2017
|
October 2017
|
|
Patch
Availability for Directory Server Enterprise Edition
3.4.2 iPlanet Web Server
Error
Correction information for iPlanet Web Server
Patch
Information
|
7.0
|
Comments
|
Final Patch
|
January 2018
|
|
Patch
Availability for iPlanet Web Server
3.4.3 Oracle GlassFish
Communications Server
Error
Correction information for Oracle GlassFish Communications Server
Patch
Information
|
2.0
|
Comments
|
Final Patch
|
October 2017
|
|
Patch
Availability for Oracle GlassFish Communications Server
Product
Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle GlassFish Communications Server 2.0
|
Linux x86: 143477-19
Linux x86-64: 143478-19
Solaris x86 and x86-64: 143476-07
Solaris SPARC 32 and 64 bit: 143475-16
|
Released July 2015
|
|
3.4.4 Oracle GlassFish Server
Error
Correction information for Oracle GlassFish Server
Patch
Information
|
3.1.2
|
3.0.1
|
Comments
|
Final Patch
|
January 2019
|
October 2017
|
|
Patch Availability for Oracle GlassFish Server
3.4.5 Oracle OpenSSO Agents
On-Request information for Oracle
OpenSSO Server Platforms
Apache Web Server
2.0.5x
|
Apache Web Server 2.2
|
iPlanet Web Server 7.0
|
Domino 8.5.2
|
IIS 6
|
IIS 7/7.5
|
iPlanet Web Proxy
Server 4.0
|
Comments
|
Solaris SPARC 9/10 (32/64 bit)
Solaris x86 9/10 (32/64 bit)
Windows 2003 (32 bit)
Windows 2008 (32 bit)
Linux RHEL 4.0/5.0 (32/64 bit)
Linux Debian/GNU 4.x (32/64 bit)
Linux SUSE 9.x (32/64 bit)
Linux Ubantu 8.x (32/64 bit)
AIX 5.x/6.1
HPUX 11iv2
|
Solaris SPARC 9/10 (32 bit)
Solaris x86 9/10 (32/64 bit)
Windows 2008 (32 bit)
Linux Debian/GNU 4.x (32/64 bit)
Linux SUSE 9.x (32/64 bit)
Linux Ubantu 8.x (32/64 bit)
AIX 5.x/6.1HPUX 11iv2
|
Solaris SPARC 9/10 (32 bit)
Solaris x86 9/10 (32 bit)
Windows 2003 (32 bit)
Linux RHEL 4.0/5.0 (32 bit)
Linux SUSE 10.3/11.1 (64 bit)
|
Solaris SPARC 10 (32 bit)
Windows 2003 (32 bit)
Windows 2008 (32 bit)
Linux RHEL 5.5 (32/64 bit)
|
NA
|
NA
|
Solaris SPARC 9/10 (32 bit)
Solaris x86 9/10 (32 bit)
Windows 2003 (32 bit)
Linux RHEL 4.0/5.0 (32 bit)
Linux Sue 10.3/11.1 (64 bit)
|
|
Error
Correction information for Oracle OpenSSO Agents
Patch Information
|
3.0
|
Comments
|
Final Patch
|
October 2017
|
|
Patch
Availability for Oracle OpenSSO Agents
Product Home
|
Patch
|
Advisory Number
|
Comments
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.5 SPU Patch 20450584 or later
|
Released April 2015
|
iPlanet Proxy Server 4.0 patch
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.7 SPU Patch 22665680 or later
|
Released April 2016
|
Apache HTTP Server 2.2.X Patch
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.7 Patch 22665727 or later
|
Released April 2016
|
IBM Lotus Domino Server 8.5 Patch
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.5 SPU Patch 19003807 or later
|
Released October 2014
|
IIS 6 Patch
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.7 Patch 22665590 or later
|
Released April 2016
|
IIS 7 Patch
|
Oracle OpenSSO Agent 3.0 home
|
BP 3.0.0.7 Patch 22665643 or later
|
Released April 2016
|
Sun Java System Web Server Patch
|
3.4.6 Sun Role Manager
Error
Correction information for Sun Role Manager
Patch Information
|
5.0.3.2
|
Comments
|
Final Patch
|
October 2017
|
|
On-Request platforms
|
|
|
Patch Availability for Sun Role
Manager
See also the
underlying product stack tables for any applicable patches. Refer to
comments section and apply the patch to the respective product home.
Oracle Sun Role Manager
|
Patch
|
Advisory Number
|
Comments
|
Sun Role Manager 5.0.3.3
home
|
BP 3 Patch 18175969 or higher
|
Released April 2014
|
|
3.5 Tools
This section
contains the following:
3.5.1 Oracle OPatch
Minimum
Product Requirements for Oracle OPatch
The CPU security vulnerabilities are fixed in the
listed release and later releases. The Oracle OPatch downloads can be found
at Patch 6880880.
Component
|
Release
|
Advisory Number
|
Comments
|
Oracle OPatch
|
1.0.0.0.64
|
Announced July 2011
|
|
4 Final Patch History
Final
Patch History
The final patch is the last CPU/PSU release for which
the product release is under error correction. For more information, see My
Oracle Support Note 209768.1, Database, FMW, EM Grid
Control, and OCS Software Error Correction Support Policy.
Release
|
Final Patches
|
Comments
|
January 2017
|
Oracle Business Process Management 10.3.2
Oracle Data Service Integrator 10.3.0
Oracle Outside In Technology 8.5.2
Oracle Service Architecture Leveraging Tuxedo
(SALT) 10.3
Oracle WebCenter Interaction 10.3.3.0
Oracle WebLogic Integration 10.3.1.0
iPlanet Web Server 7.0
iPlanet Web Proxy Server 4.0
Oracle GlassFish Server 2.1.1
|
|
October 2016
|
Oracle Access Manager 10gR3 (10.1.4.x)
Oracle Access Manager WebGates/ASDK 10gR3
(10.1.4.x)
Oracle WebLogic Server Proxy Plug-In 10gR3
(formerly known as WebLogic Server Proxy Plug-In 1.0)
Oracle Outside In Technology 8.5.1
Oracle Audit Vault 10.3
Oracle Secure Backup 10.4.x
|
|
July 2016
|
Oracle Outside In Technology 8.5.0
Oracle Mobile Security Suite 3.0.5
Oracle Database 12.1.0.1 (See MOS Note 742060.1)
|
|
April 2016
|
AquaLogic Data Services Platform 3.2
AquaLogic Data Services Platform 3.0.1
Oracle Business Intelligence Enterprise Edition
11.1.1.7
Oracle Endeca Information Discovery 2.3
Oracle Endeca Information Discovery 2.2.2 (Formerly
Latitude)
Oracle Enterprise Manager Cloud Control 12.1.0.4
Oracle Fusion Middleware 12.1.2.0
Oracle Identity Access Management 11.1.2.2
Oracle Tuxedo 11.1.1
Oracle WebCenter 11.1.1.8
Oracle WebCenter Portal 11.1.1.8
Oracle WebCenter Sites 7.6.2
|
|
January 2016
|
Oracle Real Time Decisions Server 3.0.0.1
Oracle WebCenter Interaction 6.5.1
|
|
July 2015
|
Oracle API Gateway 11.1.2.2.0
Oracle Business Intelligence EE and Publisher
10.1.3.4.2
Oracle Communications Converged Application Server
4.0
Oracle Database 11.2.0.3
Oracle Database 11.1.0.7
Oracle Fusion Middleware 12.1.1.0.0
Oracle Identity and Access Management 11.1.1.5.0
Oracle iPlanet Web Server 6.1.x
Oracle iPlanet Web Server (Java System Web Server
6.1.x)
Oracle WebLogic Server 12.1.1.0
|
|
April 2015
|
Oracle Database Management Plug-in 12.1.0.5
Oracle Enterprise Manager Cloud Control 12.1.0.3
Oracle JDeveloper and Oracle ADF 12.1.2.0
Oracle Outside In Technology 8.4.1
|
|
January 2015
|
JRockit 5.x
Oracle Identity and Access Management 11.1.2.1
Oracle TimesTen 7.0.x
WebLogic Integration 10.2.1.0
WebLogic Integration 10.0.1.0
WebLogic Portal 10.2.1.0
WebLogic Portal 10.0.1.0
WebLogic Server 10.0.2.0
WebLogic Workshop 10.2.1.0
WebLogic Workshop 10.0.1.0
|
|
October 2014
|
Oracle Access Manager 10gR3 (10.1.4.x)
Oracle Database Management Plug-in 12.1.0.4
Oracle Enterprise Manager Grid Control 10.2.0.5
Oracle Forms and Reports 11.1.2.1.0
Oracle Fusion Middleware 10.1.3.5 SOA Suite
|
|
5 Sources
of Additional Information
The following documents provide additional
information about Critical Patch Updates:
- My Oracle Support Note 2229042.1, Security Patch Update April 2017
Database Known Issues
- My Oracle Support Note 2229028.1, Critical Patch Update April 2017
Oracle Fusion Middleware Known Issues
- My Oracle Support Note 1227443.1, Patch Set Updates Known Issues
Notes
- My Oracle Support Note 2006094.1, Critical Patch Update July 2015
Database Patch Security Vulnerability Molecule Mapping
- My
Oracle Support Note 1591483.1, What is Installed in My Middleware
or Oracle home?
- My
Oracle Support Note 1571367.1, Patch Set Update for Exalogic Known
Issues
- My
Oracle Support Note 1306505.1, Announcing Oracle WebLogic Server
PSUs (Patch Set Updates)
- My
Oracle Support Note 1365205.1, Getting Started with Oracle
WebLogic Server: How to Make Sure that Recommended Patches are Applied
- My
Oracle Support Note 1314535.1, Announcing Exalogic PSUs (Patch Set
Updates)
- My
Oracle Support Note 854428.1, Patch Set Updates (PSUs) for Oracle
Products.
- My
Oracle Support Note 605795.1, Introduction to catbundle.sql.
- My
Oracle Support Note 605398.1, How To Find The Version Of The Main
EM Components.
- My
Oracle Support Note 438314.1, Critical Patch Update -
Introduction to Database n-Apply CPU Patches.
- My
Oracle Support Note 209768.1, Database, FMW, EM Grid Control, and
OCS Software Error Correction Support Policy.
- My
Oracle Support Note 161549.1, Oracle Database Server and
Networking Patches for Microsoft Platforms.
- My
Oracle Support Note 1982656.1, EM 12c: How to Patch the
EM-Integrated Oracle BI Publisher
6 Modification History
Modification
History
Date
|
Modification
|
18 April 2017
|
Released
|
18 April
2017
|
Updated section 3.1.4.2
with Advisory Number
Added patch number to section 2.4, and section 3.1.4.2
Added Oracle Enterprise Manager Cloud Control 13.1.0.0 to section 2.3
Corrected two section titles in top Table of Contents
Added "Scope" section
|
18 April
2017
|
Updated
references to Note 2253297.1 throughout section 3.3
Added CVE-2016-3092 to table for Patch Availability for OEM CC 13c
Release 1 (13.1.0.0)
Added links for references to "See Post Release Patches"
Added row for Patch 25774021 in section 3.3.18.1.4
Added row for 12c home in section 3.3.15
Added row for Patch 25534417 in section 3.3.18.1.3
Added comment of "Oracle Data Integrator Patch" to sections
3.3.18.1.3, 3.3.18.1.2 , 3.3.18.1.4
Added rows for Patch 25440397, Patch 25440393, and Patch 25440390 to
section 2.4
Added table comments in section 3.1.4.2.and 3.1.4.4
Added row for FMW 12c home to section 3.3.17
|
18 April
2017
|
re-worked
table for Oracle Database 12.1.0.2 to try to correct a MOS-only display
problem.
|
18 April
2017
|
Added patch
25388866 to section 2.4
Corrected version typo in section 3.3.45
Corrected OBIEE BP version typo in section 3.3.18.1.1
Corrected Product Home typo in section 3.3.18.1.2
Updated to links for "Oracle Fusion Middleware 12c"
Added row for FMW 12c home in section 3.3.47
Fixed font change in section 3.3.53
Made a link for Patch 25476166 in section 3.1.4.4
Removed the 11.1.1.7 row from section 3.3.30
Removed the 11.1.1.7 row from section 3.3.32
Removed the 11.1.1.7 row from section 3.3.53
|
18 April
2017
|
Corrected
link formatting in section 3.1.4.4
|
19 April
2017
|
removed typo "v"
from section 2.2
re-worded text in section 3.1.4.2
removed comment for "Base Platform OMS home" row in section
3.2.3
inserted release-specific references in section 2.2
corrected release number typo in section 3.1.4.2
added Advisory Number content to section 3.3.15
edited title for section 3.3.17
corrected missing link for CPU April 2017 PAD for Oracle Java SE in
section 3.3
|
21 April
2017
|
changed
patch # to 24730407 in section 3.3.34
corrected table formatting problem in section 3.3.18.2
|
24 April
2017
|
Added to
comments in section 3.3.55
Updated section 2.4
|
25 April
2017
|
updated section 2.4
section 3.1.4.2 was updated to reflect that there will be no
PSU/DBBP/OJVM PSU for 12.2 in April 2017.
|
28 April
2017
|
updated EDQ
11.1.1.7.5 BP availability in section 2.4
updated WebLogic Server 12.2.1.2 availability in section 2.4
reformatted tables before section 3.3.4 with standard, full width
formatting.
|
01 May 2017
|
Corrected
broken link in section 3.3.31
Returned tables to "auto" width, vice full width formatting.
Lightened table line weight.
|
02 May 2017
|
updated
section 2.4
|
10-May-2017
|
corrected
typo (18 --> 17) in section 3.3.50
updated section 2.4 with availability of JDeveloper 12.2.1.0.170418 BP
Corrected links to intra-document anchors in section 1.0
|
23-May-2017
|
provided a
new estimate for JDeveloper 12.1.3.0.170418 BP in section 2.4
|
30-May-2017
|
updated
JDeveloper 12.1.3.0.170418 BP availability in section 2.4
|
31-May-2017
|
Corrected
absolute links in Section 1.6 and 1.7
|
27-October-2017
|
Patch
25604440 changed to Patch 19933795 in section 3.3.18.4
|
7 Documentation Accessibility
For information about Oracle's commitment to
accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers have access to electronic support
through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Patch Set Update
and Critical Patch Update Availability Document July 2016
Copyright )
2016, Oracle and/or its affiliates. All rights reserved.
This software and
related documentation are provided under a license agreement containing
restrictions on use and disclosure and are protected by intellectual
property laws. Except as expressly permitted in your license agreement or
allowed by law, you may not use, copy, reproduce, translate, broadcast,
modify, license, transmit, distribute, exhibit, perform, publish, or
display any part, in any form, or by any means. Reverse engineering,
disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information
contained herein is subject to change without notice and is not warranted
to be error-free. If you find any errors, please report them to us in
writing.
If this is
software or related documentation that is delivered to the U.S. Government
or anyone licensing it on behalf of the U.S. Government, the following
notice is applicable:
U.S. GOVERNMENT
RIGHTS Programs, software, databases, and related documentation and
technical data delivered to U.S. Government customers are "commercial
computer software" or "commercial technical data" pursuant
to the applicable Federal Acquisition Regulation and agency-specific
supplemental regulations. As such, the use, duplication, disclosure,
modification, and adaptation shall be subject to the restrictions and
license terms set forth in the applicable Government contract, and, to the
extent applicable by the terms of the Government contract, the additional
rights set forth in FAR 52.227-19, Commercial Computer Software License
(December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA
94065.
This software or
hardware is developed for general use in a variety of information
management applications. It is not developed or intended for use in any
inherently dangerous applications, including applications that may create a
risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate
fail-safe, backup, redundancy, and other measures to ensure its safe use.
Oracle Corporation and its affiliates disclaim any liability for any
damages caused by use of this software or hardware in dangerous
applications.
Oracle and Java
are registered trademarks of Oracle and/or its affiliates. Other names may
be trademarks of their respective owners.
Intel and Intel
Xeon are trademarks or registered trademarks of Intel Corporation. All
SPARC trademarks are used under license and are trademarks or registered
trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the
AMD Opteron logo are trademarks or registered trademarks of Advanced Micro
Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may
provide access to or information on content, products, and services from
third parties. Oracle Corporation and its affiliates are not responsible
for and expressly disclaim all warranties of any kind with respect to
third-party content, products, and services. Oracle Corporation and its
affiliates will not be responsible for any loss, costs, or damages incurred
due to your access to or use of third-party content, products, or services.
|