Critical Patch Update (CPU) Program Jul 2020 Patch Availability Document (PAD) (Doc ID 2664876.1)




  • APPLIES TO:

    Oracle Database Cloud Exadata Service - Version N/A and later
    Oracle Database Cloud Service - Version N/A and later
    Oracle Database - Enterprise Edition - Version 11.2.0.4 and later
    Oracle Database Backup Service - Version N/A and later
    Oracle Database - Standard Edition - Version 11.2.0.4 and later
    Information in this document applies to any platform.

    PURPOSE

    This document defines the patches and minimum releases for the Database Product Suite, Fusion Middleware Product Suite, Exalogic, and Enterprise Manager Suite Critical Patch Updates and Patch Set Updates released on July 14, 2020.

    SCOPE

    The document is for Database Administrators and/or others tasked with Quarterly Security Patching.

    DETAILS

    Database, Fusion Middleware, and Enterprise Manager Critical Patch Update July 2020 Patch Availability Document

    My Oracle Support Note 2664876.1

    Released July 14, 2020

    This document contains the following sections:

    1 Overview

    Oracle provides quarterly cumulative patches to address security vulnerabilities. The patches may include critical fixes in addition to the security fixes. The security vulnerabilities addressed are announced in the Advisory for July 2020, available at:

    Oracle Technical Network Advisory

    This document lists the Oracle Database, Fusion Middleware and Enterprise Manager CPU program cumulative patches for product releases under error correction. The July 2020 release supersedes earlier CPU program cumulative patches for the same product releases. This document is subject to continual update after the initial release, and the changes are listed in "Modification History." If you print this document, check My Oracle Support to ensure you have the latest version.

    This section contains the following:

    1.1 How To Use This Document

    The following steps explain how to use this document.

    Step 1   Assess your Environments
    Determine the Oracle product suites and products and their release numbers for each of your environments.
    Step 2   Read Important Announcements
    Review "What's New in July 2020," as it lists documentation and packaging changes along with important announcements such as upcoming final CPUs.
    Step 3   Determine Patches to be Applied
    For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control 12.1.0.5.

    • The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite
    • The patches are listed in the order released, with newest patches listed first
    • For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes
    • The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance
    • Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at 
      <a href="http://www.oracle.com/technetwork/topics/security/alerts-086861.html">http://www.oracle.com/technetwork/topics/security/alerts-086861.html</a>

      . For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

    • When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."
    Step 4   Apply the Patches
    Download the patches, review the READMEs, and apply the patches according to the instructions.
    Step 5   Planning for Future Critical Patch Updates
    To help you plan for future Critical Patch Updates, this document includes Final CPU information based on Oracle's Lifetime Support Policy and error correction policies.

    "Final CPU Information (Error Correction Policies)" in "What's New in July 2020," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU program patch for the product. Products that have reached the end of error correction are documented in "Final CPU History."

    1.2 Terminology in the Tables

    The following terminology is used in this patch availability document and in the subsequent tables.

    • Update - Release Update
    • Revision -Release Update Revision
    • BP - Bundle Patch
    • Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
    • NA Not Applicable.
    • OR On-Request. The patch is made available through the On-Request program.
    • PSU - Patch Set Update
    • SPU - Security Patch Update. An iterative, cumulative patch consisting of security fixes.
    • Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

    1.3 On-Request Patches

    Oracle does not proactively release patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

    The following guidelines describe how to initiate an on-request (OR) patch.

    A request may be made:

        • At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.
        • As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at 
          <a href="http://www.oracle.com/us/support/lifetime-support/index.html">http://www.oracle.com/us/support/lifetime-support/index.html</a>

          , and Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy.

        • For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUOct2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

    A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

    1.4 CPU Program and My Oracle Support Patch Recommendations

    My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

    Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

    1.5 My Oracle Support (MOS) Conflict Checker Tool

    The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

    You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

    The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

    For more information and a demonstration video, see Knowledge Document Note 1091294.1How to Use the My Oracle Support Conflict Checker Tool for Patches Installed with OPatch [Video].

    2 What's New in July 2020

    This section describes important changes in July 2020:

    2.1 Final CPU Information (Error Correction Policies)

    The final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. Final CPUs for upcoming releases, as well as newly scheduled final CPUs, are listed in the following sections.

    Final CPUs scheduled for Oct 2020

    • Oracle Coherence 12.1.3.0.0
    • Oracle Enterprise Data Quality for Product Data 11.1.1.6.0
    • Weblogic Server 12.1.3.0.0

    Final CPUs scheduled for Jul 2020

    • Oracle Outside In Technology 8.5.4
    • Oracle Tuxedo 12.1.1.0
    • Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 12.1.1.1

     

    2.2 Post Release Patches

    Oracle strives to complete preparations and testing of each Quarterly Security Patch for each platform by the quarterly release date. Occasionally, circumstances beyond our control dictate that a particular patch be delayed and be released a few days after the quarterly release date. The following table lists any current patch delays and the estimated date of availability.

    Patch Patch Number Platform Availability
    Oracle Configuration Manager 12.1.2.0.7 Patch 5567658 All Available
    EM-BEACON Bundle Patch 12.1.0.5.200731 (Patch canceled) All For CVE-2019-12415, upgrade to 13.4 and apply Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later.
    EM-BEACON Plug-in Agent Bundle Patch 13.3.0.0.200731 (Patch canceled) All For CVE-2019-12415, upgrade to 13.4 and apply Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later.
    EM BP Patch Set Update 13.3.0.0.200714 Patch 31250768 All Available
    OAS BUNDLE PATCH 5.5.0.0.200828 Patch 31816819 Linux x86-64 Available
    OSS Bundle Patch 11.1.1.9.200714 Patch 31304503 HP-UX PA-RISC Available
    WebCenter Portal Bundle Patch 11.1.1.9.200730 Patch 31609876 All Available
    DB RU 19.8.0.0.200714 (& associated COMBO) Patch 31281355 & (Patch 31326362) AIX, HP-UX ItaniumSolaris x86-64, Solaris SPARC Available
    GI RU 19.8.0.0.200714 (& associated COMBO) Patch 31305339 & (Patch 31326369) AIX, HP-UX ItaniumSolaris x86-64, Solaris SPARC Available
    DB RUR 19.7.1.0.200714 Patch 31204483 All Available
    GI RUR 19.7.1.0.200714 Patch 31326441 All Available
    DB RUR 19.6.2.0.200714 Patch 31212138 All Available
    GI RUR 19.6.2.0.200714 Patch 31326451 All Available
    DB Jul2020 RU 12.2.0.1.200714 (& associated COMBO) Patch 31312468 & (Patch 31326379) AIX Available
    GI Jul2020 RU 12.2.0.1.200714 (& associated COMBO) Patch 31305382 & (Patch 31326390) AIX, zLinux, HP-UX Itanium Available
    DB Jan2020 RUR 12.2.0.1.200714 Patch 31212219 AIX Available
    GI Jan2020 RUR 12.2.0.1.200714 Patch 31326459 AIX Available
    DB Apr2020 RUR 12.2.0.1.200714 Patch 31199988 AIX, HP-UX Itanium, Solaris SPARC Available
    GI Apr2020 RUR 12.2.0.1.200714 Patch 31326445 AIX, HP-UX Itanium, Solaris SPARC Available
    DB Proactive Bundle Patch 12.1.0.2.200714 Patch 31307682 Linux x86-64, Solaris SPARC, zLinux Available
    DB Proactive Bundle Patch 12.1.0.2.200714 (& associated COMBO) Patch 31307682 & (Patch 31326402) All Available
    Microsoft Windows BP 19.8.0.0.200714 (& associated OJVM) Patch 31247621 & (Patch 31219897) All Available
    Microsoft Windows BP 18.1.0.0.200714 (& associated OJVM) Patch 31247612 & (Patch 31219909) All Available
    Microsoft Windows BP 12.2.0.1.200714 Patch 31210848 All Available
    Microsoft Windows OJVM 12.2.0.1.200714 Patch 31465105 Windows 64-Bit Available
    Microsoft Windows BP 12.1.0.2.200714 (& associated OJVM) Patch 31211574 & (Patch 31465095) All Available
    Microsoft Windows BP 11.2.0.4.200414 (& associated OJVM) Patch 31169916 & (Patch 31169933) All Available. Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.200414 Patch 31169916 contain security fixes for both Apr2020 and Jul2020.
    QFSDP for Exadata (Aug2020) 19.8.0.0.200814 Patch 31754150 All Available
    QFSDP for Exadata (Aug2020) 18.11.0.0.200814 Patch 31754146 All Available
    QFSDP for Exadata (Aug2020) 12.2.0.1 Patch 31754141 All Available
    QFSDP for Exadata (Aug2020) BP 12.1.0.2 Patch 31754137 All Available
    QFSDP for Exadata (Aug2020) BP 11.2.0.4 Patch 31754131 All Available
    Quarterly Full Stack download for SuperCluster (Q3.2020) Patch 31326434 All 15-Sep-2020

    3 Patch Availability for Oracle Products

    This section contains the following:

    3.1 Oracle Database

    This section contains the following:

    3.1.1 Oracle REST Data Services (formally called Oracle APEX Listener)

    Error Correction information for Oracle REST Data Services 3.0

    Patch Information 3.0 Comments
    Final CPU -

    Minimum Product Requirements for Oracle REST Data Services

    Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle REST Data Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.

    Product Release Advisory Number Comments
    Oracle REST Data Services 3.0.10.25.02.36 Released July 2017

    3.1.2 Oracle Application Express

    Minimum Product Requirements for Oracle Application Express

    Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

    Component Release Advisory Number Comments
    Oracle Application Express 20.1.0.00.13 CVE-2020-2513, CVE-2020-2971, CVE-2020-2972, CVE-2020-2973, CVE-2020-2974, CVE-2020-2976, CVE-2020-2975, CVE-2020-2977

     

    3.1.3 Reserved for Future Use

     

    3.1.4 Oracle Database

    This section contains the following:

    3.1.4.1 Patch Availability for Oracle DatabaseFor information regarding the different types of patches for Database, refer to Oracle Database - Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1

    3.1.4.2 Oracle Database 19

    Patch Information 19 Comments
    Final CPU See Note 742060.1
    On-Request platforms 32-bit client-only platforms

    Patch Availability for Oracle Database 19

    Product Home Patch Advisory Number Comments
    Oracle Database Server home Combo OJVM Release Update 19.8.0.0.200714 and Database Release Update 19.8.0.0.200714 Patch 31326362 for UNIX, or

    Combo OJVM Release Update 19.8.0.0.200714 and GI Release Update 19.8.0.0.200714 Patch 31326369, or

    Quarterly Full Stack download for Exadata (Aug2020) 19.8.0.0.200814 Patch 31754150 for Linux x86-64

    CVE-2020-2969, CVE-2020-2978, CVE-2019-13990, CVE-2019-17569, CVE-2020-2968, CVE-2016-1000031 For patch availability, see section 2.2 Post Release Patches

    See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home Database Release Update 19.8.0.0.200714 Patch 31281355 for UNIX, or

    Database Release Update Revision 19.7.1.0.200714 Patch 31204483 for UNIX, or

    Database Release Update Revision 19.6.2.0.200714 Patch 31212138 for UNIX, or

    GI Release Update 19.8.0.0.200714 Patch 31305339, or

    GI Release Update Revision 19.7.1.0.200714 Patch 31326441, or

    GI Release Update Revision 19.6.2.0.200714 Patch 31326451, or

    Microsoft Windows 32-Bit and x86-64 BP 19.8.0.0.200714 Patch 31247621, or later;

    Quarterly Full Stack download for Exadata (Aug2020) 19.8.0.0.200814 Patch 31754150 for Linux x86-64, or

    Quarterly Full Stack download for SuperCluster (Q3.2020) Patch 31326434 for Solaris SPARC 64-Bit

    CVE-2020-2969, CVE-2020-2978, CVE-2019-13990, CVE-2019-17569, CVE-2016-1000031 For patch availability, see section 2.2 Post Release Patches

    From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home OJVM Release Update 19.8.0.0.200714 Patch 31219897 for all platforms CVE-2020-2968 See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches
    Oracle Database Server and Client home JDK8u261Patch 31301460 CVE-2020-14664, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14556, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14577 JDK patches for 32 bit clients would be build on demand basis.
    Oracle Database Server home Perl Patch 29511771 Released April 2019
    Oracle Database Client home Database Release Update 19.4.0.0.190716 Patch 29834717 for UNIX Released July 2019 The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

     

    3.1.4.3 Oracle Database 18

    Patch Information 18 Comments
    Final CPU See Note 742060.1
    On-Request platforms 32-bit client-only platforms

    Patch Availability for Oracle Database 18

    Product Home Patch Advisory Number Comments
    Oracle Database Server home Combo OJVM Release Update 18.11.0.0.200714 and Database Release Update 18.11.0.0.200714 Patch 31326374 for UNIX, or

    Combo OJVM Release Update 18.11.0.0.200714 and GI Release Update 18.11.0.0.200714 Patch 31326376, or

    Quarterly Full Stack download for Exadata (Aug2020) 18.11.0.0.200814 Patch 31754146

    CVE-2020-2969, CVE-2016-9843, CVE-2020-2978, CVE-2020-8112, CVE-2019-13990, CVE-2019-17569, CVE-2020-2968, CVE-2016-1000031 For patch availability, see section 2.2 Post Release Patches

    OJVM Update patches from 18.4 onwards are RAC Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home Database Release Update 18.11.0.0.200714 Patch 31308624, or

    Database Release Update Revision 18.10.1.0.200714 Patch 31211410, or

    Database Release Update Revision 18.9.2.0.200714 Patch 31212186, or

    GI Release Update 18.11.0.0.200714 Patch 31305362, or

    GI Release Update Revision 18.10.1.0.200714 Patch 31326437, or

    GI Release Update Revision 18.9.2.0.200714 Patch 31326455, or

    Microsoft Windows 32-Bit and x86-64 BP 18.11.0.0.200714 Patch 31247612, or later;

    Quarterly Full Stack download for Exadata (Aug2020) 18.11.0.0.200814 Patch 31754146, or

    Quarterly Full Stack download for SuperCluster (Q3.2020) Patch 31326434 for Solaris SPARC 64-Bit

    CVE-2020-2969, CVE-2016-9843, CVE-2020-2978, CVE-2020-8112, CVE-2019-13990, CVE-2019-17569, CVE-2016-1000031 For patch availability, see section 2.2 Post Release Patches

    From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home OJVM Release Update 18.11.0.0.200714 Patch 31219909 for all platforms CVE-2020-2968 OJVM Update patches from 18.4 onwards are RAC Rolling installable. Please see Note 2217053.1, RAC Rolling Install Process for the "Oracle JavaVM Component Database PSU/RU" (OJVM PSU/RU) Patches
    Oracle Database Server and Client home JDK8u261 Patch 31302462 CVE-2020-14664, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14556, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14577 See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

    JDK patches for 32 bit clients would be build on demand basis

    Oracle Database Server home Perl Patch 31225444 CVE-2018-18314
    Oracle Database Client home Database Release Update 18.7.0.0.190716 Patch 29757256, or

    Database Release Update Revision 18.6.1.0.190716 Patch 29708235, or

    Database Release Update Revision 18.5.2.0.190716 Patch 29708437 or

    Microsoft Windows 32-Bit and x86-64 BP 18.7.0.0.190716 Patch 29859180

    Released July 2019 The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

     

    3.1.4.4 Oracle Database 12.2.0.1

    Patch Information 12.2.0.1 Comments
    Final CPU See Note 742060.1
    On-Request platforms 32-bit client-only platforms

    Patch Availability for Oracle Database 12.2.0.1

    Product Home Patch Advisory Number Comments
    Oracle Database Server home Combo OJVM Release Update 12.2.0.1.200714 and Database Release Update 12.2.0.1.200714 Patch 31326379 for UNIX, or

    Combo OJVM Release Update 12.2.0.1.200714 and GI Release Update 12.2.0.1.200714 Patch 31326390, or

    Quarterly Full Stack download for Exadata (Aug2020) 12.2.0.1 Patch 31754141, or

    Quarterly Full Stack download for SuperCluster (Q3.2020) Patch 31326434 for Solaris SPARC 64-Bit

    CVE-2020-2969, CVE-2020-2978, CVE-2019-13990, CVE-2019-17569, CVE-2020-2968, CVE-2016-1000031 For patch availability, see section 2.2 Post Release Patches

    OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

    Combos are for environments that take a single downtime to apply all patches

    See Note 1929745.1, Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and Update" (OJVM PSU and OJVM Update) Patches.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home Database Jul2020 Release Update 12.2.0.1.200714 Patch 31312468 for UNIX, or

    Database Jan2020 Release Update Revision 12.2.0.1.200714 Patch 31212219, or

    Database Apr2020 Release Update Revision 12.2.0.1.200714 Patch 31199988, or

    GI Jul2020 Release Update 12.2.0.1.200714 Patch 31305382, or

    GI Jan2020 Release Update Revision 12.2.0.1.200714 Patch 31326459, or

    GI Apr2020 Release Update Revision 12.2.0.1.200714 Patch 31326445, or

    BS2000 Database BP 12.2.0.1.200714 Patch 31401274

    Microsoft Windows 32-Bit and x86-64 BP 12.2.0.1.200714 Patch 31210848, or later;

    Quarterly Full Stack download for Exadata (Aug2020) 12.2.0.1 Patch 31754141, or

    Quarterly Full Stack download for SuperCluster (Q3.2020) Patch 31326434 for Solaris SPARC 64-Bit

    CVE-2020-2969, CVE-2020-2978, CVE-2019-13990, CVE-2019-17569, CVE-2016-1000031 For patch availability, see section 2.2 Post Release Patches

    From Jan2020 onwards the Database and GI Update and Revision patches include the JDK fixes released in the prior cycle. For the most recent JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home OJVM Release Update 12.2.0.1.200714 Patch 31219919 for UNIX, or

    OJVM Microsoft Windows Bundle Patch 12.2.0.1.200714 Patch 31465105

    CVE-2020-2968 OJVM Update Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

    See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

    Oracle Database Server and Client home JDK8u261 Patch 31302499 CVE-2020-14664, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14556, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14577 See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

    JDK patches for 32 bit clients would be build on demand basis.

    Oracle Database Server home Perl Patch 30508161 CVE-2018-18314
    Oracle Database Client home Database Jul2019 Release Update 12.2.0.1.190716 Patch 29757449 for UNIX, or

    Database Jan2019 Release Update Revision 12.2.0.1.190716 Patch 29708478, or

    Database Apr2019 Release Update Revision 12.2.0.1.190716 Patch 29708381, or

    Microsoft Windows 32-Bit and x86-64 RU 12.2.0.1.190716 Patch 29832062, or later

    Released July 2019 The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

     

    3.1.4.5 Oracle Database 12.1.0.2

    Error Correction information for Oracle Database 12.1.0.2

    Patch Information 12.1.0.2 Comments
    Final CPU See Note 742060.1
    On-Request platforms  32-bit client-only platforms

    Patch Availability for Oracle Database 12.1.0.2

    If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

    Product Home Patch Advisory Number Comments
    Oracle Database Server home Combo OJVM PSU 12.1.0.2.200714 and Database PSU 12.1.0.2.200714 Patch 31326396 for UNIX, or

    Combo OJVM PSU 12.1.0.2.200714 and GI PSU 12.1.0.2.200714 Patch 31326400, or

    Combo OJVM PSU 12.1.0.2.200714 and Database Proactive BP 12.1.0.2.200714  Patch 31326402 for UNIX, or

    Quarterly Full Stack download for Exadata (Aug2020) BP 12.1.0.2 Patch 31754137, or

    Quarterly Full Stack download for SuperCluster (Q3.2020) Patch 31326434 for Solaris SPARC 64-Bit

    CVE-2020-2969, CVE-2020-2978, CVE-2020-2968 For patch availability, see section 2.2 Post Release Patches

    OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.Combos are for environments that take a single downtime to apply all patches

    See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home Database PSU 12.1.0.2.200714 Patch 31113348 for UNIX, or

    GI PSU 12.1.0.2.200714 Patch 31305174, or

    Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.200714 Patch 31211574, or later;

    Database Proactive Bundle Patch 12.1.0.2.200714 Patch 31307682 or

    Quarterly Full Stack download for Exadata (Aug2020) BP 12.1.0.2 Patch 31754137, or

    Quarterly Full Stack download for SuperCluster (Q3.2020) Patch 31326434 for Solaris SPARC 64-Bit

    CVE-2020-2969, CVE-2020-2978 For patch availability, see section 2.2 Post Release Patches

    For JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home Oracle JavaVM Component Database PSU 12.1.0.2.200714 Patch 31219939 for UNIX, or

    Oracle JavaVM Component Microsoft Windows Bundle Patch 12.1.0.2.200714 Patch 31465095

    CVE-2020-2968 OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

    All OJVM PSU since 12.1.0.2.161018 includes Generic JDBC Patch 23727148

    See Note 1929745.1, Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

    Oracle Database Server and Client home JDK7u271 Patch 31302525 CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14578, CVE-2020-14579, CVE-2020-14577 See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

    JDK patches for 32 bit clients would be build on demand basis.

    Oracle Database Server home Perl Patch 30508171 CVE-2018-18314
    Oracle Database Server home Oracle JavaVM Component Database PSU - Generic JDBC 12.1.0.2.160719 Patch 23727148 Released July 2016
    Oracle Database Client home Database PSU 12.1.0.2.190716 Patch 29494060 for UNIX, or

    Microsoft Windows 32-Bit and x86-64 BP 12.1.0.2.190716 Patch 29831650

    Released July 2019 The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

     

    3.1.4.6 Oracle Database 11.2.0.4

    Error Correction information for Oracle Database 11.2.0.4

    Patch Information 11.2.0.4 Comments
    Final CPU See Note 742060.1
    On-Request platforms HP-UX PA-RISC

    IBM: Linux on System Z

    32-bit client-only platforms except Linux x86

    On-Request platforms 32-bit client-only platforms except Linux x86

    Patch Availability for Oracle Database 11.2.0.4

    If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

    Product Home Patch Advisory Number Comments
    Oracle Database Server home Combo OJVM PSU 11.2.0.4.200714 and Database SPU 11.2.0.4.200714 Patch 31326415 for UNIX, or

    Combo OJVM PSU 11.2.0.4.200714 and Database PSU 11.2.0.4.200714 Patch 31326405 for UNIX, or

    Combo OJVM PSU 11.2.0.4.200714 and GI PSU 11.2.0.4.200714 Patch 31326410 for UNIX, or

    Combo OJVM PSU 11.2.0.4.200714 and Exadata BP 11.2.0.4.200714 Patch 31326413

    CVE-2020-2969, CVE-2020-2968 For patch availability, see section 2.2 Post Release Patches

    From Jan2019 onwards the OJVM now only supports JDK7 for security compliance. Please ensure that if there are applications with an OJVM dependency that they are compatible with JDK7.

    OJVM PSU Patches are not RAC Rolling installable. However, NOTE 2217053.1 defines a few specific situations where the OJVM PSU patchset can be postinstalled into each database while the database remains in unrestricted "startup" mode. Please refer to the NOTE for more details.

    Combos are for environments that take a single downtime to apply all patches

    See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

    Oracle Database Server home Database PSU 11.2.0.4.200714 Patch 31103343 for UNIX, or

    GI PSU 11.2.0.4.200714 Patch 31305209 for UNIX, or

    Database SPU 11.2.0.4.200714 Patch 31338362 for UNIX, or

    Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.200414 Patch 31169916, or later;

    Quarterly Database Patch for Exadata BP 11.2.0.4.200714 Patch 31220011 for UNIX, or

    Quarterly Full Stack download for Exadata (Aug2020) BP 11.2.0.4 Patch 31754131, or

    Quarterly Full Stack download for SuperCluster (Q3.2020) Patch 31326434 for Solaris SPARC 64-Bit

    CVE-2020-2969 For patch availability, see section 2.2 Post Release Patches

    For JDK fixes a separate patch is available (see below) and needs to be installed in addition to the Database and GI patches.

    Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.200414 Patch 31169916 contain security fixes for both Apr2020 and Jul2020.

    The Quarterly Full Stack download for Exadata (Jul2020) has been replaced by the Quarterly Full Stack download for Exadata (Aug2020). See Note 2664000.1 for more information.

    Oracle Database Server home Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.200714 Patch 31219953 for UNIX, or

    Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.200414 Patch 31169933 for Microsoft Windows

    CVE-2020-2968 From Jan2019 onwards the OJVM now only supports JDK7 for security compliance. Please ensure that if there are applications with an OJVM dependency that they are compatible with JDK7.

    OJVM PSU 11.2.0.4.161018 and greater includes Generic JDBC Patch 23727132

    See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

    Oracle JavaVM (OJVM) Component Database PSU 11.2.0.4.200414 Patch 31169933 for Microsoft Windows contains security fixes for both Apr2020 and Jul2020.

    Oracle Database Server and Client home JDK7u271 Patch 31302572 CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14578, CVE-2020-14579, CVE-2020-14577 See Note 2584628.1, "JDK and PERL Patches for Oracle Database Home and Grid Home" for information on availability and prior patches.

    JDK patches for 32 bit clients would be build on demand basis.

    Oracle Database Server home Perl Patch 30508206 CVE-2018-18314
    Oracle Database Server home Oracle JavaVM Component Database PSU - Generic JDBC 11.2.0.4.160719 Patch 23727132 Released July 2016 For RAC deployments, this patch should be applied to Grid Infrastructure Home instead of OJVM PSU 11.2.0.4.4, or higher

    See Note 1929745.1Oracle Recommended Patches -- Oracle JavaVM Component Database PSU (OJVM PSU) Patches

    Oracle Database Client home Database PSU 11.2.0.4.190716 Patch 29497421 for UNIX, or

    Microsoft Windows (32-Bit) and x64 (64-Bit) BP 11.2.0.4.190716 Patch 29596609, or later

    Released July 2019 The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.

    3.1.5 Oracle Database Mobile/Lite Server

    Error Correction Information for Oracle Database Mobile Server

    Patch Information 12.1 (Mobile Server) 11.3 (Mobile Server) Comments
    Final CPU - October 2021

    Patch Availability for Oracle Database Mobile Server 12.1.x

    Product Home Patch Advisory Number Comments
    12.1 12.1.0.0 BP Patch 21974980 Released October 2015

    Patch Availability for Oracle Database Mobile Server 11.3.x

    Product Home Patch Advisory Number Comments
    11.3 11.3.0.2 BP Patch 21950285 Released October 2015

    3.1.6 Oracle GoldenGate

    Error Correction information for Oracle GoldenGate

    Component 19.1 18.1 12.3.0.1 12.2.0.2 12.1.2.1 Comments
    Final CPU April 2021 July 2026 April 2021 October 2023 October 2021

    Patch Availability for Oracle GoldenGate

    Product Home Patch Advisory Number Comments
    19.1 OGG 19.1.0.0.200714 for Oracle 19c Patch 31456601

    OGG 19.1.0.0.200714 for Oracle 18c Patch 31456600

    OGG 19.1.0.0.200714 for Oracle 12c Patch 31456597

    OGG 19.1.0.0.200714 for Oracle 11g Patch 31456594

    Released Jul 2020 Refer to Note 1645495.1 for the latest release and additional platforms.
    18.1 OGG 18.1.0.0.191119 for Oracle 18c Patch 30058913

    OGG 18.1.0.0.191119 for Oracle 12c Patch 30058910

    OGG 18.1.0.0.191119 for Oracle 11g Patch 30058904

    CVE-2020-14705 Refer to Note 1645495.1 for the latest release and additional platforms.
    12.3.0.1 OGG 12.3.0.1.190531 FOR Oracle 12c Patch 29791770

    OGG 12.3.0.1.190531 FOR Oracle 11g Patch 29791759

    CVE-2020-14705 Refer to Note 1645495.1 for the latest release and additional platforms.
    12.2.0.2 OGG 12.2.0.2.200218 for Oracle 12c Patch 30619259

    OGG 12.2.0.2.200218 for Oracle 11g Patch 30619257

    CVE-2020-14705 Refer to Note 1645495.1 for the latest release and additional platforms.
    12.1.2.1 On-Request CVE-2020-14705 Refer to Note 1645495.1 for the latest release and additional platforms.

    3.1.7 Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)

    Error Correction information for Oracle GoldenGate for Big Data

    Component 12.3.2.1.0 Comments
    Final CPU -

    Patch Availability for Oracle GoldenGate for Big Data

    Product Home Patch Advisory Number Comments
    19.1.0.0.3 OGG for Big Data 19.1.0.0.3 patch 30897747 CVE-2019-14379
    12.3.2.1 Oracle GoldenGate for Big Data 12.3.2.1.5 Patch 30207616 Released October 2019 Download the release from OTN

    3.1.8 Oracle GoldenGate Veridata

    Error Correction information for Oracle GoldenGate Veridata

    Component 11.2.1.0 Comments
    Final CPU October 2020

    Patch Availability for Oracle GoldenGate Veridata

    Product Home Patch Advisory Number Comments
    11.2.1.0 oracle goldengate veridata v11.2.1.0.2 java agent - Patch 27425665

    oracle goldengate veridata v11.2.1.0.2 server - Patch 27425668

    Released April 2018 Golden Gate Veridata Patch

    3.1.9 Oracle Secure Backup

    Error Correction information for Oracle Secure Backup

    Patch Information 18.1 Comments
    Final CPU January 2024

    Minimum Product Requirements for Oracle Secure Backup

    Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Secure Backup downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html

    Product Release Advisory Number Comments
    Oracle Secure Backup 18.1 Released April 2020

     

    3.1.10 Oracle Spatial Studio

    Minimum Product Requirements for Oracle Spatial Studio

    Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Spatial Studio downloads and installation instructions can be found at
    https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html

    Product Release Advisory Number Comments
    Oracle Spatial Studio 19.2.1 CVE-2019-10086

     

    3.1.11 Oracle Stream Analytics

    Minimum Product Requirements for Oracle Stream Analytics

    Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Stream Analytics downloads and installation instructions can be found at
    https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html

    Product Patch Advisory Number Comments
    Oracle Stream Analytics 19.1.0.0.1 Patch 30629903 CVE-2019-0222, CVE-2019-14379

     

    3.1.12 Oracle TimesTen In-Memory Database

    Error Correction information for Oracle TimesTen In-Memory Database

    Describes Error Correction information for Oracle TimesTen In-Memory Database.

    Patch Information 18.1 Comments
    Final Patch April 2026

    Minimum Product Requirements for Oracle TimesTen In-Memory Database

    Describes the minimum product requirements for Oracle TimesTen In-Memory Database. The CPU security vulnerabilities are fixed in the listed release and later releases.

    Product Release Advisory Number Comments
    Oracle TimesTen In-Memory Database 18.1.2.1.0 or later version CVE-2018-18314

     

    3.2 Oracle Enterprise Manager

    This section contains the following:

    3.2.1 Oracle Real User Experience Insight

    Error Correction information for Oracle Real User Experience Insight

    Patch Information 13.4.1.0 13.3.1.0 Comments
    Final CPU October 2023 April 2021
    On-Request platforms - -

    Minimum Product Requirements for Oracle Real User Experience Insight

    Critical Patch Update security vulnerabilities are fixed in the listed releases. For more information on Oracle Real User Experience Insight, see http://www.oracle.com/technetwork/oem/app-performance-mgmt/index.html.

    Product Version Patch Advisory Number Comments
    Real User Experience Insight 13.3.1.0 Patch 31595030 CVE-2020-7595

    3.2.2 Oracle Application Testing Suite

    Error Correction information for Oracle Application Testing Suite

    Patch Information 13.3.0.1 Comments
    Final CPU June 2025

    Patch Availability for Oracle Application Testing Suite

    These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Application Testing Suite downloads and installation instructions, see http://www.oracle.com/technetwork/oem/downloads/index-084446.html.

    Product Home Patches Advisory Number Comments
    Base Platform Fusion Middleware home See "Oracle WebLogic Server" (Version 12.2.1.4) Released January 2019 See "Oracle WebLogic Server" (Version 12.2.1.4)
    13.3.0.1 EM BP Application Testing Suite CPU July 2020 Patch 31517976 CVE-2019-17091, CVE-2017-5645 Jan 2020 Patch includes this CVE-2019-17091 fix
    13.3.0.1 EM BP Application Testing Suite OFB CPU July 2020 Patch 31517994 CVE-2019-17091, CVE-2017-5645 Jan 2020 Patch includes this CVE-2019-17091 fix

     

    3.2.3 Oracle Business Transaction Management

    Error Correction Information for Oracle Business Transaction Management

    Component 12.1.0.7 Comments
    Final CPU -

    Patch Availability for Oracle Business Transaction Management

    Product Home Patch Advisory Number Comment
    BTM Home BTM Patch 12.1.0.7.15 Patch 29135901 Released April 2019

     

    3.2.4 Oracle Enterprise Manager Cloud Control

    If your plans include updating the JDK version, please be sure that the JDK version that you choose is certified with your OEM Cloud Control Component. Please refer to Note 2241358.1 for upgrading the JDK Component related to OEM Cloud Control Component.

    Error Correction information for Oracle Enterprise Manager Cloud Control

    Patch Information 13.4.0.0 13.3.0.0 12.1.0.5 Comments
    Final CPU - January 2021 October 2020
    On-Request platforms - - -

    Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 4 (13.4.0.0)

    Product Home Patches Advisory Number Comments
    Base Platform Repository home See "Oracle Database"
    Oracle Java SE home See Note 2653847.1 EM 13.4: How to Use the Latest Certified JDK 8 Update with OMS 13.4 See Note 2653847.1 EM 13.4: How to Use the Latest Certified JDK 8 Update with OMS 13.4
    Base Platform Fusion Middleware home NGINST SPU FOR 13.9.4.2.2 FOR JACKSON-DATABIND UPDATE TO 2.10.2 Patch 31101362 or later CVE-2020-9546
    Base Platform Fusion Middleware home See "Oracle WebLogic Server" (Version 12.2.1.3.0) See "Oracle WebLogic Server" (Version 12.2.1.3.0) For EM 13.4 customers, Oracle recommends that you delay applying Opatch 13.9.4.2.4 and Weblogic Server July PSU, as Certification is not complete. See Note 2693952.1 for details.
    Base Platform Fusion Middleware home OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 or later CVE-2020-14655 Oracle Security Service (SSL/Network) Patch for Oracle HTTP server (OHS)
    Base Platform Agent home Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later CVE-2019-12415 For patch availability, see section 2.2 Post Release Patches
    Base Platform OMS home Enterprise Manager 13c Release 4 Update 4 (13.4.0.4) for OMS Patch 31459685 or later CVE-2020-2982 , CVE-2020-2983 CVE fixes in 13.4 Base Released in Jan 2020
    Base Platform Fusion Middleware home ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629 or later Released October 2019 Apply to all Oracle homes installed with an FMW Infrastructure
    Base Platform Fusion Middleware home OHS (NATIVE) BUNDLE PATCH 12.2.1.3.0 (ID:191219.2319) Patch 30687404 or later Released January 2020 Note 2568225.1Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
    Base Platform Fusion Middleware home REMOVE APACHE STRUTS FROM BI INSTALL 12.2.1.3 (EM 13.4) Patch 31254677 or later CVE-2018-11776

    Patch Availability for Oracle Enterprise Manager Cloud Control 13c Release 3 (13.3.0.0)

    Product Home Patches Advisory Number Comments
    Base Platform Repository home See "Oracle Database"
    Base Platform Fusion Middleware home See "Oracle WebLogic Server" (Version 12.1.3)
    Base Platform Fusion Middleware home Opatch SPU 13.8.0.0.0 Patch 31682991 or later CVE-2020-9546
    Base Platform Fusion Middleware home REMOVE APACHE STRUTS FROM BI INSTALL Patch 31076938 or later CVE-2018-11776
    Base Platform OMS home Base Release 13.3 Released April 2019
    Base Platform OMS home EM BP Patch Set Update 13.3.0.0.200714 Patch 31250768 or later CVE-2019-0227, CVE-2020-2982 For patch availability, see section 2.2 Post Release Patches
    Base Platform OMS home OSS SECURITY PATCH UPDATE 12.1.3.0.0 (CPUJAN2020) Patch 30692958 or later Released January 2020 Oracle Security Service (SSL/Network) Patch for Oracle HTTP server (OHS)
    Base Platform OMS home OHS 12.1.3 for EM APR 2020 SPU Patch 31046788 or later Released April 2020 Note 2572758.1 Cumulative README Post-Install Steps for Oracle HTTP Server 12.1.3 Critical Patch Update
    Base Platform Agent home EM-AGENT Bundle Patch 13.3.0.0.191015 Patch 30206738 or later Released October 2019
    Base Platform Agent home EM-BEACON Plug-in Agent Bundle Patch 13.3.0.0.200731 (Patch canceled) CVE-2019-12415 For CVE-2019-12415, upgrade to 13.4 and apply Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later.
    EM Cloud Control Connectors See Announcement on MOSC Released April 2019
    Base Platform OMS home Enterprise Manager for OMS Plugins 13.3.2.0.200630 Patch 31521484 or later

    EM for OMS plugin 13.3.1.0.200331 Patch 31058360 or later

    CVE-2020-2983
    Base Platform OMS home SPU Patch 25322055 or later Released in January 2017 Oracle ADF Patch 12.1.3.0, This patch is necessary for any co-located installations where ADF exists.

    Patch Availability for Oracle Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5)

    Product Home Patches Advisory Number Comments
    Base Platform Repository home See "Oracle Database" See "Oracle Database"
    Base Platform Fusion Middleware home See "Oracle WebLogic Server" (Version 10.3.6) See "Oracle WebLogic Server" (Version 10.3.6)
    Base Platform Fusion Middleware home CPU Patch 23703041 or later Released July 2016 Oracle Business Intelligence Publisher BP 11.1.1.7.160719 patch for BIP home in Enterprise Manager
    Base Platform OMS home EM for OMS plugin 12.1.0.5.200331 Patch 31129450 or later Released April 2020 For CVE-2019-0227, upgrade to 13.1 or later release
    Base Platform OMS home EM BP Patch Set Update 12.1.0.5.200714 Patch 31250739 or later CVE-2019-0227
    Base Platform Fusion Middleware home JSP 11.1.1.7.0 SPU for EM 12.1.0.5 (CPUAPR2018) Patch 27872862 or later Released April 2018 JSP 11.1.1.7.0 SPU patch
    Base Platform Agent home BP Patch 22317311 or later Released January 2016 Apply to Agent core Oracle Home, after applying agent patch 25456449, 22342358
    Base Platform Agent home BP Patch 22342358 or later Released January 2016 Apply 22342358 to Agent sbin Oracle Home after applying agent Patch 28193486. Then apply Patch 22317311.
    If patches 22342358 and 22317311 were applied earlier, no need to reapply.
    Base Platform Fusion Middleware home SPU Patch 22013598 or later Released January 2016 Web Cache Patch

    Apply to Oracle_WT

    Post installation steps are not applicable for Enterprise Manager

    Plugin home BP Patch 28347732 or later Released July 2018
    Base Platform Agent home BP Patch 28193486 or later Released July 2018
    Base Platform Agent home EM-BEACON Bundle Patch 12.1.0.5.200731 (Patch canceled) CVE-2019-12415 For CVE-2019-12415, upgrade to 13.4 and apply Enterprise Manager for Beacon 13c Release 4 Plug-in Update 4 (13.4.0.4) for Agent Patch 31426056 or later.
    Base Platform Fusion Middleware home OHS 11.1.1.7.0 SPU for cpujan2018 Patch 27197885 or later Released January 2018 Note 2314658.1 SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates

    Note 2350321.1 Preventing Slow HTTP DoS Attacks on Oracle HTTP Server After Applying Security Patch Updates

    See Note 2400141.1 before applying this patch

    Oracle HTTP Server 11.1.1.7 Patch for Oracle_WT OH

    Base Platform Fusion Middleware home CPU Patch 19345576 or later Released January 2015 Oracle Process Management and Notification (OPMN) Patch for Oracle_WT OH

    See Note 1905314.1, New SSL Protocol and Cipher Options for Oracle Fusion Middleware 11g OPMN/ONS

    Base Platform Fusion Middleware home SPU Patch 17337741 or later Released October 2013 Oracle Security Service (SSL/Network) Patch for Oracle_WT OH
    Base Platform Fusion Middleware home SPU Patch 25297048 or later Released January 2017 Oracle ADF Patch 11.1.1.7.1. This patch is necessary for any co-located installations where ADF exists

    3.2.5 Oracle Enterprise Manager Ops Center

    Error Correction information for Oracle Enterprise Manager Ops Center

    Patch Information 12.4.x Comments
    Final CPU -

    Patch Availability for Oracle Enterprise Manager Ops Center

    These patches contain Critical Patch Update security vulnerabilities fixes for this release. All previous versions will need to be upgraded to the minimum version. Then, apply the following patches to fix the announced security vulnerabilities. For Oracle Enterprise Manager Ops Center downloads and installation instructions, see http://www.oracle.com/technetwork/oem/ops-center/oem-ops-center-188778.html.

    Product Home UNIX Advisory Number Comments
    12.4.0 Ops Center UCE patches for July 2020 Patch 31470600 CVE-2020-1934, CVE-2019-1551
    12.4.0 Ops Center UI/Other patches for July 2020 Patch 31470640 CVE-2020-1945, CVE-2017-5645

    3.2.6 OSS Support Tools

    Error Correction information for OSS Support Tools

    Patch Information 8.11.x Comments
    Final CPU -

    Patch Availability for OSS Support Tools

    Product Home Solaris Advisory Number Comments
    8.11.16.3.8 BP Patch 22783063 March 2016 See My Oracle Support Note 1153444.1Oracle Services Tools Bundle (STB) - RDA/Explorer, SNEEP, ACT

    3.2.7 Oracle Configuration Manager

    Minimum Product Requirements for Oracle Configuration Manager

    Critical Patch Update security vulnerabilities are fixed in the listed releases.
    Oracle Configuration Manager can be downloaded from MOS (support.oracle.com). Customer can use collector tab to down the Oracle Configuration Manager Collector.

    Component Release Advisory Number Comments
    Oracle Configuration Manager OCM 12.1.2.0.7 Patch 5567658 CVE-2020-2984 Upgrade to 12.1.2.0.7 Release

    For patch availability, see section 2.2 Post Release Patches

    3.3 Oracle Fusion Middleware

    This section contains the following:

    3.3.1 Management Pack For Oracle GoldenGate

    Error Correction information for Management Pack For Oracle GoldenGate

    Patch Information 12.1.3.x Comments
    Final CPU July 2022

    Patch Availability for Management Pack For Oracle GoldenGate

    Product Home Patch Advisory Number Comments
    12.1.3 None so far NA -

    3.3.2 NetBeans IDE

    Minimum Product Requirements for NetBeans IDE

    Critical Patch Update security vulnerabilities are fixed in the listed releases. For NetBeans IDE downloads, see https://netbeans.org/downloads/

    Product Home Release Advisory Number Comments
    NetBeans IDE 8.2 Released October 2016

    3.3.3 Oracle API Gateway

    Error Correction information for Oracle API Gateway

    Patch Information 11.1.2.4.0 Comments
    Final CPU March 2021

    Patch Availability for Oracle API Gateway

    Product Home Patch Advisory Number Comments
    11.1.2.4.0 OAG 11.1.2.4.0 SPU FOR APRCPU2020 Patch 30901960 Released April 2020

    3.3.4 Oracle Big Data Discovery

    Minimum Product Requirements for Oracle Big Data Discovery

    Critical Patch Update security vulnerabilities are fixed in the listed release only and installations with any prior versions will need to move to the listed version. For Oracle Big Data Discovery downloads, see https://edelivery.oracle.com and search for "Oracle Big Data Discovery".

    Product Release Advisory Number Comments
    Oracle Big Data Discovery ORACLE BIG DATA DISCOVERY 1.6 SPU FOR APR2020 BP Patch 31136945 Released April 2020

     

    3.3.5 Oracle Business Intelligence Enterprise Edition

    Error Correction information for Oracle Business Intelligence Enterprise Edition

    Patch Information 5.5.0.0.0 12.2.1.4.0 12.2.1.3 11.1.1.9 Comments
    Final CPU - - October 2021 October 2021 11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

    Patch Availability for Oracle Analytics Server 5.5 (Formerly known as Oracle Business Intelligence)

    Product Home Patch Advisory Number Comments
    Oracle Database home See "Oracle Database" See "Oracle Database" Patch any Database Server associated to a Fusion Middleware installation
    Oracle Java SE home

    Oracle JRockit 28.x home

    See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    Oracle WebLogic Server home See "Oracle WebLogic Server" (version 12.2.1.4.0) See "Oracle WebLogic Server" (version 12.2.1.4.0) See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
    Oracle Analytics Server (OAS) 5.5.0.0.0 See "Oracle Fusion Middleware 12c" (12.2.1.4.) See "Oracle Fusion Middleware 12c" (12.2.1.4.) Apply all 12.2.1.4 patches listed for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)"
    Oracle Analytics Server (OAS) 5.5.0.0.0 OAS BUNDLE PATCH 5.5.0.0.200828 Patch 31816819 CVE-2020-14690, CVE-2020-14626, CVE-2020-14609 Oracle Business Intelligence is rebranded as Oracle Analytics Server

    Apply all 12.2.1.4 patches listed for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)". See "Oracle Fusion Middleware 12.2.1.4"

    For patch availability, see section 2.2 Post Release Patches

    Oracle Security Service OSS BUNDLE PATCH 12.2.1.4.200616 Patch 31503472 CVE-2020-14655

     

    Patch Availability for Oracle Business Intelligence Enterprise Edition 12c

    Product Home Patch Advisory Number Comments
    Oracle Database home See "Oracle Database" See "Oracle Database" Patch any Database Server associated to a Fusion Middleware installation
    Oracle Java SE home

    Oracle JRockit 28.x home

    See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    Oracle WebLogic Server home See "Oracle WebLogic Server" See "Oracle WebLogic Server" See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
    12.2.1.4 Oracle Business Intelligence Enterprise Edition

    and

    12.2.1.3 Oracle Business Intelligence Enterprise Edition

    See "Oracle Fusion Middleware 12c" See "Oracle Fusion Middleware 12c" Apply all 12.2.1.3 patches listed for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)"
    12.2.1.4 Oracle Business Intelligence Enterprise Edition OBI Bundle Patch 12.2.1.4.200714 Patch 31178877 CVE-2020-14696, CVE-2020-14585, CVE-2020-14571, CVE-2020-14570, CVE-2019-14862, CVE-2020-14626, CVE-2020-14609, CVE-2020-14690, CVE-2020-14548, CVE-2020-14584
    12.2.1.4 Oracle Business Intelligence Enterprise Edition

    and

    12.2.1.3 Oracle Business Intelligence Enterprise Edition

    OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 CVE-2020-14655 Oracle Security Service (SSL/Network) Patch
    Oracle Analytics Server (OAS) 5.5.0.0.0 OAS BUNDLE PATCH 5.5.0.0.200828 Patch 31816819 CVE-2020-14690, CVE-2020-14626, CVE-2020-14609 Oracle Business Intelligence is rebranded as Oracle Analytics Server

    Apply all 12.2.1.4 patches listed for "Oracle Fusion Middleware Infrastructure (WebLogic Server for FMW)". See "Oracle Fusion Middleware 12.2.1.4"

    For patch availability, see section 2.2 Post Release Patches

    12.2.1.3 Oracle Business Intelligence Enterprise Edition OBI Bundle Patch 12.2.1.3.200714 Patch 31178889 CVE-2020-14696, CVE-2020-14585, CVE-2020-14571, CVE-2020-14570, CVE-2019-14862, CVE-2020-14626, CVE-2020-14609, CVE-2020-14690, CVE-2020-14548, CVE-2020-14584

    Patch Availability for Oracle Business Intelligence Enterprise Edition 11.1.1.9

    Product Home Patch Advisory Number Comments
    Oracle Database home See "Oracle Database" See "Oracle Database" Patch any Database Server associated to a Fusion Middleware installation
    Oracle Java SE home

    Oracle JRockit 28.x home

    See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    Oracle WebLogic Server home See "Oracle WebLogic Server" See "Oracle WebLogic Server" See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
    11.1.1.9 BI SUITE BUNDLE PATCH 11.1.1.9.200714 Patch 31525202 CVE-2020-14696, CVE-2020-14585, CVE-2020-14571, CVE-2020-14570, CVE-2020-14626, CVE-2020-14609, CVE-2020-14690
    11.1.1.9 OSS BUNDLE PATCH 11.1.1.9.200714 Patch 31304503 CVE-2020-14655, CVE-2020-14530 For patch availability, see section 2.2 Post Release Patches

    Note 2572809.1 Steps to Evaluate and Update SSL Wallet

    11.1.1.9 OPMN Patch 23716938 Released October 2017
    DAC 11.1.1.6.4 home Patch 27825965- DAC 11.1.1.6.4 / OBI application 7.9.6.4 SPU for apr2018cpu Released April 2018 Patch can be installed in any home

    3.3.6 Oracle Business Intelligence Publisher

    Error Correction information for Oracle Business Intelligence Publisher

    Patch Information 12.2.1.4 12.2.1.3 11.1.1.9 Comments
    Final CPU - October 2021 October 2021 11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

    Patch Availability for Oracle Business Intelligence Publisher

    Product Home Patch Advisory Number Comments
    OAS 5.5.0.0.0, 12.2.1.3 and 12.2.1.4 Business Intelligence Publisher See "Oracle Business Intelligence Enterprise Edition" See "Oracle Business Intelligence Enterprise Edition" BIP is part of OBI Patch in 12c
    11.1.1.9 BI Suite Bundle Patch 11.1.1.9.200114 Patch 30677050 Released October 2019
    11.1.1.9 BP Patch 24580895 Released October 2016 Webservice BP
    11.1.1.9 11.1.1.9 Interim Patch 17081528 Released October 2016 XDK Interim Patch

    3.3.7 Oracle Complex Event Processing

    Error Correction information for Oracle Complex Event Processing

    Patch Information CEP 12.1.3 Comments
    Final CPU October 2020

    Patch Availability for Oracle Complex Event Processing

    See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

    Product Home Patch Advisory Number Comments
    12.1.3.0 SPU Patch 21071699 Released July 2015

    3.3.8 Oracle Data Quality for Oracle Data Integrator

    Error Correction information for Oracle Data Quality for Oracle Data Integrator

    Patch Information ODIDQ 11.1.x Comments
    Final CPU -

    Patch Availability for Oracle Data Quality for Oracle Data Integrator

    Product Home Patch Advisory Number Comments
    11.1.1.3.0 CPU Patch 21418574 Released July 2015

    3.3.9 Oracle Data Visualization Desktop

    Error Correction information for Oracle Data Visualization Desktop

    Patch Information 12.2.4.1.1 Comments
    Final CPU -

    Patch availability for Oracle Data Visualization Desktop

    Product Home Patch Advisory Number Comments
    Oracle Data Visualization Desktop 12.2.4.1.1 Patch is available on http://www.oracle.com/technetwork/middleware/oracle-data-visualization/index.html Released April 2018

    3.3.10 Oracle Endeca Server

    Error Correction information for Oracle Endeca Server

    Patch Information 7.7 Comments
    Final CPU January 2021

    Patch availability for Oracle Endeca Server

    Product Home Patch Advisory Number Comments
    Oracle Endeca Server 7.7 home ORACLE ENDECA SERVER 7.7 SPU APRIL 2020 Patch 30507959 Released April 2020

    3.3.11 Oracle Endeca Information Discovery Integrator

    Error Correction information for Oracle Endeca Information Discovery Studio Integrator

    Patch Information 3.2 Comments
    Final CPU January 2021

    Patch availability for Oracle Endeca Information Discovery Studio Integrator

    Product Home Patch Advisory Number Comments
    Oracle Endeca Information Discovery Integrator 3.2 home ORACLE ENDECA INFORMATION DISCOVERY INTEGRATOR 3.2 CPU APRIL 2020 Patch 30696395 Released April 2020 All Patches are cumulative of prior fixes
    Oracle Endeca Information Discovery Integrator 3.2 home ORACLE ENDECA INFORMATION DISCOVERY INTEGRATOR AQUISITION SYSTEM 3.2 SPU JAN 2020 Patch 30472013 Released in January 2020

    3.3.12 Oracle Endeca Information Discovery Studio

    Error Correction information for Oracle Endeca Information Discovery Studio

    Patch Information 3.2 Comments
    Final CPU January 2021

    Patch availability for Oracle Endeca Information Discovery Studio

    Product Home Patch Advisory Number Comments
    Oracle Endeca Information Discovery Studio 3.2 home ORACLE ENDECA INFORMATION DISCOVERY 3.2 STUDIO SPU FOR JUL2020 Patch 31443061 CVE-2017-5645, CVE-2020-1945

    3.3.13 Oracle Enterprise Data Quality

    Error Correction information for Oracle Enterprise Data Quality

    Patch Information 11.1.1.x Comments
    Final CPU October 2021

    Patch Availability for Oracle Enterprise Data Quality

    Product Home Patch Advisory Number Comments
    12c home See "Oracle Fusion Middleware 12c" See "Oracle Fusion Middleware 12c"
    11.1.1.9 Patch 25084186

    Patch 25534288 (EDQ-CDS)

    Released April 2017 Install prior to Java CPUApr2017 JDK/JRE or later version

     

    3.3.14 Oracle Enterprise Repository

    Error Correction information for Oracle Enterprise Repository

    Patch Information 11.1.1.7 Comments
    Final CPU October 2021

    Patch Availability for Oracle Enterprise Repository

    Product Home Patch Advisory Number Comments
    11.1.1.7.0 OER 11.1.1.7.0 SPU FOR JULY 2020 CPU Patch 31086343 CVE-2020-1945, CVE-2020-1941 "CVE-2018-1000180, CVE-2018-8013, CVE-2018-1275, CVE-2017-5645" included in 11.1.1.7 patch are announced in previous CPUs.

    3.3.15 Oracle Exalogic Patch Set Update (PSU)

    Error Correction information for Oracle Exalogic Patch Set Update (PSU)

    Patch Information 2.x 1.x Comments
    Final CPU - -

    Patch Set Update Availability for Oracle Exalogic

    Oracle Exalogic Patch Advisory Number Comments
    2.x Physical 2.0.6.4.200714 Physical Linux (for all X3-2, X4-2, X5-2, and X6-2) Patch 31347467 Released in July 2020 See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
    2.x Virtual 2.0.6.4.200714 Virtual (for all X3-2, X4-2, X5-2, and X6-2) Patch 31347468 Released in July 2020 See Note 1314535.1, Announcing Exalogic PSUs (Patch Set Updates)
    1.x Upgrade to 2.x based on information in the Comments column. Then apply the patches listed above. Released March 2012 (13795376)

    Released Februrary 2013 (15931901)

    See Patch 13795376 EECS 2.0 PHYSICAL INFRASTRUCTURE UPGRADE KIT (V1.0.0.X.X -> EECS 2.0.0.0.0)

    See Patch 15931901 Oracle Exalogic 2.0.4.0.0 Upgrade Kit for Exalogic Solaris x86-64 (64 bit)

    See Note 1314535.1Announcing Exalogic PSUs (Patch Set Updates)

    3.3.16 Oracle Fusion Middleware

    For more information on how to identify the components in an Oracle home, see Note 1591483.1What is Installed in My Middleware or Oracle home?.

    This section contains the following:

    3.3.16.1 Oracle Fusion Middleware 12c

    The sections below cover Oracle Fusion Middleware version 12.2.x and 12.1.x

    3.3.16.1.1 Oracle Fusion Middleware 12.2.1.4

    Error Correction information for Oracle Fusion Middleware 12.2.1.4

    Patch Information 12.2.1.4 Comments
    Final CPU Dec 2025 See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
    On-Request platforms -
    Determine Components in an Oracle Home - See Note 1591483.1, What is Installed in My Middleware or Oracle home?
    Understanding Patch Release Versions - See Note 1494151.1, understanding Fusion Middleware Bundle Patch (BP) Release Versions
    See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

    Patch Availability for Oracle Fusion Middleware 12.2.1.4

    Distribution Patches Advisory Number Comments
    Oracle Database home See "Oracle Database" See "Oracle Database" Patch any Database Server associated to a Fusion Middleware installation
    Oracle Java SE home See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products
    All 12.2.1.4 & 12.2.1.3 Fusion Middleware Distributions & WebLogic home OPatch 13.9.4.2.4 Patch 28186730 Released July 2020 Update OPatch 13.9.4.2.4 Patch 28186730 before applying the WLS PSU.

    See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

    Oracle WebLogic Server and Coherence

    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)

    Oracle HTTP Server

    Oracle Forms and Reports (Standalone Forms Builder)

    Oracle Internet Directory

    WLS PATCH SET UPDATE 12.2.1.4.200624 Patch 31537019 + ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020 Patch 31544353 CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14687, CVE-2020-14622, CVE-2020-5398, CVE-2020-2966, CVE-2020-14625, CVE-2020-14572, CVE-2020-14652, CVE-2017-5645, CVE-2020-14645, CVE-2020-14557, CVE-2020-9546, CVE-2020-14644, CVE-2018-11058 WLS PSU should also be applied to all homes with a WLS full or standalone domain.

    For CVE-2018-11058, apply ADR Patch.

    Oracle WebLogic Server and Coherence
    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)
    WEBLOGIC SAMPLES SPU 12.2.1.4.200714 Patch 31384959 CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14639, CVE-2020-14640
    Oracle SOA Suite and Business Process SOA Bundle Patch 12.2.1.4.200524 Patch 31396632 CVE-2019-17359
    Oracle Security Service OSS BUNDLE PATCH 12.2.1.4.200616 Patch 31503472 CVE-2020-14655
    Oracle WebLogic Server and Coherence

    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)

    Coherence 12.2.1.4.5 Patch 31470730 CVE-2020-14642
    Oracle Unified Directory OUD BUNDLE PATCH 12.2.1.4.200526 Patch 31400392 CVE-2020-14565
    Oracle WebCenter Portal WebCenter Portal Bundle Patch 12.2.1.4.200611 Patch 31481845 CVE-2019-12415, CVE-2020-14611, CVE-2020-14552, CVE-2019-17531
    Oracle Forms and Reports Oracle Reports Developer 12.2.1.4.0 SPU Patch 30731161 Released January 2020
    Oracle Webcenter Sites Webcenter Sites 12.2.1.4.200714 Patch 31548912 CVE-2020-14613

    3.3.16.1.2 Oracle Fusion Middleware 12.2.1.3

    Error Correction information for Oracle Fusion Middleware 12.2.1.3

    Patch Information 12.2.1.3 Comments
    Final CPU October 2021 See Note 1933372.1, Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS
    On-Request platforms -
    Determine Components in an Oracle Home - See Note 1591483.1, What is Installed in My Middleware or Oracle home?
    Understanding Patch Release Versions - See Note 1494151.1, understanding Fusion Middleware Bundle Patch (BP) Release Versions

    See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

    Patch Availability for Oracle Fusion Middleware 12.2.1.3

    Distribution Patches Advisory Number Comments
    Oracle Database home See "Oracle Database" See "Oracle Database" Patch any Database Server associated to a Fusion Middleware installation
    Oracle Java SE home See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g/12c Products
    All 12.2.1.3 Fusion Middleware Distributions & WebLogic home OPatch 13.9.4.2.4 Patch 28186730 Released July 2020 Update OPatch 13.9.4.2.4 Patch 28186730 before applying the WLS PSU.

    See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

    Oracle WebLogic Server and Coherence

    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)

    Oracle HTTP Server

    Oracle Forms and Reports (Standalone Forms Builder)

    Oracle Internet Directory

    WLS PATCH SET UPDATE 12.2.1.3.200624 Patch 31535411 + ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340 CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14687, CVE-2020-14622, CVE-2020-2966, CVE-2020-14625, CVE-2020-14572, CVE-2020-14652, CVE-2017-5645, CVE-2018-11058, CVE-2020-14645, CVE-2020-14557, CVE-2020-9546, CVE-2020-14644 See Note 2421487.1, Oracle Strongly recommends applying minimum JDK version (JDK 8u181 or later) to make some of Weblogic Server Deserialization vulnerability fixes effective.

    Refer to Note 2437460.1 for Patch Conflict issue.

    WLS PSU should also be applied to all homes with a WLS full or standalone domain.

    For CVE-2018-11058, apply ADR Patch.

    See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

    See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

    See Note 2076338.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

    Identity and Access Management OAM BUNDLE PATCH 12.2.1.3.191201(ID:191201.0123.S) Patch 30609442 or later Released April 2020
    Identity and Access Management Oracle Unified Directory OUD BUNDLE PATCH 12.2.1.3.200623 Patch 31529239 CVE-2020-14565
    Oracle SOA Suite and Business Process SOA Bundle Patch 12.2.1.3.200526 Patch 31402620 CVE-2019-17359
    Oracle WebCenter Portal WEBCENTER PORTAL BUNDLE PATCH 12.2.1.3.200611 Patch 31481851 CVE-2019-12415, CVE-2020-14611, CVE-2019-0227, CVE-2020-14552, CVE-2019-17531
    Oracle Webcenter Sites Webcenter Sites 12.2.1.3.200714 Patch 31548911 CVE-2020-14613  
    Oracle WebLogic Server and Coherence

    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)

    WEBLOGIC SAMPLES SPU 12.2.1.3.200714 Patch 31384951 CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14639, CVE-2020-14640 This patch is a cumulative patch for all Struts 2 CVEs to date.

    See Note 2255054.1, Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities

    Oracle WebLogic Server and Coherence

    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)

    Coherence 12.2.1.3.10 Patch 31470751 CVE-2020-14642
    Oracle HTTP Server

    Oracle Forms and Reports

    OHS (NATIVE) BUNDLE PATCH 12.2.1.3.0 (ID:191219.2319) Patch 30687404 Released January 2020 Note 2568225.1Cumulative README Post-Install Steps for Oracle HTTP Server 12.2.1.3 Bundle Patches
    Oracle Forms and Reports Oracle Reports Developer 12.2.1.3 SPU Patch 30731147 Released January 2020
    Identity and Access Management OIM BUNDLE PATCH 12.2.1.3.0 (ID:200108.2108) Patch 30735905 Released January 2020
    Oracle HTTP Server

    Oracle Forms and Reports (Standalone Forms Builder)

    Oracle Internet Directory

    OSS BUNDLE PATCH 12.2.1.3.200714 Patch 31232139 or later CVE-2020-14655
    Oracle WebCenter Sites Support Tools 4.4.2 for Oracle WebCenter Sites 12.2.1.3.0 Patch 30505173 Released January 2020 Support Tools for Webcenter Sites Patch
    Oracle Data Integrator ODI Bundle Patch 12.2.1.3.190708 Patch 29778645 Released October 2019 Patch is released in July 2019, CVE-2019-2943 is announced in Oct CPU.
    Oracle Forms and Reports Forms 12.2.1.3.0 SPU Patch 30410629 Released October 2019
    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)
    ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629 or later Released October 2019 Apply to all Oracle homes installed with an FMW Infrastructure
    Oracle Service Bus OSB BUNDLE PATCH 12.2.1.3.190716 (ID:190716.1831) Patch 30059259 or later Released October 2019
    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)

    Oracle HTTP Server

    FMW Platform 12.2.1.3.0 SPU FOR APRCPU2019 Patch 29650702 Released April 2019 Apply to all Oracle Fusion Middleware homes
    Oracle HTTP Server

    Oracle Traffic Director

    Oracle Forms and Reports

    OAM Webgate Bundle Patch 12.2.1.3.180622 Patch 28243743 or later Released July 2018
    Oracle Enterprise Data Quality EDQ 12.2.1.3.0 SPU Patch 28263628 Released July 2018
    Oracle HTTP Server

    Oracle WebLogic Server Proxy Plug-In
    (Apache, IIS, iPlanet)

    ONS 12.2.1.3.0 SPU Patch Patch 27323998 Released July 2018
    Oracle WebCenter Content WebCenter Content Bundle Patch 12.2.1.3.180417 Patch 27393392 or later Released April 2018
    Oracle Internet Directory OID BUNDLE PATCH 12.2.1.3.0 (ID:180116.1256) Patch 27396651 or later Released January 2018 Oracle Internet Directory (OID) Version 12c Bundle Patch (BP) (Including Directory Integration Platform / DIP) / Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers Note 2355090.1
    Oracle Fusion Middleware Infrastructure
    (WebLogic Server for FMW)
    OHT SPU 12.2.1.3.0 Patch 31613012 CVE-2020-14723 Oracle Help Technologies

    3.3.16.2 Oracle Fusion Middleware 11.1.1.9

    Error Correction information for Oracle Fusion Middleware 11.1.1.9

    Patch Information 11.1.1.9 Comments
    Final CPU October 2021 Note 1290894.1 Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)

    11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

    On-Request platforms AIX, HP-UX Itanium, and Windows are on request.
    Understanding Patch Release Versions - See Note 1494151.1, Understanding Fusion Middleware Bundle Patch (BP) Release Versions.

    Patch Availability for Oracle Fusion Middleware 11.1.1.9

    Product Home Patches Advisory Number Comments
    Oracle Database home See "Oracle Database" See "Oracle Database" Patch any Database Server associated to a Fusion Middleware installation
    Oracle Java SE home

    Oracle JRockit 28.x home

    See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    Oracle WebLogic Server home See "Oracle WebLogic Server" See "Oracle WebLogic Server" See Note 1306505.1Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
    Oracle WebCenter 11.1.1.9 home WebCenter Portal Bundle Patch 11.1.1.9.200730 Patch 31609876 CVE-2020-14552 Oracle WebCenter Portal 11.1.1.9 Patch

    For patch availability, see section 2.2 Post Release Patches

    See Note 2029169.1Changes to Portlet standards request dispatching of Resource Requests

    Oracle Web Tier 11.1.1.9 home

    Identity Management 11.1.1.9 home

    OHS 11.1.1.9.0 SPU FOR APRCPU2020 Patch 31047338 Released April 2020 Oracle HTTP Server 11.1.1.9 Patch

    Note 2626956.1 Cumulative README Post-Install Steps for Oracle HTTP Server 11.1.1.9 Critical Patch Update

    Oracle Identity Management 11.1.1.9 home (with OID)

    Oracle Web Tier 11.1.1.9 home

    OSS BUNDLE PATCH 11.1.1.9.200714 Patch 31304503 CVE-2020-14655, CVE-2020-14530 For patch availability, see section 2.2 Post Release Patches

    Note 2572809.1 Steps to Evaluate and Update SSL Wallet

    Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663 Released October 2019
    OSB 11.1.1.9 home OSB Bundle Patch 11.1.1.9.191015 Patch 30002341 Released October 2019 OSB Patch
    Oracle Identity Management 11.1.1.9 home OVD 11.1.1.9.0 SPU for October 19 Patch 30281334 Released October 2019 Oracle Virtual Directory (OVD) Patch

    OVD 11g: Oracle Virtual Directory SPU (Security Patch Update) Patches Note 2318003.1

    ODI 11.1.1.9 Home ODI BP 11.1.1.9.190118 Patch 29194561 Released April 2019 Oracle Data Integrator Patch
    SOA 11.1.1.9 home SOA Bundle Patch 11.1.1.9.0 (ID:181218.1300) Patch 29123005 or later Released January 2019 SOA Patch
    Oracle Web Tier 11.1.1.9 home Oracle Web Cache SPU 11.1.1.9.0 CPUJan2019 Patch 28855717 Released January 2019 Web Cache Patch

    See Note 2095166.1Oracle Web Cache 11.1.1.7/11.1.1.9 SSL Cipher Suite Changes Beginning with CPU January 2016 and Note 2494468.1How to Disable ESI in Oracle Web Cache

    Oracle WebCenter 11.1.1.9 home WCC BP 11.1.1.9.180226 Patch 27393411 Released April 2018 WebCenter Content Patch
    Oracle Identity Management 11.1.1.9 home OID bundle patch 11.1.1.9.171127 Patch 26850241, or later Released January 2018 Oracle Internet Directory Patch

    See Note 2420947.1 for additional information about Oracle Internet Directory Vulnerability CVE-2015-0204

    Oracle Internet Directory (OID) Version 11g Bundle Patch (BP) (Including Directory Integration Platform / DIP) / Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers Note 1614114.1

    Oracle Identity Management 11.1.1.9 home (with OID)

    Oracle Web Tier 11.1.1.9 home

    OPMN Patch 23716938 Released October 2017 OPMN 11.1.1.9 required patch for integration with OSS

    Note 2566042.1 SSL Configuration Required to Secure OPMN 11.1.1.9

    OSB 11.1.1.9 home Patch 24847885 Released April 2017 OSB Patch

    Install prior to Java CPUApr2017 JDK/JRE or later version

    Oracle FMW 11.1.1.9 ORACLE_COMMON home JRF BP 11.1.1.9.160905 Patch 23243563 or later Released January 2017 JRF BP
    Oracle Identity Management 11.1.1.9 home

    Oracle Web Tier 11.1.1.9 home

    Oracle Identity Access Management 11.1.2.3.0 home

    BP Patch 24580895 Released October 2016 Web Services BP
    Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home SPU Patch 22567790 Released in July 2016 FMW Control Patch applies to oracle_common OH for 11.1.1.9.0
    Oracle Web Tier 11.1.1.9 home

    Identity Management 11.1.1.9 home

    DB PSU Patch 22290164 for Unix

    DB BP Patch 22607089 for Windows 32-Bit

    DB BP Patch 22607090 for Windows x64

    Release January 2016 Database 11.1.0.7 client patches for FMW 11.1.1.x/11.1.2.x only
    Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home OHT SPU 11.1.1.9.0 Patch 28097644 CVE-2020-14723 Oracle Help Technologies

     

    3.3.16.3 Oracle Identity Access Management 11.1.2.3

    Error Correction information for Oracle Identity Access Management 11.1.2.3

    Patch Information 11.1.2.3 Comments
    Final CPU Oct 2021 Note 1290894.1 Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2)
    On-Request platforms -
    Understanding Patch Release Versions - See Note 1494151.1, Understanding Fusion Middleware Bundle Patch (BP) Release Versions.

    Patch Availability for Oracle Identity Access Management 11.1.2.3

    Product Home Patches Advisory Number Comments
    Oracle Database home See "Oracle Database" See "Oracle Database" Patch any Database Server associated to a Fusion Middleware installation
    Oracle Java SE home

    Oracle JRockit 28.x home

    See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    Oracle WebLogic Server home See "Oracle WebLogic Server" See "Oracle WebLogic Server" See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)
    Oracle Identity and Access Management 11.1.2.3 home See "Oracle Fusion Middleware 11.1.1.9" See "Oracle Fusion Middleware 11.1.1.9" Apply Fusion Middleware patches with Oracle Identity and Access Management 11.1.2.3 home
    Oracle Identity Access Management 11.1.2.3.0 home OUD BUNDLE PATCH 11.1.2.3.200625 Patch 31541461 CVE-2020-14565
    Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663 Released October 2019
    Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home JRF BP 11.1.1.9.160905 Patch 23243563 or later Released January 2017 JRF BP
    Oracle Fusion Middleware 11.1.1.9.0 ORACLE_COMMON home SPU Patch 22567790 Released in July 2016 FMW Control Patch applies to oracle_common OH for 11.1.1.9.0
    Oracle Identity Management 11.1.2.3 home OIM BUNDLE PATCH 11.1.2.3.0(ID:190922.2323) Patch 30338509 or later

    OR

    IDM SUITE BUNDLE PATCH 11.1.2.3.191015 Patch 30292098

    Released January 2020  

     

    Oracle Identity Access Management 11.1.2.3 home Patch 30292098 - IDM Suite Bundle Patch 11.1.2.3.191015

    OR

    Patch 30386537 - OAM BUNDLE PATCH 11.1.2.3.191004(ID:191004.0426)

    Released April 2020 These CVE fixes announced in April CPU are part of the patches released earlier.
    Oracle Identity Access Management 11.1.2.3.0 home OAAM Server 11.1.2.3.0 SPU for October18 Patch 28750460 Released October 2018 Oracle Adaptive Access Manager Patch
    Oracle WebGate 11.1.2.3 Home Patch 27953548 - OAM webgate bundle patch 11.1.2.3.180717 or later Released July 2018

    3.3.17 Oracle Hyperion Analytic Provider Services

    Error Correction information for Oracle Hyperion Analytic Provider Services

    Patch Information 11.1.2.x Comments
    Final CPU April 2021

    Patch Availability for Oracle Hyperion Analytic Provider Services

    Product Home Patch Advisory Number Comments
    11.1.2.3 SPU Patch 20184072
    SPU Patch 20184082
    Released October 2015
    11.1.2.2 SPU Patch 18148649 Released July 2014

     

    3.3.18 Oracle Hyperion Data Relationship Management

    Error Correction information for Oracle Hyperion Data Relationship Management

    Patch Information 11.1.2.x Comments
    Final CPU October 2021

    Patch Availability for Oracle Hyperion Data Relationship Management

    Product Home Patch Advisory Number Comments
    11.1.2.4 Hyperion Data Relationship Management 11.1.2.4.347 PSU; Patch 28818149 Released October 2019

    3.3.19 Oracle Hyperion Enterprise Performance Management Architect

    Error Correction information for Oracle Hyperion Enterprise Performance Management Architect

    Patch Information 11.1.2.x Comments
    Final CPU April 2021

    Patch Availability for Oracle Hyperion Enterprise Performance Management Architect

    Product Home Patch Advisory Number Comments
    11.1.2.3 SPU Patch 19466859

    SPU Patch 20929659

    Released July 2015
    11.1.2.2 SPU On-Request Released July 2015

    3.3.20 Oracle Hyperion Essbase

    Error Correction information for Oracle Hyperion Essbase

    Patch Information 11.1.2.x Comments
    Final CPU April 2021

    Patch Availability for Oracle Hyperion Essbase

    Product Home Patch Advisory Number Comments
    11.1.2.4 11.1.2.4.025 PSU Patch 27797123 (Essbase RTC)
    11.1.2.4.025 PSU Patch 27797126 (Essbase Client)
    11.1.2.4.025 PSU Patch 27797117 (Essbase Client MSI)
    11.1.2.4.025 PSU Patch 27797131 (Essbase Server)
    11.1.2.4.025 PSU Patch 27797138 (ANALYTIC PROVIDER SERVICES)
    11.1.2.4.016 PSU Patch 25225889 (Studio Server)
    11.1.2.4.016 PSU Patch 25225885 (Studio Console)
    11.1.2.4.0.025 PSU Patch 28285151 (ESSBASE ADMINISTRATION SERVICES SERVER)
    11.1.2.4.025 PSU Patch 28285134 (ESSBASE ADMIN SERVICES CONSOLE)
    Released October 2018 Install prior to Java CPUApr2017 JDK/JRE or later version
    11.1.2.3 11.1.2.3.508 PSU Patch 22347375 (RTC)
    11.1.2.3.508 PSU Patch 22347367 (Client)
    11.1.2.3.508 PSU Patch 22314799 (Server)
    Released April 2017
    11.1.2.2 Upgrade to Hyperion Essbase 11.1.2.3, then apply the patches listed above Released July 2015

    3.3.21 Oracle Hyperion Financial Close Management

    Error Correction details for Oracle Hyperion Financial Close Management

    Patch Information 11.1.2..x Comments
    Final CPU October 2021

    Patch Availability for Oracle Hyperion Financial Close Management

    Product Home Patch Advisory Number Comments
    11.1.2.4 PSU 11.1.2.4.253 Patch 29060830 Released July 2019  
    11.1.2.4 JDev ADF Patch 31246831 CVE-2020-14546, CVE-2020-14541

    3.3.22 Oracle Hyperion Financial Management

    Error Correction information for Oracle Hyperion Financial Management

    Patch Information 11.1.2.0 Comments
    Final CPU October 2021

    Patch Availability for Oracle Hyperion Financial Management

    Product Home Patch Advisory Number Comments
    11.1.2.0 SPU Patch Patch 28314691 Released October 2018 Hyperion Shared Service Patch for Common Events Service used by Hyperion Financial Management
    11.1.2.4 PSU 11.1.2.4.209 Patch 29343616 + JDev ADF Patch 30378046 Released April 2020

    3.3.23 Oracle Hyperion Financial Reporting

    Error Correction information for Oracle Hyperion Financial Reporting

    Patch Information 11.1.2.x Comments
    Final CPU October 2021

    Patch Availability for Oracle Hyperion Financial Reporting

    Product Home Patch Advisory Number Comments
    11.1.2 Jdev 11.1.1.7.1 SPU Patch 27457998 Released July 2018 Jdev ADF Patch needs to be applied to Hyperion Financial Reporting Home. To download this patch please contact support to get the password.
    11.1.2.4 PSU 11.1.2.4.712 Patch 30670918

    PSU 11.1.2.4.902 Patch 30670918

    Released April 2020

    3.3.24 Oracle Hyperion Planning

    Error Correction information for Oracle Hyperion Planning

    Patch Information 11.1.2.x Comments
    Final CPU October 2021

    Patch Availability for Oracle Hyperion Planning

    Product Home Patch Advisory Number Comments
    11.1.2.4 PSU Patch 29889455 Released July 2019
    11.1.2.4 JDev 11.1.1.7.1 SPU Patch 30378046 Released October 2019 JDev ADF Patch needs to be applied to Hyperion Planning. To download this patch please contact Support to get the password.

    3.3.25 Oracle Hyperion Profitability and Cost Management

    Error Correction information for Oracle Hyperion Profitability and Cost Management

    Patch Information 11.1.2.4 Comments
    Final CPU October 2021

    Patch Availability for Oracle Hyperion Profitability and Cost Management

    Product Home Patch Advisory Number Comments
    11.1.2.4 11.1.2.4.130 PSU; Patch 29461894 Released October 2019

     

    3.3.26 Oracle Hyperion Strategic Finance

    Error Correction information for Oracle Hyperion Strategic Finance

    Patch Information 11.1.2.x Comments
    Final CPU October 2021

    Patch Availability for Oracle Hyperion Strategic Finance

    Product Home Patch Advisory Number Comments
    11.1.2.2 CPU Patch 14593946 Released April 2014
    11.1.2.1 CPU Patch 17636270 Released April 2014

    3.3.27 Oracle Hyperion Workspace

    Error Correction information for Oracle Hyperion Workspace

    Patch Information 11.1.2.x Comments
    Final CPU October 2021

    Patch Availability for Oracle Hyperion Workspace

    Product Home Patch Advisory Number Comments
    11.1.2.4.900 Patch 31486872 CVE-2020-14560
    11.1.2.4.700 11.1.2.4.825 SPU Patch 31124100 CVE-2020-14560
    11.1.2 Home 11.1.2.4.009 SPU Patch 29115044

    apply Weblogic 10.3.6 Latest PSU. See "Oracle WebLogic Server" Section

    Released July 2019 R&A Framework Patch

     

    3.3.28 Oracle Identity and Access Management

    For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Identity Access Management installation. Only the relevant homes from those tables need to be patched.

    Patch Availability for Oracle Identity Access Management

    Product Home Patches Comments
    Oracle Identity and Access Management See "Oracle Fusion Middleware 12c"
    Oracle Identity Access Management 11.1.2.3 home See "Oracle Identity Access Management 11.1.2.3" IAM products listed in Note 1510284.1, Announcing Oracle Identity Access Management 11g Release 2 (11.1.2)
    Oracle Identity Management 11.1.1.9 home See "Oracle Fusion Middleware 11.1.1.9" FMW 11.1.1.9 table for IDM products listed in Note 2003468.1, Announcing Oracle Fusion Middleware 11g Release 1 (11.1.1.9.0)

     

    3.3.29 Oracle Identity Management Connector

    Error Correction information for Oracle Identity Management Connector

    Patch Information 9.1.1.5 Comments
    Final CPU -

    Patch Availability for Oracle Identity Management Connector

    Product Version Patch Advisory Number Comments
    Microsoft AD connector 9.1.1.5 OIM Connector 9.1.1.5.15 Patch 25028999 Released October 2017
    ca top secret connector 9.1.0.4 OIM Connector 9.1.0.4 Patch 30957291 Released April 2020 9.0.x customers should upgrade to 9.1.0.x
    RACF adv connector 9.1.0.2 OIM Connector 9.1.0.2 Patch 31058957 Released April 2020 9.0.x customers should upgrade to 9.1.0.x
    acf2 connector 9.1.0.1 OIM Connector 9.1.0.1 Patch 31101274 Released April 2020 9.0.x customers should upgrade to 9.1.0.x

    3.3.30 Oracle JDeveloper and Oracle ADF

    Error Correction information for Oracle JDeveloper and Oracle ADF

    Comments

    Patch Information 12.2.1.4 12.2.1.3 11.1.2.4 11.1.1.9
    Final CPU December 2025 October 2021 October 2021 October 2021 11.1.2.4 and 11.1.1.9.0: End of Error Correction for Extended Support Customer only beyond Dec 2018
    Understanding Patch Release Versions See Note 1494151.1, Understanding Fusion Middleware Bundle Patch (BP) Release Versions.

    Critical Patch Update Availability for Oracle JDeveloper and Oracle ADF

    Release Patch Advisory Number Comments
    12.2.1.3.0 ADF BUNDLE PATCH 12.2.1.3.0 (ID:190924.2139.S) Patch 30347629 or later Released October 2019
    11.1.2.4.0 ADF SPU 11.1.2.4.0 for OctCPU2019 Patch 30380494 Released October 2019
    11.1.1.9.0 ADF SPU 11.1.1.9.0 FOR OCTCPU2019 Patch 30368663 Released October 2019

    3.3.31 Oracle Map Viewer

    Error Correction information for Oracle Map Viewer

    Patch Information 12.2.1.4 12.2.1.3 11.1.1.9 Comments
    Final CPU December 2025 October 2021 October 2021 1.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

    Patch Availability for Oracle Map Viewer

    Product Home Patch Advisory Number Comments
    12.2.1.3 AND 12.2.1.4 Mapviewer 12.2.1.4.0 SPU Patch 31026189 CVE-2020-14608, CVE-2020-14607, CVE-2020-9488 The same Patch applies to 12.2.1.3 and 12.2.1.4
    11.1.1.9 SPU Patch 27534923 Released April 2018

    3.3.32 Oracle Outside In Technology

    Error Correction information for Oracle Outside In Technology

    Patch Information 8.5.5 8.5.4 Comments
    Final CPU April 2022 October 2020

    Patch Availability for Oracle Outside In Technology

    Product Home Patch Advisory Number Comments
    Oracle Outside In Technology 8.5.4 ORACLE OUTSIDE IN TECHNOLOGY (OIT) JULY 2020 8.5.4 BUNDLE PATCH #9 Patch 31437414 CVE-2020-8112
    Oracle Outside In Technology 8.5.5 ORACLE OUTSIDE IN TECHNOLOGY (OIT) JULY 2020 8.5.5 BUNDLE PATCH #1 Patch 31573028 CVE-2020-8112

    3.3.33 Oracle Real Time Decisions Platform

    Error Correction information for Oracle Real Time Decisions Platform

    Describes the Error Correction information for Oracle Real Time Decisions Platform.

    Patch Information 3.2 Comments
    Final CPU July 2022

    Patch Availability for Oracle Real Time Decisions Platform

    Describes the available patches for Oracle Real Time Decisions Platform.

    Product Home Patch Advisory Number Comments
    Oracle Real Time Decisions Platform 3.2 home RTD Platform 3.2.1 SPU for October CPU 2018 Patch 28722658 Released October 2018

     

    3.3.34 Oracle Service Architecture Leveraging Tuxedo (SALT)

    Error Correction information for Oracle Service Architecture Leveraging Tuxedo (SALT)

    Patch Information 12.2.2.0.x 12.1.3 Comments
    Final CPU Oct 2024 Oct 2020

    Patch Availability for Oracle Service Architecture Leveraging Tuxedo (SALT)

    Product Home Patch Advisory Number Comments
    Oracle Service Architecture Leveraging Tuxedo (SALT) 12.2.2.0.x home Oracle SALT 12.2.2.0.0 SPU FOR CPUJan2019 Patch 29169314 Released January 2019
    Oracle Service Architecture Leveraging Tuxedo (SALT) 12.1.3.0.x home Oracle SALT 12.1.3.0.0 SPU FOR CPUJan2019 Patch 29169322 Released January 2019

     

    3.3.35 Oracle SOA Suite

    For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle SOA Suite installation. Only the relevant homes from those tables need to be patched.

    Patch Availability for Oracle SOA Suite

    Product Home Patches Comments
    Oracle SOA Suite 12c home See "Oracle Fusion Middleware 12c"
    Oracle SOA Suite 11.1.1.9 home See "Oracle Fusion Middleware 11.1.1.9"

    3.3.36 Oracle Traffic Director

    Error Correction information for Oracle Traffic Director

    Patch Information 12.2.1.4 12.2.1.3 11.1.1.9 Comments
    Final CPU October 2025 October 2021 October 2021

    Patch Availability for Oracle Traffic Director

    Product Home Patch Advisory Number Comments
    Oracle Traffic Director 12c home See "Oracle Fusion Middleware 12c" See "Oracle Fusion Middleware 12c"
    11.1.1.9 Oracle Traffic Director SPU Patch 29340480 Released April 2019 11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

    3.3.37 Oracle Tuxedo

    Error Correction information for Oracle Tuxedo

    Patch Information 12.2.2.0 12.1.3.0 12.1.1.0 Comments
    Final CPU April 2024 April 2022 July 2020

    Patch Availability for Oracle Tuxedo

    Product Home Patches Advisory Number Comments
    12.2.2.0 rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 Linux Patch 28090531

    rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-64 with vs2015 Patch 28124771

    rp029 oracle tuxedo 12.2.2 SPU for JULCPU2018 win-32 with vs2015 Patch 28124779

    Released July 2018 For CVE-2017-10269, see extra settings required with these cumulative patches in Note 2326009.1
    12.1.3.0 RP117 TUXEDO 12.1.3.0 SPU FOR CPUJAN2020 Patch 30596495

    RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2013) FOR CPUJAN2020 Patch 30601651

    RP117 TUXEDO 12.1.3.0 SPU (WINDOWS VS2012) FOR CPUJAN2020 Patch 30601637

    Released January 2020 For CVE-2017-10269, see extra settings required with these cumulative patches in Note 2326009.1
    12.1.1.0 RP100 TUXEDO 12.1.1.0 SPU FOR CPUJAN2020 Patch 30471168

    RP100 TUXEDO 12.1.1.0 SPU (WINDOWS VS2010) FOR CPUJAN2020 Patch 30471706

    RP100 TUXEDO 12.1.1.0 SPU (WINDOWS VS2012) FOR CPUJAN2020 Patch 30487619

    Released January 2020

    3.3.38 Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

    Error Correction Information for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

    Patch Information 12.2.2 12.1.3 12.1.1.1 Comments
    Final CPU April 2024 April 2022 July 2020

    Patch Availability for Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus)

    Product Home Patches Advisory Number Comments
    TSAM Plus 12.2.2 RP002 Patch 25389632 Released July 2017
    TSAM Plus 12.1.3 RP019 FOR LINUX 64-BIT X86 Patch 27379436 Released January 2018
    TSAM Plus 12.1.1.1 RP025 Patch 23707307 Released July 2017

    3.3.39 Oracle Web-Tier 11g Utilities

    For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle Web-Tier 11g Utilities installation. Only the relevant homes from those tables need to be patched.

    Patch Availability for Oracle Web-Tier 11g Utilities

    Product Home Patches Comments
    FMW 12c home See "Oracle Fusion Middleware 12c"
    Oracle Web-Tier 11g Utilities 11.1.1.9 home See "Oracle Fusion Middleware 11.1.1.9"

    3.3.40 Oracle WebCenter

    For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter installation. Only the relevant homes from those tables need to be patched.

    3.3.41 Oracle WebCenter Content (Formerly Oracle Universal Content Management)

    Patch Availability for Oracle WebCenter Content

    Component Patch Advisory Number Comments
    FMW 12c home See "Oracle Fusion Middleware 12c"
    Oracle WebCenter Content 11.1.1.9 home See "Oracle Fusion Middleware 11.1.1.9" See "Oracle Fusion Middleware 11.1.1.9" 11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

    3.3.42 Oracle WebCenter Portal

    Error Correction information for Oracle WebCenter Portal

    Patch Information 12.2.1.4 12.2.1.3 11.1.1.9 Comments
    Final CPU October 2025 October 2021 December 2021

    Patch Availability for Oracle WebCenter Portal

    Product Home Patches Comments
    FMW 12c home See "Oracle Fusion Middleware 12c"
    Oracle WebCenter 11.1.1.9 home See "Oracle Fusion Middleware 11.1.1.9" 11.1.1.9.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

    3.3.43 Oracle WebCenter Sites (Formerly FatWire Content Server)

    Error Correction information for Oracle WebCenter Sites (formerly FatWire Content Server)

    Patch Information 12.2.1.4 12.2.1.3 11.1.1.8 Comments
    Final CPU October 2025 October 2021 October 2021

    Patch Availability for Oracle WebCenter Sites

    Product Home Patch Advisory Number Comments
    12c home See "Oracle Fusion Middleware 12c" See "Oracle Fusion Middleware 12c"
    11.1.1.8 home Oracle WebCenter Sites 11.1.1.8.0 Patch 21 Patch 29118979 Released January 2019 for FMW 11.1.1.7.0 patches, refer to the Final CPU section

    3.3.44 Oracle WebCenter Sites Community

    Error Correction information for Oracle WebCenter Sites Community

    Patch Information 11.1.1.8 Comments
    Final CPU -

    Patch Availability for Oracle WebCenter Sites Community

    Product Home Patch Advisory Number Comments
    11.1.1.8 home 11.1.1.8.0 Patch 5 SPU Patch 26951713 or later Released January 2018 See "Oracle WebCenter 11.1.1.8"

    3.3.45 Oracle WebCenter Suite

    For the appropriate product versions listed below, refer to the corresponding Oracle Fusion Middleware patch availability sections that contain information on Error Correction, and for the patches to apply. Not all homes that are listed in those sections might be present in the Oracle WebCenter Suite installation. Only the relevant homes from those tables need to be patched.

    Patch Availability for Oracle WebCenter Suite

    Product Home Patches Comments
    Oracle WebCenter Suite 11.1.1.9 home See "Oracle Fusion Middleware 11.1.1.9"

    3.3.46 Oracle WebLogic Portal

    Error Correction information for Oracle WebLogic Portal

    Patch Information 10.3.7.0 Comments
    Final CPU October 2021 Note 1308963.1 Error Correction Policy as it applies to Oracle WebLogic Portal (WLP)

    Critical Patch Update Availability for WebLogic Portal

    See also the underlying product stack tables (JRockit and WLS) for any applicable patches.

    WebLogic Portal patches are cumulative to include all the prior published advisories. For more information, see My Oracle Support Note 1355929.1October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session ID and SSL Filters.

    WebLogic Portal 9.2.3.0 is bundled with WebLogic Server 9.2.3.0, which is out of error correction. Contact Oracle support for security patches needed for WebLogic Server 9.2.3.0

    Product Home Patch Advisory Number Comments
    WebLogic Portal 10.3.7.0 home There are no CPU patches to document on 10.3.7.0 none  

    3.3.47 Oracle WebLogic Server

    Error Correction information for Oracle WebLogic Server Patch Set Update

    Patch Information 14.1.1.0.0 12.2.1.4.0 12.2.1.3.0 12.1.3.0 10.3.6.0 Comments
    Final CPU January 2028 October 2025 October 2021 October 2020 October 2021 Note 950131.1 Error Correction Support Dates for Oracle WebLogic Server

    12.1.3 and 10.3.6.0 End of Error Correction for Extended Support Customer only beyond Dec 2018

    Understanding Patch Release Versions - - - - See Note 2565576.1, Understanding WebLogic Server Patch Set Update (PSU) Release Versions

    Patch Set Update Availability for Oracle WebLogic Server

    For more information, see MyOracleSupport Note 1470197.1, Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS). See Note 1306505.1, Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS)

    This section contains the following:

    3.3.47.1 Oracle WebLogic Server 14.1.1.0
    All of the patches listed in the table below should be applied to an Oracle WebLogic Server 14.1.1.0 installation

    Product Home Patch Advisory Number Comments
    Oracle WebLogic Server 14.1.1.0 See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE

    Download locations and installation instructions in above document

    See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    OPatch 13.9.4.2.4 Patch 28186730 Released July 2020 Update OPatch 13.9.4.2.4 Patch 28186730 before applying the WLS PSU.

    See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c

    WLS PATCH SET UPDATE 14.1.1.0.200624 Patch 31532352 CVE-2020-2967. CVE-2020-14588, CVE-2020-14589, CVE-2020-14687, CVE-2020-14622, CVE-2020-14625, CVE-2020-14652,
    CVE-2017-5645, CVE-2020-14645, CVE-2020-14557, CVE-2020-14644
    WEBLOGIC SAMPLES SPU 14.1.1.0.200714 Patch 31384947 CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14639, CVE-2020-14640
    Coherence 14.1.1.0.1 Patch 31201347 CVE-2020-14642

     

    3.3.47.2 Oracle WebLogic Server 12.2.1.4
    All of the patches listed in the table below should be applied to an Oracle WebLogic Server 12.2.1.4 installation

    Product Home Patch Advisory Number Comments
    Oracle WebLogic Server 12.2.1.4 See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE

    Download locations and installation instructions in above document

    See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    OPatch 13.9.4.2.4 Patch 28186730 Released July 2020 Update OPatch 13.9.4.2.4 Patch 28186730 before applying WLS PSU.

    See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c

    WLS PATCH SET UPDATE 12.2.1.4.200624 Patch 31537019 + ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020 Patch 31544353 CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14687, CVE-2020-14622, CVE-2020-5398, CVE-2020-2966, CVE-2020-14625, CVE-2020-14572, CVE-2020-14652, CVE-2017-5645, CVE-2020-14645, CVE-2020-14557, CVE-2020-9546, CVE-2020-14644, CVE-2018-11058 See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server.

    For CVE-2018-11058, apply ADR Patch.

    WEBLOGIC SAMPLES SPU 12.2.1.4.200714 Patch 31384959 CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14639, CVE-2020-14640
    Coherence 12.2.1.4.5 Patch 31470730 CVE-2020-14642

     

    3.3.47.3 Oracle WebLogic Server 12.2.1.3
    All of the patches listed in the table below should be applied to an Oracle WebLogic Server 12.2.1.3 installation

    Product Home Patch Advisory Number Comments
    Oracle WebLogic Server 12.2.1.3 See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE

    Download locations and installation instructions in above document

    See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    OPatch 13.9.4.2.4 Patch 28186730 Released July 2020 Update OPatch 13.9.4.2.4 Patch 28186730 before applying WLS PSU.

    See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c

    WLS PATCH SET UPDATE 12.2.1.3.200624 Patch 31535411 + ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340 CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14687, CVE-2020-14622, CVE-2020-2966, CVE-2020-14625, CVE-2020-14572, CVE-2020-14652, CVE-2017-5645, CVE-2018-11058, CVE-2020-14645, CVE-2020-14557, CVE-2020-9546, CVE-2020-14644 See Note 2421487.1, Oracle Strongly recommends applying minimum JDK version (JDK 8u181 or later) to make some of Weblogic Server Deserialization vulnerability fixes effective.

    See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server

    Refer to Note 2437460.1 for Patch Conflict issue.

    CVE-2018-3213 Is addressed in Docker Images published after September 13, 2018. Latest docker image at https://container-registry.oracle.com.

    For CVE-2018-11058, apply ADR Patch.

    See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

    See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

    See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

    WEBLOGIC SAMPLES SPU 12.2.1.3.200714 Patch 31384951 CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14639, CVE-2020-14640 This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities.
    Coherence 12.2.1.3.10 Patch 31470751 CVE-2020-14642

     

    3.3.47.4 Oracle WebLogic Server 12.1.3
    All of the patches listed in the table below should be applied to an Oracle WebLogic Server 12.1.3 installation

    Product Home Patch Advisory Number Comments
    Oracle WebLogic Server 12.1.3 See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE

    Download locations and installation instructions in above document

    See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    WLS PATCH SET UPDATE 12.1.3.0.200714 Patch 31178516+ ADR ADR FOR WEBLOGIC SERVER 12.1.3.0.0 JULY CPU 2020 Patch 31544363 CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14622, CVE-2020-2966, CVE-2017-5645, CVE-2020-14572, CVE-2020-14652, CVE-2018-11058, CVE-2020-14645, CVE-2020-14557 See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server

    Refer to Note 2566635.1 for Overlay Patch Conflict issue

    For CVE-2018-11058, apply ADR Patch.

    See Note 2421487.1, Oracle Strongly recommends applying minimum JDK version (JDK 7 u191 or later OR JDK 8u181 or later) to make some of the Weblogic Server Deserialization vulnerability fixes effective.

    See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

    See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

    See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle

    WEBLOGIC SAMPLES SPU 12.1.3.0.200714 Patch 31615281 CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14639, CVE-2020-14640 This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities.
    Coherence 12.1.3.0.9 Patch 31470778 CVE-2020-14642
    WLS 12.1.3 JDBC Patch 20741228 Released January 2018 Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c
    SPU Patch 24327938 Released July 2016 TopLink JPA-RS patch
    See Note 1936300.1 How to Change SSL Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion Middleware Products (Doc ID 1936300.1) Released October 2014 SSL V3.0 "Poodle" Advisory

     

    3.3.47.5 Oracle WebLogic Server 10.3.6
    All of the patches listed in the table below should be applied to an Oracle WebLogic Server 10.3.6 installation

    Product Home Patch Advisory Number Comments
    Oracle WebLogic Server 10.3.6 See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE See Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE

    Download locations and installation instructions in above document

    See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
    WLS PATCH SET UPDATE 10.3.6.0.200714 Patch 31178492 + ADR FOR WEBLOGIC SERVER 10.3.6 JULY CPU 2020 Patch 31241365 CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14622, CVE-2020-2966, CVE-2017-5645, CVE-2020-14572, CVE-2020-14652, CVE-2018-11058, CVE-2020-14645 For CVE-2018-11058, apply ADR Patch.

    See Note 2421487.1 - Oracle Strongly recommends applying minimum JDK version (JDK 7 u191 or later) to make some of the Weblogic Server Deserialization vulnerability fixes effective.

    See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server

    See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher

    See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

    See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

    See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

    WLS 10.3.6 JDBC Patch 27541896 Released January 2018 Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c
    WLS 10.3.6 SAMPLES PSU 10.3.6.0.190716 Patch 29659185 Released July 2019 This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities
    Coherence 3.7.1.19 Patch 31447246 CVE-2020-14642
    See Note 1936300.1 How to Change SSL Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion Middleware Products (Doc ID 1936300.1) Released October 2014 SSL V3.0 "Poodle" Advisory

     

    3.4 Oracle Sun Middleware

    This section contains the following:

    3.4.1 Directory Server Enterprise Edition

    Error Correction information for Directory Server Enterprise Edition

    Patch Information 11.1.1.7.0 Comments
    Final CPU (Premier Support) October 2019
    Final CPU (Extended Support) October 2022

    Patch Availability for Directory Server Enterprise Edition

    Product Home Patch Advisory Number Comments
    11.1.1.7.0 ODSEE BP 11.1.1.7.190716 Patch 29893742 Released July 2019 CVE-2018-18508 is not applicable to Windows Platform. Please refer to 2.2 Post Release Patches for Windows Patch.

    3.4.2 Reserved for Future Use

    Error Correction information for Reserved for Future Use

    Patch Information 1.0 Comments
    Final CPU -

    Patch Availability for Reserved for Future Use

    Product Home Patch Advisory Number Comments
    1.0 Reserved for Future Use -

    3.5 Tools

    This section contains the following:

    3.5.1 Oracle OPatch

    Minimum Product Requirements for Oracle OPatch

    The CPU security vulnerabilities are fixed in the listed release and later releases. The Oracle OPatch downloads can be found at Patch 6880880.

    Component Release Advisory Number Comments
    Oracle OPatch 11.2.0.3.25, 12.2.0.1.21 CVE-2020-9546 Download the latest versions available to install Database Patches

     

    4 Final CPU History

    Final CPU History

    The Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. For more information, see My Oracle Support Note 209768.1Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.

    Release Final CPUs Comments
    April 2020 Management Pack For Oracle GoldenGate 11.2.1.0
    Oracle Enterprise Manager Cloud Control 13c Release 2 (13.2.0.0)
    January 2020 Oracle Enterprise Manager Ops Center 12.3.3
    Oracle Enterprise Repository 12.1.3
    Oracle Fusion Middleware 12.1.3.0
    Oracle GoldenGate 11.2.1.0
    Oracle Map Viewer 12.1.3.0
    October 2019 Oracle Application Testing Suite 13.2.0.1
    Oracle Business Transaction Management 12.1.0.7
    Oracle Enterprise Data Quality 9.0
    Oracle GoldenGate for Big Data 12.3.1.1.0
    Oracle GoldenGate Management Pack Plugin 12.1.0
    Oracle Identity Analytics 11.1.1.5.0
    Oracle JDeveloper and Oracle ADF 12.1.3.0
    Oracle OpenSSO 8.0 u2 (8.0.2.0)
    Oracle Waveset 8.1.1
    July 2019 Oracle Application Testing Suite 13.1.0.1
    Oracle Enterprise Manager Cloud Control 13.2
    Oracle Enterprise Data Quality 8.1
    Oracle Enterprise Data Quality 9.0
    Oracle Real Time Decisions Applications 3.2
    April 2019 Oracle Enterprise Manager Ops Center 12.2.x
    Management Pack For Oracle GoldenGate 11.1.1
    Oracle Outside In Technology 8.5.3
    January 2019 Oracle Application Performance Management 11.1.x
    Oracle GlassFish Server 3.1.2
    Oracle Mobile Security Suite 3.0
    October 2018 Oracle Business Intelligence App Mobile Designer
    Oracle Business Intelligence Enterprise Edition 11.1.1.7
    Oracle Business Intelligence Mobile
    Oracle Business Intelligence Publisher 11.1.1.7
    Oracle Communications Converged Application Server 5.x
    Oracle Complex Event Processing 11.1.7
    Oracle Data Integrator 11.1.1.7.0
    Oracle Endeca Server 7.6
    Oracle Endeca Server 7.6.1
    Oracle Endeca Information Discovery Integrator 3.1
    Oracle Endeca Information Discovery Studio 3.1
    Oracle Forms and Reports 11.1.2.2
    Oracle Fusion Middleware 11.1.1.7
    Oracle GoldenGate Application Adapters 12.2.0.1
    Oracle Hyperion BI+ 11.1.2.x
    Oracle Identity Access Management 11.1.1.7
    Oracle JDeveloper and Oracle ADF 11.1.1.7
    Oracle Mapviewer 11.1.1.7.0
    Oracle Portal, Forms, Reports and Discoverer 11.1.1.7
    Oracle Real Time Decisions Server 11.1.1.7
    Oracle Service Bus 11.1.1.7.0
    Oracle SOA Suite 11.1.1.7.0
    Oracle Traffic Director 11.1.1.7
    Oracle WebCenter Suite 11.1.1.7
    Oracle WebGate 10.1.4.3
    Oracle WebLogic Portal 10.3.6.0
    Oracle WebLogic Server Plug-in 11.1.1.7
    Oracle Web-Tier 11g Utilities 11.1.1.7
    July 2018 Oracle Business Intelligence Enterprise Edition 12.2.1.2.0
    Oracle Communications Converged Application Server 5.0
    Oracle Fusion Middleware 12.2.1.2
    Oracle JDeveloper and Oracle ADF 12.2.1.2.0
    Oracle WebCenter Sites 12.2.1.2.0 (Formerly FatWire Content Server 12.2.1.2.0)
    Oracle WebLogic Server 12.2.1.2.0
    FMW 12.2.1.2 all components
    April 2018 Oracle Application Testing Suite 12.5.0.3
    Oracle Endeca Server 7.5 home
    Oracle Enterprise Manager Grid Control 11.1.0.1
    Oracle Hyperion BI+ 11.1.2.x
    Oracle Hyperion Common Admin 11.1.2.x
    Oracle Hyperion Common Security 11.1.2.x
    Oracle Hyperion EAS 11.1.2.x
    Oracle Hyperion Financial Reporting 11.1.2.x
    Oracle Hyperion Installation Technology 11.1.2.x
    Oracle Hyperion Smart View For Office 11.1.2.x
    Oracle Service Architecture Leveraging Tuxedo (SALT) 11.1.1.2.x
    Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 11.1.1.2.x
    WebLogic Server 12.2.1.0 home
    WebLogic Server 12.1.2.0 home
    WebLogic Server 12.1.1.0 home
    WLS Plugin 12c (12.1.2.0)
    WLS Plugin 1.0 (10.3.4 and older)
    January 2018 Oracle Endeca Information Discovery Studio 3.1, 3.0, 2.4
    Oracle Endeca Information Discovery Studio Integrator 3.1, 3.0, 2.4
    Oracle Secure Enterprise Search 11.2.2.2
    iPlanet Web Server 7.0
    October 2017 Directory Server Enterprise Edition 7.0
    Oracle Fusion Middleware 12.2.1.1
    Oracle GlassFish Communications Server 2.0
    Oracle GlassFish Server 3.0.1
    Oracle JDeveloper and Oracle ADF 12.2.1.1.0
    Oracle Map Viewer 12.2.1.1
    Oracle OpenSSO Agents 3.0
    Oracle Waveset 8.1.1.0
    Oracle WebLogic Server 12.2.1.1.0
    Sun Role Manager 5.0.3.2
    July 2017 Oracle Endeca Server 7.4
    Oracle Enterprise Manager Cloud Control 13.1.0.0
    April 2017 Oracle TimesTen 11.2.1.x
    Oracle Business Intelligence Enterprise Edition 12.2.1.0.0
    Business Intelligence Publisher 12.2.1.0.0
    Oracle Fusion Middleware 12.2.1.0
    Oracle Fusion Middleware 10.1.3.5
    Oracle Identity Management Connector 9.1.0.4
    Oracle JDeveloper and Oracle ADF 12.2.1.0.0
    Oracle JDeveloper and Oracle ADF 10.1.3.5
    Oracle WebLogic Server 12.2.1.0.0
    January 2017 Oracle Business Process Management 10.3.2
    Oracle Data Service Integrator 10.3.0
    Oracle Outside In Technology 8.5.2
    Oracle Service Architecture Leveraging Tuxedo (SALT) 10.3
    Oracle WebCenter Interaction 10.3.3.0
    Oracle WebLogic Integration 10.3.1.0
    iPlanet Web Server 7.0
    iPlanet Web Proxy Server 4.0
    Oracle GlassFish Server 2.1.1
    October 2016 Oracle Endeca Server 7.3
    Oracle Access Manager 10gR3 (10.1.4.x)
    Oracle Access Manager 10g WebGates / ASDK working with OAM 10gR3 (10.1.4.x)
    Oracle WebLogic Server Proxy Plug-In 10gR3 (formerly known as WebLogic Server Proxy Plug-In 1.0)
    Oracle Outside In Technology 8.5.1
    Oracle Audit Vault 10.3
    Oracle Secure Backup 10.4.x
    July 2016 Oracle Outside In Technology 8.5.0
    Oracle Database 12.1.0.1 (See MOS Note 742060.1)
    April 2016 AquaLogic Data Services Platform 3.2
    AquaLogic Data Services Platform 3.0.1
    Oracle Business Intelligence Enterprise Edition 11.1.1.7
    Oracle Endeca Information Discovery 2.3
    Oracle Endeca Information Discovery 2.2.2 (Formerly Latitude)
    Oracle Enterprise Manager Cloud Control 12.1.0.4
    Oracle Fusion Middleware 12.1.2.0
    Oracle Identity Access Management 11.1.2.2
    Oracle Tuxedo 11.1.1
    Oracle WebCenter 11.1.1.8
    Oracle WebCenter Portal 11.1.1.8
    Oracle WebCenter Sites 7.6.2
    January 2016 Oracle Real Time Decisions Server 3.0.0.1
    Oracle WebCenter Interaction 6.5.1
    July 2015 Oracle API Gateway 11.1.2.2.0
    Oracle Business Intelligence EE and Publisher 10.1.3.4.2
    Oracle Communications Converged Application Server 4.0
    Oracle Database 11.2.0.3
    Oracle Database 11.1.0.7
    Oracle Fusion Middleware 12.1.1.0.0
    Oracle Identity and Access Management 11.1.1.5.0
    Oracle iPlanet Web Server 6.1.x
    Oracle iPlanet Web Server (Java System Web Server 6.1.x)
    Oracle WebLogic Server 12.1.1.0

    5 Sources of Additional Information

    The following documents provide additional information about Critical Patch Updates:

    • My Oracle Support Note 756671.1, Master Note for Database Proactive Patch Program
    • My Oracle Support Note 822485.1, Master Note for Enterprise Manager Proactive Patch Program
    • My Oracle Support Note 1494151.1, Master Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs)
    • My Oracle Support Note 209768.1Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy

     

    6 Modification History

    Modification History

    Date Modification
    July 14, 2020 Released
    Adjusted the advisory number list in sections 3.3.16.1.2, 3.3.47.3, and 3.3.47.4
    Updated patch availability in section 2.2
    July 15, 2020 Removed 13.2.3.1 and 13.1.2.1 columns from section 3.2.1
    Moved row for Patch 31447246 in section 3.3.47.5
    Moved row for Patch 31470778 in section 3.3.47.4
    Moved row fpr Patch 31384951 in section 3.3.47.3
    Moved row fpr Patch 31384947 in section 3.3.47.1
    Changed ADR patch information associated with Patch 31178516 in section 3.3.47.4
    Corrected version typo in section 3.3.47.1
    Added comment concerning Note 2421487.1 to Patch 31241365, Patch 31544363, and Patch 31535411
    Added "or later" to all patch numbers in section 3.2.4
    Updated patch availability in section 2.2
    July 16, 2020 Updated comments for Patch 31595030 in section 3.2.1
    Updated comments for Patch 31535411 in section 3.3.47.3
    Updated comments for Patch 31178516 in section 3.3.47.4
    Updated comments for Patch 31178492 in section 3.3.47.5
    Updated comments for Patch 31535411 in section 3.3.16.1.2
    Updated patch availability in section 2.2
    July 17, 2020 Updated patch availability in section 2.2
    July 21, 2020 Replaced specific JDK version references in sections 3.3.47.1 - 3.3.47.5 with a reference to Note 2682801.1.
    Updated patch availability in section 2.2.
    Corrected typo (12.2.1.2 to 12.2.1.4) in Error Correction table header in section 3.3.36.
    July 23, 2020 Updated patch availability in section 2.2.
    July 24, 2020 Updated patch availability in section 2.2.
    July 27, 2020 Updated patch availability in section 2.2.
    July 28, 2020 Updated Note 2566635.1 to Note 2437460.1 in sections 3.3.16.1.2 and 3.3.47.3.
    Updated patch availability in section 2.2.
    July 29, 2020 Replaced Patch 31434672 with Patch 31682991 in section 3.2.4.
    Updated patch availability in section 2.2.
    July 30, 2020 Added comment about Note 2695856.1 to section 3.2.4.
    July 31, 2020 Updated patch availability in section 2.2.
    August 04, 2020 Updated patch availability in section 2.2.
    Updated patch number and comment for EM-BEACON Plug-in Agent Bundle Patch 13.3.0.0.200731 in section 3.2.4
    Updated patch number and comment for EM-BEACON Bundle Patch 12.1.0.5.200731 in section 3.2.4
    August 05, 2020 Updated patch availability in section 2.2.
    August 07, 2020 Updated patch availability in section 2.2.
    Corrected patch link typo for patch 28186730 in section 3.3.16.1.1
    August 12, 2020 Added a table row for Patch 31503472 in section 3.3.16.1.1
    August 14, 2020 Updated patch availability in section 2.2.
    Added Oracle Analytics Server 5.5 to section 3.3.5
    Jul2020 QFSDP replaced by Aug2020 QFSDP for each Database Release in section 3.1.4
    August 17, 2020 Updated patch availability in section 2.2.
    August 18, 2020 Added comment that 32-bit JDK is "on-demand" to tables in section 3.1.4
    August 20, 2020 Changed comment about Note 2695856.1 to Note 2693952.1 in section 3.2.4.
    Added "or later" to references for Patch 30347629 in sections 3.3.16.1.2 and 3.3.30.
    August 28, 2020 Updated patch availability in section 2.2.
    September 03, 2020 Updated patch availability in section 2.2.
    Changed "5.5.0.0.200713 Patch 31613780" to "5.5.0.0.200828 Patch 31816819" in section 2.2 and 3.3.5

     

    7 Documentation Accessibility

    For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

    Access to Oracle Support

    Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit 

    <a href="http://www.oracle.com/pls/topic/lookup?ctx=acc&amp;id=trs">http://www.oracle.com/pls/topic/lookup?ctx=acc&amp;id=trs</a>

     if you are hearing impaired.

     


    Critical Patch Update Availability Document July 2020

    Copyright © 2006, 2019, Oracle and/or its affiliates.

    This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

    The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

    If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

    U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

    This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

    Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

    Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

    This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

    Speak Your Mind

    *