Oracle Database 11.2 April 2012 CPU Includes OC4J 10.1.3.4 Patch
By Daniel Mortimer-Oracle on Apr 19, 2012
Patch Set Update and Critical Patch Update April 2012 Availability [ID 1406574.1]
Table 6 Patch Availability for Oracle Database 18.104.22.168
includes the row:
|Product Home||Patch||Advisory Number||Comments|
|Oracle Database home||Patch 13705478||CVE-2011-5035||OC4J 10.1.3.4 one-off patch (Special OPatch needed, see README)|
** Be sure to check ID 1406574.1 for the rest of the table details. Above is just an excerpt!
OC4J is normally a component which administrators associate with Oracle Application Server 10g - it's not a component one normally associates with the Oracle Database.
It is, however, NOT a documentation bug. The April 2012 Critical Patch Update document is accurate. There is a 10.1.3.4 OC4J directory found in the 22.214.171.124 Database Home. This patch covers a public vulnerability - CVE-2011-5035 - within that directory. In fact, this patch was actually released as part of the January 2012 Security Alert, refer to:
Oracle WebLogic Server and Oracle Application Server (OC4J) Security Alert for CVE-2011-5035 [ID 1400322.1]
DBAs maintaining Oracle Database 11.2 should apply this Patch 13705478 , following the README bundled with it to ensure it is applied without issue.