Tuesday Apr 21, 2015

Fusion Middleware Proactive Patches Released

Announcing

The latest Fusion Middleware (FMW) Proactive patches were released on April 14, 2015. To find download information and full detail, the relevant links are as follows:

A short summary of the patches released is posted below.

Bundle Patches

Bundle patches are collections of controlled, well tested critical bug fixes for a specific product which may include security contents and occasionally minor enhancements. These are cumulative in nature meaning the latest bundle patch in a particular series includes the contents of the previous bundle patches released. A suite bundle patch is an aggregation of multiple product bundle patches that are part of a product suite.

  • Oracle Access Manager (OAM) 11.1.1.7.4 and 11.1.1.5.9 bundle patches.
  • Oracle GlassFish Server (OGFS) 3.1.2.11,3.0.1.11 and 2.1.1.25 bundle patches.
  • Oracle Internet Directory (OID) 11.1.1.7.3 bundle patch.
  • Oracle Identity Management Suite Bundle Patch 11.1.2.2.5 consisting of
    • Oracle Access Manager (OAM) 11.1.2.2.5 bundle patch.
    • Oracle Identity Manager (OIM) 11.1.2.2.6 bundle patch.
    • Oracle Adaptive Access Manager (OAAM) 11.1.2.2.1 bundle patch.
    • Oracle Unified Directory (OUD) 11.1.2.2.2 bundle patch.
  • Oracle iPlanet Web Server (OiWS) 7.0.21 and 6.1.20 bundle patches.
  • Oracle iPlanet Web Proxy Server (OiWPS) 4.0.25 bundle patches.
  • Oracle OpenSSO Proxy Server Web Agent-V3.0-04 bundle patch.
  • Oracle SOA Suite (SOA) 12.1.3.0.2 and 11.1.1.7.2 bundle patches.
  • Oracle Service Bus (OSB) 11.1.1.7.4 bundle patch.
  • Oracle WebCenter Content (WCC) 11.1.1.8.11 bundle patch
  • Oracle WebCenter Portal (WCP) 11.1.1.8.7 bundle patch

Patch Set Updates (PSU)

Patch Set Updates (PSU) are collections of well controlled, well tested critical bug fixes for a specific product that have been proven in customer environments. PSUs may include security content but no enhancements are included. These are cumulative in nature meaning the latest PSU in a particular series includes the contents of the previous PSUs released.

  • Oracle WebLogic Server 12.1.3.0.3, 12.1.2.0.5, 12.1.1.0.11 and 10.3.6.0.11 PSUs.
  • Oracle Exalogic PSUs
    • 2.0.6.2.1 Physical Linux x86-64 (for all X2-2, X3-2, X4-2 , X5-2)
    • 2.0.6.2.1 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2, X5-2)
    • 2.0.6.2.1 Virtual (for all X2-2, X3-2, X4-2, X5-2)

Critical Patch Update (CPU)

The Critical Patch Update program is Oracle's quarterly release of security fixes. Additional patches were released as part of Oracle's Critical Patch Update program for the following products and versions:

  • Oracle Directory Server Enterprise Edition (ODSEE) 11.1.1.7.0
  • Oracle Management Pack for Golden Gate 11.1.2.1.0
  • Oracle Outside In Technology (OIT) 8.5.1, 8.5.0 and 8.4.1
  • Oracle WebCenter Sites 11.1.1.8.0, 11.1.1.6.1 and 7.6.2

Thursday Jan 22, 2015

Fusion Middleware Proactive Patches Released

Announcing

The latest Fusion Middleware (FMW) Proactive  patches were released on January 20, 2015. To find download information and full detail, the relevant links are as follows:

A short summary of the patches released is posted below.

Bundle Patches

Bundle patches are collections of controlled, well tested critical bug fixes for a specific product  which may include security contents and occasionally minor enhancements. These are cumulative in nature meaning the latest bundle patch in a particular series includes the contents of the previous bundle patches released.  A suite bundle patch is an aggregation of multiple product  bundle patches that are part of a product suite.

  • Oracle Business Intelligence Enterprise Edition (OBIEE) 11.1.1.7.150120  bundle patch
  • Oracle Access Manager (OAM) 11.1.1.7.3 and 11.1.1.5.8 bundle patches.
  • Oracle Adaptive Access Manager (OAAM) 11.1.1.5.4 and OAAM 11.1.1.7.150120 bundle patches.
  • Oracle Directory Server Enterprise Edition (ODSEE) 11.1.1.7.2 bundle patch
  • Oracle GlassFish Server (OGFS) 3.1.2.10 and 3.0.1.10 bundle patches.
  • Oracle Identity Management Suite Bundle Patch 11.1.2.2.4 consisting of
    • Oracle Access Manager (OAM) 11.1.2.2.4 bundle patch.
    • Oracle Identity Manager (OIM) 11.1.2.2.5 bundle patch.
    • Oracle Adaptive Access Manager (OAAM) 11.1.2.2.1 bundle patch.
    • Oracle Unified Directory (OUD) 11.1.2.2.1 bundle patch.
  • Oracle SOA Suite (SOA) 12.1.3.0.1 and 11.1.1.7.6 bundle patches.
  • Oracle Waveset (OW) 8.1.1.10 bundle patch
  • Oracle WebCenter Content (WCC) 11.1.1.8.9 bundle patch
  • Oracle WebCenter Portal (WCP) 11.1.1.8.6 bundle patch

Patch Set Updates (PSU)

Patch Set Updates (PSU)  are collections of well controlled, well tested critical bug fixes for a specific product  that have been proven in customer environments. PSUs  may include security content but no  enhancements are included. These are cumulative in nature meaning the latest PSU  in a particular series includes the contents of the previous PSUs  released.

  • Oracle WebLogic Server 12.1.3.0.2, 12.1.2.0.4, 12.1.1.0.10 and 10.3.6.0.10 PSUs.
  • Oracle Exalogic PSUs
    • 2.0.6.2.0 Physical Linux x86-64 (for all X2-2, X3-2, X4-2)
    • 2.0.6.2.0 Physical Solaris x86-64 (for all X2-2, X3-2, X4-2)
    • 2.0.6.2.0 Virtual (for all X2-2, X3-2, X4-2)

Critical Patch Update (CPU)

The Critical Patch Update program is Oracle's quarterly release of security fixes.

Additional patches were released as part of Oracle's Critical Patch Update program for the following products and versions

  • Oracle Business Intelligence Enterprise Edition (OBIEE) 10.1.3.4.2
  • Oracle Business Intelligence Publisher (formerly XML Publisher) (BIP)  10.1.3.4.2
  • Oracle Business Intelligence Real Time Decision Server (BI RTD) 11.1.1.7.0 and 3.0.x
  • Oracle Containers for J2EE (OC4J) 10.1.3.5.0
  • Oracle Forms : 11.1.2.2.0   and  11.1.1.7.0.
  • Oracle Http Server (OHS)  10.1.3.5.0 , 11.1.1.7.0 , 12.1.2.0.0 and 12.1.3.0.0
  • Oracle Open SSO Server 8.0.2.0
  • Oracle Reports Developer 11.1.2.2.0 and 11.1.1.7.0
  • Oracle Security Service (OSS)  12.1.3.0.0 and 12.1.2.0.0
  • Oracle WebLogic Portal (WCP) : 10.3.6.0 , 10.2.1.0 and 10.0.1.0
  • Oracle WebLogic Server  10.0.2.0

Wednesday Oct 15, 2014

Critical Patch Update for Oracle Fusion Middleware - CPU October 2014

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - October 2014

The advisory lists the support documents that cover the patch availability for all Oracle products. For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update October 2014 Availability  [ID [1912224.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update October 2014 Oracle Fusion Middleware Known Issues  [ID 1912243.1]
  • Critical Patch Update October 2014 Database Known Issues [ID 1911781.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

October 2014 Critical Patch Update Released

Wednesday Oct 08, 2014

Critical Patch Update for Oracle Fusion Middleware - CPU July 2014

Sorry for posting this blog entry so late. The October 2014 Critical Patch Update (CPU) is due for release 14th October. In the meantime, for completeness sake, the Fusion Middleware summary for the July 2014 release can be found below. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - July 2014

The advisory lists the support documents that cover the patch availability for all Oracle products. For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update July 2014 Availability  [ID [1666884.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update July 2014 Oracle Fusion Middleware Known Issues  [ID 1666887.1]
  • Critical Patch Update July 2014 Database Known Issues [ID 1666882.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

July 2014 Critical Patch Update Released

Monday May 12, 2014

Critical Patch Update for Oracle Fusion Middleware - CPU April 2014

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - April 2014

The advisory lists the support documents that cover the patch availability for all Oracle products. For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update April 2014 Availability  [ID [1618213.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update April Oracle Fusion Middleware Known Issues  [ID 1618208.1]
  • Critical Patch Update April 2014 Database Known Issues [ID 1615881.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

April 2014 Critical Patch Update Released

Tuesday Jan 21, 2014

Critical Patch Update for Oracle Fusion Middleware - CPU January 2014

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - January 2014

The advisory lists the support documents that cover the patch availability for all Oracle products. For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update January 2014 Availability Document [ID 1594621.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update January 2014 Oracle Fusion Middleware Known Issues  [ID 1594610.1]
  • Critical Patch Update January 2014 Database Known Issues [ID 1593192.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

January 2014 Critical Patch Update Released

Monday Nov 18, 2013

Fusion Middleware Error Correction Policy - Have You Got a Patch and Maintain Strategy?

It is not uncommon to come across Fusion Middleware 11g product solutions which do not have the latest patch set applied. Example: a business has a SOA Suite 11.1.1.3 in production. The solution has been working fine for three years, and then new business requirements forces an application change. The change, unfortunately, breaks rather than enhances existing functionality. A Service Request is logged with My Oracle Support and the business receive the news that the problem is caused by a bug, a patch for which is available. "Good news!" But, it is a patch which can only be applied against the latest patch set. Furthermore, the fix will not be backported to 11.1.1.3. "Oh .. really .. why can't we get a fix for the patch set we are on? Lifetime Support Policy - Level: Premier Support - has not yet expired for 11g."

The business has been blissfully unaware of the Server Technology Products Software Error Correction Policy.  This document describes the different types of patches which Oracle may release for products and the policies which surround them. It is particularly important, however, to read the product line specific advice found in the Appendix. To part quote, the advice for Oracle Fusion Middleware:

Grace Period: up to 1 year, minimum 3 months.

You have up to one year from the initial release of the patch set to install the new patch set, and can receive new bug fixes for the previous patch set during that time ...

For details (including links to documents containing error correction dates for specific products and patch sets), see

Error Correction Support Dates for Oracle Fusion Middleware (10g/11g/WLS) (Doc ID 944866.1).

In 944866.1, you will find a link to

Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2) (Doc ID 1290894.1)

which shows that the error correction grace period for Fusion Middleware (which covers SOA) 11.1.1.3 ended in January 2012. This explains why, in our scenario above, the business will need to first apply the latest available patch set, followed by the interim patch in order to fix their issue.

In conclusion, having a patch and maintain strategy is essential. Maintaining Fusion Middleware products at the latest major version and/or patch set release + updates has the following benefits:

  • Proactively applying the latest patch set and updates can avoid problems and therefore minimize downtime.
  • It can reduce the time taken to consume or obtain fixes for new issues.

If you are using Oracle Fusion Middleware 11g, bookmark and regularly review:

Information Center: Patching and Maintaining Oracle Fusion Middleware 11g (Doc ID 1341616.2)

Screenshot of Information Center: Patching and Maintain Fusion Middleware 11g

This Information Center contains links to knowledge articles which discuss the Error Correction policy and list Error Correction end dates. The Information Center is also a one stop shop for links to patch and patch set collateral:

  • Patch Set Release Announcements
  • Patch Set Updates (including Critical Patch Update) information
  • Patching Documentation 
  • And more ..

Get proactive, know your error correction end dates and put in a place a strategy to keep your product up to date with the latest patch set and updates.

Thursday Oct 31, 2013

Critical Patch Update for Oracle Fusion Middleware - CPU October 2013

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - October 2013

The advisory lists the support documents that cover the patch availability for all Oracle products.

For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update October 2013 Availability Document [ID 1571391.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update October 2013 Oracle Fusion Middleware Known Issues  [ID 1571369.1]
  • Critical Patch Update October 2013 Database Known Issues [ID 1571653.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

October 2013 Critical Patch Update Released

Thursday Jul 18, 2013

Critical Patch Update for Oracle Fusion Middleware - CPU July 2013

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - July 2013

The advisory lists the support documents that cover the patch availability for all Oracle products.

For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update July 2013 Availability Document [ID 1548709.1]

Highlights - WebLogic Server Patch Set Updates (PSU)

  • WebLogic Server - 12.1.1.0.5
  • WebLogic Server - 10.3.6.0.5

July 2013 marks the end of CPU/PSU patches for Weblogic Server 10.3.5. Looking forward, we will see the final CPU patches for Weblogic Server 9.2.3.0 and 9.2.4.0 in October 2013

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update July 2013 Oracle Fusion Middleware Known Issues  [ID 1548690.1]
  • Critical Patch Update July 2013 Database Known Issues [ID 1546428.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

July 2013 Critical Patch Update Released

Wednesday Apr 17, 2013

Critical Patch Update for Oracle Fusion Middleware - CPU April 2013

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities 

On this page you will find the link to the

Oracle Critical Patch Update Advisory - April 2013

The advisory lists the support documents that cover the patch availability for all Oracle products.

For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update April 2013 Availability Document [ID 1525152.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update April 2013 Oracle Fusion Middleware Known Issues  [ID 1525130.1]
  • Critical Patch Update April 2013 Database Known Issues [ID 1523844.1]
And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

April 2013 Critical Patch Update Released

Wednesday Oct 17, 2012

Critical Patch Update For Oracle Fusion Middleware - CPU October 2012

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities 

On this page you will find the link to the

Oracle Critical Patch Update Advisory - October 2012

The advisory lists the support documents that cover the patch availability for all Oracle products.

From an Oracle Fusion Middleware perspective, you can cut to the chase by using the links below which take you to the appropriate sections in

Patch Set Update and Critical Patch Update October 2012 Availability Document [ID 1477727.1]

  1. Oracle Fusion Middleware 11g Release 2 
  2. Oracle Fusion Middleware 11g Release 1
  3. Oracle Application Server 10g Release 3
The #anchor links above should work in Firefox and IE provided you have already logged into My Oracle Support within the same browser session. For some reason, Chrome always takes you to the top of the document :-/

Tip:

Error Correction Support for Oracle Identity Management 10g, version 10.1.4.x ended in December 2011. For this reason, there is no section which is specific to this version. However, Error Correction Support remains in place, until end of this year, for the Oracle Identity Management 10.1.4.x components

    • Single Sign On (SSO)
    • Delegated Administration Services (OIDDAS)

provided you are using them as part of a Single Sign-On solution (OID 11g + SSO / OIDDAS 10.1.4.3) for a Portal / Forms / Reports and Discoverer 11.1.1.x architecture.   

As such there are security related patches available for Fusion Middleware Single Sign On. You will find the patch numbers listed in the sections for 11.1.1.4, 11.1.1.5 and 11.1.1.6

And finally, if you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

Critical Patch Update October 2012 Oracle Fusion Middleware Known Issues (Doc ID 1455408.1)

Critical Patch Update October 2012 Database Known Issues (Doc ID 1477865.1)

Wednesday Jul 18, 2012

Critical Patch Update For Oracle Fusion Middleware - CPU July 2012

If you have not noticed already, the latest Critical Patch Update has been released for Oracle Products. You should start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all the Critical Patch Updates released along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities 

On this page you will find the link to the

Oracle Critical Patch Update Advisory - July 2012

The advisory lists the support documents that cover the patch availability for all Oracle Products.

From a Oracle Fusion Middleware perspective, you can cut to the chase by using the links below which take you to the appropriate sections in

Patch Set Update and Critical Patch Update July 2012 Availability Document [ID 1455387.1]

  1. Oracle Fusion Middleware 11g Release 2 
  2. Oracle Fusion Middleware 11g Release 1
  3. Oracle Application Server 10g Release 3
The #anchor links above should work in Firefox and IE provided you have already logged into My Oracle Support within the same browser session. For some reason, Chrome always takes you to the top of the document :-/

Tip:

Error Correction Support for Oracle Identity Management 10g, version 10.1.4.x ended in December 2011. For this reason, there is no section which is specific to this version. However, Error Correction Support remains in place, until end of this year, for the Oracle Identity Management 10.1.4.x components

    • Single Sign On (SSO)
    • Delegated Administration Services (OIDDAS)

provided you are using them as part of a Single Sign-On solution (OID 11g + SSO / OIDDAS 10.1.4.3) for a Portal / Forms / Reports and Discoverer 11.1.1.x architecture.   

As such there are two security related patches available for SSO / OIDDAS 10.1.4 - one related to OC4J, released in  January 2012, and another related to Oracle HTTP Server, released in October 2011. You may have applied these patches already .. but it is worthwhile double checking. You will find the patch numbers listed in the sections for 11.1.1.5, 11.1.1.6 

And finally, if you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

Critical Patch Update July 2012 Oracle Fusion Middleware Known Issues (Doc ID 1455408.1)

Critical Patch Update July 2012 Database Known Issues (Doc ID 1452634.1)

About

This is the blog of the Oracle Fusion Middleware Proactive Support Delivery Team. Here we will provide information about our activities, publications, product related information and more. Feedback welcome.

Follow OracleMWSupport on Twitter

Search

Archives
« May 2015
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today