Monday May 12, 2014

Critical Patch Update for Oracle Fusion Middleware - CPU April 2014

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - April 2014

The advisory lists the support documents that cover the patch availability for all Oracle products. For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update April 2014 Availability  [ID [1618213.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update April Oracle Fusion Middleware Known Issues  [ID 1618208.1]
  • Critical Patch Update April 2014 Database Known Issues [ID 1615881.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

April 2014 Critical Patch Update Released

Tuesday Jan 21, 2014

Critical Patch Update for Oracle Fusion Middleware - CPU January 2014

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - January 2014

The advisory lists the support documents that cover the patch availability for all Oracle products. For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update January 2014 Availability Document [ID 1594621.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update January 2014 Oracle Fusion Middleware Known Issues  [ID 1594610.1]
  • Critical Patch Update January 2014 Database Known Issues [ID 1593192.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

January 2014 Critical Patch Update Released

Monday Nov 18, 2013

Fusion Middleware Error Correction Policy - Have You Got a Patch and Maintain Strategy?

It is not uncommon to come across Fusion Middleware 11g product solutions which do not have the latest patch set applied. Example: a business has a SOA Suite 11.1.1.3 in production. The solution has been working fine for three years, and then new business requirements forces an application change. The change, unfortunately, breaks rather than enhances existing functionality. A Service Request is logged with My Oracle Support and the business receive the news that the problem is caused by a bug, a patch for which is available. "Good news!" But, it is a patch which can only be applied against the latest patch set. Furthermore, the fix will not be backported to 11.1.1.3. "Oh .. really .. why can't we get a fix for the patch set we are on? Lifetime Support Policy - Level: Premier Support - has not yet expired for 11g."

The business has been blissfully unaware of the Server Technology Products Software Error Correction Policy.  This document describes the different types of patches which Oracle may release for products and the policies which surround them. It is particularly important, however, to read the product line specific advice found in the Appendix. To part quote, the advice for Oracle Fusion Middleware:

Grace Period: up to 1 year, minimum 3 months.

You have up to one year from the initial release of the patch set to install the new patch set, and can receive new bug fixes for the previous patch set during that time ...

For details (including links to documents containing error correction dates for specific products and patch sets), see

Error Correction Support Dates for Oracle Fusion Middleware (10g/11g/WLS) (Doc ID 944866.1).

In 944866.1, you will find a link to

Error Correction Support Dates for Oracle Fusion Middleware 11g (11.1.1/11.1.2) (Doc ID 1290894.1)

which shows that the error correction grace period for Fusion Middleware (which covers SOA) 11.1.1.3 ended in January 2012. This explains why, in our scenario above, the business will need to first apply the latest available patch set, followed by the interim patch in order to fix their issue.

In conclusion, having a patch and maintain strategy is essential. Maintaining Fusion Middleware products at the latest major version and/or patch set release + updates has the following benefits:

  • Proactively applying the latest patch set and updates can avoid problems and therefore minimize downtime.
  • It can reduce the time taken to consume or obtain fixes for new issues.

If you are using Oracle Fusion Middleware 11g, bookmark and regularly review:

Information Center: Patching and Maintaining Oracle Fusion Middleware 11g (Doc ID 1341616.2)

Screenshot of Information Center: Patching and Maintain Fusion Middleware 11g

This Information Center contains links to knowledge articles which discuss the Error Correction policy and list Error Correction end dates. The Information Center is also a one stop shop for links to patch and patch set collateral:

  • Patch Set Release Announcements
  • Patch Set Updates (including Critical Patch Update) information
  • Patching Documentation 
  • And more ..

Get proactive, know your error correction end dates and put in a place a strategy to keep your product up to date with the latest patch set and updates.

Thursday Oct 31, 2013

Critical Patch Update for Oracle Fusion Middleware - CPU October 2013

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - October 2013

The advisory lists the support documents that cover the patch availability for all Oracle products.

For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update October 2013 Availability Document [ID 1571391.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update October 2013 Oracle Fusion Middleware Known Issues  [ID 1571369.1]
  • Critical Patch Update October 2013 Database Known Issues [ID 1571653.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

October 2013 Critical Patch Update Released

Thursday Jul 18, 2013

Critical Patch Update for Oracle Fusion Middleware - CPU July 2013

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - July 2013

The advisory lists the support documents that cover the patch availability for all Oracle products.

For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update July 2013 Availability Document [ID 1548709.1]

Highlights - WebLogic Server Patch Set Updates (PSU)

  • WebLogic Server - 12.1.1.0.5
  • WebLogic Server - 10.3.6.0.5

July 2013 marks the end of CPU/PSU patches for Weblogic Server 10.3.5. Looking forward, we will see the final CPU patches for Weblogic Server 9.2.3.0 and 9.2.4.0 in October 2013

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update July 2013 Oracle Fusion Middleware Known Issues  [ID 1548690.1]
  • Critical Patch Update July 2013 Database Known Issues [ID 1546428.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

July 2013 Critical Patch Update Released

Wednesday Apr 17, 2013

Critical Patch Update for Oracle Fusion Middleware - CPU April 2013

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities 

On this page you will find the link to the

Oracle Critical Patch Update Advisory - April 2013

The advisory lists the support documents that cover the patch availability for all Oracle products.

For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update April 2013 Availability Document [ID 1525152.1]

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update April 2013 Oracle Fusion Middleware Known Issues  [ID 1525130.1]
  • Critical Patch Update April 2013 Database Known Issues [ID 1523844.1]
And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

April 2013 Critical Patch Update Released

Wednesday Oct 17, 2012

Critical Patch Update For Oracle Fusion Middleware - CPU October 2012

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities 

On this page you will find the link to the

Oracle Critical Patch Update Advisory - October 2012

The advisory lists the support documents that cover the patch availability for all Oracle products.

From an Oracle Fusion Middleware perspective, you can cut to the chase by using the links below which take you to the appropriate sections in

Patch Set Update and Critical Patch Update October 2012 Availability Document [ID 1477727.1]

  1. Oracle Fusion Middleware 11g Release 2 
  2. Oracle Fusion Middleware 11g Release 1
  3. Oracle Application Server 10g Release 3
The #anchor links above should work in Firefox and IE provided you have already logged into My Oracle Support within the same browser session. For some reason, Chrome always takes you to the top of the document :-/

Tip:

Error Correction Support for Oracle Identity Management 10g, version 10.1.4.x ended in December 2011. For this reason, there is no section which is specific to this version. However, Error Correction Support remains in place, until end of this year, for the Oracle Identity Management 10.1.4.x components

    • Single Sign On (SSO)
    • Delegated Administration Services (OIDDAS)

provided you are using them as part of a Single Sign-On solution (OID 11g + SSO / OIDDAS 10.1.4.3) for a Portal / Forms / Reports and Discoverer 11.1.1.x architecture.   

As such there are security related patches available for Fusion Middleware Single Sign On. You will find the patch numbers listed in the sections for 11.1.1.4, 11.1.1.5 and 11.1.1.6

And finally, if you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

Critical Patch Update October 2012 Oracle Fusion Middleware Known Issues (Doc ID 1455408.1)

Critical Patch Update October 2012 Database Known Issues (Doc ID 1477865.1)

Wednesday Jul 18, 2012

Critical Patch Update For Oracle Fusion Middleware - CPU July 2012

If you have not noticed already, the latest Critical Patch Update has been released for Oracle Products. You should start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all the Critical Patch Updates released along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities 

On this page you will find the link to the

Oracle Critical Patch Update Advisory - July 2012

The advisory lists the support documents that cover the patch availability for all Oracle Products.

From a Oracle Fusion Middleware perspective, you can cut to the chase by using the links below which take you to the appropriate sections in

Patch Set Update and Critical Patch Update July 2012 Availability Document [ID 1455387.1]

  1. Oracle Fusion Middleware 11g Release 2 
  2. Oracle Fusion Middleware 11g Release 1
  3. Oracle Application Server 10g Release 3
The #anchor links above should work in Firefox and IE provided you have already logged into My Oracle Support within the same browser session. For some reason, Chrome always takes you to the top of the document :-/

Tip:

Error Correction Support for Oracle Identity Management 10g, version 10.1.4.x ended in December 2011. For this reason, there is no section which is specific to this version. However, Error Correction Support remains in place, until end of this year, for the Oracle Identity Management 10.1.4.x components

    • Single Sign On (SSO)
    • Delegated Administration Services (OIDDAS)

provided you are using them as part of a Single Sign-On solution (OID 11g + SSO / OIDDAS 10.1.4.3) for a Portal / Forms / Reports and Discoverer 11.1.1.x architecture.   

As such there are two security related patches available for SSO / OIDDAS 10.1.4 - one related to OC4J, released in  January 2012, and another related to Oracle HTTP Server, released in October 2011. You may have applied these patches already .. but it is worthwhile double checking. You will find the patch numbers listed in the sections for 11.1.1.5, 11.1.1.6 

And finally, if you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

Critical Patch Update July 2012 Oracle Fusion Middleware Known Issues (Doc ID 1455408.1)

Critical Patch Update July 2012 Database Known Issues (Doc ID 1452634.1)

About

This is the blog of the Oracle Fusion Middleware Proactive Support Delivery Team. Here we will provide information about our activities, publications, product related information and more. Feedback welcome.

Follow OracleMWSupport on Twitter

Search

Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today