X

Proactive insights, news and tips from Oracle Fusion Middleware Support. Learn Oracle from Oracle.

April 2019 Oracle WebLogic Server Patch Set Update have been Released!

Puneeth Prakash
Principal Software Engineer

Below are the Topics covered in this document:

1. April 2019 PSU availability for WebLogic(WLS)

2. IMPORTANT! Popular known issues in this PSU release

3. List of PSU's released for Weblogic versions which are still supported

4. Error correction Information for supported WebLogic versions

5. What is Error Correction Policy and how does it affect your Weblogic version?

NOTE :

This blog tries to give a quick overview of the PSU patches available for current WebLogic releases and answers some basic questions related to CPU/PSU.

The contents of this blog are extracted from the following documents. 

It is always recommended to refer to the original KM document for up-to-date information:

REFERENCES: 

Critical Patch Update (CPU) Program April 2019 Patch Availability Document (PAD) (Doc ID 2498664.1)

WebLogic Server PSU - Popular Known Issues (Doc ID 2458832.1)

Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS) (Doc ID 1470197.1)

Critical Patch Update (CPU) Program April 2019 Patch Availability Document (PAD) (Doc ID 2498664.1)

Error Correction Support Dates for Oracle Fusion Middleware (10g/11g/12c/WLS) (Doc ID 944866.1)

 

1. April 2019 PSU availability for WebLogic (WLS)

REFERENCE: Critical Patch Update (CPU) Program April 2019 Patch Availability Document (PAD) (Doc ID 2498664.1)

Oracle WebLogic Server April 2019 Patch Set Update (PSU) has been released for the following WebLogic versions :

WLS 10.3.6.0.0    WLS PATCH SET UPDATE 10.3.6.0.190416 Patch 29204678

WLS 12.1.3.0.0    WLS PATCH SET UPDATE 12.1.3.0.190416 Patch 29204657

WLS 12.2.1.3.0    WLS PATCH SET UPDATE 12.2.1.3.190416 Patch 29016089

 

Product Home Patch Advisory Number Comments

Oracle Java SE home

Oracle JRockit 28.x home

See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE

See Note 2518941.1, Critical Patch Update April 2019 Patch Availability Document for Oracle Java SE

See Note 1492980.1How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products

Oracle WebLogic Server 12.2.1.3 home

OPatch 13.9.4.x for FMW/WLS 12.2.1.3.x Patch 28186730

Released in January 2019

Apply Opatch 13.9.4.2 before applying WLS PSU. (Re download the patch if used older patch before Feb 8 2019)

Oracle WebLogic Server and Coherence

WLS PATCH SET UPDATE 12.2.1.3.190416 Patch 29016089

CVE-2018-1258, CVE-2019-2615, CVE-2019-2650, CVE-2019-2648, CVE-2019-2645, CVE-2019-2646, CVE-2019-2568, CVE-2019-2647, CVE-2019-2649, CVE-2019-2618

CVE-2018-3213 Is addressed in Docker Images published after September 13, 2018. Latest docker image at https://container-registry.oracle.com.

See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

WebLogic Server 12.1.3.0 home

WLS PATCH SET UPDATE 12.1.3.0.190416 Patch 29204657

CVE-2019-2615, CVE-2019-2650, CVE-2019-2648, CVE-2019-2645, CVE-2019-2646, CVE-2019-2658, CVE-2019-2568, CVE-2019-2647, CVE-2019-2649, CVE-2019-2618

See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

WebLogic Server 10.3.6.0 home WLS PATCH SET UPDATE 10.3.6.0.190416 Patch 29204678 CVE-2019-2615, CVE-2019-2650, CVE-2019-2648, CVE-2019-2645, CVE-2019-2646, CVE-2019-2658, CVE-2019-2568, CVE-2019-2647, CVE-2019-2649, CVE-2019-2618

See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher

See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

WebLogic Server 12.1.3.0 home

WebLogic Server 10.3.6.0 home

WLS 12.1.3 JDBC Patch 20741228

WLS 10.3.6 JDBC Patch 27541896

Released January 2018 Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c

WebLogic Server 12.2.1.3.0 home

WebLogic Server 12.1.3.0.0 home

WebLogic Server 10.3.6.0.0 home

WEBLOGIC SAMPLES SPU 12.2.1.3.190115 Patch 28927298

 

WEBLOGIC SAMPLES SPU 12.1.3.0.190115 Patch 28927303

 

Weblogic Samples SPU 10.3.6.0.181016 Patch 28483404

Released January 2019

This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities

WebLogic Server 12.1.3.0 home

SPU Patch 24327938 Released July 2016 TopLink JPA-RS patch

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

WebLogic Server 12.1.3.0 home

WebLogic Server 10.3.6.0 home

See Note 1936300.1

Released October 2014

SSL V3.0 "Poodle" Advisory

See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933.

See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852

 

2. IMPORTANT! Popular known issues in this PSU release

REFERENCE: Note 2458832.1 WebLogic Server PSU - Popular Known Issues

WLS PSU April 2019 (190416)

A new WLS PSU was released April 16, 2019 for 10.3.6, 12.1.3, and 12.2.1.3. See the Advisory (which includes CVE and risk matrix), CPU/PSU Patch Availability Note 2498664.1 and Note 1470197.1.

Oracle has released a new Security Alert on April 26, 2019: https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
The Alert affects 10.3.6 and 12.1.3 and refers to:

  • Note 2535708.1 Security Alert CVE-2019-2725 Patch Availability Document for Oracle WebLogic Server
  • The patches made available require a PSU patch applied first, plus a JDK update, see CPU/PSU Patch Availability Note 2498664.1 and Note 1470197.1

        - See also: Note 2541027.1 Understanding Overlay Patch Release Versions to be Applied on Top of a WLS Patch Set Update 

  • Note: You can sign up for notification when Oracle releases a Security Alert:

        https://www.oracle.com/technetwork/topics/security/alerts-086861.html
        --> "Instructions for subscribing to email notifications of Critical Patch Update Advisories and Security Alerts."

 

3. List of PSU's released for Weblogic versions which are still supported

REFERENCE: Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS) (Doc ID 1470197.1)

Current PSUs for WebLogic Server

12.2.1.3 Patch Set Updates

Important: PSUs are initially announced in the CPU Patch Availability Document listed in the below table; containing other patches and steps to secure your environment!

See 12cR2 release info in Note 2067900.1 and Support dates in Note 1933372.1.

See also: Note 2458832.1 WebLogic Server PSU - Popular Known Issues

 

PSU Description Patch Download CPU/PSU Patch Availability Document Bugs Fixed 
Document
12.2.1.3.190416 12.2.1.3.190416 Patch Set Update (PSU) for WebLogic Server 12.2.1.3 See the document in the next column to ensure you have the most recent patch information -->

My Oracle Support
Note 2498664.1

Ensure to obtain the current cycle's OPatch pre-req, WLS PSU, JDK update and other security patches from the CPU document!

See README
12.2.1.3.190115 12.2.1.3.190115 Patch Set Update (PSU) for WebLogic Server 12.2.1.3 Patch 28710939
 

My Oracle Support
Note 2466391.1

See README
12.2.1.3.181016 12.2.1.3.181016 Patch Set Update (PSU) for WebLogic Server 12.2.1.3 Patch 28298734
 
My Oracle Support
Note 2433477.1
HTML Attachment
12.2.1.3.180717 12.2.1.3.180717 Patch Set Update (PSU) for WebLogic Server 12.2.1.3 Patch 27912627
 
My Oracle Support
Note 2394520.1
HTML Attachment
12.2.1.3.180417 12.2.1.3.180417 Patch Set Update (PSU) for WebLogic Server 12.2.1.3 Patch 27342434 My Oracle Support
Note 2353306.1
HTML Attachment
12.2.1.3.180116 12.2.1.3.180116 Patch Set Update (PSU) for WebLogic Server 12.2.1.3 Patch 27438258 My Oracle Support
Note 2325393.1
 HTML Attachment

 

12.1.3.0 Patch Set Updates

Important: PSUs are initially announced in the CPU Patch Availability Document listed in the below table; containing other patches and steps to secure your environment! See 12cR1 release info in Note 1567707.1 and Support dates in Note 1933372.1.

Beginning January 2018, WLS 12.1.3 is under Extended Support. It is recommended that you upgrade to 12c R2, see Note 2067900.1.  The Error Correction Policy is within Note 209768.1, click the attachment link, and see "4.2 Policies – Critical Patch Update Program". This reads "Only customers who have contracted for Extended Support are entitled to download and use PSUs created for a product in Extended Support". This same policy applies to further fixes such as new bugs, merge requests or overlays to the PSU patch.

See also: Note 2458832.1 WebLogic Server PSU - Popular Known Issues

 

PSU Description Patch Download CPU/PSU Patch Availability Document Bugs Fixed
Document
12.1.3.0.190416 12.1.3.0.190416 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 See the document in the next column to ensure you have the most recent patch information -->

My Oracle Support
Note 2498664.1

Ensure to obtain the current cycle's WLS PSU, JDK update and other security patches from the CPU document!

See README
12.1.3.0.190115 12.1.3.0.190115 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 28710923 My Oracle Support
Note 2466391.1
See README
12.1.3.0.181016 12.1.3.0.181016 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 28298916 My Oracle Support
Note 2433477.1
HTML Attachment
12.1.3.0.180717 12.1.3.0.180717 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 27919943 My Oracle Support
Note 2394520.1
HTML Attachment
12.1.3.0.180417 12.1.3.0.180417 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 27419391 My Oracle Support
Note 2353306.1
HTML Attachment
12.1.3.0.180116 12.1.3.0.180116 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 27057030 My Oracle Support
Note 2325393.1
HTML Attachment
12.1.3.0.171017 12.1.3.0.171017 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 26519417 My Oracle Support
Note 2296870.1 
 HTML Attachment
12.1.3.0.170718 12.1.3.0.170718 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 25869659 My Oracle Support
Note 2261562.1
HTML Attachment
12.1.3.0.170418 12.1.3.0.170418 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 25388793 My Oracle Support
Note 2228898.1
HTML Attachment
12.1.3.0.170117 12.1.3.0.170117 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 24904852 My Oracle Support
Note 2203916.1
HTML Attachment
12.1.3.0.161018 12.1.3.0.161018 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 23744018 My Oracle Support
Note 2171485.1
My Oracle Support
Note 2194122.1
12.1.3.0.160719 12.1.3.0.160719 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 23094292 My Oracle Support
Note 2136219.1
My Oracle Support
Note 2162294.1
12.1.3.0.160419 12.1.3.0.160419 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 22505404 My Oracle Support
Note 2102148.1
My Oracle Support
Note 2128304.1
12.1.3.0.6 12.1.3.0.6 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 21983457 My Oracle Support
Note 2074802.1
My Oracle Support
Note 2097415.1
12.1.3.0.5 12.1.3.0.5 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 21370953 My Oracle Support
Note 2037108.1
My Oracle Support
Note 2067304.1
12.1.3.0.4 12.1.3.0.4 Patch Set Update (PSU) for WebLogic Server 12.1.3.0* Patch 20838345 My Oracle Support
Note 2005667.1
My Oracle Support
Note 2030245.1
12.1.3.0.3 12.1.3.0.3 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 20223202 My Oracle Support
Note 1967243.1
My Oracle Support
Note 1997857.1
12.1.3.0.2 12.1.3.0.2 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 19637454 My Oracle Support
Note 1942215.1
My Oracle Support
Note 1961117.1
12.1.3.0.1 12.1.3.0.1 Patch Set Update (PSU) for WebLogic Server 12.1.3.0 Patch 19182811 My Oracle Support
Note 1912224.1
My Oracle Support
Note 1934984.1

 

* NOTE: There was a packaging issue with WLS PSU 12.1.3.0.4. See WLS PSU 12.1.3.0.4 Patch Conflict Issue Note 2062637.1 for more information.

10.3.6 Patch Set Updates

Important: PSUs are initially announced in the CPU Patch Availability Document listed in the below table; containing other patches and steps to secure your environment! See Support dates in Note 1290894.1.

Beginning January 2019, WLS 10.3.6 is under Extended Support. It is recommended that you upgrade to 12c R2, see Note 2067900.1. The Error Correction Policy is within Note 209768.1, click the attachment link, and see "4.2 Policies – Critical Patch Update Program". This reads "Only customers who have contracted for Extended Support are entitled to download and use PSUs created for a product in Extended Support". This same policy applies to further fixes such as new bugs, merge requests or overlays to the PSU patch. Note it is also required to be using Java SE 7 with WLS 10.3.6 as Java SE 6 has reached the end of Extended Support, see Note 952075.1, "Java SE End of Life and Oracle Fusion Middleware Policy".

See also: Note 2458832.1 WebLogic Server PSU - Popular Known Issues

PSU Description Patch Download CPU/PSU Patch Availability Document Smart Update Patch ID Bugs Fixed
Document
10.3.6.0.190416 10.3.6.0.190416 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 See the document in the next column to ensure you have the most recent patch information --> My Oracle Support
Note 2498664.1

Ensure to obtain the current cycle's WLS PSU, JDK update and other security patches from the CPU document!

U5I2  See README
10.3.6.0.190115 10.3.6.0.190115 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 28710912 My Oracle Support
Note 2466391.1
7HKN See README
10.3.6.0.181016 10.3.6.0.181016 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 28343311 My Oracle Support
Note 2433477.1
GENM HTML Attachment
10.3.6.0.180717 10.3.6.0.180717 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 27919965 My Oracle Support
Note 2394520.1
B47X HTML Attachment
10.3.6.0.180417 10.3.6.0.180417 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 27395085 My Oracle Support
Note 2353306.1
GFWX HTML Attachment
 na A PSU for WLS 10.3.6 was not released for the Jan 2018 (180116) cycle  na My Oracle Support
Note 2325393.1
 na  na
10.3.6.0.171017 10.3.6.0.171017 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 26519424 My Oracle Support
Note 2296870.1
 FMJJ  HTML Attachment
10.3.6.0.170718 10.3.6.0.170718 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 25869650 My Oracle Support
Note 2261562.1
B25A HTML Attachment
10.3.6.0.170418 10.3.6.0.170418 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 25388747 My Oracle Support
Note 2228898.1
RVBS

HTML Attachment

10.3.6.0.170117 10.3.6.0.170117 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 24667634 My Oracle Support
Note 2203916.1
XIDD HTML Attachment
10.3.6.0.161018 10.3.6.0.161018 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 23743997 My Oracle Support
Note 2171485.1
K25M My Oracle Support
Note 2194102.1
10.3.6.0.160719 10.3.6.0.160719 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 23094342 My Oracle Support
Note 2136219.1
UIAL My Oracle Support
Note 2162319.1
10.3.6.0.160419 10.3.6.0.160419 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 22505423 My Oracle Support
Note 2102148.1
DEM4 My Oracle Support
Note 2128296.1
10.3.6.0.13 10.3.6.0.13 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 21984589 My Oracle Support
Note 2074802.1
S8C2 My Oracle Support
Note 2097447.1
10.3.6.0.12 10.3.6.0.12 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 20780171 My Oracle Support
Note 2005667.1
EJUW My Oracle Support
Note 2030251.1
10.3.6.0.11 10.3.6.0.11 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 20181997 My Oracle Support
Note 1967243.1
YUIS My Oracle Support
Note 1997891.1
10.3.6.0.10 10.3.6.0.10 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 19637463 My Oracle Support
Note 1942215.1
12UV My Oracle Support
Note 1961046.1
10.3.6.0.9 10.3.6.0.9 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 19182814 My Oracle Support
Note 1912224.1
FSR2 My Oracle Support
Note 1935048.1
10.3.6.0.8 10.3.6.0.8 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 18040640 My Oracle Support
Note 1618213.1
T5F1 My Oracle Support
Note 1645823.1
10.3.6.0.7 10.3.6.0.7 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 17572726 My Oracle Support
Note 1594621.1
FCX7 My Oracle Support
Note 1613601.1
10.3.6.0.6 10.3.6.0.6 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 17071663 My Oracle Support
Note 1571391.1
BYJ1 My Oracle Support
Note 1589769.1
10.3.6.0.5 10.3.6.0.5 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 16619891 My Oracle Support
Note 1548709.1
L51R My Oracle Support
Note 1567735.1
10.3.6.0.4 10.3.6.0.4 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 16083651 My Oracle Support
Note 1525152.1
D33T My Oracle Support
Note 1544308.1
10.3.6.0.3 10.3.6.0.3 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 14736139 My Oracle Support
Note 1502461.1
HYKC My Oracle Support
Note 1519561.1
10.3.6.0.2 10.3.6.0.2 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 14331527 My Oracle Support
Note 1477727.1
MYFD My Oracle Support
Note 1496334.1
10.3.6.0.1 10.3.6.0.1 Patch Set Update (PSU) for WebLogic Server 10.3.6.0 Patch 14142550 My Oracle Support
Note 1455387.1
JSES My Oracle Support
Note 1466022.1

 

4. Error correction Information for supported WebLogic versions

REFERENCE: Critical Patch Update (CPU) Program April 2019 Patch Availability Document (PAD) (Doc ID 2498664.1)

Error Correction information for Oracle WebLogic Server Patch Set Update

Patch Information 12.2.1.3.0 12.1.3.0 10.3.6.0 Comments

Final CPU

-

October 2019

October 2021

 

 

5. What is Error Correction Policy and how does it affect your Weblogic version?

Have a look at the following documents for more information on Error Correction Policy for WLS:

Error Correction Support Dates for Oracle WebLogic Server (Doc ID 950131.1)

Error Correction Support Dates for Oracle Fusion Middleware (10g/11g/12c/WLS) (Doc ID 944866.1)

Error Correction Support Dates for Oracle Fusion Middleware 12c - FMW/WLS (Doc ID 1933372.1)

 

For additional information:

Critical Patch Updates, Security Alerts, and Third Party Bulletin

Master Note for Enterprise Manager Proactive Patch Program (822485.1)

Master Notes on Fusion Middleware Proactive Patching (1494151.1)

WebLogic Server PSU - Popular Known Issues (Doc ID 2458832.1)

Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS) (Doc ID 1470197.1)

 

 

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.