weblogic_12c_patch.rar

=============================== Patch Set Update (PSU) for Bug: 29204657 =============================== Date: Tue Mar 5 13:23:42 2019 --------------------------------- Platform Patch for : Generic Product Patched : ORACLE WEBLOGIC SERVER Product Version : 12.1.3.0.0 This document describes how to install the interim patch for bug # 29204657. It includes the following sections: Section 1, "Zero Downtime Patching" Section 2, "Prerequisites" Section 3, "Pre-Installation Instructions" Section 4, "Installation Instructions" Section 5, "Post-Installation Instructions" Section 6, "Deinstallation Instructions" Section 7, "Post Deinstallation Instructions" Section 8, "Bugs Fixed by This Patch" Section 9, "Known Issues" 1 Zero Downtime Patching ------------------------------ This patch has been marked as eligible for Zero Downtime Patching. With Zero Downtime Patching, a Patch can be applied to a system in a manner that does not incur any downtime. This ensures that the system can remain available and functioning during the patching process. Certain pre-requisites, however, must be met before the patch can be applied. For more information, consult the My Oracle Support MOS Note: 1942159.1 2 Prerequisites ---------------- Ensure that you meet the following requirements before you install or deinstall the patch: 1. Before applying the non-mandatory patches, ensure that you have the exact symptoms described in the bug. 2. Update Java SE (JDK/JRE): For users of Oracle JDKs and JVMs, we strongly recommend applying the latest Java Critical Patch Updates (CPUs) as soon as they are released. Refer to the following for further information: Doc ID 1506916.1 Obtaining Java SE (JDK/JRE) for Oracle Fusion Middleware Products https://support.oracle.com/rs?type=doc&id=1506916.1 3. Oracle Fusion Middleware 12.1.x products are installed with OPatch NextGen 13.2 to apply interim patches. The OPatch utility may be updated over time to resolve known issues. You can check your version using the following command: ORACLE_HOME/OPatch/opatch version OPatch should not be updated for 12.1.x unless specifically instructed to do so. The installed OPatch should be sufficient to apply interim patches. Review the following for more OPatch information: Doc ID 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c https://support.oracle.com/rs?type=doc&id=1587524.1 4. Verify the OUI Inventory. OPatch needs access to a valid OUI inventory to apply patches. Note: This needs the ORACLE_HOME to be set(refer section "2. Pre-Installation Instructions") prior to run the below commands: Validate the OUI inventory with the following commands: $ opatch lsinventory -jre $ORACLE_HOME/jdk/jre Note: All OPatch commands should be run with -jre option. Make sure the JDK version you use is the certified version for your product. If the command errors out, contact Oracle Support and work to validate and verify the inventory setup before proceeding. 5. Confirm the executables appear in your system PATH: The patching process will use the unzip and the OPatch executables. After setting the ORACLE_HOME environment, confirm if the following executables exist, before proceeding to the next step: - opatch - unzip If either of these executables do not show in the PATH, correct the problem before proceeding. 6. Create a location for storing the unzipped patch: This location will be referred to later in the document as PATCH_TOP. NOTE: On WINDOWS, the preferred location is the drive root directory. For example, "C:\PATCH_TOP" and avoid choosing locations like, "C:\Documents and Settings\username\PATCH_TOP". This is necessary due to the 256 characters limitation on windows platform. 3 Pre-Installation Instructions ------------------------------- 1. Set the ORACLE_HOME environment variable to the directory where you have installed ORACLE WEBLOGIC SERVER. 4 Installation Instructions --------------------------- 1. Unzip the patch zip file into the PATCH_TOP. $ unzip -d PATCH_TOP p29204657_121300_Generic.zip NOTE: On WINDOWS, the unzip command has a limitation of 256 characters in the path name. If you encounter this, please use an alternate ZIP utility like 7-Zip to unzip the patch. For example: To unzip using 7-zip, run the command: "c:\Program Files\7-Zip\7z.exe" x p29204657_121300_Generic.zip 2. Set your current directory to the directory where the patch is located. $ cd PATCH_TOP/29204657 3. Run OPatch to apply the patch. $ opatch apply Note: ----- When OPatch starts, it validates the patch and makes sure that there are no conflicts with the software already installed in the ORACLE_HOME. In case of opatch conflict, you will see a warning message similar to the one mentioned below: Interim Patch XXXX has Conflict with patch(es) [ YYYY ] in OH ... Conflict patches: YYYY Patch(es) YYYY conflict with the patch currently being installed (XXXX). If you continue, patch(es) YYYY will be rolled back and the new patch (XXXX) will be installed. If a merge of the new patch (XXXX) and the conflicting patch(es) ( YYYY) is required,contact Oracle Support Services and request a Merged patch. Do you want to proceed? [y|n] n You must stop the patch installation and contact oracle support on how to proceed. 5 Post-Installation Instructions --------------------------------- Start all servers (AdminServer and all Managed server(s)). 6 Deinstallation Instructions ------------------------------ If you experience any problems after installing this patch, remove the patch as follows: 1. Make sure to follow the same Prerequisites or pre-install steps (if any) when deinstalling a patch. This includes setting up any environment variables like ORACLE_HOME and verifying the OUI inventory before deinstalling. 2. Change to the directory where the patch was unzipped. $ cd PATCH_TOP/29204657 3. Run OPatch to deinstall the patch. $ opatch rollback -id 29204657 7 Post Deinstallation Instructions ----------------------------------- Restart all servers (AdminServer and all Managed server(s)). This is necessary to redeploy the original applications and bring the environment back to it's original state. 8 Bugs Fixed by This Patch -------------------------- WLS Patch Set Update 12.1.3.0.190416 28891448: CVE-2019-2618 29140549: Fix for Bug 29140549 29140551: CVE-2019-2649 29140555: Fix for Bug 29140555 29140516: Fix for Bug 29140516 29140508: CVE-2019-2645 26791760: CVE-2019-2568 28874066: CVE-2019-2615 28998139: CVE-2016-1000031 29140540: CVE-2019-2647 WLS Patch Set Update 12.1.3.0.190115 26624375: NODEMANAGER MEMORY LEAK ON SSL HANDSHAKE FAILURES 28626991: CVE-2019-2452 28110087: CVE-2019-2418 28313163: HTTP SESSION OBJECTS DOESN'T ADHER SESSION TIMEOUT WHEN CLIENT TERMINATES REQUES 26353793: CVE-2019-2398 28594324: PERF PROD HUGE TIME SPENT IN WEBLOGIC.SECURITY.ACL.INTERNAL.AUTHENTICATEDSUBJECT WLS Patch Set Update 12.1.3.0.181016 28043040: CVE-2018-3197 28140800: BYPASS VERSION STRING CHECKS WHEN NON-ORACLE JDK IS USED. 20020455: CVE-2018-2902 28375702: CVE-2018-3246 17905354: Fix for Bug 17905354 28375173: CVE-2018-3245 27988175: CVE-2018-3191 28481582: FIX FOR BUG 22690676 28409586: CVE-2018-3252 WLS Patch Set Update 12.1.3.0.180717 27417245: CVE-2018-2894 27948303: CVE-2018-2893 27234961: IMPROVE PERFORMANCE IN BEAN CREATION TO REDUCE STUCK THREADS WHEN DATABASE IS SLOW OR DOWN 27416586: FIXED A WLST PERFORMANCE ISSUE IN ASSIGNING JMS RESOURCES TO CLUSTER AFTER APPLYING THE 171017 PSU 27819370: CVE-2018-2987 27934864: CVE-2018-2998 27445260: CVE-2018-2935 18412312: FIXED NODEMANAGER TO RESTART MANAGED SERVER THAT IS SHUT DOWN DUE TO OVERLOAD PROTECTION 25993295: CVE-2013-1768 27947832: FIXED AN ISSUE WHERE JAVAX.XML.XMLCONSTANTS.FEATURE_SECURE_PROCESSING WASN'T BEING PROPERLY PROPAGATED IN WSDLREADER. WLS Patch Set Update 12.1.3.0.180417 26439373: CVE-2017-5645 26806438: F