oracle 2020年7月第三季度CPU-wls

https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=rlw7n6p1v_740&_afrLoop=350928995063517#mozTocId410847

打补丁吧，骚年 

3.3.47.5 Oracle WebLogic Server 10.3.6
All of the patches listed in the table below should be applied to an Oracle WebLogic Server 10.3.6 installation

Product Home	Patch	Advisory Number	Comments
Oracle WebLogic Server 10.3.6	Oracle Java SE Upgrade to JDK 7 Update 261	Note 2682801.1, Oracle Critical Patch Update CPU) July 2020 for Oracle Java SE Download locations and installation instructions in above document	See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
	WLS PATCH SET UPDATE 10.3.6.0.200714 Patch 31178492 + ADR FOR WEBLOGIC SERVER 10.3.6 JULY CPU 2020 Patch 31241365	CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14622, CVE-2020-2966, CVE-2017-5645, CVE-2020-14572, CVE-2020-14652, CVE-2018-11058, CVE-2020-14645	For CVE-2018-11058, apply ADR Patch. See Note 2421487.1, Restricting Incoming Serialized Java Objects to Oracle WebLogic Server - New with WLS PSUs See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628 See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
	WLS 10.3.6 JDBC Patch 27541896	Released January 2018	Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c
	WLS 10.3.6 SAMPLES PSU 10.3.6.0.190716 Patch 29659185	Released July 2019	This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities
	Coherence 3.7.1.19 Patch 31447246	CVE-2020-14642
	See Note 1936300.1 How to Change SSL Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion Middleware Products (Doc ID 1936300.1)	Released October 2014	SSL V3.0 "Poodle" Advisory

3.3.47.3 Oracle WebLogic Server 12.2.1.3
All of the patches listed in the table below should be applied to an Oracle WebLogic Server 12.2.1.3 installation

Product Home	Patch	Advisory Number	Comments
Oracle WebLogic Server 12.2.1.3	Oracle Java SE Upgrade to JDK 8 Update 251	Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE Download locations and installation instructions in above document	See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products
	OPatch 13.9.4.2.4 Patch 28186730	Released July 2020	Update OPatch 13.9.4.2.4 Patch 28186730 before applying WLS PSU. See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c
	WLS PATCH SET UPDATE 12.2.1.3.200624 Patch 31535411 + ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340	CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14687, CVE-2020-14622, CVE-2020-2966, CVE-2020-14625, CVE-2020-14572, CVE-2020-14652, CVE-2017-5645, CVE-2018-11058, CVE-2020-14645, CVE-2020-14557, CVE-2020-9546, CVE-2020-14644	See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server Refer to Note 2566635.1 for Patch Conflict issue. CVE-2018-3213 Is addressed in Docker Images published after September 13, 2018. Latest docker image at https://container-registry.oracle.com. For CVE-2018-11058, apply ADR Patch. See Note 2421487.1, Restricting Incoming Serialized Java Objects to Oracle WebLogic Server - New with WLS PSUs See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628 See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852
	WEBLOGIC SAMPLES SPU 12.2.1.3.200714 Patch 31384951	CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14639, CVE-2020-14640	This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities.
	Coherence 12.2.1.3.10 Patch 31470751	CVE-2020-14642