Posted on by WeiZ

Apply CVE-2019-2729 Security Patch on WebLogic 12.2.1.3.0

Oracle released Security Alert Advisory CVE-2019-2729, a deserialization vulnerability on June 18, 2019, which affects WebLogic 10.3.6, 12.1.3, and 12.2.1.3, and made patches available on its support site.

For WebLogic 12.2.1.3.0, the security patch 29921455 should be applied after April 2019 PSU is applied. 

Apr 2019 PSU 12.2.1.3.190416 (Patch 29016089) 
 + 12.2.1.3.190416 Patch 29921455 for CVE-2019-2729 (select the .190416 version)

However, applying April 2019 PSU returns “conflicts” and “OPatch failed with error code 73”.

Oracle Interim Patch Installer version 13.9.4.0.0
 Copyright (c) 2019, Oracle Corporation.  All rights reserved.
 Oracle Home       : /orabin/Middleware12213
 Central Inventory : /orabin/oraInventory
    from           : /orabin/Middleware12213/oraInst.loc
 OPatch version    : 13.9.4.0.0
 OUI version       : 13.9.3.0.0
 Log file location : /orabin/Middleware12213/cfgtoollogs/opatch/opatch2019-06-21_10-34-28AM_1.log
 OPatch detects the Middleware Home as "/orabin/Middleware12213"
 Verifying environment and performing prerequisite checks…
 Conflicts/Supersets for each patch are:
 Patch : 29016089
...
 Following patches have conflicts: [   29016089 ]
 Use the MOS Patch Conflict Checker "https://support.oracle.com/epmos/faces/PatchConflictCheck" to resolve.
 See MOS documents 1941934.1 and 1299688.1 for additional information and resolution methods.
 UtilSession failed: 
 Log file location: /orabin/Middleware12213/cfgtoollogs/opatch/opatch2019-06-21_10-34-28AM_1.log
 OPatch failed with error code 73

Follow Oracle Doc 2437460.1 to download patch 28186730 and upgrade opatch to 13.9.4.2.0.

-bash-4.2$ opatch version
 OPatch Version: 13.9.4.0.0
 OPatch succeeded.

-bash-4.2$ cd /nfs/patches 
-bash-4.2$ unzip p28186730_139400_Generic.zip 
-bash-4.2$ java -jar 6880880_13.9.4.2.0/opatch_generic.jar -silent oracle_home=${ORACLE_HOME}
...
Feature Sets to Install:
     Next Generation Install Core 13.9.4.0.0
     OPatch 13.9.4.2.0
     OPatch Auto OPlan 13.9.4.2.0
     OPatch Auto FMW 13.9.4.2.0
...

-bash-4.2$ opatch version
 OPatch Version: 13.9.4.2.0
 OPatch succeeded.

Now we can Apply 2019 PSU and the security patch.

# April 2019 CPU 
-bash-4.2$ cd /nfs/patches 
-bash-4.2$ unzip p29016089_122130_Generic.zip 
-bash-4.2$ cd 29016089/ 
-bash-4.2$ opatch apply

# Security Patch for CVE-2019-2729 
-bash-4.2$ cd /nfs/patches
-bash-4.2$ unzip p29921455_12213190416_Generic.zip
-bash-4.2$ cd 29921455/
-bash-4.2$ opatch apply 

# Check patches 
-bash-4.2$ opatch lspatches
29921455;One-off 
29016089;WLS PATCH SET UPDATE 12.2.1.3.190416 
OPatch succeeded.