Critical Patch Update for Oracle Fusion Middleware - CPU July 2013

The latest Critical Patch Update (CPU) has been released for Oracle products. Start your reading here

Critical Patch Updates, Security Alerts and Third Party Bulletin 

This is the home page containing links to all "Critical Patch Updates" released to date, along with sections detailing 

  • Security Alerts 
  • Third Party Bulletin
  • Public Vulnerabilities Fixed
  • Policies
  • Reporting Security Vulnerabilities

On this page you will find the link to the

Oracle Critical Patch Update Advisory - July 2013

The advisory lists the support documents that cover the patch availability for all Oracle products.

For Oracle Fusion Middleware, go to:

Patch Set Update and Critical Patch Update July 2013 Availability Document [ID 1548709.1]

Highlights - WebLogic Server Patch Set Updates (PSU)

  • WebLogic Server -
  • WebLogic Server -

July 2013 marks the end of CPU/PSU patches for Weblogic Server 10.3.5. Looking forward, we will see the final CPU patches for Weblogic Server and in October 2013

If you are hit any unexpected errors when applying the CPU patches, check out the known issues documented in these two support documents.

  • Critical Patch Update July 2013 Oracle Fusion Middleware Known Issues  [ID 1548690.1]
  • Critical Patch Update July 2013 Database Known Issues [ID 1546428.1]

And lastly, for an informal summary of what the Critical Patch Update fixes, check out the blog posts by "Oracle Software Security Assurance" team

July 2013 Critical Patch Update Released


I have been searching your site for over 3 hours trying to find where to download CPU-JUL-2013 with no luck, every time i seem to find what I am looking for I get sent to an "Add Support Identifiers" page. Please forward me a link to download patches.

Posted by guest on September 25, 2013 at 02:49 PM CDT #


As you have probably discovered the links to the Fusion Middleware CPU patches are to be found in My Oracle Support Knowledge Article:

Patch Set Update and Critical Patch Update July 2013 Availability Document [ID 1548709.1]

For example, if you looking for the latest WebLogic Server 10.3.x CPU, you will find the link in

"Table 128 Patch Set Update Availability for Oracle WebLogic Server"

PSU Patch 16619891

From your comment, it sounds like you have clicked on a Patch link such as the one above but either

- You are having a problem logging into My Oracle Support

or (more likely)

- You have logged in successfully, but there is some issue with your CSI which is preventing access to the patch

If I am on the right lines, contact Support Sales. They will be happy to help you. The Support Sales telephone numbers for each country / region can be found on this web page

Posted by Dan on September 26, 2013 at 03:57 AM CDT #

Hi Dan, my organization has Support Identifiers and DBAs with the ability to download patches. I need to find which patch will solve the IAVA hits on a workstation. The Oracle database Version is and the alert says CPU-JUL-2013 & older. Looking at the advisory page, it says the Oracle Fusion Middleware document number is 1548709.1, so my question is that the correct place to find the downloadable patch? Please let me know. I have to ask the DBA to download the patch. Thank you, Mike J.

Posted by guest on October 30, 2013 at 02:23 PM CDT #

Hi Mike

The general answer to your question is that links to the Critical Patch Update patches are to be found in the My Oracle Support knowledge articles - the links to which are found on the Oracle Critical Patch Advisory Web Page. The latest advisory page being this one

For info, the Critical Patch Update for October 2013 was released approximately two weeks ago. I have just published a short blog to highlight the Fusion Middleware documents which pertain to it.

I am not familiar with IAVA .. not sure if this a typo - IAVA = JAVA - or an acronym for something else. Which alert are you referring to? Can you provide the support document id or link?

Regards Dan

Posted by guest on October 31, 2013 at 03:55 AM CDT #

IAVA = Information Assurance Vulnerability Alert

The documentation of the CPU-JUL-2013 says:
"3.3.1 Preinstallation Instructions
1. Ensure that your Oracle Database installation is the same release for which you are applying this patch. In other

words, only apply the Release Bundle patch to an Oracle Database Release"

The workstation that I need to patch has database version, so I need to know which Release applies to that version. I thought the latest Release would work, but it's for a newer version. Because of a project they are working on, they don't want to upgrade now.

Can you tell me which CPU handles I have been looking but so far have not found it.

Thank you!

Posted by guest on November 06, 2013 at 09:24 AM CST #

Hi Mike

Thanks for the clarification regards IAVA. Apologies for my ignorance.

Regards CPUJUL2013 for Oracle Database


On this page, clicking on the link "Database" in the row labelled "Oracle Database 11g Release 1, version" will take you to the My Oracle Support knowledge article:

Patch Set Update and Critical Patch Update July 2013 Availability Document (Doc ID 1548709.1)

Scan down to

Table 15 Patch Availability for Oracle Database

and will find the relevant patches for this database version. I am struggling to find where "3.3.1 Preinstall Instructions", you quote above, come from. The wording suggests it comes from a 11.2 specific patch README. If I am right, then yes, you are looking at the wrong patch. Database 11.1 and 11.2 are two different major release versions.

Oracle Database 11.1.0.x = Oracle Database 11g Release 1
Oracle Database 11.2.0.x = Oracle Database 11g Release 2

You cannot apply 11.2 patch set updates to a 11.1 database.

Finally, not sure what the context is. Bear in mind this is a Fusion Middleware blog. If you require more assistance / advice regards applying a patch to the Oracle Database, I advise

a) Log a discussion thread via this support community


b) Log a Service Request via My Oracle Support picking "Oracle Database" as the product to ensure the Service Request is routed directly to the right team.

Posted by guest on November 06, 2013 at 10:51 AM CST #

what is the version of TLS that can be used for
Weblogic 12C+Oracle HTTP server 11.1.0 in order to overcome vulnerability?

Posted by guest on April 30, 2015 at 04:27 AM CDT #

I have problem in calling a report on when-button-press trigger, if report has a parameter and parameter return varchar values like "LHR/Admin & Suppport/1516" then report does not open and a empty page appears, while if the varchar value is without '&' like LHR/Aadmin Support/1516 then report open. I am using wls 10.3.5 and forms and report, if any idea then kindly share.

Posted by shahzad on October 08, 2015 at 04:23 AM CDT #

Post a Comment:
  • HTML Syntax: NOT allowed

This is the blog of the Oracle Fusion Middleware Support Team. Here we will provide information about new patches, articles, product releases and features, as well as FAQs from Support

Follow OracleMWSupport on Twitter


« November 2015