Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3514 - Security Advisory
Issued:
2018-11-06
Updated:
2018-11-06

RHSA-2018:3514 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: xerces-c security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xerces-c is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents.

Security Fix(es):

  • xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.4 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4 x86_64

Fixes

  • BZ - 1348845 - CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD

CVEs

  • CVE-2016-4463

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
x86_64
xerces-c-3.1.1-8.el7_4.1.i686.rpm SHA-256: 2dd6f4d2d1b865b35df75ec8cde097c1f88145da965b3b2724bd667aad701a0f
xerces-c-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 1f46aaa7e5403631ce633072b9277c8cdb1cdbc865239666df121c9bf41f6a0e
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-devel-3.1.1-8.el7_4.1.i686.rpm SHA-256: cc61063a0e5fdd6c7778aa511bae2a5a11dce12b9f929b64df257c625b66dcbc
xerces-c-devel-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 2e6526a01bbaa9c32e0976ef748221763bebcdc51daa13aed927524fdb8ad371
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
x86_64
xerces-c-3.1.1-8.el7_4.1.i686.rpm SHA-256: 2dd6f4d2d1b865b35df75ec8cde097c1f88145da965b3b2724bd667aad701a0f
xerces-c-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 1f46aaa7e5403631ce633072b9277c8cdb1cdbc865239666df121c9bf41f6a0e
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-devel-3.1.1-8.el7_4.1.i686.rpm SHA-256: cc61063a0e5fdd6c7778aa511bae2a5a11dce12b9f929b64df257c625b66dcbc
xerces-c-devel-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 2e6526a01bbaa9c32e0976ef748221763bebcdc51daa13aed927524fdb8ad371
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
s390x
xerces-c-3.1.1-8.el7_4.1.s390.rpm SHA-256: 53642217d1a48952dcd42997ecd2e45789a5d0a802c72922996359867ea63e9c
xerces-c-3.1.1-8.el7_4.1.s390x.rpm SHA-256: 97e49cf28d6a63a2bcab54472b1d9047758d8494e47260029032de4198e52a27
xerces-c-debuginfo-3.1.1-8.el7_4.1.s390.rpm SHA-256: b9694a072994b2780542f88f18cbd090c510d42184573f3b8493db069fcbc9ce
xerces-c-debuginfo-3.1.1-8.el7_4.1.s390.rpm SHA-256: b9694a072994b2780542f88f18cbd090c510d42184573f3b8493db069fcbc9ce
xerces-c-debuginfo-3.1.1-8.el7_4.1.s390x.rpm SHA-256: ea24475a226e6d1fb87a53011a6ec815125755a1de56f7d483a361b6bc02ba23
xerces-c-debuginfo-3.1.1-8.el7_4.1.s390x.rpm SHA-256: ea24475a226e6d1fb87a53011a6ec815125755a1de56f7d483a361b6bc02ba23
xerces-c-devel-3.1.1-8.el7_4.1.s390.rpm SHA-256: c92e42df0bc10889fa4e0978057e49ba26e38e0e975b33f810f23c6a56063d30
xerces-c-devel-3.1.1-8.el7_4.1.s390x.rpm SHA-256: 3db44ed149e5ed75c8c50a71275282eafe85770397ede8ba549aa2eaca22ca03
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
ppc64
xerces-c-3.1.1-8.el7_4.1.ppc.rpm SHA-256: 81fcced3d4d2c2ab2203b22ca4659d82c50af14099c89d7d1f734e189092f2a4
xerces-c-3.1.1-8.el7_4.1.ppc64.rpm SHA-256: 678a707a5e6b0adb8103102342cce78aeff042830f6dbb79b14e95419d738faa
xerces-c-debuginfo-3.1.1-8.el7_4.1.ppc.rpm SHA-256: ff3629d6eab5c48bdb77839648da3e092a836e09ed5451a2d1c3ab203ad7c88d
xerces-c-debuginfo-3.1.1-8.el7_4.1.ppc.rpm SHA-256: ff3629d6eab5c48bdb77839648da3e092a836e09ed5451a2d1c3ab203ad7c88d
xerces-c-debuginfo-3.1.1-8.el7_4.1.ppc64.rpm SHA-256: 2db4af55ea24f2ed8e6257973fb3434410ffd75b2f63d61c539d981a056359cf
xerces-c-debuginfo-3.1.1-8.el7_4.1.ppc64.rpm SHA-256: 2db4af55ea24f2ed8e6257973fb3434410ffd75b2f63d61c539d981a056359cf
xerces-c-devel-3.1.1-8.el7_4.1.ppc.rpm SHA-256: 17fe3a7f559a79a2ccd239e7fc137c8a7e70922a12344a5e935a1963a235a734
xerces-c-devel-3.1.1-8.el7_4.1.ppc64.rpm SHA-256: 3ee250a2720f633bafeacae8177729529191801a40b17729094e1bfdfbc63ede
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
ppc64le
xerces-c-3.1.1-8.el7_4.1.ppc64le.rpm SHA-256: f01385cc02a85c850c7672c601b172a2c2344ad301e66b688dd9a8d296a24810
xerces-c-debuginfo-3.1.1-8.el7_4.1.ppc64le.rpm SHA-256: 135247d8e2be217b3f464899f4e7686045de303706b84029689b492172c3928a
xerces-c-debuginfo-3.1.1-8.el7_4.1.ppc64le.rpm SHA-256: 135247d8e2be217b3f464899f4e7686045de303706b84029689b492172c3928a
xerces-c-devel-3.1.1-8.el7_4.1.ppc64le.rpm SHA-256: 17ad76a965b290a096691d47273c9248be7a803f59ca8b188b4725575f579922
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

Red Hat Enterprise Linux Server - TUS 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
x86_64
xerces-c-3.1.1-8.el7_4.1.i686.rpm SHA-256: 2dd6f4d2d1b865b35df75ec8cde097c1f88145da965b3b2724bd667aad701a0f
xerces-c-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 1f46aaa7e5403631ce633072b9277c8cdb1cdbc865239666df121c9bf41f6a0e
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-devel-3.1.1-8.el7_4.1.i686.rpm SHA-256: cc61063a0e5fdd6c7778aa511bae2a5a11dce12b9f929b64df257c625b66dcbc
xerces-c-devel-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 2e6526a01bbaa9c32e0976ef748221763bebcdc51daa13aed927524fdb8ad371
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

Red Hat Enterprise Linux EUS Compute Node 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
x86_64
xerces-c-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 1f46aaa7e5403631ce633072b9277c8cdb1cdbc865239666df121c9bf41f6a0e
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-devel-3.1.1-8.el7_4.1.i686.rpm SHA-256: cc61063a0e5fdd6c7778aa511bae2a5a11dce12b9f929b64df257c625b66dcbc
xerces-c-devel-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 2e6526a01bbaa9c32e0976ef748221763bebcdc51daa13aed927524fdb8ad371
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
ppc64le
xerces-c-3.1.1-8.el7_4.1.ppc64le.rpm SHA-256: f01385cc02a85c850c7672c601b172a2c2344ad301e66b688dd9a8d296a24810
xerces-c-debuginfo-3.1.1-8.el7_4.1.ppc64le.rpm SHA-256: 135247d8e2be217b3f464899f4e7686045de303706b84029689b492172c3928a
xerces-c-debuginfo-3.1.1-8.el7_4.1.ppc64le.rpm SHA-256: 135247d8e2be217b3f464899f4e7686045de303706b84029689b492172c3928a
xerces-c-devel-3.1.1-8.el7_4.1.ppc64le.rpm SHA-256: 17ad76a965b290a096691d47273c9248be7a803f59ca8b188b4725575f579922
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4

SRPM
xerces-c-3.1.1-8.el7_4.1.src.rpm SHA-256: 09b8d026efdf9d943e790fd19edb82be818bb4538bbd91741e7797cb4853dea1
x86_64
xerces-c-3.1.1-8.el7_4.1.i686.rpm SHA-256: 2dd6f4d2d1b865b35df75ec8cde097c1f88145da965b3b2724bd667aad701a0f
xerces-c-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 1f46aaa7e5403631ce633072b9277c8cdb1cdbc865239666df121c9bf41f6a0e
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.i686.rpm SHA-256: 7eb728175cbd9688777976db0bc16bc55b6d6dabcd6915f4e403ec3f3a781f3c
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-debuginfo-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: a6777885d463cad9afa032588a538b786f710021ddefcb1ec3e98ab860ea69fb
xerces-c-devel-3.1.1-8.el7_4.1.i686.rpm SHA-256: cc61063a0e5fdd6c7778aa511bae2a5a11dce12b9f929b64df257c625b66dcbc
xerces-c-devel-3.1.1-8.el7_4.1.x86_64.rpm SHA-256: 2e6526a01bbaa9c32e0976ef748221763bebcdc51daa13aed927524fdb8ad371
xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm SHA-256: c584b714a7ee2f12c562ac1ce93155734cda0af31b12d70c025940ca4a399a2e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility