Vulnerabilities > CVE-2016-4463 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
apache
debian
CWE-119
nessus

Summary

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CB09A7AA534411E6A7BD14DAE9D210B8.NASL
    descriptionApache reports : The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
    last seen2020-06-01
    modified2020-06-02
    plugin id92575
    published2016-07-27
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92575
    titleFreeBSD : xercesi-c3 -- multiple vulnerabilities (cb09a7aa-5344-11e6-a7bd-14dae9d210b8)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3335.NASL
    descriptionFrom Red Hat Security Advisory 2018:3335 : An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118784
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118784
    titleOracle Linux 7 : xerces-c (ELSA-2018-3335)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-84373C5F4F.NASL
    descriptionUpdate to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92262
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92262
    titleFedora 22 : xerces-c (2016-84373c5f4f)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1422.NASL
    descriptionAccording to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119911
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119911
    titleEulerOS 2.0 SP2 : xerces-c (EulerOS-SA-2018-1422)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3506.NASL
    descriptionAn update for xerces-c is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118791
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118791
    titleRHEL 7 : xerces-c (RHSA-2018:3506)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2199.NASL
    descriptionAccording to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.(CVE-2016-4463) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130661
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130661
    titleEulerOS 2.0 SP5 : xerces-c (EulerOS-SA-2019-2199)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0072_XERCES-C.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected by a vulnerability: - A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data. (CVE-2016-4463) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127277
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127277
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2019-0072)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL70191975.NASL
    descriptionStack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.(CVE-2016-4463)
    last seen2020-06-01
    modified2020-06-02
    plugin id93550
    published2016-09-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93550
    titleF5 Networks BIG-IP : Apache Xerces vulnerability (K70191975)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_XERCES_C_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463)
    last seen2020-03-18
    modified2018-11-27
    plugin id119203
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119203
    titleScientific Linux Security Update : xerces-c on SL7.x x86_64 (20181030)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1046.NASL
    descriptionxerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208). - CVE-2016-4463: Apache Xerces-C XML Parser crashed on malformed DTD (bnc#985860). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-09-06
    plugin id93336
    published2016-09-06
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93336
    titleopenSUSE Security Update : xerces-c (openSUSE-2016-1046)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1395.NASL
    descriptionAccording to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-15
    modified2018-12-10
    plugin id119523
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119523
    titleEulerOS 2.0 SP3 : xerces-c (EulerOS-SA-2018-1395)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-876.NASL
    descriptionThis update for xerces-c fixes the following issues : - CVE-2016-4463 Apache Xerces-C XML Parser Crashes on Malformed DT (boo#985860) - CVE-2016-2099 Exception handling mistake causing use after free (boo#979208)
    last seen2020-06-05
    modified2016-07-18
    plugin id92354
    published2016-07-18
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92354
    titleopenSUSE Security Update : xerces-c (openSUSE-2016-876)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3514.NASL
    descriptionAn update for xerces-c is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118793
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118793
    titleRHEL 7 : xerces-c (RHSA-2018:3514)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-535.NASL
    descriptionBrandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library. Additionally this update includes an enhancement to enable applications to fully disable DTD processing through the use of an environment variable (XERCES_DISABLE_DTD). For Debian 7
    last seen2020-03-17
    modified2016-07-01
    plugin id91902
    published2016-07-01
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91902
    titleDebian DLA-535-1 : xerces-c security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-9284772686.NASL
    descriptionUpdate to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92267
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92267
    titleFedora 24 : xerces-c (2016-9284772686)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-87E8468465.NASL
    descriptionMinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92263
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92263
    titleFedora 23 : mingw-xerces-c (2016-87e8468465)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2154-1.NASL
    descriptionxerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208). - CVE-2016-4463: Apache Xerces-C XML Parser crashed on malformed DTD (bnc#985860). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93308
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93308
    titleSUSE SLED12 / SLES12 Security Update : xerces-c (SUSE-SU-2016:2154-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3335.NASL
    descriptionAn update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id119005
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119005
    titleCentOS 7 : xerces-c (CESA-2018:3335)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-D2D6890690.NASL
    descriptionUpdate to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92291
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92291
    titleFedora 23 : xerces-c (2016-d2d6890690)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-7615FEBBD6.NASL
    descriptionMinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92257
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92257
    titleFedora 22 : mingw-xerces-c (2016-7615febbd6)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-0A061F6DD9.NASL
    descriptionMinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92226
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92226
    titleFedora 24 : mingw-xerces-c (2016-0a061f6dd9)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3610.NASL
    descriptionBrandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library. Additionally this update includes an enhancement to enable applications to fully disable DTD processing through the use of an environment variable (XERCES_DISABLE_DTD).
    last seen2020-06-01
    modified2020-06-02
    plugin id91892
    published2016-06-30
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91892
    titleDebian DSA-3610-1 : xerces-c - security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1124.NASL
    descriptionA stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data.(CVE-2016-4463)
    last seen2020-05-15
    modified2018-12-10
    plugin id119507
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119507
    titleAmazon Linux 2 : xerces-c (ALAS-2018-1124)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3335.NASL
    descriptionAn update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118542
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118542
    titleRHEL 7 : xerces-c (RHSA-2018:3335)

Redhat

advisories
  • bugzilla
    id1348845
    titleCVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentxerces-c is earlier than 0:3.1.1-9.el7
            ovaloval:com.redhat.rhsa:tst:20183335001
          • commentxerces-c is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193006
        • AND
          • commentxerces-c-doc is earlier than 0:3.1.1-9.el7
            ovaloval:com.redhat.rhsa:tst:20183335003
          • commentxerces-c-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193004
        • AND
          • commentxerces-c-devel is earlier than 0:3.1.1-9.el7
            ovaloval:com.redhat.rhsa:tst:20183335005
          • commentxerces-c-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193002
    rhsa
    idRHSA-2018:3335
    released2018-10-30
    severityModerate
    titleRHSA-2018:3335: xerces-c security update (Moderate)
  • rhsa
    idRHSA-2018:3506
  • rhsa
    idRHSA-2018:3514
rpms
  • xerces-c-0:3.1.1-9.el7
  • xerces-c-debuginfo-0:3.1.1-9.el7
  • xerces-c-devel-0:3.1.1-9.el7
  • xerces-c-doc-0:3.1.1-9.el7
  • xerces-c-0:3.1.1-8.el7_5.1
  • xerces-c-debuginfo-0:3.1.1-8.el7_5.1
  • xerces-c-devel-0:3.1.1-8.el7_5.1
  • xerces-c-doc-0:3.1.1-8.el7_5.1
  • xerces-c-0:3.1.1-8.el7_4.1
  • xerces-c-debuginfo-0:3.1.1-8.el7_4.1
  • xerces-c-devel-0:3.1.1-8.el7_4.1
  • xerces-c-doc-0:3.1.1-8.el7_4.1

References