Oracle Solaris Third-Party Patch Update : gtk (cve_2012_2370_denial_of)
Medium Nessus Plugin ID 80635
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. (CVE-2012-2370)
SolutionUpgrade to Solaris 11/11 SRU 10.5.