Oracle Solaris Third-Party Patch Update : icu (multiple_vulnerabilities_in_international_components)
High Nessus Plugin ID 80641
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
- Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.
SolutionUpgrade to Solaris 11/11 SRU 11.4.