Oracle Solaris Third-Party Patch Update : lcms (cve_2013_4276_buffer_errors)
Medium Nessus Plugin ID 80661
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. (CVE-2013-4276)
SolutionUpgrade to Solaris 11.2.