Oracle Solaris Third-Party Patch Update : libproxy (multiple_buffer_errors_vulnerability_in1)
Critical Nessus Plugin ID 80675
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. (CVE-2012-4504)
- Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504. (CVE-2012-4505)
SolutionUpgrade to Solaris 18.104.22.168.0.