Oracle Solaris Third-Party Patch Update : librsvg (cve_2011_3146_denial_of)
Medium Nessus Plugin ID 80676
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with 'fe,' which is misidentified as a RsvgFilterPrimitive.
SolutionUpgrade to Solaris 11/11 SRU 8.5.