Oracle Solaris Third-Party Patch Update : libxml2 (cve_2013_1969_resource_management)
High Nessus Plugin ID 80691
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. (CVE-2013-1969)
SolutionUpgrade to Solaris 11.2.