drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libffi
Name: |
Ausführen beliebiger Kommandos in libffi |
|
ID: |
FEDORA-2017-3fcc0d9152 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 26 |
|
Datum: |
Do, 22. Juni 2017, 23:38 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000376 |
|
Applikationen: |
libffi |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2017-3fcc0d9152 2017-06-22 13:34:50.950218 ------------------------------------------------------------------------------- -
Name : libffi Product : Fedora 26 Version : 3.1 Release : 11.fc26 URL : http://sourceware.org/libffi Summary : A portable foreign function interface library Description : Compilers for high level languages generate code that follow certain conventions. These conventions are necessary, in part, for separate compilation to work. One such convention is the "calling convention". The calling convention is a set of assumptions made by the compiler about where function arguments will be found on entry to a function. A calling convention also specifies where the return value for a function is found.
Some programs may not know at the time of compilation what arguments are to be passed to a function. For instance, an interpreter may be told at run-time about the number and types of arguments used to call a given function. `Libffi' can be used in such programs to provide a bridge from the interpreter program to compiled code.
The `libffi' library provides a portable, high level programming interface to various calling conventions. This allows a programmer to call any function specified by a call interface description at run time.
FFI stands for Foreign Function Interface. A foreign function interface is the popular name for the interface that allows code written in one language to call code written in another language. The `libffi' library really only provides the lowest, machine dependent layer of a fully featured foreign function interface. A layer must exist above `libffi' that handles type conversions for values passed between the two languages.
------------------------------------------------------------------------------- - Update Information:
Disable executable stack for aarch64 builds. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1462832 - CVE-2017-1000376 libffi: Requests an executable stack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1462832 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libffi' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|