Login-Name Passwort


Sicherheit: Ausführen beliebiger Kommandos in libffi
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in libffi
ID: FEDORA-2017-3fcc0d9152
Distribution: Fedora
Plattformen: Fedora 26
Datum: Do, 22. Juni 2017, 23:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000376


Fedora Update Notification
2017-06-22 13:34:50.950218

Name : libffi
Product : Fedora 26
Version : 3.1
Release : 11.fc26
URL : http://sourceware.org/libffi
Summary : A portable foreign function interface library
Description :
Compilers for high level languages generate code that follow certain
conventions. These conventions are necessary, in part, for separate
compilation to work. One such convention is the "calling convention".
The calling convention is a set of assumptions made by the compiler
about where function arguments will be found on entry to a function. A
calling convention also specifies where the return value for a function
is found.

Some programs may not know at the time of compilation what arguments
are to be passed to a function. For instance, an interpreter may be
told at run-time about the number and types of arguments used to call a
given function. `Libffi' can be used in such programs to provide a
bridge from the interpreter program to compiled code.

The `libffi' library provides a portable, high level programming
interface to various calling conventions. This allows a programmer to
call any function specified by a call interface description at run time.

FFI stands for Foreign Function Interface. A foreign function
interface is the popular name for the interface that allows code
written in one language to call code written in another language. The
`libffi' library really only provides the lowest, machine dependent
layer of a fully featured foreign function interface. A layer must
exist above `libffi' that handles type conversions for values passed
between the two languages.

Update Information:

Disable executable stack for aarch64 builds.

[ 1 ] Bug #1462832 - CVE-2017-1000376 libffi: Requests an executable stack

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade libffi' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten