Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Fedora 26: 2017-06-22 moderate: libffi executable stack

fedora
Calendar Grey June 22, 2017
Dist Fedora Esm H88
Fedora 27 libffi patch enhances security by disabling executable stacks on aarch64 architectures, mitigating essential vulnerabilities.
Disable executable stack for aarch64 builds.

Summary

Compilers for high level languages generate code that follow certain

conventions. These conventions are necessary, in part, for separate

compilation to work. One such convention is the "calling convention".

The calling convention is a set of assumptions made by the compiler

about where function arguments will be found on entry to a function. A

calling convention also specifies where the return value for a function

is found.

Some programs may not know at the time of compilation what arguments

are to be passed to a function. For instance, an interpreter may be

told at run-time about the number and types of arguments used to call a

given function. `Libffi' can be used in such programs to provide a

bridge from the interpreter program to compiled code.

The `libffi' library provides a portable, high level programming

interface to various calling conventions. This allows a programmer to

call any function specified by a call interface description at run time.

FFI stands for Foreign Function Interface. A foreign function

interface is the popular name for the interface that allows code

written in one language to call code written in another language. The

`libffi' library really only provides the lowest, machine dependent

layer of a fully featured foreign function interface. A layer must

exist above `libffi' that handles type conversions for values passed

between the two languages.

Disable executable stack for aarch64 builds.

[ 1 ] Bug #1462832 - CVE-2017-1000376 libffi: Requests an executable stack [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1462832

su -c 'dnf upgrade libffi' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora security fix critical threat libffi executable stack

Change Log

References

Update Instructions

Product: Fedora 26
Version: 3.1
Release: 11.fc26
URL: https://sourceware.org/libffi/
Summary: A portable foreign function interface library

Topics%20covered

Topics Covered

security advisory Fedora security fix critical threat libffi executable stack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here