92 matches found
USN-3454-2: libffi vulnerability
USN-3454-1 fixed a vulnerability in libffi. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, ...
Ubuntu 14.04 LTS : libffi vulnerability (USN-3454-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3454-1 advisory. It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to...
Ubuntu: Security Advisory (USN-3454-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3454-1 libffi vulnerability
It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code...
USN-3454-1: libffi vulnerability
It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code...
SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2017:2526-1)
This update for gcc48 fixes the following issues: Security issues fixed : - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdse...
SUSE-SU-2017:2526-1 Security update for gcc48
This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdsee...
Oracle Linux 6 / 7 : firefox (ELSA-2017-2456)
The remote Oracle Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2017-2456 advisory. 52.3.0-3.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a...
firefox security update
52.3.0-3.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update Todd Vierling orabug 19847484 52.3.0-3 - Fix for rhbz1470294 - bundling newer libffi for ppc platforms 52.3.0-2 - Update to 52.3.0 ESR b2...
Fedora 26 : libffi (2017-3fcc0d9152) (Stack Clash)
Disable executable stack for aarch64 builds. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Updated libffi packages fix security vulnerability
libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, such as t...
MGASA-2017-0201 Updated libffi packages fix security vulnerability
libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, such as t...
[SECURITY] Fedora 26 Update: libffi-3.1-11.fc26
Compilers for high level languages generate code that follow certain conventions. These conventions are necessary, in part, for separate compilation to work. One such convention is the "calling convention". The calling convention is a set of assumptions made by the compiler about where function...
Debian DLA-997-1 : libffi security update (Stack Clash)
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. For Debian 7 'Wheezy', these problems have been fixed in version 3.0.10-3+deb7u1. We recommend that you...
[SECURITY] [DLA 997-1] libffi security update
Package : libffi Version : 3.0.10-3+deb7u1 CVE ID : CVE-2017-1000376 libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. For Debian 7 "Wheezy", these proble...
Libffi Arbitrary Code Execution Vulnerability
libffi is an external function interface library. An arbitrary code execution vulnerability exists in libffi. An attacker can exploit the vulnerability by overwriting the stack and triggering arbitrary code execution...
Arbitrary Code Execution
libffi is vulnerable to arbitrary code execution attacks. These attacks are possible because libffi requests an executable GNUSTACK which makes it easier for a malicious user to execute arbitrary code...
DLA-997-1 libffi - security update
Bulletin has no description...
Debian DSA-3889-1 : libffi - security update (Stack Clash)
libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, like for...
Code injection
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi...