Updated libffi packages fix security vulnerability
Publication date: 07 Jul 2017Type: security
Affected Mageia releases : 5
CVE: CVE-2017-1000376
Description
libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, such as the "stack clash" class of vulnerabilities discovered by Qualys Research Labs.
References
SRPMS
5/core
- libffi-3.1-4.1.mga5