[USN-3454-1] libffi vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Thu Oct 12 19:11:27 UTC 2017

Ubuntu Security Notice USN-3454-1
October 12, 2017

libffi vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS


A security issue was fixed in libffi.

Software Description:
- libffi: Foreign Function Interface library


It was discovered that libffi incorrectly enforced an executable stack. An
attacker could possibly use this issue, in combination with another
vulnerability, to facilitate executing arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libffi6                         3.1~rc1+r3.0.13-12ubuntu0.2

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20171012/dad05fd4/attachment.sig>

More information about the ubuntu-security-announce mailing list