CVE-2017-1000376

NameCVE-2017-1000376
Descriptionlibffi requests an executable stack allowing attackers to more easily ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-997-1, DSA-3889-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libffi (PTS)bullseye3.3-6fixed
bookworm3.4.4-1fixed
trixie3.4.8-2fixed
forky, sid3.5.2-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libffisourcewheezy3.0.10-3+deb7u1DLA-997-1
libffisourcejessie3.1-2+deb8u1DSA-3889-1
libffisource(unstable)3.2.1-4

Notes

https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d
and additionally cf. #751907 for the configure flag.
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Search for package or bug name: Reporting problems