Debian: DSA-3889-1: libffi security update

Date 19 Jun 2017

Category Debian Linux Distribution - Security Advisories

125

Posted By LinuxSecurity Advisories

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3889-1 This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/ Yves-Alexis Perez
June 19, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libffi
CVE ID : CVE-2017-1000376
Debian Bug : 751907

libffi, a library used to call code written in one language from code written
in a different language, was enforcing an executable stack on the i386
architecture. While this might not be considered a vulnerability by itself,
this could be leveraged when exploiting other vulnerabilities, like for example
the "stack clash" class of vulnerabilities discovered by Qualys Research Labs.
For the full details, please refer to their advisory published at:
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

For the oldstable distribution (jessie), this problem has been fixed
in version 3.1-2+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 3.2.1-4.

For the testing distribution (buster), this problem has been fixed
in version 3.2.1-4.

For the unstable distribution (sid), this problem has been fixed in
version 3.2.1-4.

We recommend that you upgrade your libffi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.