Source: hhvm Version: 3.12.1+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole
Hi, the following vulnerabilities were published for hhvm. The respective upstream commits can be found in the security-tracker references. CVE-2014-9709[0]: | The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used | in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers | to cause a denial of service (buffer over-read and application crash) | via a crafted GIF image that is improperly handled by the | gdImageCreateFromGif function. CVE-2015-8865[1]: | The file_check_mem function in funcs.c in file before 5.23, as used in | the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and | 7.x before 7.0.5, mishandles continuation-level jumps, which allows | context-dependent attackers to cause a denial of service (buffer | overflow and application crash) or possibly execute arbitrary code via | a crafted magic file. CVE-2016-1903[2]: | The gdImageRotateInterpolated function in | ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before | 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain | sensitive information or cause a denial of service (out-of-bounds read | and application crash) via a large bgd_color argument to the | imagerotate function. CVE-2016-4070[3]: | ** DISPUTED ** Integer overflow in the php_raw_url_encode function in | ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x | before 7.0.5 allows remote attackers to cause a denial of service | (application crash) via a long string to the rawurlencode function. | NOTE: the vendor says "Not sure if this qualifies as security issue | (probably not)." CVE-2016-4539[4]: | The xml_parse_into_struct function in ext/xml/xml.c in PHP before | 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote | attackers to cause a denial of service (buffer under-read and | segmentation fault) or possibly have unspecified other impact via | crafted XML data in the second argument, leading to a parser level of | zero. CVE-2016-6870[5]: incorrect use of strndup CVE-2016-6871[6]: Fix buffer overrun due to integer overflow in bcmath CVE-2016-6872[7]: Fix integer overflow in StringUtil::implode CVE-2016-6873[8]: Fix self recursion in compact CVE-2016-6874[9]: Fix recursion checks in array_*_recursive CVE-2016-6875[10]: Fix infinite recursion in wddx If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-9709 [1] https://security-tracker.debian.org/tracker/CVE-2015-8865 [2] https://security-tracker.debian.org/tracker/CVE-2016-1903 [3] https://security-tracker.debian.org/tracker/CVE-2016-4070 [4] https://security-tracker.debian.org/tracker/CVE-2016-4539 [5] https://security-tracker.debian.org/tracker/CVE-2016-6870 [6] https://security-tracker.debian.org/tracker/CVE-2016-6871 [7] https://security-tracker.debian.org/tracker/CVE-2016-6872 [8] https://security-tracker.debian.org/tracker/CVE-2016-6873 [9] https://security-tracker.debian.org/tracker/CVE-2016-6874 [10] https://security-tracker.debian.org/tracker/CVE-2016-6875 Regards, Salvatore
