Huawei EulerOS: Security Advisory for file (EulerOS-SA-2019-1424)

The remote host is missing an update for the Huawei EulerOS 'file' package(s) announced via the EulerOS-SA-2019-1424 advisory.

A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2013-7345) A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3479) An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.(CVE-2014-9652) A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0207) A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3480) It was found that the fix for CVE-2012-1571 was incomplete, the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3587) A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash.(CVE-2014-3478) Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2014-3538) A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3487) A denial of service flaw was found in the way the File Information (fileinfo) extension handled search r ... Description truncated. Please see the references for more information.

'file' package(s) on Huawei EulerOS Virtualization 3.0.1.0.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).