Debians sikkerhedsbulletin

DSA-954-1 wine -- designfejl

Rapporteret den:
25. jan 2006
Berørte pakker:
wine
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Debians fejlsporingssystem: Fejl 346197.
I Mitres CVE-ordbog: CVE-2006-0106.
Yderligere oplysninger:

H D Moore har opdaget at Wine, en frit tilgængelig implementering af Microsoft Windows-API'erne, nedarvede en designfejl fra Windows' GDI API, hvilket kunne medføre udførelse af kode via GDI-escapefunktioner i WMF-filer.

Den gamle stabile distribution (woody) lader ikke til at være påvirket af dette problem.

I den stabile distribution (sarge) er dette problem rettet i version 0.0.20050310-1.2.

I den ustabile distribution (sid) er dette problem rettet i version 0.9.2-1.

Vi anbefaler at du opgraderer dine wine-pakker.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:
http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2.dsc
http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2.diff.gz
http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310.orig.tar.gz
Arkitekturuafhængig komponent:
http://security.debian.org/pool/updates/main/w/wine/wine-doc_0.0.20050310-1.2_all.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/w/wine/libwine_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/libwine-alsa_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/libwine-arts_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/libwine-capi_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/libwine-dev_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/libwine-jack_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/libwine-nas_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/libwine-print_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/libwine-twain_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2_i386.deb
http://security.debian.org/pool/updates/main/w/wine/wine-utils_0.0.20050310-1.2_i386.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.