Debian Security Advisory
DSA-1526-1 xwine -- several vulnerabilities
- Date Reported:
- 20 Mar 2008
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2008-0930, CVE-2008-0931.
- More information:
Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities in xwine, a graphical user interface for the WINE emulator.
The Common Vulnerabilities and Exposures project identifies the following problems:
The xwine command makes unsafe use of local temporary files when printing. This could allow the removal of arbitrary files belonging to users who invoke the program.
The xwine command changes the permissions of the global WINE configuration file such that it is world-writable. This could allow local users to edit it such that arbitrary commands could be executed whenever any local user executed a program under WINE.
For the stable distribution (etch), these problems have been fixed in version 1.0.1-1etch1.
We recommend that you upgrade your xwine package.
- Fixed in:
Debian GNU/Linux 4.0 (etch)
- HP Precision:
- Intel IA-32:
- Intel IA-64:
- IBM S/390:
- Sun Sparc:
MD5 checksums of the listed files are available in the original advisory.