xwine -- several vulnerabilities

2008-03-20T00:00:00
ID DSA-1526
Type debian
Reporter Debian
Modified 2008-03-20T00:00:00

Description

Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities in xwine, a graphical user interface for the WINE emulator.

The Common Vulnerabilities and Exposures project identifies the following problems:

The xwine command makes unsafe use of local temporary files when printing. This could allow the removal of arbitrary files belonging to users who invoke the program.

The xwine command changes the permissions of the global WINE configuration file such that it is world-writable. This could allow local users to edit it such that arbitrary commands could be executed whenever any local user executed a program under WINE.

For the stable distribution (etch), these problems have been fixed in version 1.0.1-1etch1.

We recommend that you upgrade your xwine package.