MDKSA-2006:014 - Updated wine packages fix WMF vulnerability
Posted on: 01/17/2006 02:12 AM

The Mandriva Security Team published a new security update: MDKSA-2006:014 - Updated wine packages fix WMF vulnerability for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:014
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wine
Date : January 16, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered by H D Moore in Wine which implements
the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
This could be abused by an attacker who is able to entice a user to
open a specially crafted WMF file from within a Wine-execute Windows
application, possibly resulting in the execution of arbitrary code
with the privileges of the user runing Wine.

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
d4f3baabbba81f1bad315bc79dad7e9c 2006.0/RPMS/libwine1-20050725-6.1.20060mdk.i586.rpm
fc810c3d98a537fce73977c5aa6912ea 2006.0/RPMS/libwine1-capi-20050725-6.1.20060mdk.i586.rpm
5663e266c34853af09f421897bd778c7 2006.0/RPMS/libwine1-devel-20050725-6.1.20060mdk.i586.rpm
27052e10ffe276948b7902d9a72aba9a 2006.0/RPMS/libwine1-twain-20050725-6.1.20060mdk.i586.rpm
02f66be98c0d8bde52bcfeb4e4a4ce2d 2006.0/RPMS/wine-20050725-6.1.20060mdk.i586.rpm
37780f9798d8da0c4de0a996f65b41b9 2006.0/SRPMS/wine-20050725-6.1.20060mdk.src.rpm

Corporate 3.0:
a22d48d27955a0b5c8cf7c872a5332ea corporate/3.0/RPMS/libwine1-20040213-3.1.C30mdk.i586.rpm
b0214de7c0416e65330c2aa07c7de5ad corporate/3.0/RPMS/libwine1-capi-20040213-3.1.C30mdk.i586.rpm
d9abcd416d2bb0f3d1b892f3c58d3432 corporate/3.0/RPMS/libwine1-devel-20040213-3.1.C30mdk.i586.rpm
6495fbac8ea70deab3b8401b3d83f12d corporate/3.0/RPMS/libwine1-twain-20040213-3.1.C30mdk.i586.rpm
5659cd4b240da12ed15644da93c81723 corporate/3.0/RPMS/wine-20040213-3.1.C30mdk.i586.rpm
c32125932c612311afa5c930af3869ab corporate/3.0/RPMS/wine-utils-20040213-3.1.C30mdk.i586.rpm
4611ae314fd47a15f540e1d15021e79d corporate/3.0/SRPMS/wine-20040213-3.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDzAZmmqjQ0CJFipgRAsTIAKCdC5LN/aFvdUrLN6EkdBJhcodGkgCglH2/
ElJAar9JZJxnyaVn7VJyOKA=
=Gsty
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2006014__updated_wine_packages_fix_wmf_vulnerability.html)