From security@mandriva.com Mon Jan 16 18:46:52 2006 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Mon, 16 Jan 2006 16:47:01 -0700 Subject: [Full-disclosure] MDKSA-2006:014 - Updated wine packages fix WMF vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:014 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wine Date : January 16, 2006 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly resulting in the execution of arbitrary code with the privileges of the user runing Wine. The updated packages have been patched to correct these problems. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: d4f3baabbba81f1bad315bc79dad7e9c 2006.0/RPMS/libwine1-20050725-6.1.20060mdk.i586.rpm fc810c3d98a537fce73977c5aa6912ea 2006.0/RPMS/libwine1-capi-20050725-6.1.20060mdk.i586.rpm 5663e266c34853af09f421897bd778c7 2006.0/RPMS/libwine1-devel-20050725-6.1.20060mdk.i586.rpm 27052e10ffe276948b7902d9a72aba9a 2006.0/RPMS/libwine1-twain-20050725-6.1.20060mdk.i586.rpm 02f66be98c0d8bde52bcfeb4e4a4ce2d 2006.0/RPMS/wine-20050725-6.1.20060mdk.i586.rpm 37780f9798d8da0c4de0a996f65b41b9 2006.0/SRPMS/wine-20050725-6.1.20060mdk.src.rpm Corporate 3.0: a22d48d27955a0b5c8cf7c872a5332ea corporate/3.0/RPMS/libwine1-20040213-3.1.C30mdk.i586.rpm b0214de7c0416e65330c2aa07c7de5ad corporate/3.0/RPMS/libwine1-capi-20040213-3.1.C30mdk.i586.rpm d9abcd416d2bb0f3d1b892f3c58d3432 corporate/3.0/RPMS/libwine1-devel-20040213-3.1.C30mdk.i586.rpm 6495fbac8ea70deab3b8401b3d83f12d corporate/3.0/RPMS/libwine1-twain-20040213-3.1.C30mdk.i586.rpm 5659cd4b240da12ed15644da93c81723 corporate/3.0/RPMS/wine-20040213-3.1.C30mdk.i586.rpm c32125932c612311afa5c930af3869ab corporate/3.0/RPMS/wine-utils-20040213-3.1.C30mdk.i586.rpm 4611ae314fd47a15f540e1d15021e79d corporate/3.0/SRPMS/wine-20040213-3.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDzAZmmqjQ0CJFipgRAsTIAKCdC5LN/aFvdUrLN6EkdBJhcodGkgCglH2/ ElJAar9JZJxnyaVn7VJyOKA= =Gsty -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/