It was reported that wine uses /tmp/.wine-$UID as a directory for sockets and lock files. Malicious local user could create /tmp/.wine-$UID for another user's uid, preventing the other user from using wine. Moreover, the server_connect() function doesn't check if /tmp/.wine-$UID or its subdirectories are symlinks, so in some circumstances it might be possible to trick wine to connect to an unrelated socket. Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816034
Created wine tracking bugs for this issue: Affects: fedora-all [bug 1312959] Affects: epel-all [bug 1312960]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.