Red Hat Bugzilla – Bug 1312958
wine: Insecure use of temp files with predictable names
Last modified: 2016-03-11 11:56:31 EST
It was reported that wine uses /tmp/.wine-$UID as a directory for sockets and lock files. Malicious local user could create /tmp/.wine-$UID for another user's uid, preventing the other user from using wine. Moreover, the server_connect() function doesn't check if /tmp/.wine-$UID or its subdirectories are symlinks, so in some circumstances it might be possible to trick wine to connect to an unrelated socket.
Debian bug report:
Created wine tracking bugs for this issue:
Affects: fedora-all [bug 1312959]
Affects: epel-all [bug 1312960]