Hangover 0.4.0 to be Available

The release is based on the code base Wine 4.0 and allows to run Windows apps built for x86 and x86_64 architectures in Linux and Android environments
18 February 2019   703

The developers of the Wine project have published the first public release of the Hangover emulator, which allows running 32-bit and 64-bit Windows applications built for x86 and x86_64 architectures in Linux and Android environments based on ARM64 architecture (Aarch64). The release is based on the code base Wine 4.0, which is reflected in the version number of Hangover 0.4.0. The emulation layer is based on the QEMU project.

Unlike Wine, the Hangover project provides significantly higher performance. Acceleration is achieved by transferring the emulation layer to the Win32 / Win64 API level, instead of emulating regular system calls with subsequent emulation of the Win32 / Win64 API based on them.

Currently, the project allows you to run only simple applications and games that use the Win64 and Win32 APIs. For Linux, support for Direct3D has been implemented, which is not yet available for Android due to incomplete support for OpenGL ES in Wine. To ensure the work, a regular installation of Wine is used, supplemented with a number of DLL libraries and layers. In a Linux environment, Windows applications run automatically when qemu is in the Wine directory ("C: \ x86 \ qemu-x86_64.exe.so"). In Android, it is proposed to use the cmd utility to run.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   1233

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.