Wine 4.0 Released

Wine allows you to launch Windows apps on Linux and other Ubuntu-like OS
24 January 2019   587

After a year of development and 28 experimental versions, a stable release of an open Win32 API implementation — Wine 4.0 — was introduced, which incorporated more than 6,000 changes. Among the key achievements of the new version, we can note support for graphics API Direct3D 12 and Vulkan, the inclusion of the default Direct3D command processing flow by default, customizable interface with DPI, the support of game controllers, the implementation of correct operation on screens with high pixel density (High-DPI ) for the Android platform, Windows Media Player interface, support for running scheduled tasks, stopping native support for DOS executable files.

In Wine, the full-fledged work of 4737 programs for Windows is confirmed, another 4045 programs work fine with advanced settings and external DLLs. 3489 programs have some minor problems in their work, which do not interfere with the use of the basic functions of the applications.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   1234

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.