USN-172-1: lm-sensors vulnerability
Posted on: 08/23/2005 10:00 AM

A new lm-sensors vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-172-1 August 23, 2005
lm-sensors vulnerabilities
https://bugzilla.ubuntu.com/show_bug.cgi?id=13887
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

lm-sensors

The problem can be corrected by upgrading the affected package to
version 2.8.8-7ubuntu2.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Javier Fernández-Sanguino Peña noticed that the pwmconfig script
created temporary files in an insecure manner. This could allow
a symlink attack to create or overwrite arbitrary files with full
root privileges since pwmconfig is usually executed by root.


Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8=
.8-7ubuntu2.1.diff.gz
Size/MD5: 28002 78649f71071530897671aec9d90530bc
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8=
.8-7ubuntu2.1.dsc
Size/MD5: 659 2e17dd3a420f2be9fee42ba8932acc93
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8=
.8.orig.tar.gz
Size/MD5: 820983 95cdb083b4d16e2419a2c78b35f608d0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev=
_2.8.8-7ubuntu2.1_amd64.deb
Size/MD5: 94266 927658de6c8c8dfd592bbd6ea4a2ebf6
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.=
8.8-7ubuntu2.1_amd64.deb
Size/MD5: 81466 e216f3ac2e5b40dcf3c80a0dedfdddaa
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8=
.8-7ubuntu2.1_amd64.deb
Size/MD5: 467670 e5593dcddbe395f31966b58dd0ff8d6e
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-=
7ubuntu2.1_amd64.deb
Size/MD5: 54554 f69b44c19c1d6640291a140a172d124b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev=
_2.8.8-7ubuntu2.1_i386.deb
Size/MD5: 88018 f1f90add89d25e99cc1c12f62a4652f4
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.=
8.8-7ubuntu2.1_i386.deb
Size/MD5: 73074 551f33f59451ab244e972bf5cd77b200
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8=
.8-7ubuntu2.1_i386.deb
Size/MD5: 464566 3175fceb85c4f8500d325b551e600e6c
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-=
7ubuntu2.1_i386.deb
Size/MD5: 52492 067285384debd4bfcd5ca87083d51e3d


powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev=
_2.8.8-7ubuntu2.1_powerpc.deb
Size/MD5: 100452 cd698db9856bfe43c20e4b359372a592
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.=
8.8-7ubuntu2.1_powerpc.deb
Size/MD5: 79554 899763c092e6497a64437aba12cc07f0
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8=
.8-7ubuntu2.1_powerpc.deb
Size/MD5: 468262 bb280b3c35f59386bad25e332a91c969
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-=
7ubuntu2.1_powerpc.deb
Size/MD5: 55752 d1c2efe66350314ed725713885d23e95

--wRRV7LY7NUeQGEoC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDC0XxDecnbV4Fd/IRAoO8AJ9zFYpjq62h3oSHmqq9sOWCRorSvwCgmXp+
x1MpJviVYo9ORMmC2S7crB0=
=kjoQ
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_172_1_lm_sensors_vulnerability.html)