Fedora Linux 8524 Published by

A new update is available for Fedora Core - [SECURITY] Fedora Core 3 Update: lm_sensors-2.8.7-2.FC3.1. Here the announcement:



Fedora Update Notification
FEDORA-2005-1054
2005-11-07
---------------------------------------------------------------------

Product : Fedora Core 3
Name : lm_sensors
Version : 2.8.7
Release : 2.FC3.1
Summary : Hardware monitoring tools.
Description :
The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. NOTE: this requires special support which
is not in standard 2.2-vintage kernels.

---------------------------------------------------------------------
Update Information:

The lm_sensors package includes a collection of modules for
general SMBus access and hardware monitoring. NOTE: this
package requires special support which is not in standard
2.2-vintage kernels.

A bug was found in the pwmconfig tool which uses temporary
files in an insecure manner. The pwconfig tool writes a
configuration file which may be world readable for a short
period of time. This file contains various information about
the setup of lm_sensors on that machine. It could be
modified within the short window to contain configuration
data that would either render lm_sensors unusable or in the
worst case even hang the machine resulting in a DoS. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2672 to this issue.

Users of lm_sensors are advised to upgrade to these updated
packages, which contain a patch which resolves this issue.
---------------------------------------------------------------------
* Tue Aug 30 2005 Phil Knirsch <pknirsch@redhat.com> 2.8.7-2.FC3.1
- Fixed CAN-2005-2672 lm_sensors pwmconfig insecure temporary file usage
(#166673)
- Fixed missing optflags during build (#166910)


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

405f8f79470ba5e6aa91245e01e704d7 SRPMS/lm_sensors-2.8.7-2.FC3.1.src.rpm
7afe0b73970390b26046b8bd46387ce6 x86_64/lm_sensors-2.8.7-2.FC3.1.x86_64.rpm
9f6395f944e4dee6794902bdcb5251cf x86_64/lm_sensors-devel-2.8.7-2.FC3.1.x86_64.rpm
45e48c4798340b234b1149101ed12448 x86_64/debug/lm_sensors-debuginfo-2.8.7-2.FC3.1.x86_64.rpm
feab077f0e3b4fa446009b25127f7b8a x86_64/lm_sensors-2.8.7-2.FC3.1.i386.rpm
feab077f0e3b4fa446009b25127f7b8a i386/lm_sensors-2.8.7-2.FC3.1.i386.rpm
47529e3eae96b93be934d80b80acbb5d i386/lm_sensors-devel-2.8.7-2.FC3.1.i386.rpm
dc607f6406a43ed2b0223a120c6f4a0c i386/debug/lm_sensors-debuginfo-2.8.7-2.FC3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.