| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Aug 2005 17:51:13 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-172-1] lm-sensors vulnerability
===========================================================
Ubuntu Security Notice USN-172-1 August 23, 2005
lm-sensors vulnerabilities
https://bugzilla.ubuntu.com/show_bug.cgi?id=13887
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
lm-sensors
The problem can be corrected by upgrading the affected package to
version 2.8.8-7ubuntu2.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Javier Fernández-Sanguino Peña noticed that the pwmconfig script
created temporary files in an insecure manner. This could allow
a symlink attack to create or overwrite arbitrary files with full
root privileges since pwmconfig is usually executed by root.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1.diff.gz
Size/MD5: 28002 78649f71071530897671aec9d90530bc
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1.dsc
Size/MD5: 659 2e17dd3a420f2be9fee42ba8932acc93
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8.orig.tar.gz
Size/MD5: 820983 95cdb083b4d16e2419a2c78b35f608d0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_amd64.deb
Size/MD5: 94266 927658de6c8c8dfd592bbd6ea4a2ebf6
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_amd64.deb
Size/MD5: 81466 e216f3ac2e5b40dcf3c80a0dedfdddaa
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_amd64.deb
Size/MD5: 467670 e5593dcddbe395f31966b58dd0ff8d6e
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_amd64.deb
Size/MD5: 54554 f69b44c19c1d6640291a140a172d124b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_i386.deb
Size/MD5: 88018 f1f90add89d25e99cc1c12f62a4652f4
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_i386.deb
Size/MD5: 73074 551f33f59451ab244e972bf5cd77b200
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_i386.deb
Size/MD5: 464566 3175fceb85c4f8500d325b551e600e6c
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_i386.deb
Size/MD5: 52492 067285384debd4bfcd5ca87083d51e3d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_powerpc.deb
Size/MD5: 100452 cd698db9856bfe43c20e4b359372a592
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_powerpc.deb
Size/MD5: 79554 899763c092e6497a64437aba12cc07f0
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_powerpc.deb
Size/MD5: 468262 bb280b3c35f59386bad25e332a91c969
http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_powerpc.deb
Size/MD5: 55752 d1c2efe66350314ed725713885d23e95
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists