[Full-disclosure] [USN-172-1] lm-sensors vulnerability

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 08/23/05

  • Next message: Martin Pitt: "[Full-disclosure] [USN-173-1] PCRE vulnerability"
    Date: Tue, 23 Aug 2005 17:51:13 +0200
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-172-1 August 23, 2005
    lm-sensors vulnerabilities
    https://bugzilla.ubuntu.com/show_bug.cgi?id=13887
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 5.04 (Hoary Hedgehog)

    The following packages are affected:

    lm-sensors

    The problem can be corrected by upgrading the affected package to
    version 2.8.8-7ubuntu2.1. In general, a standard system upgrade is
    sufficient to effect the necessary changes.

    Details follow:

    Javier Fernández-Sanguino Peña noticed that the pwmconfig script
    created temporary files in an insecure manner. This could allow
    a symlink attack to create or overwrite arbitrary files with full
    root privileges since pwmconfig is usually executed by root.

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1.diff.gz
          Size/MD5: 28002 78649f71071530897671aec9d90530bc
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1.dsc
          Size/MD5: 659 2e17dd3a420f2be9fee42ba8932acc93
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8.orig.tar.gz
          Size/MD5: 820983 95cdb083b4d16e2419a2c78b35f608d0

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_amd64.deb
          Size/MD5: 94266 927658de6c8c8dfd592bbd6ea4a2ebf6
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_amd64.deb
          Size/MD5: 81466 e216f3ac2e5b40dcf3c80a0dedfdddaa
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_amd64.deb
          Size/MD5: 467670 e5593dcddbe395f31966b58dd0ff8d6e
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_amd64.deb
          Size/MD5: 54554 f69b44c19c1d6640291a140a172d124b

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_i386.deb
          Size/MD5: 88018 f1f90add89d25e99cc1c12f62a4652f4
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_i386.deb
          Size/MD5: 73074 551f33f59451ab244e972bf5cd77b200
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_i386.deb
          Size/MD5: 464566 3175fceb85c4f8500d325b551e600e6c
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_i386.deb
          Size/MD5: 52492 067285384debd4bfcd5ca87083d51e3d

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors-dev_2.8.8-7ubuntu2.1_powerpc.deb
          Size/MD5: 100452 cd698db9856bfe43c20e4b359372a592
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/libsensors3_2.8.8-7ubuntu2.1_powerpc.deb
          Size/MD5: 79554 899763c092e6497a64437aba12cc07f0
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/lm-sensors_2.8.8-7ubuntu2.1_powerpc.deb
          Size/MD5: 468262 bb280b3c35f59386bad25e332a91c969
        http://security.ubuntu.com/ubuntu/pool/main/l/lm-sensors/sensord_2.8.8-7ubuntu2.1_powerpc.deb
          Size/MD5: 55752 d1c2efe66350314ed725713885d23e95

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  • Next message: Martin Pitt: "[Full-disclosure] [USN-173-1] PCRE vulnerability"