Linux Security
Linux Security
Linux Security

Debian: New lm-sensors packages fix insecure temporary file

Date 15 Sep 2005
8091
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 814-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                             Martin Schulze
September 15th, 2005                    https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : lm-sensors
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID         : CAN-2005-2672]
Debian Bug     : 324193

Javier Fernández-Sanguino Peña discovered that a script of lm-sensors,
utilities to read temperature/voltage/fan sensors, creates a temporary
file with a predictable filename, leaving it vulnerable for a symlink
attack.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.9.1-1sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.9.1-7.

We recommend that you upgrade your lm-sensors package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.dsc
      Size/MD5 checksum:     1089 b29b66e67c0cdc230e00e5183724427a
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.diff.gz
      Size/MD5 checksum:    32896 551c338fbc31a17f7fd909c8c18f495e
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz
      Size/MD5 checksum:   870765 f5af615e39441d95471bdb72a3f01709

  Architecture independent components:

    https://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge2_all.deb
      Size/MD5 checksum:   304604 9b936604bcb60dd90c26de965bc8ae7f
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge2_all.deb
      Size/MD5 checksum:   956166 a4cc7cf62245912cca061249e7ff153e

  Alpha architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_alpha.deb
      Size/MD5 checksum:   107734 6672ce70e0a11a3db57b5cc5410a887f
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_alpha.deb
      Size/MD5 checksum:    88004 07333a65127b12aaa3bb7593ca998fc8
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_alpha.deb
      Size/MD5 checksum:   469638 2894c427fa1a171588ee25ec7944aeae
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_alpha.deb
      Size/MD5 checksum:    60162 996e3f4caa6f99a509612ed9409538a1

  AMD64 architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_amd64.deb
      Size/MD5 checksum:    99604 5a2ecb59416841693f291c18ffc36b9f
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_amd64.deb
      Size/MD5 checksum:    86024 be04743cfbe7a3dba14522ce35807a46
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_amd64.deb
      Size/MD5 checksum:   471644 de8c9584f1d5bc2a2fc4134ebb0a5958
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_amd64.deb
      Size/MD5 checksum:    57960 7d2bcf38f644cc293814d9be97e7e462

  ARM architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_arm.deb
      Size/MD5 checksum:    95374 76afc070abfaca6877c53b3dc97e2efe
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_arm.deb
      Size/MD5 checksum:    77598 688a884f1c1a3d9966863f9dd13e6378
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_arm.deb
      Size/MD5 checksum:   466524 f60ec616c55ffecd7d32d9ce6701520b
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_arm.deb
      Size/MD5 checksum:    56518 001487c8ebf59a64eca3c4b1ebd3a4fc

  Intel IA-32 architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:    93822 18985e4483e7ba7f1ee4e08c31e77ee6
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:    77704 c7360febfe8fb136d4edc7447c4a3787
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:   471594 4bb236b1ad878a31115d7231f624d53b
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:   258638 9dab2f0c6ca40bb6b1fa648c72dea266
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:   258646 27ec0369b7e5710cfa9b8a2f6dc7f976
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:   258638 7b59494c8c7e836392ec8d29832a37f7
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:   259220 1f84862f63d4b84ca52d3b0188eae27f
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:   258658 f44895c10b0a2a66f9f8fc2fc1c08945
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:   258950 fc63b5a3190378d192810b865db159d7
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:   259496 acbd3d286c9f83c33075207a32297bfe
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_i386.deb
      Size/MD5 checksum:    56282 4aaa87fa8ec4a9c7a80cc5fa2a2a65c7

  Intel IA-64 architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_ia64.deb
      Size/MD5 checksum:   110518 31b9a4a92124027fc290af68a33c9d72
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_ia64.deb
      Size/MD5 checksum:    94704 1c7b33cb67d43b00bc5c560e010cba42
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_ia64.deb
      Size/MD5 checksum:   487502 b2c2e822feccd91e2cf4e16b788ee8b2
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_ia64.deb
      Size/MD5 checksum:    63894 6f5dd42f2e9bfe4e6f6dfc0d657c231c

  HP Precision architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_hppa.deb
      Size/MD5 checksum:   103444 b90312374564a949899f1fc5efe0afca
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_hppa.deb
      Size/MD5 checksum:    88110 c2c6817f83c05784e7ae6dfb342c3f45
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_hppa.deb
      Size/MD5 checksum:   470520 cff17a1708ab3698cbe576845758f040
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_hppa.deb
      Size/MD5 checksum:    59432 2316f77020a58c9bbcb4680e39093872

  Motorola 680x0 architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_m68k.deb
      Size/MD5 checksum:    95016 2570abfafb354bf68ff57e294010d9bd
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_m68k.deb
      Size/MD5 checksum:    82760 8575a48b3ae56c05aa33b1dec7b7e7d8
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_m68k.deb
      Size/MD5 checksum:   457278 2b04efc7078bfcac49bae53de1fa37f4
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_m68k.deb
      Size/MD5 checksum:    55334 acf8cedc0bc7b9fcce51bf4028346aa4

  Big endian MIPS architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mips.deb
      Size/MD5 checksum:   101340 65525f23eed1bb8bd56104db43613b64
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mips.deb
      Size/MD5 checksum:    80346 78e1796d19b2a450001b7db46fa00971
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mips.deb
      Size/MD5 checksum:   464976 77c81982d7dc7a6e3059e9b7bfe843ae
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mips.deb
      Size/MD5 checksum:    58392 fce20208178fcf5e8b34f037a89ebeb8

  Little endian MIPS architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mipsel.deb
      Size/MD5 checksum:    99308 561831d67a0b6c5a2c23ce19d63fd4e9
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mipsel.deb
      Size/MD5 checksum:    78318 bf864fc9cc93f35f74cb383916b93187
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mipsel.deb
      Size/MD5 checksum:   465612 90be081b2fe5d58208cdc22f922ace6a
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mipsel.deb
      Size/MD5 checksum:    58452 862e8a3b5f5bf5ab9a7e37f91828a96a

  PowerPC architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_powerpc.deb
      Size/MD5 checksum:   105926 1c01fa48983ca51785fb6cebcb1352e7
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_powerpc.deb
      Size/MD5 checksum:    84122 362b899e12a413c46a1aa3bb80ae9564
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_powerpc.deb
      Size/MD5 checksum:   476730 326fe3274869079637c4a425430d9cc9
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_powerpc.deb
      Size/MD5 checksum:    59362 2be27fc39b66107b8bc28df51bfd929f

  IBM S/390 architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_s390.deb
      Size/MD5 checksum:   105122 aa913f7a24298b97954809094c966d13
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_s390.deb
      Size/MD5 checksum:    86884 2c6ebcada8848923a727f21d348089bf
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_s390.deb
      Size/MD5 checksum:   463706 d0d5e649c114bd891c9dd5a742b3dd7f
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_s390.deb
      Size/MD5 checksum:    57970 fccda7621dfee8331517dc5f47587246

  Sun Sparc architecture:

    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_sparc.deb
      Size/MD5 checksum:   100274 63098e8e9f4c3fab8147c04aa17d811c
    https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_sparc.deb
      Size/MD5 checksum:    80906 18db5ab878c2185c7a999f968b36e204
    https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_sparc.deb
      Size/MD5 checksum:   470238 3edce01e75344d0a8a3985c564060243
    https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_sparc.deb
      Size/MD5 checksum:    56654 c47257c9c9263f657a3e96f55b14c40b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"41","type":"x","order":"1","pct":85.42,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8.33,"resources":[]},{"id":"181","title":"Hardly ever","votes":"3","type":"x","order":"3","pct":6.25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]