Linux Security
    Linux Security
    Linux Security

    Debian: New lm-sensors packages fix insecure temporary file

    Date 15 Sep 2005
    8023
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 814-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    September 15th, 2005                    https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : lm-sensors
    Vulnerability  : insecure temporary file
    Problem type   : local
    Debian-specific: no
    CVE ID         : CAN-2005-2672]
    Debian Bug     : 324193
    
    Javier Fernández-Sanguino Peña discovered that a script of lm-sensors,
    utilities to read temperature/voltage/fan sensors, creates a temporary
    file with a predictable filename, leaving it vulnerable for a symlink
    attack.
    
    The old stable distribution (woody) is not affected by this problem.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.9.1-1sarge2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.9.1-7.
    
    We recommend that you upgrade your lm-sensors package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.dsc
          Size/MD5 checksum:     1089 b29b66e67c0cdc230e00e5183724427a
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.diff.gz
          Size/MD5 checksum:    32896 551c338fbc31a17f7fd909c8c18f495e
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz
          Size/MD5 checksum:   870765 f5af615e39441d95471bdb72a3f01709
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge2_all.deb
          Size/MD5 checksum:   304604 9b936604bcb60dd90c26de965bc8ae7f
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge2_all.deb
          Size/MD5 checksum:   956166 a4cc7cf62245912cca061249e7ff153e
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_alpha.deb
          Size/MD5 checksum:   107734 6672ce70e0a11a3db57b5cc5410a887f
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_alpha.deb
          Size/MD5 checksum:    88004 07333a65127b12aaa3bb7593ca998fc8
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_alpha.deb
          Size/MD5 checksum:   469638 2894c427fa1a171588ee25ec7944aeae
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_alpha.deb
          Size/MD5 checksum:    60162 996e3f4caa6f99a509612ed9409538a1
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_amd64.deb
          Size/MD5 checksum:    99604 5a2ecb59416841693f291c18ffc36b9f
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_amd64.deb
          Size/MD5 checksum:    86024 be04743cfbe7a3dba14522ce35807a46
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_amd64.deb
          Size/MD5 checksum:   471644 de8c9584f1d5bc2a2fc4134ebb0a5958
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_amd64.deb
          Size/MD5 checksum:    57960 7d2bcf38f644cc293814d9be97e7e462
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_arm.deb
          Size/MD5 checksum:    95374 76afc070abfaca6877c53b3dc97e2efe
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_arm.deb
          Size/MD5 checksum:    77598 688a884f1c1a3d9966863f9dd13e6378
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_arm.deb
          Size/MD5 checksum:   466524 f60ec616c55ffecd7d32d9ce6701520b
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_arm.deb
          Size/MD5 checksum:    56518 001487c8ebf59a64eca3c4b1ebd3a4fc
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:    93822 18985e4483e7ba7f1ee4e08c31e77ee6
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:    77704 c7360febfe8fb136d4edc7447c4a3787
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:   471594 4bb236b1ad878a31115d7231f624d53b
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:   258638 9dab2f0c6ca40bb6b1fa648c72dea266
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:   258646 27ec0369b7e5710cfa9b8a2f6dc7f976
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:   258638 7b59494c8c7e836392ec8d29832a37f7
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:   259220 1f84862f63d4b84ca52d3b0188eae27f
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:   258658 f44895c10b0a2a66f9f8fc2fc1c08945
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:   258950 fc63b5a3190378d192810b865db159d7
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:   259496 acbd3d286c9f83c33075207a32297bfe
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_i386.deb
          Size/MD5 checksum:    56282 4aaa87fa8ec4a9c7a80cc5fa2a2a65c7
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_ia64.deb
          Size/MD5 checksum:   110518 31b9a4a92124027fc290af68a33c9d72
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_ia64.deb
          Size/MD5 checksum:    94704 1c7b33cb67d43b00bc5c560e010cba42
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_ia64.deb
          Size/MD5 checksum:   487502 b2c2e822feccd91e2cf4e16b788ee8b2
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_ia64.deb
          Size/MD5 checksum:    63894 6f5dd42f2e9bfe4e6f6dfc0d657c231c
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_hppa.deb
          Size/MD5 checksum:   103444 b90312374564a949899f1fc5efe0afca
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_hppa.deb
          Size/MD5 checksum:    88110 c2c6817f83c05784e7ae6dfb342c3f45
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_hppa.deb
          Size/MD5 checksum:   470520 cff17a1708ab3698cbe576845758f040
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_hppa.deb
          Size/MD5 checksum:    59432 2316f77020a58c9bbcb4680e39093872
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_m68k.deb
          Size/MD5 checksum:    95016 2570abfafb354bf68ff57e294010d9bd
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_m68k.deb
          Size/MD5 checksum:    82760 8575a48b3ae56c05aa33b1dec7b7e7d8
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_m68k.deb
          Size/MD5 checksum:   457278 2b04efc7078bfcac49bae53de1fa37f4
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_m68k.deb
          Size/MD5 checksum:    55334 acf8cedc0bc7b9fcce51bf4028346aa4
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mips.deb
          Size/MD5 checksum:   101340 65525f23eed1bb8bd56104db43613b64
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mips.deb
          Size/MD5 checksum:    80346 78e1796d19b2a450001b7db46fa00971
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mips.deb
          Size/MD5 checksum:   464976 77c81982d7dc7a6e3059e9b7bfe843ae
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mips.deb
          Size/MD5 checksum:    58392 fce20208178fcf5e8b34f037a89ebeb8
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mipsel.deb
          Size/MD5 checksum:    99308 561831d67a0b6c5a2c23ce19d63fd4e9
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mipsel.deb
          Size/MD5 checksum:    78318 bf864fc9cc93f35f74cb383916b93187
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mipsel.deb
          Size/MD5 checksum:   465612 90be081b2fe5d58208cdc22f922ace6a
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mipsel.deb
          Size/MD5 checksum:    58452 862e8a3b5f5bf5ab9a7e37f91828a96a
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_powerpc.deb
          Size/MD5 checksum:   105926 1c01fa48983ca51785fb6cebcb1352e7
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_powerpc.deb
          Size/MD5 checksum:    84122 362b899e12a413c46a1aa3bb80ae9564
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_powerpc.deb
          Size/MD5 checksum:   476730 326fe3274869079637c4a425430d9cc9
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_powerpc.deb
          Size/MD5 checksum:    59362 2be27fc39b66107b8bc28df51bfd929f
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_s390.deb
          Size/MD5 checksum:   105122 aa913f7a24298b97954809094c966d13
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_s390.deb
          Size/MD5 checksum:    86884 2c6ebcada8848923a727f21d348089bf
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_s390.deb
          Size/MD5 checksum:   463706 d0d5e649c114bd891c9dd5a742b3dd7f
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_s390.deb
          Size/MD5 checksum:    57970 fccda7621dfee8331517dc5f47587246
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_sparc.deb
          Size/MD5 checksum:   100274 63098e8e9f4c3fab8147c04aa17d811c
        https://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_sparc.deb
          Size/MD5 checksum:    80906 18db5ab878c2185c7a999f968b36e204
        https://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_sparc.deb
          Size/MD5 checksum:   470238 3edce01e75344d0a8a3985c564060243
        https://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_sparc.deb
          Size/MD5 checksum:    56654 c47257c9c9263f657a3e96f55b14c40b
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.