Skip to navigation

Security Advisory lm_sensors security update

Advisory: RHSA-2005:825-13
Type: Security Advisory
Severity: Low
Issued on: 2005-11-10
Last updated on: 2005-11-10
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-2672

Details

Updated lm_sensors packages that fix an insecure file issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. This package requires special support which
is not in standard version 2.2 kernels.

A bug was found in the way the pwmconfig tool creates temporary files. It
is possible that a local attacker could leverage this flaw to overwrite
arbitrary files located on the system. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-2672 to this issue.

Users of lm_sensors are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
lm_sensors-2.8.7-2.40.3.src.rpm
File outdated by:  RHEA-2007:0682
    MD5: 196630152fb8a0021e695417b2d81abe
 
IA-32:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
lm_sensors-devel-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: f9aa0903706ad5b78d6fb456e4a73879
 
x86_64:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
lm_sensors-2.8.7-2.40.3.x86_64.rpm
File outdated by:  RHEA-2007:0682
    MD5: 71668d4442fa5d9871d4d0197208c1ce
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm
File outdated by:  RHEA-2007:0682
    MD5: 7c52e53754616474eae1d9263eba092c
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
lm_sensors-2.8.7-2.40.3.src.rpm
File outdated by:  RHEA-2007:0682
    MD5: 196630152fb8a0021e695417b2d81abe
 
IA-32:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
lm_sensors-devel-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: f9aa0903706ad5b78d6fb456e4a73879
 
IA-64:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
 
x86_64:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
lm_sensors-2.8.7-2.40.3.x86_64.rpm
File outdated by:  RHEA-2007:0682
    MD5: 71668d4442fa5d9871d4d0197208c1ce
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm
File outdated by:  RHEA-2007:0682
    MD5: 7c52e53754616474eae1d9263eba092c
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
lm_sensors-2.8.7-2.40.3.src.rpm
File outdated by:  RHEA-2007:0682
    MD5: 196630152fb8a0021e695417b2d81abe
 
IA-32:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
lm_sensors-devel-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: f9aa0903706ad5b78d6fb456e4a73879
 
IA-64:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
 
x86_64:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
lm_sensors-2.8.7-2.40.3.x86_64.rpm
File outdated by:  RHEA-2007:0682
    MD5: 71668d4442fa5d9871d4d0197208c1ce
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm
File outdated by:  RHEA-2007:0682
    MD5: 7c52e53754616474eae1d9263eba092c
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
lm_sensors-2.8.7-2.40.3.src.rpm
File outdated by:  RHEA-2007:0682
    MD5: 196630152fb8a0021e695417b2d81abe
 
IA-32:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
lm_sensors-devel-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: f9aa0903706ad5b78d6fb456e4a73879
 
IA-64:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
 
x86_64:
lm_sensors-2.8.7-2.40.3.i386.rpm
File outdated by:  RHEA-2007:0682
    MD5: b7a50e079501018ccef1196551aaef13
lm_sensors-2.8.7-2.40.3.x86_64.rpm
File outdated by:  RHEA-2007:0682
    MD5: 71668d4442fa5d9871d4d0197208c1ce
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm
File outdated by:  RHEA-2007:0682
    MD5: 7c52e53754616474eae1d9263eba092c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

166672 - CVE-2005-2672 lm_sensors pwmconfig insecure temporary file usage


References


Keywords

pwmconfig


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/