--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-1053 2005-11-07 --------------------------------------------------------------------- Product : Fedora Core 4 Name : lm_sensors Version : 2.9.1 Release : 3.FC4.1 Summary : Hardware monitoring tools. Description : The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. NOTE: this requires special support which is not in standard 2.2-vintage kernels. --------------------------------------------------------------------- Update Information: The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. NOTE: this package requires special support which is not in standard 2.2-vintage kernels. A bug was found in the pwmconfig tool which uses temporary files in an insecure manner. The pwconfig tool writes a configuration file which may be world readable for a short period of time. This file contains various information about the setup of lm_sensors on that machine. It could be modified within the short window to contain configuration data that would either render lm_sensors unusable or in the worst case even hang the machine resulting in a DoS. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a patch which resolves this issue. --------------------------------------------------------------------- * Thu Sep 1 2005 Phil Knirsch <pknirsch@xxxxxxxxxx> 2.9.1-3.FC4.1 - Fixed CAN-2005-2672 lm_sensors pwmconfig insecure temporary file usage (#166673) - Fixed missing optflags during build (#166910) * Mon May 23 2005 Phil Knirsch <pknirsch@xxxxxxxxxx> 2.9.1-3 - Update to lm_sensors-2.9.1 - Fixed wrong/missing location variables for make user - Fixed missing check for /etc/modprobe.conf in sensors-detect (#139245) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 01f14f40542a5dbd8a069c187da2a6cd SRPMS/lm_sensors-2.9.1-3.FC4.1.src.rpm 6edf4ba108f9a888f7606351a13b14d6 x86_64/lm_sensors-2.9.1-3.FC4.1.x86_64.rpm a746776641693fcfd22d8b235c395d98 x86_64/lm_sensors-devel-2.9.1-3.FC4.1.x86_64.rpm 220e210a34405bd704d11becfb21e31a x86_64/debug/lm_sensors-debuginfo-2.9.1-3.FC4.1.x86_64.rpm 8a86673c482d82ced8a22048589523d5 x86_64/lm_sensors-2.9.1-3.FC4.1.i386.rpm 8a86673c482d82ced8a22048589523d5 i386/lm_sensors-2.9.1-3.FC4.1.i386.rpm 944ea0d8a3777920dd59945dd8461781 i386/lm_sensors-devel-2.9.1-3.FC4.1.i386.rpm ca7be3d727275f938b32f42eaaf71435 i386/debug/lm_sensors-debuginfo-2.9.1-3.FC4.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-announce-list
