--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-1054 2005-11-07 --------------------------------------------------------------------- Product : Fedora Core 3 Name : lm_sensors Version : 2.8.7 Release : 2.FC3.1 Summary : Hardware monitoring tools. Description : The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. NOTE: this requires special support which is not in standard 2.2-vintage kernels. --------------------------------------------------------------------- Update Information: The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. NOTE: this package requires special support which is not in standard 2.2-vintage kernels. A bug was found in the pwmconfig tool which uses temporary files in an insecure manner. The pwconfig tool writes a configuration file which may be world readable for a short period of time. This file contains various information about the setup of lm_sensors on that machine. It could be modified within the short window to contain configuration data that would either render lm_sensors unusable or in the worst case even hang the machine resulting in a DoS. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a patch which resolves this issue. --------------------------------------------------------------------- * Tue Aug 30 2005 Phil Knirsch <pknirsch@xxxxxxxxxx> 2.8.7-2.FC3.1 - Fixed CAN-2005-2672 lm_sensors pwmconfig insecure temporary file usage (#166673) - Fixed missing optflags during build (#166910) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ 405f8f79470ba5e6aa91245e01e704d7 SRPMS/lm_sensors-2.8.7-2.FC3.1.src.rpm 7afe0b73970390b26046b8bd46387ce6 x86_64/lm_sensors-2.8.7-2.FC3.1.x86_64.rpm 9f6395f944e4dee6794902bdcb5251cf x86_64/lm_sensors-devel-2.8.7-2.FC3.1.x86_64.rpm 45e48c4798340b234b1149101ed12448 x86_64/debug/lm_sensors-debuginfo-2.8.7-2.FC3.1.x86_64.rpm feab077f0e3b4fa446009b25127f7b8a x86_64/lm_sensors-2.8.7-2.FC3.1.i386.rpm feab077f0e3b4fa446009b25127f7b8a i386/lm_sensors-2.8.7-2.FC3.1.i386.rpm 47529e3eae96b93be934d80b80acbb5d i386/lm_sensors-devel-2.8.7-2.FC3.1.i386.rpm dc607f6406a43ed2b0223a120c6f4a0c i386/debug/lm_sensors-debuginfo-2.8.7-2.FC3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-announce-list
