Red Hat Product Errata RHSA-2005:825 - Security Advisory

Issued:: 2005-11-10
Updated:: 2005-11-10

RHSA-2005:825 - Security Advisory

Overview
Updated Packages

Synopsis

lm_sensors security update

Type/Severity

Security Advisory: Low

Topic

Updated lm_sensors packages that fix an insecure file issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. This package requires special support which
is not in standard version 2.2 kernels.

A bug was found in the way the pwmconfig tool creates temporary files. It
is possible that a local attacker could leverage this flaw to overwrite
arbitrary files located on the system. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-2672 to this issue.

Users of lm_sensors are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386

Fixes

BZ - 166672 - CVE-2005-2672 lm_sensors pwmconfig insecure temporary file usage

CVEs

CVE-2005-2672

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
lm_sensors-2.8.7-2.40.3.src.rpm	SHA-256: 7de9e23b4c7eb61161bee07510a8b47f5bb9081d9a0578239c0f5024919bcb71
x86_64
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-2.8.7-2.40.3.x86_64.rpm	SHA-256: ae72f3549c1118e6d020e5d3ab3d20f0370c5c8c146f23e5b0b5f1984d9e4a8a
lm_sensors-2.8.7-2.40.3.x86_64.rpm	SHA-256: ae72f3549c1118e6d020e5d3ab3d20f0370c5c8c146f23e5b0b5f1984d9e4a8a
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm	SHA-256: 769b3f98299648d2e0356b3398000d509bb49a6957a99cf530deb9d63f3b2648
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm	SHA-256: 769b3f98299648d2e0356b3398000d509bb49a6957a99cf530deb9d63f3b2648
ia64
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
i386
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-devel-2.8.7-2.40.3.i386.rpm	SHA-256: b4c33db2398ecd7278c0b8827a0627b7430c664620bba9c3bff709ebc8576ec2
lm_sensors-devel-2.8.7-2.40.3.i386.rpm	SHA-256: b4c33db2398ecd7278c0b8827a0627b7430c664620bba9c3bff709ebc8576ec2

Red Hat Enterprise Linux Workstation 4

SRPM
lm_sensors-2.8.7-2.40.3.src.rpm	SHA-256: 7de9e23b4c7eb61161bee07510a8b47f5bb9081d9a0578239c0f5024919bcb71
x86_64
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-2.8.7-2.40.3.x86_64.rpm	SHA-256: ae72f3549c1118e6d020e5d3ab3d20f0370c5c8c146f23e5b0b5f1984d9e4a8a
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm	SHA-256: 769b3f98299648d2e0356b3398000d509bb49a6957a99cf530deb9d63f3b2648
ia64
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
i386
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-devel-2.8.7-2.40.3.i386.rpm	SHA-256: b4c33db2398ecd7278c0b8827a0627b7430c664620bba9c3bff709ebc8576ec2

Red Hat Enterprise Linux Desktop 4

SRPM
lm_sensors-2.8.7-2.40.3.src.rpm	SHA-256: 7de9e23b4c7eb61161bee07510a8b47f5bb9081d9a0578239c0f5024919bcb71
x86_64
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-2.8.7-2.40.3.x86_64.rpm	SHA-256: ae72f3549c1118e6d020e5d3ab3d20f0370c5c8c146f23e5b0b5f1984d9e4a8a
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm	SHA-256: 769b3f98299648d2e0356b3398000d509bb49a6957a99cf530deb9d63f3b2648
i386
lm_sensors-2.8.7-2.40.3.i386.rpm	SHA-256: 8b47de3440c2a0ed96e2ea3a8ec444efe84909c10b00047194354409f54c3bcd
lm_sensors-devel-2.8.7-2.40.3.i386.rpm	SHA-256: b4c33db2398ecd7278c0b8827a0627b7430c664620bba9c3bff709ebc8576ec2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories