--===============1386572290=	protocol="application/pgp-signature";
 boundary="wRRV7LY7NUeQGEoC"
Content-Disposition: inline


--wRRV7LY7NUeQGEoC
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-172-1	    August 23, 2005
lm-sensors vulnerabilities
https://bugzilla.ubuntu.com/show_bug.cgi?id=13887
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

lm-sensors

The problem can be corrected by upgrading the affected package to
version 2.8.8-7ubuntu2.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Javier Fernández-Sanguino Peña noticed that the pwmconfig script
created temporary files in an insecure manner. This could allow
a symlink attack to create or overwrite arbitrary files with full
root privileges since pwmconfig is usually executed by root.


  Source archives:

    lm-sensors_2.8.8-7ubuntu2.1.diff.gz
      Size/MD5:    28002 78649f71071530897671aec9d90530bc
    lm-sensors_2.8.8-7ubuntu2.1.dsc
      Size/MD5:      659 2e17dd3a420f2be9fee42ba8932acc93
    lm-sensors_2.8.8.orig.tar.gz
      Size/MD5:   820983 95cdb083b4d16e2419a2c78b35f608d0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    libsensors-dev_2.8.8-7ubuntu2.1_amd64.deb
      Size/MD5:    94266 927658de6c8c8dfd592bbd6ea4a2ebf6
    libsensors3_2.8.8-7ubuntu2.1_amd64.deb
      Size/MD5:    81466 e216f3ac2e5b40dcf3c80a0dedfdddaa
    lm-sensors_2.8.8-7ubuntu2.1_amd64.deb
      Size/MD5:   467670 e5593dcddbe395f31966b58dd0ff8d6e
    sensord_2.8.8-7ubuntu2.1_amd64.deb
      Size/MD5:    54554 f69b44c19c1d6640291a140a172d124b

  i386 architecture (x86 compatible Intel/AMD)

    libsensors-dev_2.8.8-7ubuntu2.1_i386.deb
      Size/MD5:    88018 f1f90add89d25e99cc1c12f62a4652f4
    libsensors3_2.8.8-7ubuntu2.1_i386.deb
      Size/MD5:    73074 551f33f59451ab244e972bf5cd77b200
    lm-sensors_2.8.8-7ubuntu2.1_i386.deb
      Size/MD5:   464566 3175fceb85c4f8500d325b551e600e6c
    sensord_2.8.8-7ubuntu2.1_i386.deb
      Size/MD5:    52492 067285384debd4bfcd5ca87083d51e3d


  powerpc architecture (Apple Macintosh G3/G4/G5)

    libsensors-dev_2.8.8-7ubuntu2.1_powerpc.deb
      Size/MD5:   100452 cd698db9856bfe43c20e4b359372a592
    libsensors3_2.8.8-7ubuntu2.1_powerpc.deb
      Size/MD5:    79554 899763c092e6497a64437aba12cc07f0
    lm-sensors_2.8.8-7ubuntu2.1_powerpc.deb
      Size/MD5:   468262 bb280b3c35f59386bad25e332a91c969
    sensord_2.8.8-7ubuntu2.1_powerpc.deb
      Size/MD5:    55752 d1c2efe66350314ed725713885d23e95

--wRRV7LY7NUeQGEoC
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDC0XxDecnbV4Fd/IRAoO8AJ9zFYpjq62h3oSHmqq9sOWCRorSvwCgmXp+
x1MpJviVYo9ORMmC2S7crB0=
=kjoQ
-----END PGP SIGNATURE-----

--wRRV7LY7NUeQGEoC--


--===============1386572290=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce



--===============1386572290==--