English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 105790 CVE descriptions
and 56160 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1053
2005-11-07
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : lm_sensors
Version     : 2.9.1                      
Release     : 3.FC4.1                  
Summary     : Hardware monitoring tools.
Description :
The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring.  NOTE: this requires special support which
is not in standard 2.2-vintage kernels.

---------------------------------------------------------------------
Update Information:

The lm_sensors package includes a collection of modules for
general SMBus access and hardware monitoring. NOTE: this
package requires special support which is not in standard
2.2-vintage kernels.

A bug was found in the pwmconfig tool which uses temporary
files in an insecure manner. The pwconfig tool writes a
configuration file which may be world readable for a short
period of time. This file contains various information about
the setup of lm_sensors on that machine. It could be
modified within the short window to contain configuration
data that would either render lm_sensors unusable or in the
worst case even hang the machine resulting in a DoS. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2672 to this issue.

Users of lm_sensors are advised to upgrade to these updated
packages, which contain a patch which resolves this issue.
---------------------------------------------------------------------
* Thu Sep  1 2005 Phil Knirsch <pknirsch@redhat.com> 2.9.1-3.FC4.1
- Fixed CAN-2005-2672 lm_sensors pwmconfig insecure temporary file usage
  (#166673)
- Fixed missing optflags during build (#166910)

* Mon May 23 2005 Phil Knirsch <pknirsch@redhat.com> 2.9.1-3
- Update to lm_sensors-2.9.1
- Fixed wrong/missing location variables for make user
- Fixed missing check for /etc/modprobe.conf in sensors-detect (#139245)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

01f14f40542a5dbd8a069c187da2a6cd  SRPMS/lm_sensors-2.9.1-3.FC4.1.src.rpm
6edf4ba108f9a888f7606351a13b14d6  x86_64/lm_sensors-2.9.1-3.FC4.1.x86_64.rpm
a746776641693fcfd22d8b235c395d98  x86_64/lm_sensors-devel-2.9.1-3.FC4.1.x86_64.rpm
220e210a34405bd704d11becfb21e31a  x86_64/debug/lm_sensors-debuginfo-2.9.1-3.FC4.1.x86_64.rpm
8a86673c482d82ced8a22048589523d5  x86_64/lm_sensors-2.9.1-3.FC4.1.i386.rpm
8a86673c482d82ced8a22048589523d5  i386/lm_sensors-2.9.1-3.FC4.1.i386.rpm
944ea0d8a3777920dd59945dd8461781  i386/lm_sensors-devel-2.9.1-3.FC4.1.i386.rpm
ca7be3d727275f938b32f42eaaf71435  i386/debug/lm_sensors-debuginfo-2.9.1-3.FC4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2017 E-Soft Inc. All rights reserved.