[Secure-testing-commits] r2008 - data/DTSA/advs
Micah Anderson
micah at costa.debian.org
Thu Sep 15 22:36:12 UTC 2005
Author: micah
Date: 2005-09-15 22:36:11 +0000 (Thu, 15 Sep 2005)
New Revision: 2008
Added:
data/DTSA/advs/18-lm-sensors.adv
Log:
Prepare lm-sensors DTSA
Added: data/DTSA/advs/18-lm-sensors.adv
===================================================================
--- data/DTSA/advs/18-lm-sensors.adv 2005-09-15 21:14:17 UTC (rev 2007)
+++ data/DTSA/advs/18-lm-sensors.adv 2005-09-15 22:36:11 UTC (rev 2008)
@@ -0,0 +1,19 @@
+source: lm-sensors
+date: September 15th, 2005
+author: Micah Anderson
+vuln-type: insecure temporary file
+problem-scope: local
+debian-specifc: no
+cve: CAN-2005-2672
+vendor-advisory:
+testing-fix: lm-sensors_1:2.9.1-6etch1
+sid-fix: 1:2.9.1-7
+upgrade: apt-get install lm-sensors
+
+Javier Fernández-Sanguino Peña discovered that a script included in
+lm-sensors, used to read temperature/voltage/fan sensors, creates a temporary
+file with a predictable filename, leaving it vulnerable for a symlink
+attack.
+
+Note that this is the same set of security fixes put into stable in
+DSA-814-1.
More information about the Secure-testing-commits
mailing list