diff options
author | Micah Anderson <micah@debian.org> | 2005-09-15 22:36:11 +0000 |
---|---|---|
committer | Micah Anderson <micah@debian.org> | 2005-09-15 22:36:11 +0000 |
commit | a9b351d820ab58ba7f936673bc4f882fc76e0e6b (patch) | |
tree | a962f04ce08486cf4bbf5ba58f6683b39f984fdf /data/DTSA/advs | |
parent | e394eb9684382e1d42d8571fa3050e44885921d3 (diff) |
Prepare lm-sensors DTSA
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2008 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r-- | data/DTSA/advs/18-lm-sensors.adv | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/data/DTSA/advs/18-lm-sensors.adv b/data/DTSA/advs/18-lm-sensors.adv new file mode 100644 index 0000000000..f496864618 --- /dev/null +++ b/data/DTSA/advs/18-lm-sensors.adv @@ -0,0 +1,19 @@ +source: lm-sensors +date: September 15th, 2005 +author: Micah Anderson +vuln-type: insecure temporary file +problem-scope: local +debian-specifc: no +cve: CAN-2005-2672 +vendor-advisory: +testing-fix: lm-sensors_1:2.9.1-6etch1 +sid-fix: 1:2.9.1-7 +upgrade: apt-get install lm-sensors + +Javier Fernández-Sanguino Peña discovered that a script included in +lm-sensors, used to read temperature/voltage/fan sensors, creates a temporary +file with a predictable filename, leaving it vulnerable for a symlink +attack. + +Note that this is the same set of security fixes put into stable in +DSA-814-1. |