Javier Fernández-Sanguino Peña discovered that a script included in
lm-sensors, used to read temperature/voltage/fan sensors, creates a temporary
file with a predictable filename, leaving it vulnerable for a symlink
attack.
Note that this is the same set of security fixes put into stable in
DSA-814-1.
For the testing distribution (etch) this is fixed in version 1:2.9.1-6etch1
For the unstable distribution (sid) this is fixed in version 1:2.9.1-7
This upgrade is recommended if you use lm-sensors.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get install lm-sensors
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free