Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > November 2005 > Fedora - Three Update Notifications

November 2005

Fedora - Three Update Notifications

ID: 00993
Ref: 931/05
Date: 08 November 2005:16:22:35
Version: 1
Title: Fedora - Three Update Notifications
Abstract: 1. Fedora Core 4 Update: lm_sensors-2.9.1-3.FC4.1 , 2. Fedora Core 3 Update: libgda-1.0.4-3.1 , 3. Fedora Core 3 Update: lm_sensors-2.8.7-2.FC3.1
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora

Title
=====

Fedora - Three Update Notifications:
1. Fedora Core 4 Update: lm_sensors-2.9.1-3.FC4.1
2. Fedora Core 3 Update: libgda-1.0.4-3.1
3. Fedora Core 3 Update: lm_sensors-2.8.7-2.FC3.1


Detail
======

Update notification summaries:

1. A bug was found in the pwmconfig tool which uses temporary
files in an insecure manner. The pwconfig tool writes a
configuration file which may be world readable for a short
period of time. This file contains various information about
the setup of lm_sensors on that machine. It could be
modified within the short window to contain configuration
data that would either render lm_sensors unusable or in the
worst case even hang the machine resulting in a DoS

2. Resolved CVE-2005-2958, libgda format string issue.

3. A bug was found in the pwmconfig tool which uses temporary
files in an insecure manner. The pwconfig tool writes a
configuration file which may be world readable for a short
period of time. This file contains various information about
the setup of lm_sensors on that machine. It could be
modified within the short window to contain configuration
data that would either render lm_sensors unusable or in the
worst case even hang the machine resulting in a DoS


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1053
2005-11-07
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : lm_sensors
Version : 2.9.1
Release : 3.FC4.1
Summary : Hardware monitoring tools.
Description :
The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. NOTE: this requires special support which
is not in standard 2.2-vintage kernels.

- ---------------------------------------------------------------------
Update Information:

The lm_sensors package includes a collection of modules for
general SMBus access and hardware monitoring. NOTE: this
package requires special support which is not in standard
2.2-vintage kernels.

A bug was found in the pwmconfig tool which uses temporary
files in an insecure manner. The pwconfig tool writes a
configuration file which may be world readable for a short
period of time. This file contains various information about
the setup of lm_sensors on that machine. It could be
modified within the short window to contain configuration
data that would either render lm_sensors unusable or in the
worst case even hang the machine resulting in a DoS. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2672 to this issue.

Users of lm_sensors are advised to upgrade to these updated
packages, which contain a patch which resolves this issue.
- ---------------------------------------------------------------------
* Thu Sep 1 2005 Phil Knirsch 2.9.1-3.FC4.1
- - Fixed CAN-2005-2672 lm_sensors pwmconfig insecure temporary file usage
(#166673)
- - Fixed missing optflags during build (#166910)

* Mon May 23 2005 Phil Knirsch 2.9.1-3
- - Update to lm_sensors-2.9.1
- - Fixed wrong/missing location variables for make user
- - Fixed missing check for /etc/modprobe.conf in sensors-detect (#139245)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

01f14f40542a5dbd8a069c187da2a6cd SRPMS/lm_sensors-2.9.1-3.FC4.1.src.rpm
6edf4ba108f9a888f7606351a13b14d6 x86_64/lm_sensors-2.9.1-3.FC4.1.x86_64.rpm
a746776641693fcfd22d8b235c395d98 x86_64/lm_sensors-devel-2.9.1-3.FC4.1.x86_64.rpm
220e210a34405bd704d11becfb21e31a x86_64/debug/lm_sensors-debuginfo-2.9.1-3.FC4.1.x86_64.rpm
8a86673c482d82ced8a22048589523d5 x86_64/lm_sensors-2.9.1-3.FC4.1.i386.rpm
8a86673c482d82ced8a22048589523d5 i386/lm_sensors-2.9.1-3.FC4.1.i386.rpm
944ea0d8a3777920dd59945dd8461781 i386/lm_sensors-devel-2.9.1-3.FC4.1.i386.rpm
ca7be3d727275f938b32f42eaaf71435 i386/debug/lm_sensors-debuginfo-2.9.1-3.FC4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




2.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1029
2005-11-07
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : libgda
Version : 1.0.4
Release : 3.1
Summary : Library for writing gnome database programs
Description :
libgda is a library that eases the task of writing
gnome database programs.

- ---------------------------------------------------------------------

* Wed Oct 26 2005 Caolan McNamara 1:1.0.4-3.1
- - CVE-2005-2958 libgda format string issue


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

5bbe1fd316f3d73a69f2bf1d2c91b360 SRPMS/libgda-1.0.4-3.1.src.rpm
4bcd6b4701e97749fc5d4bd4b744b7e4 x86_64/libgda-1.0.4-3.1.x86_64.rpm
dd07589bca360c30e1c31e0977fa4eff x86_64/libgda-devel-1.0.4-3.1.x86_64.rpm
b8eb2c524070622b7710642331b57aa5 x86_64/gda-mysql-1.0.4-3.1.x86_64.rpm
72079129f4d5d7f0e2f84c8b2caefb8e x86_64/gda-odbc-1.0.4-3.1.x86_64.rpm
8b42050ae43d3e66281bce5675bbcee3 x86_64/gda-postgres-1.0.4-3.1.x86_64.rpm
0e58e8eb0a6f9e27a80135664d4accd3 x86_64/debug/libgda-debuginfo-1.0.4-3.1.x86_64.rpm
b5b37d00eef0f7f5b53ae606ec21fc03 x86_64/libgda-1.0.4-3.1.i386.rpm
b5b37d00eef0f7f5b53ae606ec21fc03 i386/libgda-1.0.4-3.1.i386.rpm
bd5eb250a165274fbbae7720ec0c83e8 i386/libgda-devel-1.0.4-3.1.i386.rpm
35b06a0016b2ea5713229a44571b3f4c i386/gda-mysql-1.0.4-3.1.i386.rpm
25c8169519e55fc743625ff790c11c62 i386/gda-odbc-1.0.4-3.1.i386.rpm
12f7f6e510df7dab515f0d18aca90fd1 i386/gda-postgres-1.0.4-3.1.i386.rpm
68ccc27d29771906d33913dd6d14e300 i386/debug/libgda-debuginfo-1.0.4-3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




3.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1054
2005-11-07
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : lm_sensors
Version : 2.8.7
Release : 2.FC3.1
Summary : Hardware monitoring tools.
Description :
The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. NOTE: this requires special support which
is not in standard 2.2-vintage kernels.

- ---------------------------------------------------------------------
Update Information:

The lm_sensors package includes a collection of modules for
general SMBus access and hardware monitoring. NOTE: this
package requires special support which is not in standard
2.2-vintage kernels.

A bug was found in the pwmconfig tool which uses temporary
files in an insecure manner. The pwconfig tool writes a
configuration file which may be world readable for a short
period of time. This file contains various information about
the setup of lm_sensors on that machine. It could be
modified within the short window to contain configuration
data that would either render lm_sensors unusable or in the
worst case even hang the machine resulting in a DoS. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2672 to this issue.

Users of lm_sensors are advised to upgrade to these updated
packages, which contain a patch which resolves this issue.
- ---------------------------------------------------------------------
* Tue Aug 30 2005 Phil Knirsch 2.8.7-2.FC3.1
- - Fixed CAN-2005-2672 lm_sensors pwmconfig insecure temporary file usage
(#166673)
- - Fixed missing optflags during build (#166910)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

405f8f79470ba5e6aa91245e01e704d7 SRPMS/lm_sensors-2.8.7-2.FC3.1.src.rpm
7afe0b73970390b26046b8bd46387ce6 x86_64/lm_sensors-2.8.7-2.FC3.1.x86_64.rpm
9f6395f944e4dee6794902bdcb5251cf x86_64/lm_sensors-devel-2.8.7-2.FC3.1.x86_64.rpm
45e48c4798340b234b1149101ed12448 x86_64/debug/lm_sensors-debuginfo-2.8.7-2.FC3.1.x86_64.rpm
feab077f0e3b4fa446009b25127f7b8a x86_64/lm_sensors-2.8.7-2.FC3.1.i386.rpm
feab077f0e3b4fa446009b25127f7b8a i386/lm_sensors-2.8.7-2.FC3.1.i386.rpm
47529e3eae96b93be934d80b80acbb5d i386/lm_sensors-devel-2.8.7-2.FC3.1.i386.rpm
dc607f6406a43ed2b0223a120c6f4a0c i386/debug/lm_sensors-debuginfo-2.8.7-2.FC3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |