Summary: | sys-apps/lm_sensors Insecure temp file creation | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | henrik | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0759.html | ||||||
Whiteboard: | B3 [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-08-24 02:25:47 UTC
Javier Fernández-Sanguino Peña reports ath the pwmconfig script creates the temp file /tmp/fancontrol insecurely. Created attachment 66752 [details, diff]
lm-sensors.diff
Patch from Ubuntu.
Has this patch been submitted upstream? It's not present in current CVS HEAD. Oh, sorry - it _is_ present is CVS HEAD. I'll prepare a new ebuild. Fixed in sys-apps/lm_sensors-2.9.1-r1. I'll mark it stable on x86 within the next 24 hours if no additional bugs are reported. Stable on x86. amd64 done Stable on ppc. Ready for GLSA? Thx for the reminder Brix. Ready for GLSA vote, I tend to vote NO. I tend to vote YES, as this is typically run by root. Forgot about that reversing my vote to YES. as it's run as root, i vote yes. agree with Koon, vote YES GLSA 200508-19 |