Bug 166673

Summary: CAN-2005-2672 lm_sensors pwmconfig insecure temporary file usage
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: lm_sensorsAssignee: Phil Knirsch <pknirsch>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: low Docs Contact:
Priority: medium    
Version: 4CC: rvokal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,reported=20050824,public=20050814,source=vendorsec
Fixed In Version: FC5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-22 02:12:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-08-24 15:16:08 UTC 
+++ This bug was initially created as a clone of Bug #166672 +++

A bug was found in lm_sensors' pwmconfig tool which uses temporary files in an
insecure manner.

-- Additional comment from bressers on 2005-08-24 11:13 EST --
Created an attachment (id=118071)
Upstream patch from CVS

This issue should also affect FC3
Comment 1 Phil Knirsch 2005-09-01 17:38:11 UTC 
Fixed in development version, other releases will follow soon.

Read ya, Phil
Comment 3 Dimitris 2005-11-07 09:21:16 UTC 
Are there plans to release a new lm_sensors package? FC4 comes with version
2.8.8 which is nearly a year old. I think the current CVS release is 2.9.3.

Thank you.
Comment 4 Bill Nottingham 2006-09-22 02:12:34 UTC 
Closing bugs in MODIFIED state from prior Fedora releases. If this bug persists
in a current Fedora release (such as Fedora Core 5 or later), please reopen and
set the version appropriately.