Debian Long Term Support / LTS Security Information / 2018 / Security Information -- DLA-1361-1 psensor

Debian Security Advisory

DLA-1361-1 psensor -- LTS security update

Date Reported:

24 Apr 2018

Affected Packages:

psensor

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 896195.
In Mitre's CVE dictionary: CVE-2014-10073.

More information:

It was discovered that psensor, a server for monitoring hardware sensors remotely, was prone to a directory traversal vulnerability because the create_response function in server/server.c lacks a check for whether a file is under the webserver directory.

For Debian 7 Wheezy, these problems have been fixed in version 0.6.2.17-2+deb7u1.

We recommend that you upgrade your psensor packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS