Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lm_sensors package created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root.
1eb757480487e5bde151ffe0b5c8a09b452e11ae2137fe90de1c1c1398988c76