Red Hat Bugzilla – Bug 98827
CAN-2003-0455 ImageMagick temporary file handling vulnerability
Last modified: 2007-11-30 17:06:53 EST
According to the CVE database; the imagemagick libmagick library 5.5 and earlier
creates temporary files insecurely, which allows local users to create or
overwrite arbitrary files. Red Hat Enterprise Linux (2.1 all variants) shipped
Created attachment 104171 [details]
Patch from OpenPKG for this issue
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
Created attachment 106649 [details]
corrected patch for tmpname issue
A patch used in ImageMagick-5.3.8-5.src.rpm says in a comment:
/* Attention: this creates an additional
* intermediate directory for security reasons,
* but unfortunately it is never deleted.
Leaving such "leftovers" is a bug in itself. Attached patch corrects
that not to such ghastly things on a normal exit. It possibly can be
improved but it works.
Created attachment 106661 [details]
another version of "not leaving droppings tmpname" patch
I believe that this variant is somewhat more elegant then the previous one.
Nothing concentrates mind like posting a code. :-)
Should this bug be closed? CAN-2003-0455 says that this was fixed in
<http://www.redhat.com/support/errata/RHSA-2004-494.html>, but that
page tells me that that it is outdated, and to look to
The security issue has been fixed. I don't think the leftover directory issue
warrants a 2.1 update at this point.