According to the CVE database; the imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files. Red Hat Enterprise Linux (2.1 all variants) shipped with ImageMagick-5.3.8.
Created attachment 104171 [details] Patch from OpenPKG for this issue
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-494.html
Created attachment 106649 [details] corrected patch for tmpname issue A patch used in ImageMagick-5.3.8-5.src.rpm says in a comment: /* Attention: this creates an additional * intermediate directory for security reasons, * but unfortunately it is never deleted. */ Leaving such "leftovers" is a bug in itself. Attached patch corrects that not to such ghastly things on a normal exit. It possibly can be improved but it works.
Created attachment 106661 [details] another version of "not leaving droppings tmpname" patch I believe that this variant is somewhat more elegant then the previous one. Nothing concentrates mind like posting a code. :-)
Should this bug be closed? CAN-2003-0455 says that this was fixed in <http://www.redhat.com/support/errata/RHSA-2004-494.html>, but that page tells me that that it is outdated, and to look to <http://rhn.redhat.com/errata/RHSA-2005-480.html>....
The security issue has been fixed. I don't think the leftover directory issue warrants a 2.1 update at this point.