[Xastir-Dev] Possible temp file handling bug in ImageMagick <5.5.7
Bill Owens N2RKL
bill-xastir at owensfamily.org
Mon Jun 30 10:44:02 EDT 2003
Debian released a patched version of ImageMagick over the weekend,
saying the following:
imagemagick's libmagick library, under certain circumstances, creates
temporary files without taking appropriate security precautions. This
vulnerability could be exploited by a local user to create or
overwrite files with the privileges of another user who is invoking a
program using this library.
For the stable distribution (woody) this problem has been fixed in
version 4:5.4.4.5-1woody1.
I'm not sure how big a deal this is, or exactly when it was fixed. However
there's a line in the release notes for 5.5.7 that may refer to it:
* Added a temporary file manager that prevents race conditions and
removes any remaining files on exit.
I also don't know how badly other things will break if you try to go
to 5.5.7 :( Luckily temp file creation problems are local issues, so if
you trust all the users on your machine you're probably OK. . .
Bill N2RKL
More information about the Xastir-dev
mailing list