Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 19 Jul 2011 13:57:12 -0500 Reply-To: "Tyler L. Parsons"Sender: Security Errata for Scientific Linux From: "Tyler L. Parsons" Subject: Security ERRATA Moderate: system-config-firewall on SL6.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "MIME-Version: 1.0 Synopsis: Moderate: system-config-firewall security update Issue Date: 2011-07-18 CVE Numbers: CVE-2011-2520 system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data (via D-Bus) to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-firewall could use this flaw to execute arbitrary code with root privileges, by sending a specially-crafted serialized object. (CVE-2011-2520) This erratum updates system-config-firewall to use JSON (JavaScript Object Notation) for data exchange, instead of pickle. Therefore, an updated version of system-config-printer that uses this new communication data format is also provided in this erratum. Users of system-config-firewall are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-firewall must be restarted before the utility will be able to communicate with its updated back-end. SL6: i386 system-config-printer-1.1.16-17.el6_1.2.i686.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.i686.rpm system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm noarch system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm x86_64 system-config-printer-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm - Scientific Linux Development Team