Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Scientific Linux: 2011-07-18 Moderate Update for system-config-firewall

Calendar Jul 19, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate security issue update local code execution system-config-firewall Scientific Linux
Moderate: system-config-firewall security update 
Date: Tue, 19 Jul 2011 13:57:12 -0500
Reply-To: "Tyler L. Parsons" 
Sender: Security Errata for Scientific Linux
 
From: "Tyler L. Parsons" 
Subject: Security ERRATA Moderate: system-config-firewall on SL6.x
 i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 
MIME-Version: 1.0

Synopsis: Moderate: system-config-firewall security update
Issue Date: 2011-07-18
CVE Numbers: CVE-2011-2520

system-config-firewall is a graphical user interface for basic firewall
setup.

It was found that system-config-firewall used the Python pickle module in
an insecure way when sending data (via D-Bus) to the privileged back-end
mechanism. A local user authorized to configure firewall rules using
system-config-firewall could use this flaw to execute arbitrary code with
root privileges, by sending a specially-crafted serialized object.
(CVE-2011-2520)

This erratum updates system-config-firewall to use JSON (JavaScript Object
Notation) for data exchange, instead of pickle. Therefore, an updated
version of system-config-printer that uses this new communication data
format is also provided in this erratum.

Users of system-config-firewall are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. Running
instances of system-config-firewall must be restarted before the utility
will be able to communicate with its updated back-end.

SL6:
 i386
 system-config-printer-1.1.16-17.el6_1.2.i686.rpm
 system-config-printer-debuginfo-1.1.16-17.el6_1.2.i686.rpm
 system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm
 system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm
 noarch
 system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm
 system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm
 system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm
 x86_64
 system-config-printer-1.1.16-17.el6_1.2.x86_64.rpm
 system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm
 system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpm
 system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm

- Scientific Linux Development Team
Your message here