[system-config-firewall/f14] - fixed possible privilege escalation flaw via use of python pickle (CVE-2011-2520), replaced pick

Thomas Woerner twoerner at fedoraproject.org
Fri Jul 22 13:51:26 UTC 2011 

commit ff9da6bed01e056fc8c9bcee110c226be5bb2dc3
Author: Thomas Woerner <twoerner at redhat.com>
Date:   Fri Jul 22 15:50:52 2011 +0200

    - fixed possible privilege escalation flaw via use of python pickle
      (CVE-2011-2520), replaced pickle by json (rhbz#717985) and (rhbz#722991)
    - stop D-BUS firewall mechanism on update

 system-config-firewall-1.2.27-rhbz#717985.patch |   48 +++++++++++++++++++++++
 system-config-firewall.spec                     |   14 ++++++-
 2 files changed, 61 insertions(+), 1 deletions(-)
---
diff --git a/system-config-firewall-1.2.27-rhbz#717985.patch b/system-config-firewall-1.2.27-rhbz#717985.patch
new file mode 100644
index 0000000..d44c73f
--- /dev/null
+++ b/system-config-firewall-1.2.27-rhbz#717985.patch
@@ -0,0 +1,48 @@
+diff -up system-config-firewall-1.2.27/src/fw_dbus.py.rhbz#717985 system-config-firewall-1.2.27/src/fw_dbus.py
+--- system-config-firewall-1.2.27/src/fw_dbus.py.rhbz#717985	2010-08-10 12:37:57.000000000 +0200
++++ system-config-firewall-1.2.27/src/fw_dbus.py	2011-07-08 11:20:37.579654226 +0200
+@@ -23,7 +23,7 @@ import dbus.service
+ import dbus.mainloop.glib
+ import slip.dbus
+ import slip.dbus.service
+-import pickle
++import json
+ 
+ import fw_sysconfig
+ import fw_lokkit
+@@ -53,7 +53,7 @@ class DBusProxy(object):
+     def read(self):
+         rep = self.dbus_obj.read(dbus_interface=DBUS_DOMAIN)
+         try:
+-            args = pickle.loads(rep.encode('utf-8'))
++            args = json.loads(rep.encode('utf-8'))
+         except:
+             return None
+         return args
+@@ -61,7 +61,7 @@ class DBusProxy(object):
+     @slip.dbus.polkit.enable_proxy
+     def write(self, args):
+         try:
+-            rep = pickle.dumps(args)
++            rep = json.dumps(args)
+         except:
+             return -1
+         return self.dbus_obj.write(rep.encode('utf-8'),
+@@ -91,7 +91,7 @@ class DBusService(slip.dbus.service.Obje
+     def read(self):
+         args = fw_sysconfig.read_sysconfig_args()
+         try:
+-            rep = pickle.dumps(args)
++            rep = json.dumps(args)
+         except:
+             return None
+         return rep.encode('utf-8')    
+@@ -102,7 +102,7 @@ class DBusService(slip.dbus.service.Obje
+     @dbus.service.method(DBUS_DOMAIN, in_signature='s', out_signature='i')
+     def write(self, rep):
+         try:
+-            args = pickle.loads(rep.encode('utf-8'))
++            args = json.loads(rep.encode('utf-8'))
+         except:
+             return -1
+ 
diff --git a/system-config-firewall.spec b/system-config-firewall.spec
index b8496cf..1c793d1 100644
--- a/system-config-firewall.spec
+++ b/system-config-firewall.spec
@@ -16,7 +16,7 @@
 Summary: A graphical interface for basic firewall setup
 Name: system-config-firewall
 Version: 1.2.27
-Release: 1%{?dist}
+Release: 2%{?dist}
 URL: http://fedorahosted.org/system-config-firewall
 License: GPLv2+
 ExclusiveOS: Linux
@@ -24,6 +24,8 @@ Group: System Environment/Base
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 BuildArch: noarch
 Source0: https://fedorahosted.org/released/system-config-firewall/%{name}-%{version}.tar.bz2
+# replace pickle by json (CVE-2011-2520):
+Patch0: system-config-firewall-1.2.27-rhbz#717985.patch
 BuildRequires: desktop-file-utils
 BuildRequires: gettext
 BuildRequires: intltool
@@ -77,6 +79,7 @@ system-config-firewall-tui is a text user interface for basic firewall setup.
 
 %prep
 %setup -q
+%patch0 -p1 -b .rhbz#717985
 
 %build
 %configure %{?with_usermode: --enable-usermode} \
@@ -98,6 +101,10 @@ desktop-file-install --vendor system --delete-original \
 rm -rf %{buildroot}
 
 %post
+if [ $1 -eq 2 ]; then
+  # kill the D-BUS mechanism on update
+  killall -TERM system-config-firewall-mechanism.py >&/dev/null || :
+fi
 touch --no-create %{_datadir}/icons/hicolor
 if [ -x /usr/bin/gtk-update-icon-cache ]; then
   gtk-update-icon-cache -q %{_datadir}/icons/hicolor
@@ -170,6 +177,11 @@ fi
 %{_datadir}/system-config-firewall/fw_tui.*
 
 %changelog
+* Fri Jul 22 2011 Thomas Woerner <twoerner at redhat.com> 1.2.27-2
+- fixed possible privilege escalation flaw via use of python pickle
+  (CVE-2011-2520), replaced pickle by json (rhbz#717985) and (rhbz#722991)
+- stop D-BUS firewall mechanism on update
+
 * Tue Aug 10 2010 Thomas Woerner <twoerner at redhat.com> 1.2.27-1
 - updated translations: bn_IN, de, fi, fr, gu, hi, it, ja, kn, ko, ml, mr, or,
                         pt_BR, ru, ta, te, zh_CN, zh_TW

More information about the scm-commits mailing list