Bug 722992 - CVE-2011-2520 system-config-firewall: privilege escalation flaw via use of python pickle [fedora-all]
Summary: CVE-2011-2520 system-config-firewall: privilege escalation flaw via use of py...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-printer
Version: 15
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 727860 (view as bug list)
Depends On:
Blocks: CVE-2011-2520
TreeView+ depends on / blocked
 
Reported: 2011-07-18 17:33 UTC by Vincent Danen
Modified: 2012-08-25 16:04 UTC (History)
12 users (show)

Fixed In Version: system-config-printer-1.3.5-1.fc15
Doc Type: Release Note
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-07 20:27:24 UTC


Attachments (Terms of Use)

Description Vincent Danen 2011-07-18 17:33:23 UTC
This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.

For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=717985

Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please only close it when all
affected versions are fixed.


[bug automatically created by: add-tracking-bugs]

Comment 1 Tomas Hoger 2011-08-03 06:15:44 UTC
system-config-firewall update was already pushed to F15 stable (FEDORA-2011-9652) and is in F14 testing (FEDORA-2011-9663).

Comment 2 Tim Waugh 2011-08-03 13:32:33 UTC
*** Bug 727860 has been marked as a duplicate of this bug. ***

Comment 3 Anthony Mounsey 2011-08-04 03:27:45 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: x86_64
OS Release: Fedora release 15 (Lovelock)

Comment
-----
Opened printing applet and selected add input requested password and the application crashed

Comment 4 Ismael Sosa 2011-08-05 11:53:14 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: x86_64
OS Release: Fedora release 15 (Lovelock)

Comment
-----
This problem ocurrs when a I run system-config-printer, then I am going to add a new network printer, in this moment is when produce de problem
and show you by console this message:

system-config-printer
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 586, in msg_reply_handler
    reply_handler(*message.get_args_list(**get_args_opts))
  File "/usr/share/system-config-printer/firewall.py", line 77, in reply_handler
    self._fw_data = pickle.loads (result.encode ('utf-8'))
  File "/usr/lib64/python2.7/pickle.py", line 1382, in loads
    return Unpickler(file).load()
  File "/usr/lib64/python2.7/pickle.py", line 858, in load
    dispatch[key](self)
KeyError: '['

Comment 5 Gregory Trivett 2011-08-09 19:23:45 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: x86_64
OS Release: Fedora release 15 (Lovelock)

Comment
-----
Adding a printer

Comment 6 hugosleao 2011-08-10 15:26:45 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: x86_64
OS Release: Fedora release 15 (Lovelock)

Comment
-----
sem motivo aparente.

Comment 7 zbechir 2011-08-11 11:49:29 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: x86_64
OS Release: Fedora release 15 (Lovelock)

Comment
-----
I don't know

Comment 8 Christos 2011-08-11 15:54:19 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: i686
OS Release: Fedora release 15 (Lovelock)

Comment
-----
Tried to install a network printer

Comment 9 bob brush 2011-08-12 03:11:12 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: i686
OS Release: Fedora release 15 (Lovelock)

Comment
-----
system-config-printer

Comment 10 zackxon 2011-08-12 06:10:17 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: i686
OS Release: Fedora release 15 (Lovelock)

Comment
-----
just trying to get my canon pixma mp620b printer to work. I plugged it in and for some reason I just get this alert.

Comment 11 Bengt Sjögren 2011-08-15 08:04:20 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: i686
OS Release: Fedora release 15 (Lovelock)

Comment
-----
As I stared to configure a new printer

Comment 12 Bengt Sjögren 2011-08-15 08:05:03 UTC
Package: system-config-printer-1.3.3-1.fc15
Architecture: i686
OS Release: Fedora release 15 (Lovelock)

Comment
-----
As I stared to configure a new printer

Comment 13 nagesh 2011-08-19 11:31:51 UTC
Package: system-config-printer-1.3.2-2.fc15
Architecture: i686
OS Release: Fedora release 15 (Lovelock)


Comment
-----
when adding the printer

Comment 14 anthony.s.hughes 2011-09-02 23:39:24 UTC
Package: system-config-printer-1.3.2-2.fc15
Architecture: x86_64
OS Release: Fedora release 15 (Lovelock)


Comment
-----
Selected "Printing" from Applications.
Selected "Add Printer"
Entered my password
*crash*

Comment 15 Steve Nordquist 2011-09-10 01:53:14 UTC
Package: system-config-printer-1.3.2-2.fc15
Architecture: x86_64
OS Release: Fedora release 15 (Lovelock)


Comment
-----
Removed the printer entry that made the printer receive data and print nothing.

Comment 16 Fedora End Of Life 2012-08-07 20:27:27 UTC
This message is a notice that Fedora 15 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 15. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we were unable to fix it before Fedora 15 reached end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" (top right of this page) and open it against that
version of Fedora.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping


Note You need to log in before you can comment on or make changes to this bug.