CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation

[Vincent Danen <vdanen () redhat com>]

Hi folks.  I'm not sure if anyone else uses system-config-firewall and
system-config-printer, but we had a report of a privilege escalation
flaw that could allow a user with access to run these commands to
elevate their privileges due to insecure use of the python pickle
module.

The solution is to use JSON rather than pickle.  The details and a patch
for CVE-2011-2520 are available in our bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2520

Thanks.

--
Vincent Danen / Red Hat Security Response Team