Bug 1127838 - (CVE-2019-0804) VUL-0: CVE-2019-0804: python-azure-agent: Undisclosed vulnerability
(CVE-2019-0804)
VUL-0: CVE-2019-0804: python-azure-agent: Undisclosed vulnerability
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Robert Schweikert
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-05 06:33 UTC by Karol Babioch
Modified: 2020-08-18 13:19 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 4 Marcus Meissner 2019-03-13 09:08:13 UTC
there have been public postings

Ubuntu advisory:

https://www.pro-linux.de/sicherheit/2/47846/preisgabe-von-informationen-in-walinuxagent.html
Comment 5 Marcus Meissner 2019-03-13 09:09:13 UTC
==========================================================================
Ubuntu Security Notice USN-3907-1
March 12, 2019

walinuxagent vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

WALinuxAgent could be made to expose sensitive information.

Software Description:
- walinuxagent: Windows Azure Linux Agent

Details:

It was discovered that WALinuxAgent created swap files with incorrect
permissions. A local attacker could possibly use this issue to obtain
sensitive information from the swap file.
Comment 8 Robert Schweikert 2019-03-13 12:39:25 UTC
Great thanks. Released
Comment 9 Swamp Workflow Management 2019-03-13 12:56:51 UTC
SUSE-SU-2019:0603-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1127838
CVE References: CVE-2019-0804
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    python-azure-agent-2.2.36-7.6.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python-azure-agent-2.2.36-7.6.1
Comment 10 Marcus Meissner 2019-03-13 13:03:20 UTC
was there any upstream advisory and can you link it?
Comment 11 Marcus Meissner 2019-03-13 13:12:42 UTC
Only the python3 version of the code was affected, so SLE12 and older are not affected.
Comment 12 Swamp Workflow Management 2019-03-26 09:42:18 UTC
This is an autogenerated message for OBS integration:
This bug (1127838) was mentioned in
https://build.opensuse.org/request/show/685775 Factory / python-azure-agent
Comment 14 Johannes Segitz 2019-10-04 04:41:55 UTC
Also affects 11 and 12, see bsc#1152980
Comment 16 Swamp Workflow Management 2019-12-30 17:12:31 UTC
SUSE-SU-2019:3393-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1127838,1159639
CVE References: CVE-2019-0804
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    python-azure-agent-2.2.45-7.9.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python-azure-agent-2.2.45-7.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-12-30 17:13:22 UTC
SUSE-SU-2019:3394-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1127838,1159639
CVE References: CVE-2019-0804
Sources used:
SUSE Linux Enterprise Module for Public Cloud 12 (src):    python-azure-agent-2.2.45-34.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2020-02-24 20:12:09 UTC
SUSE-SU-2020:0440-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1127838
CVE References: CVE-2019-0804
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    python-azure-agent-2.2.45-3.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python-azure-agent-2.2.45-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2020-02-29 23:11:05 UTC
openSUSE-SU-2020:0261-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1127838
CVE References: CVE-2019-0804
Sources used:
openSUSE Leap 15.1 (src):    python-azure-agent-2.2.45-lp151.2.3.1
Comment 22 Swamp Workflow Management 2020-08-18 13:19:49 UTC
SUSE-SU-2020:14454-1: An update that solves one vulnerability and has 11 fixes is now available.

Category: security (moderate)
Bug References: 1061584,1074865,1087764,1092831,1094420,1119542,1127838,1167601,1167602,1173866,1175130,997614
CVE References: CVE-2019-0804
JIRA References: ECO-2419,ECO-80,PM-2119
Sources used:
SUSE Linux Enterprise Server 11-PUBCLOUD (src):    python-azure-agent-2.2.45-28.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.