Bugzilla – Bug 1152980
VUL-0: WALinuxAgent: swap file created world readable
Last modified: 2022-04-14 13:45:49 UTC
UBUNTU:CVE-2019-0804 An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'. This has already been handled in bsc#1127838, but only for python-azure-agent. This code is also present in WALinuxAgent, which we have on 11 and 12. I don't want to reopen the existing workflow, so I create a new bug for this waagent: 560 if not os.path.isfile(mountpoint + "/swapfile"): 561 Run("dd if=/dev/zero of=" + mountpoint + "/swapfile bs=1024 count=" + str(sizeKB)) 562 Run("mkswap " + mountpoint + "/swapfile") References: http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0804.html
WALinuxAgent was superseded by python-azure-agent in the SLE 12 code stream. The python-azure-agent package contains: # Package renamed in SLE 12, do not remove Provides, Obsolete directives # until after SLE 12 EOL Provides: WALinuxAgent = %{version} Obsoletes: WALinuxAgent < %{version} In SLE 11 the package is, as in SLE 12 and SLE 15 in the Public Cloud module and there is not LTSS for packages in the Public Cloud module in SLE 11.
Done.