Upstream information

CVE-2019-0804 at MITRE

Description

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.

SUSE information

CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 6.5 5.5
Vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Access Vector Network Local
Access Complexity Low Low
Privileges Required Low Low
User Interaction None None
Scope Unchanged Unchanged
Confidentiality Impact High High
Integrity Impact None None
Availability Impact None None
SUSE Bugzilla entry: 1127838 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
  • python-azure-agent >= 2.2.36-7.6.1
  • python-azure-agent-test >= 2.2.36-7.6.1
Patchnames:
SUSE-SLE-Module-Development-Tools-OBS-15-2019-603
SUSE Linux Enterprise Module for Public Cloud 15
  • python-azure-agent >= 2.2.36-7.6.1
Patchnames:
SUSE-SLE-Module-Public-Cloud-15-2019-603
openSUSE Leap 15.0
  • python-azure-agent >= 2.2.36-lp150.5.10.1
  • python-azure-agent-test >= 2.2.36-lp150.5.10.1
Patchnames:
openSUSE-2019-1106