A vulnerability was found in WALinuxAgent. If the Agent is configured to enable a swapfile on the ephemeral drive (/mnt) then it is created with weak permissions (0644), making it readable by "group" and "other".
Created attachment 1539753 [details] Proposed upstream patch fixing the issue
Acknowledgments: Name: Francis McBratney (Destinatech Limited)
Created WALinuxAgent tracking bugs for this issue: Affects: epel-all [bug 1688254] Affects: fedora-all [bug 1688253]
External References: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1527 https://access.redhat.com/errata/RHSA-2019:1527
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-0804