[原文]Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.
RedHat Linux contains a flaw that may lead to an unauthorized information disclosure. When a user requests swap files be created during updates, the files are created with world readable permissions. There is a potential that these swap files may contain passwords or other sensitive information. An attacker can access these files resulting in a loss of confidentiality.
Upgrade to losetup-2.11b-3.i386.rpm and mount-2.11b-3.i386.rpm or higher, as the combination has been reported to fix this vulnerability. It is also possible to correct the flaw by manually setting restricted read permissions to the temporary files.