CVE-2018-19639

Name of the Vulnerable Software and Affected Versions: supportutils versions prior to 3.1-5.7.1

Description: The issue is related to the supportutils package for SUSE Linux, where an attacker can exploit the vulnerability by manipulating the rpm listing, allowing them to execute arbitrary commands as root. This can be achieved when supportutils is run with the -v option to perform rpm verification.

Recommendations: For versions prior to 3.1-5.7.1, update to version 3.1-5.7.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -v option for rpm verification until a patch is available. Restrict access to the rpm listing to minimize the risk of exploitation.