CVE-2018-19639
published 2019-03-05CVE-2018-19639: If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensuse | supportutils | < 3.1-5.7.1 | 3.1-5.7.1 |