CVE-2019-18898

UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root.
This issue affects:
SUSE SUSE Linux Enterprise Server 15 SP1
trousers versions prior to 0.3.14-6.3.1.
openSUSE Factory
trousers versions prior to 0.3.14-7.1.

Source: CVE-2019-18898