CVE-2019-3693

A symlink following vulnerability in the packaging of mailman in SUSE SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman.
This issue affects:
SUSE SUSE Linux Enterprise Server 11
mailman versions prior to 2.1.15-9.6.15.1.
SUSE SUSE Linux Enterprise Server 12
mailman versions prior to 2.1.17-3.11.1.
openSUSE Leap 15.1
mailman version 2.1.29-lp151.2.14 and prior versions.

Source: CVE-2019-3693