View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-6954 severity important: SUSE including 637 source package names (0.1.0:libsystemd0-234-24.20.1, 0.1.0:libudev1-234-24.20.1, …), 896 product×package rows across 113 product lines (Container caasp/v4/389-ds, Container caasp/v4/busybox, … (113 product lines)): Fixed 739, Known Affected 157.
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.