openSUSE contains a flaw related to aaa_base failing to properly handle filenames with meta characters during tab expansions. This may allow a context-dependent attacker to use a crafted filename to trick another user to execute arbitrary commands, which may allow the attacker to gain elevated privileges.
Local Access Required,
Loss of Integrity
Patch / RCS
Currently, there are no known workarounds or upgrades to correct this issue. However, SUSE has released a patch to address this vulnerability.