SUSE: 2022:15034-1 Important: Ruby Man In The Middle Threats

suse

September 6, 2022

An update that fixes four vulnerabilities is now available

Summary

This update for ruby fixes the following issues: - CVE-2018-16395: Fixed an issue where two x509 certificates could be considered to be equal when this was not the case (bsc#1112530). - CVE-2021-32066: Fixed an issue where the IMAP client API would not report a failure when StartTLS failed, leading to potential man in the middle attacks (bsc#1188160). - CVE-2021-31810: Fixed an issue where the FTP client API would trust certain responses from a malicious server, tricking the client into connecting to addresses not (bsc#1188161). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-ruby-15034=1 Package List:

Topics Covered

security advisory update important ruby man-in-the-middle certificate issues SUSE Webyast

References

#1112530 #1188160 #1188161

Cross- CVE-2018-16395 CVE-2021-31810 CVE-2021-32066

CVE-2021-81810

CVSS scores:

CVE-2018-16395 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-16395 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CVE-2021-31810 (NVD) : 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVE-2021-31810 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2021-32066 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2021-32066 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

SUSE Webyast 1.3

https://www.suse.com/security/cve/CVE-2018-16395.html

https://www.suse.com/security/cve/CVE-2021-31810.html

https://www.suse.com/security/cve/CVE-2021-32066.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:15034-1

Rating: important

Topics Covered

security advisory update important ruby man-in-the-middle certificate issues SUSE Webyast

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:15034-1 Important: Ruby Man In The Middle Threats

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:15034-1 Important: Ruby Man In The Middle Threats

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!