Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

SUSE-SU-2022:15034-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2022:15034-1

SUSE-SU-2022:15034-1

UNKNOWN

Security update for ruby

Published Sep 6, 2022

Modified 3 years ago

Fix available

Details

This update for ruby fixes the following issues:

CVE-2018-16395: Fixed an issue where two x509 certificates could be considered to be equal when this was not the case (bsc#1112530).
CVE-2021-32066: Fixed an issue where the IMAP client API would not report a failure when StartTLS failed, leading to potential man in the middle attacks (bsc#1188160).
CVE-2021-31810: Fixed an issue where the FTP client API would trust certain responses from a malicious server, tricking the client into connecting to addresses not (bsc#1188161).

Affected Packages

ruby

SUSE WebYast 1.3

Fixed in:

1.8.7.p357-0.9.20.3.1

ruby-devel

SUSE WebYast 1.3

Fixed in:

1.8.7.p357-0.9.20.3.1

References

https://bugzilla.suse.com/1112530

https://bugzilla.suse.com/1188160

https://bugzilla.suse.com/1188161

https://www.suse.com/security/cve/CVE-2018-16395

https://www.suse.com/security/cve/CVE-2021-31810

https://www.suse.com/security/cve/CVE-2021-32066

https://www.suse.com/security/cve/CVE-2021-81810

https://www.suse.com/support/update/announcement/2022/suse-su-202215034-1/

Upstream

CVE-2018-16395 CVE-2021-31810 CVE-2021-32066 CVE-2021-81810

Related

CVE-2018-16395 CVE-2021-31810 CVE-2021-32066 CVE-2021-81810

Ecosystems

SUSE WebYast 1.3

Timeline

PublishedSep 6, 2022

ModifiedSep 6, 2022