Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

openSUSE-SU-2021:1591-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceopenSUSE-SU-2021:1591-1

openSUSE-SU-2021:1591-1

UNKNOWN

Security update for fetchmail

Published Dec 17, 2021

Modified 4 years ago

Fix available

Details

This update for fetchmail fixes the following issues:

CVE-2021-36386: Fixed DoS or information disclosure in some configurations (bsc#1188875).
CVE-2021-39272: Fixed STARTTLS session encryption bypassing (fetchmail-SA-2021-02) (bsc#1190069).
Update to 6.4.22 (bsc#1152964, jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059)
Remove all python2 dependencies (bsc#1190896).
De-hardcode /usr/lib path for launch executable (bsc#1174075).
Added hardening to systemd service(s) (bsc#1181400).

This update was imported from the SUSE:SLE-15:Update update project.

Affected Packages

fetchmail

openSUSE Leap 15.2

Fixed in:

6.4.22-lp152.6.12.1

fetchmailconf

openSUSE Leap 15.2

Fixed in:

6.4.22-lp152.6.12.1

References

https://bugzilla.suse.com/1152964

https://bugzilla.suse.com/1174075

https://bugzilla.suse.com/1181400

https://bugzilla.suse.com/1188875

https://bugzilla.suse.com/1190069

https://bugzilla.suse.com/1190896

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2MQSBOFKUN3D2SAYKHGH2NQW7UGR6J7P/

https://www.suse.com/security/cve/CVE-2021-36386

https://www.suse.com/security/cve/CVE-2021-39272

Upstream

CVE-2021-36386 CVE-2021-39272

Related

CVE-2021-36386 CVE-2021-39272

Ecosystems

openSUSE Leap 15.2

Timeline

PublishedDec 17, 2021

ModifiedDec 17, 2021