MGASA-2021-0548 Updated fetchmail packages fix security vulnerability

Update to fetchmail 6.4.24 fixes STARTTLS session encryption bypassing. CVE-2021-39272...

Updated fetchmail packages fix security vulnerability

Update to fetchmail 6.4.24 fixes STARTTLS session encryption bypassing. CVE-2021-39272...

Medium: curl

Issue Overview: A flaw was found in libcurl. When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again. The highest threat from this vulnerability is to data confidentiality as well as system availability. CVE-2021-22945 ...

openSUSE: Security Advisory for ruby2.5 (openSUSE-SU-2021:1535-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1535-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc bsc1190375. - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP bsc1188161. - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP bsc1188160...

Security update for ruby2.5 (important)

openSUSE Security Update: Security update for ruby2.5 Announcement ID: openSUSE-SU-2021:1535-1 Rating: important References: 1188160 1188161 1190375 Cross-References: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVSS scores: CVE-2021-31799 SUSE: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

SUSE: Security Advisory (SUSE-SU-2021:3837-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:3838-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for ruby2.5 (openSUSE-SU-2021:3838-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2021:3838-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3838-1 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code...

SUSE-SU-2021:3838-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc bsc1190375. - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP bsc1188161. - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP bsc1188160...

OPENSUSE-SU-2021:3838-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc bsc1190375. - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP bsc1188161. - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP bsc1188160...

SUSE-SU-2021:3837-1 Security update for ruby2.1

This update for ruby2.1 fixes the following issues: - CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick bsc1177125. - CVE-2021-31799: Fixed Command injection vulnerability in RDoc bsc1190375. - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP bsc1188161. ...

Security update for ruby2.5 (important)

openSUSE Security Update: Security update for ruby2.5 Announcement ID: openSUSE-SU-2021:3838-1 Rating: important References: 1188160 1188161 1190375 Cross-References: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVSS scores: CVE-2021-31799 SUSE: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2721)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2673)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2021-2673)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2021-2696)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a...

The vulnerability in the implementation of the STARTTLS protocol for the software interface with servers allows a perpetrator to carry out “man-in-the-middle” attacks.

The vulnerability of the STARTTLS protocol implementation in the software for interacting with servers via cURL is related to insufficient authentication checks. Exploiting this vulnerability allows a remote attacker to carry out “man-in-the-middle” attacks...

DEBIAN-CVE-2021-38502

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...