The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. References: https://github.com/ruby-ldap/ruby-net-ldap/issues/258 https://github.com/ruby-ldap/ruby-net-ldap/pull/279 http://openwall.com/lists/oss-security/2017/12/17/10
Statement: This issue affects the versions of rubygem-net-ldap as shipped with Red Hat Subscription Asset Manager 1 and Satellite version 6. Red Hat Product Security has rated this issue as having Moderate security impact. No update is planned at this time however a future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Satellite 6.7 fixed this issue via the rebase to tfm-rubygem-net-ldap-0.16.1