MGASA-2021-0471 - Updated libreoffice packages fix security vulnerability

Publication date: 12 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0471.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-25635

LibreOffice supports digital signatures of ODF documents and macros within
documents, presenting visual aids that no alteration of the document
occurred since the last signing and that the signature is valid.

An Improper Certificate Validation vulnerability in LibreOffice allowed an
attacker to self sign an ODF document, with a signature untrusted by the
target, then modify it to change the signature algorithm to an invalid
(or unknown to LibreOffice) algorithm and LibreOffice would incorrectly
present such a signature with an unknown algorithm as a valid signature
issued by a trusted person.

This updates to version 7.2.2.2 which includes the fix as well as other
bugfixes.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29542
- https://www.libreoffice.org/about-us/security/advisories/cve-2021-25635/
- https://wiki.documentfoundation.org/ReleaseNotes/7.1
- https://wiki.documentfoundation.org/ReleaseNotes/7.2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25635

SRPMS:
- 8/core/libreoffice-7.2.2.2-1.mga8