Mageia 8: 2021-0471 Moderate: LibreOffice Improper Certificate Validation
mageia
October 12, 2021
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and ...
Summary
LibreOffice supports digital signatures of ODF documents and macros within
documents, presenting visual aids that no alteration of the document
occurred since the last signing and that the signature is valid.
An Improper Certificate Validation vulnerability in LibreOffice allowed an
attacker to self sign an ODF document, with a signature untrusted by the
target, then modify it to change the signature algorithm to an invalid
(or unknown to LibreOffice) algorithm and LibreOffice would incorrectly
present such a signature with an unknown algorithm as a valid signature
issued by a trusted person.
This updates to version 7.2.2.2 which includes the fix as well as other
bugfixes.
References
- https://bugs.mageia.org/show_bug.cgi?id=29542
-
- https://wiki.documentfoundation.org/ReleaseNotes/7.1
- https://wiki.documentfoundation.org/ReleaseNotes/7.2
- https://www.cve.org/CVERecord?id=CVE-2021-25635
Topics Covered
Resolution
SRPMS
- 8/core/libreoffice-7.2.2.2-1.mga8
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 12 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0471.html
Type: security
CVE: CVE-2021-25635
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!