MGASA-2021-0471

Source
https://advisories.mageia.org/MGASA-2021-0471.html
Import Source
https://advisories.mageia.org/MGASA-2021-0471.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2021-0471
Related
Published
2021-10-12T06:56:11Z
Modified
2021-10-12T13:55:03Z
Summary
Updated libreoffice packages fix security vulnerability
Details

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid.

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person.

This updates to version 7.2.2.2 which includes the fix as well as other bugfixes.

References
Credits

Affected packages

Mageia:8 / libreoffice

Package

Name
libreoffice
Purl
pkg:rpm/mageia/libreoffice?arch=source&distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.2.2.2-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / libneon

Package

Name
libneon
Purl
pkg:rpm/mageia/libneon?arch=source&distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.31.2-1.mga8

Ecosystem specific

{
    "section": "core"
}