Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-25636 (GCVE-0-2021-25636)
Vulnerability from cvelistv5 – Published: 2022-02-22 00:00 – Updated: 2024-08-03 20:11
VLAI?
EPSS
Title
Incorrect trust validation of signature with ambiguous KeyInfo children
Summary
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.
Severity ?
No CVSS data available.
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.2 , < 7.2.5
(custom)
|
Credits
Thanks to NDS of Ruhr University Bochum for discovering and reporting this problem.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/"
},
{
"name": "FEDORA-2022-3bbe89c20f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.2.5",
"status": "affected",
"version": "7.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to NDS of Ruhr University Bochum for discovering and reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-26T00:00:00.000Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/"
},
{
"name": "FEDORA-2022-3bbe89c20f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect trust validation of signature with ambiguous KeyInfo children",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2021-25636",
"datePublished": "2022-02-22T00:00:00.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2021-25636
Vulnerability from fkie_nvd - Published: 2022-02-24 15:15 - Updated: 2024-11-21 05:55
Severity ?
Summary
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libreoffice | libreoffice | * | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DFE4A1B-0C41-4294-9EC5-5DC94366C492",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5."
},
{
"lang": "es",
"value": "LibreOffice soporta firmas digitales de documentos ODF y macros dentro de documentos, presentando ayudas visuales de que no ha sido producido ninguna alteraci\u00f3n del documento desde la \u00faltima firma y que la firma es v\u00e1lida. Una vulnerabilidad de comprobaci\u00f3n inapropiada de certificados en LibreOffice permit\u00eda a un atacante crear un documento ODF firmado digitalmente, manipulando el flujo documentsignatures.xml o macrosignatures.xml dentro del documento para que contuviera los hijos \"X509Data\" y \"KeyValue\" de la etiqueta \"KeyInfo\", que cuando era abierta causaba que LibreOffice verificara usando el \"KeyValue\" pero informara de la verificaci\u00f3n con el valor \"X509Data\" no relacionado. Este problema afecta a: Document Foundation LibreOffice versiones 7.2 anteriores a 7.2.5"
}
],
"id": "CVE-2021-25636",
"lastModified": "2024-11-21T05:55:11.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-24T15:15:21.813",
"references": [
{
"source": "security@documentfoundation.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
},
{
"source": "security@documentfoundation.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/"
},
{
"source": "security@documentfoundation.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/"
}
],
"sourceIdentifier": "security@documentfoundation.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security@documentfoundation.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2022-55626
Vulnerability from cnvd - Published: 2022-08-03
VLAI Severity ?
Title
libreoffice信任管理问题漏洞(CNVD-2022-55626)
Description
LibreOffice是文档基金会(The Document Foundation,tdf)的一套开源的办公软件套件。该产品包含Writer(文本文档)、Calc(电子表格)和Impress(演示文稿)等应用程序。
libreoffice存在信任管理问题漏洞,该漏洞源于libreoffice:签名的信任验证错误,具有不明确的KeyInfo子节点。目前没有详细的漏洞细节提供。
Severity
中
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://access.redhat.com/security/cve/cve-2021-25636
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-25636
Impacted products
| Name | LibreOffice LibreOffice >=7.2.0,<7.2.5 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-25636",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-25636"
}
},
"description": "LibreOffice\u662f\u6587\u6863\u57fa\u91d1\u4f1a\uff08The Document Foundation\uff0ctdf\uff09\u7684\u4e00\u5957\u5f00\u6e90\u7684\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\u3002\u8be5\u4ea7\u54c1\u5305\u542bWriter\uff08\u6587\u672c\u6587\u6863\uff09\u3001Calc\uff08\u7535\u5b50\u8868\u683c\uff09\u548cImpress\uff08\u6f14\u793a\u6587\u7a3f\uff09\u7b49\u5e94\u7528\u7a0b\u5e8f\u3002\n\nlibreoffice\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8elibreoffice\uff1a\u7b7e\u540d\u7684\u4fe1\u4efb\u9a8c\u8bc1\u9519\u8bef\uff0c\u5177\u6709\u4e0d\u660e\u786e\u7684KeyInfo\u5b50\u8282\u70b9\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://access.redhat.com/security/cve/cve-2021-25636",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-55626",
"openTime": "2022-08-03",
"products": {
"product": "LibreOffice LibreOffice \u003e=7.2.0\uff0c\u003c7.2.5"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-25636",
"serverity": "\u4e2d",
"submitTime": "2022-02-24",
"title": "libreoffice\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2022-55626\uff09"
}
GHSA-3CGR-WXHV-H7XW
Vulnerability from github – Published: 2022-02-25 00:01 – Updated: 2022-06-04 00:00
VLAI?
Details
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2021-25636"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-24T15:15:00Z",
"severity": "HIGH"
},
"details": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.",
"id": "GHSA-3cgr-wxhv-h7xw",
"modified": "2022-06-04T00:00:41Z",
"published": "2022-02-25T00:01:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25636"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2"
},
{
"type": "WEB",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
cve-2021-25636
Vulnerability from osv_almalinux
Published
2022-11-08 00:00
Modified
2022-11-12 02:56
Summary
Moderate: libreoffice security update
Details
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.
Security Fix(es):
- libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children (CVE-2021-25636)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-af"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-bg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-ca"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-cs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-da"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-de"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-en"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-es"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-fa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-fi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-fr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-ga"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-hr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-hu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-is"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-it"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-ja"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-ko"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-lb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-lt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-mn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-nl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-pl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-pt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-ro"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-ru"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-sk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-sl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-sr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-sv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-tr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-vi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "autocorr-zh"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-base"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-calc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-data"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-draw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-emailmerge"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-filters"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-gdb-debug-support"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-graphicfilter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-ar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-bg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-bn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-ca"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-cs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-da"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-de"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-dz"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-el"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-en"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-es"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-et"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-eu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-fi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-fr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-gl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-gu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-he"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-hi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-hr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-hu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-id"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-it"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-ja"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-ko"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-lt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-lv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-nb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-nl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-nn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-pl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-pt-BR"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-pt-PT"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-ro"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-ru"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-si"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-sk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-sl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-sv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-ta"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-tr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-uk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-zh-Hans"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-help-zh-Hant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-impress"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-af"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-as"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-bg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-bn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-br"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ca"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-cs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-cy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-da"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-de"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-dz"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-el"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-en"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-es"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-et"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-eu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-fa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-fi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-fr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ga"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-gl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-gu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-he"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-hi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-hr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-hu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-id"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-it"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ja"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-kk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-kn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ko"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-lt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-lv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-mai"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-mr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-nb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-nl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-nn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-nr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-nso"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-or"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-pa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-pl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-pt-BR"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-pt-PT"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ro"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ru"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-si"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-sk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-sl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-sr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ss"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-st"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-sv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ta"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-te"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-th"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-tn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-tr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-uk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-ve"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-xh"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-zh-Hans"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-zh-Hant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-langpack-zu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-math"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-ogltrans"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-opensymbol-fonts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-pdfimport"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-pyuno"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-sdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-sdk-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-ure"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-ure-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-wiki-publisher"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-writer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-x11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreoffice-xsltfilter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libreofficekit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.4.7.2-11.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.\n\nSecurity Fix(es):\n\n* libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children (CVE-2021-25636)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2022:7461",
"modified": "2022-11-12T02:56:06Z",
"published": "2022-11-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7461"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-25636"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2056955"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-7461.html"
}
],
"related": [
"CVE-2021-25636"
],
"summary": "Moderate: libreoffice security update"
}
CVE-2021-25636
Vulnerability from fstec - Published: 19.01.2021
VLAI Severity ?
Title
Уязвимость пакета офисных программ LibreOffice, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю обойти ограничения безопасности
Description
Уязвимость пакета офисных программ LibreOffice связана с некорректной проверкой криптографической подписи при использовании значений «X509Data» и «KeyValue». Эксплуатация уязвимости может позволить нарушителю обойти ограничения безопасности с помощью специально созданного ODF-документа
Severity ?
Vendor
ООО «РусБИТех-Астра», Fedora Project, The Document Foundation, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Fedora, LibreOffice, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 34 (Fedora), 1.7 (Astra Linux Special Edition), до 7.2.5 (LibreOffice), от 7.2.5.1 до 7.3.0 (LibreOffice), 4.7 (Astra Linux Special Edition), до 2.7 (ОСОН ОСнова Оnyx), до 20.10.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для LibreOffice:
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/
Для Fedora:
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3bbe89c20f
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17
Для Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47
Для ОСОН ОСнова Оnyx (версия 2.7):
Обновление программного обеспечения libreoffice до версии 4:7.4.5+repack-1~bpo11+1osnova1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения libreoffice до версии 1:6.1.5+repack-3+deb10u8.strelets1
Reference
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3bbe89c20f
https://bugzilla.redhat.com/show_bug.cgi?id=2056956
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/
https://access.redhat.com/security/cve/cve-2021-25636
https://vuldb.com/ru/?id.193739
https://www.securitylab.ru/vulnerability/530137.php
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#20102023
CWE
CWE-347
{
"CVSS 2.0": "AV:L/AC:H/Au:S/C:P/I:C/A:C",
"CVSS 3.0": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, The Document Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 34 (Fedora), 1.7 (Astra Linux Special Edition), \u0434\u043e 7.2.5 (LibreOffice), \u043e\u0442 7.2.5.1 \u0434\u043e 7.3.0 (LibreOffice), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 20.10.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f LibreOffice:\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/\n\n\u0414\u043b\u044f Fedora:\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2022-3bbe89c20f\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.7):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libreoffice \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4:7.4.5+repack-1~bpo11+1osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libreoffice \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:6.1.5+repack-3+deb10u8.strelets1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.01.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.04.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02189",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-25636",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora, LibreOffice, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 34 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 20.10.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u043e\u0444\u0438\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c LibreOffice, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 (CWE-347)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u043e\u0444\u0438\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c LibreOffice \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u00abX509Data\u00bb \u0438 \u00abKeyValue\u00bb. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e ODF-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-3bbe89c20f\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2056956\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/\nhttps://access.redhat.com/security/cve/cve-2021-25636\nhttps://vuldb.com/ru/?id.193739\nhttps://www.securitylab.ru/vulnerability/530137.php\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#20102023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-347",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,7)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)"
}
GSD-2021-25636
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-25636",
"description": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.",
"id": "GSD-2021-25636",
"references": [
"https://www.suse.com/security/cve/CVE-2021-25636.html",
"https://ubuntu.com/security/CVE-2021-25636",
"https://access.redhat.com/errata/RHSA-2022:7461"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-25636"
],
"details": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.",
"id": "GSD-2021-25636",
"modified": "2023-12-13T01:23:21.170751Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"ID": "CVE-2021-25636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.2",
"version_value": "7.2.5"
}
]
}
}
]
},
"vendor_name": "The Document Foundation"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Thanks to NDS of Ruhr University Bochum for discovering and reporting this problem."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-347",
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/",
"refsource": "MISC",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"ID": "CVE-2021-25636"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-03-27T00:15Z",
"publishedDate": "2022-02-24T15:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…