Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0471)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0471

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0471)

Zusammenfassung: The remote host is missing an update for the 'libneon, libreoffice' package(s) announced via the MGASA-2021-0471 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libneon, libreoffice' package(s) announced via the MGASA-2021-0471 advisory.

Vulnerability Insight:
LibreOffice supports digital signatures of ODF documents and macros within
documents, presenting visual aids that no alteration of the document
occurred since the last signing and that the signature is valid.

An Improper Certificate Validation vulnerability in LibreOffice allowed an
attacker to self sign an ODF document, with a signature untrusted by the
target, then modify it to change the signature algorithm to an invalid
(or unknown to LibreOffice) algorithm and LibreOffice would incorrectly
present such a signature with an unknown algorithm as a valid signature
issued by a trusted person.

This updates to version 7.2.2.2 which includes the fix as well as other
bugfixes.

Affected Software/OS:
'libneon, libreoffice' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-25632
Common Vulnerability Exposure (CVE) ID: CVE-2021-25633
Debian Security Information: DSA-4988 (Google Search)
https://www.debian.org/security/2021/dsa-4988
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
Common Vulnerability Exposure (CVE) ID: CVE-2021-25634
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634
Common Vulnerability Exposure (CVE) ID: CVE-2021-25635

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0471
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0471)
Zusammenfassung:	The remote host is missing an update for the 'libneon, libreoffice' package(s) announced via the MGASA-2021-0471 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libneon, libreoffice' package(s) announced via the MGASA-2021-0471 advisory. Vulnerability Insight: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person. This updates to version 7.2.2.2 which includes the fix as well as other bugfixes. Affected Software/OS: 'libneon, libreoffice' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-25632 Common Vulnerability Exposure (CVE) ID: CVE-2021-25633 Debian Security Information: DSA-4988 (Google Search) https://www.debian.org/security/2021/dsa-4988 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633 Common Vulnerability Exposure (CVE) ID: CVE-2021-25634 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634 Common Vulnerability Exposure (CVE) ID: CVE-2021-25635
Copyright	Copyright (C) 2022 Greenbone AG