Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0471)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0471

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0471)

Resumen: The remote host is missing an update for the 'libneon, libreoffice' package(s) announced via the MGASA-2021-0471 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libneon, libreoffice' package(s) announced via the MGASA-2021-0471 advisory.

Vulnerability Insight:
LibreOffice supports digital signatures of ODF documents and macros within
documents, presenting visual aids that no alteration of the document
occurred since the last signing and that the signature is valid.

An Improper Certificate Validation vulnerability in LibreOffice allowed an
attacker to self sign an ODF document, with a signature untrusted by the
target, then modify it to change the signature algorithm to an invalid
(or unknown to LibreOffice) algorithm and LibreOffice would incorrectly
present such a signature with an unknown algorithm as a valid signature
issued by a trusted person.

This updates to version 7.2.2.2 which includes the fix as well as other
bugfixes.

Affected Software/OS:
'libneon, libreoffice' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-25632
Common Vulnerability Exposure (CVE) ID: CVE-2021-25633
Debian Security Information: DSA-4988 (Google Search)
https://www.debian.org/security/2021/dsa-4988
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
Common Vulnerability Exposure (CVE) ID: CVE-2021-25634
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634
Common Vulnerability Exposure (CVE) ID: CVE-2021-25635

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0471
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0471)
Resumen:	The remote host is missing an update for the 'libneon, libreoffice' package(s) announced via the MGASA-2021-0471 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libneon, libreoffice' package(s) announced via the MGASA-2021-0471 advisory. Vulnerability Insight: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person. This updates to version 7.2.2.2 which includes the fix as well as other bugfixes. Affected Software/OS: 'libneon, libreoffice' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-25632 Common Vulnerability Exposure (CVE) ID: CVE-2021-25633 Debian Security Information: DSA-4988 (Google Search) https://www.debian.org/security/2021/dsa-4988 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633 Common Vulnerability Exposure (CVE) ID: CVE-2021-25634 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634 Common Vulnerability Exposure (CVE) ID: CVE-2021-25635
Copyright	Copyright (C) 2022 Greenbone AG