Lucene search

Ubuntu.comUB:CVE-2021-25634

HistoryOct 12, 2021 - 12:00 a.m.

CVE-2021-25634

2021-10-1200:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

43.6%

JSON

LibreOffice supports digital signatures of ODF documents and macros within
documents, presenting visual aids that no alteration of the document
occurred since the last signing and that the signature is valid. An
Improper Certificate Validation vulnerability in LibreOffice allowed an
attacker to modify a digitally signed ODF document to insert an additional
signing time timestamp which LibreOffice would incorrectly present as a
valid signature signed at the bogus signing time. This issue affects: The
Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions
prior to 7.1.2.

Notes

Author	Note
mdeslaur	The code changes required to fix this issue in Ubuntu 18.04 LTS are extensive. We will not be fixing this issue in Ubuntu 18.04 LTS.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlibreoffice< 1:6.4.7-0ubuntu0.20.04.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	libreoffice	< 1:6.4.7-0ubuntu0.20.04.2	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2021-25634

nvd.nist.gov/vuln/detail/CVE-2021-25634

security-tracker.debian.org/tracker/CVE-2021-25634

ubuntu.com/security/notices/USN-5153-1

www.cve.org/CVERecord?id=CVE-2021-25634

www.libreoffice.org/about-us/security/advisories/CVE-2021-25634

www.openwall.com/lists/oss-security/2021/10/11/2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

43.6%

JSON

Related for UB:CVE-2021-25634