PublicDateAtUSN: 2021-10-11 17:15:00 UTC
Candidate: CVE-2021-25633
PublicDate: 2021-10-11 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25633
 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
 https://www.openwall.com/lists/oss-security/2021/10/11/1
 https://ubuntu.com/security/notices/USN-5153-1
Description:
 LibreOffice supports digital signatures of ODF documents and macros within
 documents, presenting visual aids that no alteration of the document
 occurred since the last signing and that the signature is valid. An
 Improper Certificate Validation vulnerability in LibreOffice allowed an
 attacker to create a digitally signed ODF document, by manipulating the
 documentsignatures.xml or macrosignatures.xml stream within the document to
 combine multiple certificate data, which when opened caused LibreOffice to
 display a validly signed indicator but whose content was unrelated to the
 signature shown. This issue affects: The Document Foundation LibreOffice
 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.
Ubuntu-Description:
Notes:
 mdeslaur> The code changes required to fix this issue in Ubuntu 18.04 LTS
 mdeslaur> are extensive. We will not be fixing this issue in Ubuntu 18.04
 mdeslaur> LTS.
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_libreoffice:
 upstream: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (bp)
 upstream: https://github.com/LibreOffice/core/commit/a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f
upstream_libreoffice: released (7.0.6,7.1.2,1:7.2.0-2)
esm-infra/xenial_libreoffice: not-affected (code not present)
trusty_libreoffice: ignored (out of standard support)
xenial_libreoffice: ignored (out of standard support)
bionic_libreoffice: ignored
focal_libreoffice: released (1:6.4.7-0ubuntu0.20.04.2)
hirsute_libreoffice: not-affected (1:7.1.2~rc2-0ubuntu2)
impish_libreoffice: not-affected (1:7.2.1-0ubuntu3)
jammy_libreoffice: not-affected
devel_libreoffice: not-affected