Your submission was sent successfully! Close

CVE-2021-25635

Published: 19 October 2021

A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity.

Priority

Medium

Status

Package Release Status
libreoffice
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Only affects Microsoft Crypto API back-end)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(1:7.2.1-0ubuntu3)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:7.1.6-0ubuntu0.21.04.1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(windows-only)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(windows-only)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(windows-only)
Ubuntu 14.04 ESM (Trusty Tahr) Ignored
(out of standard support)
Patches:
Upstream: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0)
Upstream: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1)