CVE-2021-25635
Published: 19 October 2021
A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity.
Notes
Author | Note |
---|---|
mdeslaur | This CVE is specific to the Microsoft Crypto API backend |
Priority
Status
Package | Release | Status |
---|---|---|
libreoffice Launchpad, Ubuntu, Debian |
jammy |
Not vulnerable
(1:7.2.1-0ubuntu3)
|
xenial |
Ignored
(end of standard support)
|
|
bionic |
Not vulnerable
(windows-only)
|
|
focal |
Not vulnerable
(windows-only)
|
|
hirsute |
Not vulnerable
(1:7.1.6-0ubuntu0.21.04.1)
|
|
impish |
Not vulnerable
(1:7.2.1-0ubuntu3)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Not vulnerable
(debian: Only affects Microsoft Crypto API back-end)
|
|
Patches: upstream: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0) upstream: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1) |