AlmaLinux 8 : libreoffice (ALSA-2022:1766)

high Nessus Plugin ID 161111

Synopsis

The remote AlmaLinux host is missing one or more security updates.

Description

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1766 advisory.

- LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid.
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. (CVE-2021-25633)

- LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid.
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. (CVE-2021-25634)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://errata.almalinux.org/8/ALSA-2022-1766.html

Plugin Details

Severity: High

ID: 161111

File Name: alma_linux_ALSA-2022-1766.nasl

Version: 1.2

Type: local

Published: 5/12/2022

Updated: 5/12/2022

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-25634

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:alma:linux:autocorr-af, p-cpe:/a:alma:linux:autocorr-bg, p-cpe:/a:alma:linux:autocorr-ca, p-cpe:/a:alma:linux:autocorr-cs, p-cpe:/a:alma:linux:autocorr-da, p-cpe:/a:alma:linux:autocorr-de, p-cpe:/a:alma:linux:autocorr-en, p-cpe:/a:alma:linux:autocorr-es, p-cpe:/a:alma:linux:autocorr-fa, p-cpe:/a:alma:linux:autocorr-fi, p-cpe:/a:alma:linux:autocorr-fr, p-cpe:/a:alma:linux:autocorr-ga, p-cpe:/a:alma:linux:autocorr-hr, p-cpe:/a:alma:linux:autocorr-hu, p-cpe:/a:alma:linux:autocorr-is, p-cpe:/a:alma:linux:autocorr-it, p-cpe:/a:alma:linux:autocorr-ja, p-cpe:/a:alma:linux:autocorr-ko, p-cpe:/a:alma:linux:autocorr-lb, p-cpe:/a:alma:linux:autocorr-lt, p-cpe:/a:alma:linux:autocorr-mn, p-cpe:/a:alma:linux:autocorr-nl, p-cpe:/a:alma:linux:autocorr-pl, p-cpe:/a:alma:linux:autocorr-pt, p-cpe:/a:alma:linux:autocorr-ro, p-cpe:/a:alma:linux:autocorr-ru, p-cpe:/a:alma:linux:autocorr-sk, p-cpe:/a:alma:linux:autocorr-sl, p-cpe:/a:alma:linux:autocorr-sr, p-cpe:/a:alma:linux:autocorr-sv, p-cpe:/a:alma:linux:autocorr-tr, p-cpe:/a:alma:linux:autocorr-vi, p-cpe:/a:alma:linux:autocorr-zh, p-cpe:/a:alma:linux:libreoffice-base, p-cpe:/a:alma:linux:libreoffice-calc, p-cpe:/a:alma:linux:libreoffice-core, p-cpe:/a:alma:linux:libreoffice-data, p-cpe:/a:alma:linux:libreoffice-draw, p-cpe:/a:alma:linux:libreoffice-emailmerge, p-cpe:/a:alma:linux:libreoffice-filters, p-cpe:/a:alma:linux:libreoffice-gdb-debug-support, p-cpe:/a:alma:linux:libreoffice-graphicfilter, p-cpe:/a:alma:linux:libreoffice-gtk3, p-cpe:/a:alma:linux:libreoffice-help-ar, p-cpe:/a:alma:linux:libreoffice-help-bg, p-cpe:/a:alma:linux:libreoffice-help-bn, p-cpe:/a:alma:linux:libreoffice-help-ca, p-cpe:/a:alma:linux:libreoffice-help-cs, p-cpe:/a:alma:linux:libreoffice-help-da, p-cpe:/a:alma:linux:libreoffice-help-de, p-cpe:/a:alma:linux:libreoffice-help-dz, p-cpe:/a:alma:linux:libreoffice-help-el, p-cpe:/a:alma:linux:libreoffice-help-en, p-cpe:/a:alma:linux:libreoffice-help-es, p-cpe:/a:alma:linux:libreoffice-help-et, p-cpe:/a:alma:linux:libreoffice-help-eu, p-cpe:/a:alma:linux:libreoffice-help-fi, p-cpe:/a:alma:linux:libreoffice-help-fr, p-cpe:/a:alma:linux:libreoffice-help-gl, p-cpe:/a:alma:linux:libreoffice-help-gu, p-cpe:/a:alma:linux:libreoffice-help-he, p-cpe:/a:alma:linux:libreoffice-help-hi, p-cpe:/a:alma:linux:libreoffice-help-hr, p-cpe:/a:alma:linux:libreoffice-help-hu, p-cpe:/a:alma:linux:libreoffice-help-id, p-cpe:/a:alma:linux:libreoffice-help-it, p-cpe:/a:alma:linux:libreoffice-help-ja, p-cpe:/a:alma:linux:libreoffice-help-ko, p-cpe:/a:alma:linux:libreoffice-help-lt, p-cpe:/a:alma:linux:libreoffice-help-lv, p-cpe:/a:alma:linux:libreoffice-help-nb, p-cpe:/a:alma:linux:libreoffice-help-nl, p-cpe:/a:alma:linux:libreoffice-help-nn, p-cpe:/a:alma:linux:libreoffice-help-pl, p-cpe:/a:alma:linux:libreoffice-help-pt-BR, p-cpe:/a:alma:linux:libreoffice-help-pt-PT, p-cpe:/a:alma:linux:libreoffice-help-ro, p-cpe:/a:alma:linux:libreoffice-help-ru, p-cpe:/a:alma:linux:libreoffice-help-si, p-cpe:/a:alma:linux:libreoffice-help-sk, p-cpe:/a:alma:linux:libreoffice-help-sl, p-cpe:/a:alma:linux:libreoffice-help-sv, p-cpe:/a:alma:linux:libreoffice-help-ta, p-cpe:/a:alma:linux:libreoffice-help-tr, p-cpe:/a:alma:linux:libreoffice-help-uk, p-cpe:/a:alma:linux:libreoffice-help-zh-Hans, p-cpe:/a:alma:linux:libreoffice-help-zh-Hant, p-cpe:/a:alma:linux:libreoffice-impress, p-cpe:/a:alma:linux:libreoffice-langpack-af, p-cpe:/a:alma:linux:libreoffice-langpack-ar, p-cpe:/a:alma:linux:libreoffice-langpack-as, p-cpe:/a:alma:linux:libreoffice-langpack-bg, p-cpe:/a:alma:linux:libreoffice-langpack-bn, p-cpe:/a:alma:linux:libreoffice-langpack-br, p-cpe:/a:alma:linux:libreoffice-langpack-ca, p-cpe:/a:alma:linux:libreoffice-langpack-cs, p-cpe:/a:alma:linux:libreoffice-langpack-cy, p-cpe:/a:alma:linux:libreoffice-langpack-da, p-cpe:/a:alma:linux:libreoffice-langpack-de, p-cpe:/a:alma:linux:libreoffice-langpack-dz, p-cpe:/a:alma:linux:libreoffice-langpack-el, p-cpe:/a:alma:linux:libreoffice-langpack-en, p-cpe:/a:alma:linux:libreoffice-langpack-es, p-cpe:/a:alma:linux:libreoffice-langpack-et, p-cpe:/a:alma:linux:libreoffice-langpack-eu, p-cpe:/a:alma:linux:libreoffice-langpack-fa, p-cpe:/a:alma:linux:libreoffice-langpack-fi, p-cpe:/a:alma:linux:libreoffice-langpack-fr, p-cpe:/a:alma:linux:libreoffice-langpack-ga, p-cpe:/a:alma:linux:libreoffice-langpack-gl, p-cpe:/a:alma:linux:libreoffice-langpack-gu, p-cpe:/a:alma:linux:libreoffice-langpack-he, p-cpe:/a:alma:linux:libreoffice-langpack-hi, p-cpe:/a:alma:linux:libreoffice-langpack-hr, p-cpe:/a:alma:linux:libreoffice-langpack-hu, p-cpe:/a:alma:linux:libreoffice-langpack-id, p-cpe:/a:alma:linux:libreoffice-langpack-it, p-cpe:/a:alma:linux:libreoffice-langpack-ja, p-cpe:/a:alma:linux:libreoffice-langpack-kk, p-cpe:/a:alma:linux:libreoffice-langpack-kn, p-cpe:/a:alma:linux:libreoffice-langpack-ko, p-cpe:/a:alma:linux:libreoffice-langpack-lt, p-cpe:/a:alma:linux:libreoffice-langpack-lv, p-cpe:/a:alma:linux:libreoffice-langpack-mai, p-cpe:/a:alma:linux:libreoffice-langpack-ml, p-cpe:/a:alma:linux:libreoffice-langpack-mr, p-cpe:/a:alma:linux:libreoffice-langpack-nb, p-cpe:/a:alma:linux:libreoffice-langpack-nl, p-cpe:/a:alma:linux:libreoffice-langpack-nn, p-cpe:/a:alma:linux:libreoffice-langpack-nr, p-cpe:/a:alma:linux:libreoffice-langpack-nso, p-cpe:/a:alma:linux:libreoffice-langpack-or, p-cpe:/a:alma:linux:libreoffice-langpack-pa, p-cpe:/a:alma:linux:libreoffice-langpack-pl, p-cpe:/a:alma:linux:libreoffice-langpack-pt-BR, p-cpe:/a:alma:linux:libreoffice-langpack-pt-PT, p-cpe:/a:alma:linux:libreoffice-langpack-ro, p-cpe:/a:alma:linux:libreoffice-langpack-ru, p-cpe:/a:alma:linux:libreoffice-langpack-si, p-cpe:/a:alma:linux:libreoffice-langpack-sk, p-cpe:/a:alma:linux:libreoffice-langpack-sl, p-cpe:/a:alma:linux:libreoffice-langpack-sr, p-cpe:/a:alma:linux:libreoffice-langpack-ss, p-cpe:/a:alma:linux:libreoffice-langpack-st, p-cpe:/a:alma:linux:libreoffice-langpack-sv, p-cpe:/a:alma:linux:libreoffice-langpack-ta, p-cpe:/a:alma:linux:libreoffice-langpack-te, p-cpe:/a:alma:linux:libreoffice-langpack-th, p-cpe:/a:alma:linux:libreoffice-langpack-tn, p-cpe:/a:alma:linux:libreoffice-langpack-tr, p-cpe:/a:alma:linux:libreoffice-langpack-ts, p-cpe:/a:alma:linux:libreoffice-langpack-uk, p-cpe:/a:alma:linux:libreoffice-langpack-ve, p-cpe:/a:alma:linux:libreoffice-langpack-xh, p-cpe:/a:alma:linux:libreoffice-langpack-zh-Hans, p-cpe:/a:alma:linux:libreoffice-langpack-zh-Hant, p-cpe:/a:alma:linux:libreoffice-langpack-zu, p-cpe:/a:alma:linux:libreoffice-math, p-cpe:/a:alma:linux:libreoffice-ogltrans, p-cpe:/a:alma:linux:libreoffice-opensymbol-fonts, p-cpe:/a:alma:linux:libreoffice-pdfimport, p-cpe:/a:alma:linux:libreoffice-pyuno, p-cpe:/a:alma:linux:libreoffice-ure, p-cpe:/a:alma:linux:libreoffice-ure-common, p-cpe:/a:alma:linux:libreoffice-wiki-publisher, p-cpe:/a:alma:linux:libreoffice-writer, p-cpe:/a:alma:linux:libreoffice-x11, p-cpe:/a:alma:linux:libreoffice-xsltfilter, p-cpe:/a:alma:linux:libreofficekit, cpe:/o:alma:linux:8

Required KB Items: Host/local_checks_enabled, Host/AlmaLinux/release, Host/AlmaLinux/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 5/10/2022

Vulnerability Publication Date: 10/11/2021

Reference Information

CVE: CVE-2021-25633, CVE-2021-25634, CVE-2021-25635

ALSA: 2022:1766