pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2022-1591/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

225 lines
10 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20221591",
"Version": "oval:org.altlinux.errata:def:20221591",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-1591: package `LibreOffice` update to version 7.3.2.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-1591",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1591",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-02189",
"RefURL": "https://bdu.fstec.ru/vul/2022-02189",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04771",
"RefURL": "https://bdu.fstec.ru/vul/2022-04771",
"Source": "BDU"
},
{
"RefID": "CVE-2021-25636",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25636",
"Source": "CVE"
},
{
"RefID": "CVE-2022-26305",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26305",
"Source": "CVE"
}
],
"Description": "This update upgrades LibreOffice to version 7.3.2.1-alt1. \nSecurity Fix(es):\n\n * BDU:2022-02189: Уязвимость пакета офисных программ LibreOffice, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2022-04771: Уязвимость пакета офисных программ LibreOffice, связанная с неправильным подтверждением подлинности сертификата, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-25636: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.\n\n * CVE-2022-26305: An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.\n\n * #37391: libreoffice: enable gtk3-kde5 VCL\n\n * #40915: BuildRequires: java-devel \u003e= 9.0.0\n\n * #41969: LibreOffice Math: не вставляются специальные символы",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-03-28"
},
"Updated": {
"Date": "2022-03-28"
},
"BDUs": [
{
"ID": "BDU:2022-02189",
"CVSS": "AV:L/AC:H/Au:S/C:P/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H",
"CWE": "CWE-347",
"Href": "https://bdu.fstec.ru/vul/2022-02189",
"Impact": "Low",
"Public": "20210119"
},
{
"ID": "BDU:2022-04771",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2022-04771",
"Impact": "Critical",
"Public": "20220725"
}
],
"CVEs": [
{
"ID": "CVE-2021-25636",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25636",
"Impact": "High",
"Public": "20220224"
},
{
"ID": "CVE-2022-26305",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26305",
"Impact": "High",
"Public": "20220725"
}
],
"Bugzilla": [
{
"ID": "37391",
"Href": "https://bugzilla.altlinux.org/37391",
"Data": "libreoffice: enable gtk3-kde5 VCL"
},
{
"ID": "40915",
"Href": "https://bugzilla.altlinux.org/40915",
"Data": "BuildRequires: java-devel \u003e= 9.0.0"
},
{
"ID": "41969",
"Href": "https://bugzilla.altlinux.org/41969",
"Data": "LibreOffice Math: не вставляются специальные символы"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20221591001",
"Comment": "LibreOffice is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591002",
"Comment": "LibreOffice-common is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591003",
"Comment": "LibreOffice-extensions is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591004",
"Comment": "LibreOffice-gtk3 is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591005",
"Comment": "LibreOffice-gtk3-kde5 is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591006",
"Comment": "LibreOffice-integrated is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591007",
"Comment": "LibreOffice-kde5 is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591008",
"Comment": "LibreOffice-langpack-be is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591009",
"Comment": "LibreOffice-langpack-de is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591010",
"Comment": "LibreOffice-langpack-es is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591011",
"Comment": "LibreOffice-langpack-fr is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591012",
"Comment": "LibreOffice-langpack-kk is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591013",
"Comment": "LibreOffice-langpack-pt-BR is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591014",
"Comment": "LibreOffice-langpack-ru is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591015",
"Comment": "LibreOffice-langpack-tt is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591016",
"Comment": "LibreOffice-langpack-uk is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591017",
"Comment": "LibreOffice-mimetypes is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591018",
"Comment": "LibreOffice-qt5 is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591019",
"Comment": "LibreOffice-sdk is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591020",
"Comment": "libreofficekit is earlier than 0:7.3.2.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221591021",
"Comment": "libreofficekit-devel is earlier than 0:7.3.2.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink