257 lines
12 KiB
JSON
257 lines
12 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20212151",
|
||
"Version": "oval:org.altlinux.errata:def:20212151",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2021-2151: package `LibreOffice` update to version 7.1.3.2-alt0.p9.1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p9"
|
||
],
|
||
"Products": [
|
||
"ALT Server",
|
||
"ALT Virtualization Server",
|
||
"ALT Workstation",
|
||
"ALT Workstation K",
|
||
"ALT Education",
|
||
"Simply Linux",
|
||
"Starterkit"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2021-2151",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2151",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-02227",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-02227",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-05337",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-05337",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-05923",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-05923",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2021-25631",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25631",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2021-25633",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25633",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2021-25634",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25634",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades LibreOffice to version 7.1.3.2-alt0.p9.1. \nSecurity Fix(es):\n\n * BDU:2021-02227: Уязвимость пакета офисных программ LibreOffice, связанная с ошибками в настройках безопасности, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2021-05337: Уязвимость пакета офисных программ LibreOffice, связанная с ошибками при формировании документов documentsignatures.xml, macrosignatures.xml, позволяющая нарушителю манипулировать подписанными документами\n\n * BDU:2022-05923: Уязвимость пакета офисных программ LibreOffice, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2021-25631: In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.\n\n * CVE-2021-25633: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.\n\n * CVE-2021-25634: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2021-07-05"
|
||
},
|
||
"Updated": {
|
||
"Date": "2021-07-05"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2021-02227",
|
||
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-02227",
|
||
"Impact": "High",
|
||
"Public": "20210413"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-05337",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-295",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-05337",
|
||
"Impact": "High",
|
||
"Public": "20211011"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-05923",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-295",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-05923",
|
||
"Impact": "High",
|
||
"Public": "20211012"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2021-25631",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "NVD-CWE-Other",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25631",
|
||
"Impact": "High",
|
||
"Public": "20210503"
|
||
},
|
||
{
|
||
"ID": "CVE-2021-25633",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-295",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25633",
|
||
"Impact": "High",
|
||
"Public": "20211011"
|
||
},
|
||
{
|
||
"ID": "CVE-2021-25634",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-295",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25634",
|
||
"Impact": "High",
|
||
"Public": "20211012"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:kworkstation:9",
|
||
"cpe:/o:alt:workstation:9",
|
||
"cpe:/o:alt:server:9",
|
||
"cpe:/o:alt:server-v:9",
|
||
"cpe:/o:alt:education:9",
|
||
"cpe:/o:alt:slinux:9",
|
||
"cpe:/o:alt:starterkit:p9",
|
||
"cpe:/o:alt:kworkstation:9.1",
|
||
"cpe:/o:alt:workstation:9.1",
|
||
"cpe:/o:alt:server:9.1",
|
||
"cpe:/o:alt:server-v:9.1",
|
||
"cpe:/o:alt:education:9.1",
|
||
"cpe:/o:alt:slinux:9.1",
|
||
"cpe:/o:alt:starterkit:9.1",
|
||
"cpe:/o:alt:kworkstation:9.2",
|
||
"cpe:/o:alt:workstation:9.2",
|
||
"cpe:/o:alt:server:9.2",
|
||
"cpe:/o:alt:server-v:9.2",
|
||
"cpe:/o:alt:education:9.2",
|
||
"cpe:/o:alt:slinux:9.2",
|
||
"cpe:/o:alt:starterkit:9.2"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151001",
|
||
"Comment": "LibreOffice is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151002",
|
||
"Comment": "LibreOffice-common is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151003",
|
||
"Comment": "LibreOffice-extensions is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151004",
|
||
"Comment": "LibreOffice-gtk3 is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151005",
|
||
"Comment": "LibreOffice-integrated is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151006",
|
||
"Comment": "LibreOffice-kde5 is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151007",
|
||
"Comment": "LibreOffice-langpack-be is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151008",
|
||
"Comment": "LibreOffice-langpack-de is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151009",
|
||
"Comment": "LibreOffice-langpack-es is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151010",
|
||
"Comment": "LibreOffice-langpack-fr is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151011",
|
||
"Comment": "LibreOffice-langpack-kk is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151012",
|
||
"Comment": "LibreOffice-langpack-pt-BR is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151013",
|
||
"Comment": "LibreOffice-langpack-ru is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151014",
|
||
"Comment": "LibreOffice-langpack-tt is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151015",
|
||
"Comment": "LibreOffice-langpack-uk is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151016",
|
||
"Comment": "LibreOffice-mimetypes is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151017",
|
||
"Comment": "LibreOffice-qt5 is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151018",
|
||
"Comment": "LibreOffice-sdk is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151019",
|
||
"Comment": "libreofficekit is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20212151020",
|
||
"Comment": "libreofficekit-devel is earlier than 0:7.1.3.2-alt0.p9.1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |