Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-25633 CVE-2021-25634 CVE-2021-25635

Source

Synopsis

Moderate: libreoffice security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libreoffice is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.

Security Fix(es):

libreoffice: Content Manipulation with Double Certificate Attack (CVE-2021-25633)
libreoffice: Timestamp Manipulation with Signature Wrapping (CVE-2021-25634)
libreoffice: Content Manipulation with Certificate Validation Attack (CVE-2021-25635)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of LibreOffice applications must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le

Fixes

BZ - 1958421 - [RFE] Request to add libreoffice to RHEL 8 for s390x architecture
BZ - 1980800 - convert-to csv is only converting the first tab of xlsx workbooks
BZ - 1992695 - Writer produces HTML <td> tags with duplicate style attributes
BZ - 2013135 - CVE-2021-25633 libreoffice: Content Manipulation with Double Certificate Attack
BZ - 2013151 - CVE-2021-25634 libreoffice: Timestamp Manipulation with Signature Wrapping
BZ - 2013152 - CVE-2021-25635 libreoffice: Content Manipulation with Certificate Validation Attack

CVEs

References

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook