CVE-2021-25635

Publication date 19 October 2021

Last updated 24 July 2024

Ubuntu priority

A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libreoffice	22.04 LTS jammy	Not affected
	21.10 impish	Not affected
	21.04 hirsute	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Notes

mdeslaur

This CVE is specific to the Microsoft Crypto API backend

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libreoffice	Upstream: edeb164 Upstream: a5fe0be

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635
https://www.openwall.com/lists/oss-security/2021/10/11/3
https://www.cve.org/CVERecord?id=CVE-2021-25635