Date: prev next · Thread: first prev next last
2021 Archives by date, by thread · List index


皆様

TDFのdiscussメーリングリストにて、以下のとおり脆弱性修正についてのお知らせがありました。

LibreOffice 7.0であれば7.0.6へ、7.1であれば7.1.2以降へ、または7.2.0以降にアップグレードする必要があります

詳細は各CVEのページをご覧ください
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635


---------- Forwarded message ---------
From: Caolán McNamara <caolanm@redhat.com>
Date: 2021年10月11日(月) 21:58
Subject: [tdf-discuss] security related information, CVE-2021-25633,
CVE-2021-25634, CVE-2021-25635
To: <discuss@documentfoundation.org>


tl:dr upgrade to LibreOffice 7-0 to 7.0.6, libreoffice 7-1 to 7.1.2
(or libreoffice 7.2.0)

LibreOffice supports digital signatures of ODF documents and macros
within documents, presenting visual aids that no alteration of the
document occurred since the last signing and that the signature is
valid.

The Network and Data Security group at Ruhr University Bochum
reported a number of flaws with the implementation of this.

CVE-2021-25633
Content Manipulation with Double Certificate Attack
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
Fixed in 7.0.6 and 7.1.2

CVE-2021-25634
Timestamp Manipulation with Signature Wrapping
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634
Fixed in 7.0.6 and 7.1.2

CVE-2021-25635
Content Manipulation with Certificate Validation Attack
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635
Fixed in 7.0.5 and 7.1.1


--
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.documentfoundation.org/www/discuss/
Privacy Policy: https://www.documentfoundation.org/privacy


--
Shinji Enoki
shinji.enoki@gmail.com

-- 
Unsubscribe instructions: E-mail to discuss+unsubscribe@ja.libreoffice.org
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/ja/discuss/
Privacy Policy: https://www.documentfoundation.org/privacy

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.