Anolis OS update for libreoffice

Published: 2022-06-15 | Updated: 2025-03-28

Risk	Medium
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2021-25633 CVE-2021-25634 CVE-2021-25635
CWE-ID	CWE-295 CWE-347
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Anolis OS Operating systems & Components / Operating system libreofficekit Operating systems & Components / Operating system package or component libreoffice-xsltfilter Operating systems & Components / Operating system package or component libreoffice-x11 Operating systems & Components / Operating system package or component libreoffice-writer Operating systems & Components / Operating system package or component libreoffice-wiki-publisher Operating systems & Components / Operating system package or component libreoffice-ure Operating systems & Components / Operating system package or component libreoffice-pyuno Operating systems & Components / Operating system package or component libreoffice-pdfimport Operating systems & Components / Operating system package or component libreoffice-ogltrans Operating systems & Components / Operating system package or component libreoffice-math Operating systems & Components / Operating system package or component libreoffice-langpack-zu Operating systems & Components / Operating system package or component libreoffice-langpack-zh-Hant Operating systems & Components / Operating system package or component libreoffice-langpack-zh-Hans Operating systems & Components / Operating system package or component libreoffice-langpack-xh Operating systems & Components / Operating system package or component libreoffice-langpack-ve Operating systems & Components / Operating system package or component libreoffice-langpack-uk Operating systems & Components / Operating system package or component libreoffice-langpack-ts Operating systems & Components / Operating system package or component libreoffice-langpack-tr Operating systems & Components / Operating system package or component libreoffice-langpack-tn Operating systems & Components / Operating system package or component libreoffice-langpack-th Operating systems & Components / Operating system package or component libreoffice-langpack-te Operating systems & Components / Operating system package or component libreoffice-langpack-ta Operating systems & Components / Operating system package or component libreoffice-langpack-sv Operating systems & Components / Operating system package or component libreoffice-langpack-st Operating systems & Components / Operating system package or component libreoffice-langpack-ss Operating systems & Components / Operating system package or component libreoffice-langpack-sr Operating systems & Components / Operating system package or component libreoffice-langpack-sl Operating systems & Components / Operating system package or component libreoffice-langpack-sk Operating systems & Components / Operating system package or component libreoffice-langpack-si Operating systems & Components / Operating system package or component libreoffice-langpack-ru Operating systems & Components / Operating system package or component libreoffice-langpack-ro Operating systems & Components / Operating system package or component libreoffice-langpack-pt-PT Operating systems & Components / Operating system package or component libreoffice-langpack-pt-BR Operating systems & Components / Operating system package or component libreoffice-langpack-pl Operating systems & Components / Operating system package or component libreoffice-langpack-pa Operating systems & Components / Operating system package or component libreoffice-langpack-or Operating systems & Components / Operating system package or component libreoffice-langpack-nso Operating systems & Components / Operating system package or component libreoffice-langpack-nr Operating systems & Components / Operating system package or component libreoffice-langpack-nn Operating systems & Components / Operating system package or component libreoffice-langpack-nl Operating systems & Components / Operating system package or component libreoffice-langpack-nb Operating systems & Components / Operating system package or component libreoffice-langpack-mr Operating systems & Components / Operating system package or component libreoffice-langpack-ml Operating systems & Components / Operating system package or component libreoffice-langpack-mai Operating systems & Components / Operating system package or component libreoffice-langpack-lv Operating systems & Components / Operating system package or component libreoffice-langpack-lt Operating systems & Components / Operating system package or component libreoffice-langpack-ko Operating systems & Components / Operating system package or component libreoffice-langpack-kn Operating systems & Components / Operating system package or component libreoffice-langpack-kk Operating systems & Components / Operating system package or component libreoffice-langpack-ja Operating systems & Components / Operating system package or component libreoffice-langpack-it Operating systems & Components / Operating system package or component libreoffice-langpack-id Operating systems & Components / Operating system package or component libreoffice-langpack-hu Operating systems & Components / Operating system package or component libreoffice-langpack-hr Operating systems & Components / Operating system package or component libreoffice-langpack-hi Operating systems & Components / Operating system package or component libreoffice-langpack-he Operating systems & Components / Operating system package or component libreoffice-langpack-gu Operating systems & Components / Operating system package or component libreoffice-langpack-gl Operating systems & Components / Operating system package or component libreoffice-langpack-ga Operating systems & Components / Operating system package or component libreoffice-langpack-fr Operating systems & Components / Operating system package or component libreoffice-langpack-fi Operating systems & Components / Operating system package or component libreoffice-langpack-fa Operating systems & Components / Operating system package or component libreoffice-langpack-eu Operating systems & Components / Operating system package or component libreoffice-langpack-et Operating systems & Components / Operating system package or component libreoffice-langpack-es Operating systems & Components / Operating system package or component libreoffice-langpack-en Operating systems & Components / Operating system package or component libreoffice-langpack-el Operating systems & Components / Operating system package or component libreoffice-langpack-dz Operating systems & Components / Operating system package or component libreoffice-langpack-de Operating systems & Components / Operating system package or component libreoffice-langpack-da Operating systems & Components / Operating system package or component libreoffice-langpack-cy Operating systems & Components / Operating system package or component libreoffice-langpack-cs Operating systems & Components / Operating system package or component libreoffice-langpack-ca Operating systems & Components / Operating system package or component libreoffice-langpack-br Operating systems & Components / Operating system package or component libreoffice-langpack-bn Operating systems & Components / Operating system package or component libreoffice-langpack-bg Operating systems & Components / Operating system package or component libreoffice-langpack-as Operating systems & Components / Operating system package or component libreoffice-langpack-ar Operating systems & Components / Operating system package or component libreoffice-langpack-af Operating systems & Components / Operating system package or component libreoffice-impress Operating systems & Components / Operating system package or component libreoffice-help-zh-Hant Operating systems & Components / Operating system package or component libreoffice-help-zh-Hans Operating systems & Components / Operating system package or component libreoffice-help-uk Operating systems & Components / Operating system package or component libreoffice-help-tr Operating systems & Components / Operating system package or component libreoffice-help-ta Operating systems & Components / Operating system package or component libreoffice-help-sv Operating systems & Components / Operating system package or component libreoffice-help-sl Operating systems & Components / Operating system package or component libreoffice-help-sk Operating systems & Components / Operating system package or component libreoffice-help-si Operating systems & Components / Operating system package or component libreoffice-help-ru Operating systems & Components / Operating system package or component libreoffice-help-ro Operating systems & Components / Operating system package or component libreoffice-help-pt-PT Operating systems & Components / Operating system package or component libreoffice-help-pt-BR Operating systems & Components / Operating system package or component libreoffice-help-pl Operating systems & Components / Operating system package or component libreoffice-help-nn Operating systems & Components / Operating system package or component libreoffice-help-nl Operating systems & Components / Operating system package or component libreoffice-help-nb Operating systems & Components / Operating system package or component libreoffice-help-lv Operating systems & Components / Operating system package or component libreoffice-help-lt Operating systems & Components / Operating system package or component libreoffice-help-ko Operating systems & Components / Operating system package or component libreoffice-help-ja Operating systems & Components / Operating system package or component libreoffice-help-it Operating systems & Components / Operating system package or component libreoffice-help-id Operating systems & Components / Operating system package or component libreoffice-help-hu Operating systems & Components / Operating system package or component libreoffice-help-hr Operating systems & Components / Operating system package or component libreoffice-help-hi Operating systems & Components / Operating system package or component libreoffice-help-he Operating systems & Components / Operating system package or component libreoffice-help-gu Operating systems & Components / Operating system package or component libreoffice-help-gl Operating systems & Components / Operating system package or component libreoffice-help-fr Operating systems & Components / Operating system package or component libreoffice-help-fi Operating systems & Components / Operating system package or component libreoffice-help-eu Operating systems & Components / Operating system package or component libreoffice-help-et Operating systems & Components / Operating system package or component libreoffice-help-es Operating systems & Components / Operating system package or component libreoffice-help-en Operating systems & Components / Operating system package or component libreoffice-help-el Operating systems & Components / Operating system package or component libreoffice-help-dz Operating systems & Components / Operating system package or component libreoffice-help-de Operating systems & Components / Operating system package or component libreoffice-help-da Operating systems & Components / Operating system package or component libreoffice-help-cs Operating systems & Components / Operating system package or component libreoffice-help-ca Operating systems & Components / Operating system package or component libreoffice-help-bn Operating systems & Components / Operating system package or component libreoffice-help-bg Operating systems & Components / Operating system package or component libreoffice-help-ar Operating systems & Components / Operating system package or component libreoffice-gtk3 Operating systems & Components / Operating system package or component libreoffice-graphicfilter Operating systems & Components / Operating system package or component libreoffice-gdb-debug-support Operating systems & Components / Operating system package or component libreoffice-filters Operating systems & Components / Operating system package or component libreoffice-emailmerge Operating systems & Components / Operating system package or component libreoffice-draw Operating systems & Components / Operating system package or component libreoffice-core Operating systems & Components / Operating system package or component libreoffice-calc Operating systems & Components / Operating system package or component libreoffice-base Operating systems & Components / Operating system package or component libreoffice-ure-common Operating systems & Components / Operating system package or component libreoffice-opensymbol-fonts Operating systems & Components / Operating system package or component libreoffice-data Operating systems & Components / Operating system package or component autocorr-zh Operating systems & Components / Operating system package or component autocorr-vi Operating systems & Components / Operating system package or component autocorr-tr Operating systems & Components / Operating system package or component autocorr-sv Operating systems & Components / Operating system package or component autocorr-sr Operating systems & Components / Operating system package or component autocorr-sl Operating systems & Components / Operating system package or component autocorr-sk Operating systems & Components / Operating system package or component autocorr-ru Operating systems & Components / Operating system package or component autocorr-ro Operating systems & Components / Operating system package or component autocorr-pt Operating systems & Components / Operating system package or component autocorr-pl Operating systems & Components / Operating system package or component autocorr-nl Operating systems & Components / Operating system package or component autocorr-mn Operating systems & Components / Operating system package or component autocorr-lt Operating systems & Components / Operating system package or component autocorr-lb Operating systems & Components / Operating system package or component autocorr-ko Operating systems & Components / Operating system package or component autocorr-ja Operating systems & Components / Operating system package or component autocorr-it Operating systems & Components / Operating system package or component autocorr-is Operating systems & Components / Operating system package or component autocorr-hu Operating systems & Components / Operating system package or component autocorr-hr Operating systems & Components / Operating system package or component autocorr-ga Operating systems & Components / Operating system package or component autocorr-fr Operating systems & Components / Operating system package or component autocorr-fi Operating systems & Components / Operating system package or component autocorr-fa Operating systems & Components / Operating system package or component autocorr-es Operating systems & Components / Operating system package or component autocorr-en Operating systems & Components / Operating system package or component autocorr-de Operating systems & Components / Operating system package or component autocorr-da Operating systems & Components / Operating system package or component autocorr-cs Operating systems & Components / Operating system package or component autocorr-ca Operating systems & Components / Operating system package or component autocorr-bg Operating systems & Components / Operating system package or component autocorr-af Operating systems & Components / Operating system package or component
Vendor	OpenAnolis

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Improper Certificate Validation

EUVDB-ID: #VU57214

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-25633

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform spoofing attack.

The vulnerability exists due to application does not properly check for digital signatures of ODF files. A remote attacker can create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

libreofficekit: before 6.4.7.2-10.0.1

libreoffice-xsltfilter: before 6.4.7.2-10.0.1

libreoffice-x11: before 6.4.7.2-10.0.1

libreoffice-writer: before 6.4.7.2-10.0.1

libreoffice-wiki-publisher: before 6.4.7.2-10.0.1

libreoffice-ure: before 6.4.7.2-10.0.1

libreoffice-pyuno: before 6.4.7.2-10.0.1

libreoffice-pdfimport: before 6.4.7.2-10.0.1

libreoffice-ogltrans: before 6.4.7.2-10.0.1

libreoffice-math: before 6.4.7.2-10.0.1

libreoffice-langpack-zu: before 6.4.7.2-10.0.1

libreoffice-langpack-zh-Hant: before 6.4.7.2-10.0.1

libreoffice-langpack-zh-Hans: before 6.4.7.2-10.0.1

libreoffice-langpack-xh: before 6.4.7.2-10.0.1

libreoffice-langpack-ve: before 6.4.7.2-10.0.1

libreoffice-langpack-uk: before 6.4.7.2-10.0.1

libreoffice-langpack-ts: before 6.4.7.2-10.0.1

libreoffice-langpack-tr: before 6.4.7.2-10.0.1

libreoffice-langpack-tn: before 6.4.7.2-10.0.1

libreoffice-langpack-th: before 6.4.7.2-10.0.1

libreoffice-langpack-te: before 6.4.7.2-10.0.1

libreoffice-langpack-ta: before 6.4.7.2-10.0.1

libreoffice-langpack-sv: before 6.4.7.2-10.0.1

libreoffice-langpack-st: before 6.4.7.2-10.0.1

libreoffice-langpack-ss: before 6.4.7.2-10.0.1

libreoffice-langpack-sr: before 6.4.7.2-10.0.1

libreoffice-langpack-sl: before 6.4.7.2-10.0.1

libreoffice-langpack-sk: before 6.4.7.2-10.0.1

libreoffice-langpack-si: before 6.4.7.2-10.0.1

libreoffice-langpack-ru: before 6.4.7.2-10.0.1

libreoffice-langpack-ro: before 6.4.7.2-10.0.1

libreoffice-langpack-pt-PT: before 6.4.7.2-10.0.1

libreoffice-langpack-pt-BR: before 6.4.7.2-10.0.1

libreoffice-langpack-pl: before 6.4.7.2-10.0.1

libreoffice-langpack-pa: before 6.4.7.2-10.0.1

libreoffice-langpack-or: before 6.4.7.2-10.0.1

libreoffice-langpack-nso: before 6.4.7.2-10.0.1

libreoffice-langpack-nr: before 6.4.7.2-10.0.1

libreoffice-langpack-nn: before 6.4.7.2-10.0.1

libreoffice-langpack-nl: before 6.4.7.2-10.0.1

libreoffice-langpack-nb: before 6.4.7.2-10.0.1

libreoffice-langpack-mr: before 6.4.7.2-10.0.1

libreoffice-langpack-ml: before 6.4.7.2-10.0.1

libreoffice-langpack-mai: before 6.4.7.2-10.0.1

libreoffice-langpack-lv: before 6.4.7.2-10.0.1

libreoffice-langpack-lt: before 6.4.7.2-10.0.1

libreoffice-langpack-ko: before 6.4.7.2-10.0.1

libreoffice-langpack-kn: before 6.4.7.2-10.0.1

libreoffice-langpack-kk: before 6.4.7.2-10.0.1

libreoffice-langpack-ja: before 6.4.7.2-10.0.1

libreoffice-langpack-it: before 6.4.7.2-10.0.1

libreoffice-langpack-id: before 6.4.7.2-10.0.1

libreoffice-langpack-hu: before 6.4.7.2-10.0.1

libreoffice-langpack-hr: before 6.4.7.2-10.0.1

libreoffice-langpack-hi: before 6.4.7.2-10.0.1

libreoffice-langpack-he: before 6.4.7.2-10.0.1

libreoffice-langpack-gu: before 6.4.7.2-10.0.1

libreoffice-langpack-gl: before 6.4.7.2-10.0.1

libreoffice-langpack-ga: before 6.4.7.2-10.0.1

libreoffice-langpack-fr: before 6.4.7.2-10.0.1

libreoffice-langpack-fi: before 6.4.7.2-10.0.1

libreoffice-langpack-fa: before 6.4.7.2-10.0.1

libreoffice-langpack-eu: before 6.4.7.2-10.0.1

libreoffice-langpack-et: before 6.4.7.2-10.0.1

libreoffice-langpack-es: before 6.4.7.2-10.0.1

libreoffice-langpack-en: before 6.4.7.2-10.0.1

libreoffice-langpack-el: before 6.4.7.2-10.0.1

libreoffice-langpack-dz: before 6.4.7.2-10.0.1

libreoffice-langpack-de: before 6.4.7.2-10.0.1

libreoffice-langpack-da: before 6.4.7.2-10.0.1

libreoffice-langpack-cy: before 6.4.7.2-10.0.1

libreoffice-langpack-cs: before 6.4.7.2-10.0.1

libreoffice-langpack-ca: before 6.4.7.2-10.0.1

libreoffice-langpack-br: before 6.4.7.2-10.0.1

libreoffice-langpack-bn: before 6.4.7.2-10.0.1

libreoffice-langpack-bg: before 6.4.7.2-10.0.1

libreoffice-langpack-as: before 6.4.7.2-10.0.1

libreoffice-langpack-ar: before 6.4.7.2-10.0.1

libreoffice-langpack-af: before 6.4.7.2-10.0.1

libreoffice-impress: before 6.4.7.2-10.0.1

libreoffice-help-zh-Hant: before 6.4.7.2-10.0.1

libreoffice-help-zh-Hans: before 6.4.7.2-10.0.1

libreoffice-help-uk: before 6.4.7.2-10.0.1

libreoffice-help-tr: before 6.4.7.2-10.0.1

libreoffice-help-ta: before 6.4.7.2-10.0.1

libreoffice-help-sv: before 6.4.7.2-10.0.1

libreoffice-help-sl: before 6.4.7.2-10.0.1

libreoffice-help-sk: before 6.4.7.2-10.0.1

libreoffice-help-si: before 6.4.7.2-10.0.1

libreoffice-help-ru: before 6.4.7.2-10.0.1

libreoffice-help-ro: before 6.4.7.2-10.0.1

libreoffice-help-pt-PT: before 6.4.7.2-10.0.1

libreoffice-help-pt-BR: before 6.4.7.2-10.0.1

libreoffice-help-pl: before 6.4.7.2-10.0.1

libreoffice-help-nn: before 6.4.7.2-10.0.1

libreoffice-help-nl: before 6.4.7.2-10.0.1

libreoffice-help-nb: before 6.4.7.2-10.0.1

libreoffice-help-lv: before 6.4.7.2-10.0.1

libreoffice-help-lt: before 6.4.7.2-10.0.1

libreoffice-help-ko: before 6.4.7.2-10.0.1

libreoffice-help-ja: before 6.4.7.2-10.0.1

libreoffice-help-it: before 6.4.7.2-10.0.1

libreoffice-help-id: before 6.4.7.2-10.0.1

libreoffice-help-hu: before 6.4.7.2-10.0.1

libreoffice-help-hr: before 6.4.7.2-10.0.1

libreoffice-help-hi: before 6.4.7.2-10.0.1

libreoffice-help-he: before 6.4.7.2-10.0.1

libreoffice-help-gu: before 6.4.7.2-10.0.1

libreoffice-help-gl: before 6.4.7.2-10.0.1

libreoffice-help-fr: before 6.4.7.2-10.0.1

libreoffice-help-fi: before 6.4.7.2-10.0.1

libreoffice-help-eu: before 6.4.7.2-10.0.1

libreoffice-help-et: before 6.4.7.2-10.0.1

libreoffice-help-es: before 6.4.7.2-10.0.1

libreoffice-help-en: before 6.4.7.2-10.0.1

libreoffice-help-el: before 6.4.7.2-10.0.1

libreoffice-help-dz: before 6.4.7.2-10.0.1

libreoffice-help-de: before 6.4.7.2-10.0.1

libreoffice-help-da: before 6.4.7.2-10.0.1

libreoffice-help-cs: before 6.4.7.2-10.0.1

libreoffice-help-ca: before 6.4.7.2-10.0.1

libreoffice-help-bn: before 6.4.7.2-10.0.1

libreoffice-help-bg: before 6.4.7.2-10.0.1

libreoffice-help-ar: before 6.4.7.2-10.0.1

libreoffice-gtk3: before 6.4.7.2-10.0.1

libreoffice-graphicfilter: before 6.4.7.2-10.0.1

libreoffice-gdb-debug-support: before 6.4.7.2-10.0.1

libreoffice-filters: before 6.4.7.2-10.0.1

libreoffice-emailmerge: before 6.4.7.2-10.0.1

libreoffice-draw: before 6.4.7.2-10.0.1

libreoffice-core: before 6.4.7.2-10.0.1

libreoffice-calc: before 6.4.7.2-10.0.1

libreoffice-base: before 6.4.7.2-10.0.1

libreoffice-ure-common: before 6.4.7.2-10.0.1

libreoffice-opensymbol-fonts: before 6.4.7.2-10.0.1

libreoffice-data: before 6.4.7.2-10.0.1

autocorr-zh: before 6.4.7.2-10.0.1

autocorr-vi: before 6.4.7.2-10.0.1

autocorr-tr: before 6.4.7.2-10.0.1

autocorr-sv: before 6.4.7.2-10.0.1

autocorr-sr: before 6.4.7.2-10.0.1

autocorr-sl: before 6.4.7.2-10.0.1

autocorr-sk: before 6.4.7.2-10.0.1

autocorr-ru: before 6.4.7.2-10.0.1

autocorr-ro: before 6.4.7.2-10.0.1

autocorr-pt: before 6.4.7.2-10.0.1

autocorr-pl: before 6.4.7.2-10.0.1

autocorr-nl: before 6.4.7.2-10.0.1

autocorr-mn: before 6.4.7.2-10.0.1

autocorr-lt: before 6.4.7.2-10.0.1

autocorr-lb: before 6.4.7.2-10.0.1

autocorr-ko: before 6.4.7.2-10.0.1

autocorr-ja: before 6.4.7.2-10.0.1

autocorr-it: before 6.4.7.2-10.0.1

autocorr-is: before 6.4.7.2-10.0.1

autocorr-hu: before 6.4.7.2-10.0.1

autocorr-hr: before 6.4.7.2-10.0.1

autocorr-ga: before 6.4.7.2-10.0.1

autocorr-fr: before 6.4.7.2-10.0.1

autocorr-fi: before 6.4.7.2-10.0.1

autocorr-fa: before 6.4.7.2-10.0.1

autocorr-es: before 6.4.7.2-10.0.1

autocorr-en: before 6.4.7.2-10.0.1

autocorr-de: before 6.4.7.2-10.0.1

autocorr-da: before 6.4.7.2-10.0.1

autocorr-cs: before 6.4.7.2-10.0.1

autocorr-ca: before 6.4.7.2-10.0.1

autocorr-bg: before 6.4.7.2-10.0.1

autocorr-af: before 6.4.7.2-10.0.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2022:0406

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU57213

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-25634

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote user to perform spoofing attack.

The vulnerability exists due to application does not properly check for digital signatures of ODF files. A remote attacker can change the signature algorithm in the document to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

libreofficekit: before 6.4.7.2-10.0.1

libreoffice-xsltfilter: before 6.4.7.2-10.0.1

libreoffice-x11: before 6.4.7.2-10.0.1

libreoffice-writer: before 6.4.7.2-10.0.1

libreoffice-wiki-publisher: before 6.4.7.2-10.0.1

libreoffice-ure: before 6.4.7.2-10.0.1

libreoffice-pyuno: before 6.4.7.2-10.0.1

libreoffice-pdfimport: before 6.4.7.2-10.0.1

libreoffice-ogltrans: before 6.4.7.2-10.0.1

libreoffice-math: before 6.4.7.2-10.0.1

libreoffice-langpack-zu: before 6.4.7.2-10.0.1

libreoffice-langpack-zh-Hant: before 6.4.7.2-10.0.1

libreoffice-langpack-zh-Hans: before 6.4.7.2-10.0.1

libreoffice-langpack-xh: before 6.4.7.2-10.0.1

libreoffice-langpack-ve: before 6.4.7.2-10.0.1

libreoffice-langpack-uk: before 6.4.7.2-10.0.1

libreoffice-langpack-ts: before 6.4.7.2-10.0.1

libreoffice-langpack-tr: before 6.4.7.2-10.0.1

libreoffice-langpack-tn: before 6.4.7.2-10.0.1

libreoffice-langpack-th: before 6.4.7.2-10.0.1

libreoffice-langpack-te: before 6.4.7.2-10.0.1

libreoffice-langpack-ta: before 6.4.7.2-10.0.1

libreoffice-langpack-sv: before 6.4.7.2-10.0.1

libreoffice-langpack-st: before 6.4.7.2-10.0.1

libreoffice-langpack-ss: before 6.4.7.2-10.0.1

libreoffice-langpack-sr: before 6.4.7.2-10.0.1

libreoffice-langpack-sl: before 6.4.7.2-10.0.1

libreoffice-langpack-sk: before 6.4.7.2-10.0.1

libreoffice-langpack-si: before 6.4.7.2-10.0.1

libreoffice-langpack-ru: before 6.4.7.2-10.0.1

libreoffice-langpack-ro: before 6.4.7.2-10.0.1

libreoffice-langpack-pt-PT: before 6.4.7.2-10.0.1

libreoffice-langpack-pt-BR: before 6.4.7.2-10.0.1

libreoffice-langpack-pl: before 6.4.7.2-10.0.1

libreoffice-langpack-pa: before 6.4.7.2-10.0.1

libreoffice-langpack-or: before 6.4.7.2-10.0.1

libreoffice-langpack-nso: before 6.4.7.2-10.0.1

libreoffice-langpack-nr: before 6.4.7.2-10.0.1

libreoffice-langpack-nn: before 6.4.7.2-10.0.1

libreoffice-langpack-nl: before 6.4.7.2-10.0.1

libreoffice-langpack-nb: before 6.4.7.2-10.0.1

libreoffice-langpack-mr: before 6.4.7.2-10.0.1

libreoffice-langpack-ml: before 6.4.7.2-10.0.1

libreoffice-langpack-mai: before 6.4.7.2-10.0.1

libreoffice-langpack-lv: before 6.4.7.2-10.0.1

libreoffice-langpack-lt: before 6.4.7.2-10.0.1

libreoffice-langpack-ko: before 6.4.7.2-10.0.1

libreoffice-langpack-kn: before 6.4.7.2-10.0.1

libreoffice-langpack-kk: before 6.4.7.2-10.0.1

libreoffice-langpack-ja: before 6.4.7.2-10.0.1

libreoffice-langpack-it: before 6.4.7.2-10.0.1

libreoffice-langpack-id: before 6.4.7.2-10.0.1

libreoffice-langpack-hu: before 6.4.7.2-10.0.1

libreoffice-langpack-hr: before 6.4.7.2-10.0.1

libreoffice-langpack-hi: before 6.4.7.2-10.0.1

libreoffice-langpack-he: before 6.4.7.2-10.0.1

libreoffice-langpack-gu: before 6.4.7.2-10.0.1

libreoffice-langpack-gl: before 6.4.7.2-10.0.1

libreoffice-langpack-ga: before 6.4.7.2-10.0.1

libreoffice-langpack-fr: before 6.4.7.2-10.0.1

libreoffice-langpack-fi: before 6.4.7.2-10.0.1

libreoffice-langpack-fa: before 6.4.7.2-10.0.1

libreoffice-langpack-eu: before 6.4.7.2-10.0.1

libreoffice-langpack-et: before 6.4.7.2-10.0.1

libreoffice-langpack-es: before 6.4.7.2-10.0.1

libreoffice-langpack-en: before 6.4.7.2-10.0.1

libreoffice-langpack-el: before 6.4.7.2-10.0.1

libreoffice-langpack-dz: before 6.4.7.2-10.0.1

libreoffice-langpack-de: before 6.4.7.2-10.0.1

libreoffice-langpack-da: before 6.4.7.2-10.0.1

libreoffice-langpack-cy: before 6.4.7.2-10.0.1

libreoffice-langpack-cs: before 6.4.7.2-10.0.1

libreoffice-langpack-ca: before 6.4.7.2-10.0.1

libreoffice-langpack-br: before 6.4.7.2-10.0.1

libreoffice-langpack-bn: before 6.4.7.2-10.0.1

libreoffice-langpack-bg: before 6.4.7.2-10.0.1

libreoffice-langpack-as: before 6.4.7.2-10.0.1

libreoffice-langpack-ar: before 6.4.7.2-10.0.1

libreoffice-langpack-af: before 6.4.7.2-10.0.1

libreoffice-impress: before 6.4.7.2-10.0.1

libreoffice-help-zh-Hant: before 6.4.7.2-10.0.1

libreoffice-help-zh-Hans: before 6.4.7.2-10.0.1

libreoffice-help-uk: before 6.4.7.2-10.0.1

libreoffice-help-tr: before 6.4.7.2-10.0.1

libreoffice-help-ta: before 6.4.7.2-10.0.1

libreoffice-help-sv: before 6.4.7.2-10.0.1

libreoffice-help-sl: before 6.4.7.2-10.0.1

libreoffice-help-sk: before 6.4.7.2-10.0.1

libreoffice-help-si: before 6.4.7.2-10.0.1

libreoffice-help-ru: before 6.4.7.2-10.0.1

libreoffice-help-ro: before 6.4.7.2-10.0.1

libreoffice-help-pt-PT: before 6.4.7.2-10.0.1

libreoffice-help-pt-BR: before 6.4.7.2-10.0.1

libreoffice-help-pl: before 6.4.7.2-10.0.1

libreoffice-help-nn: before 6.4.7.2-10.0.1

libreoffice-help-nl: before 6.4.7.2-10.0.1

libreoffice-help-nb: before 6.4.7.2-10.0.1

libreoffice-help-lv: before 6.4.7.2-10.0.1

libreoffice-help-lt: before 6.4.7.2-10.0.1

libreoffice-help-ko: before 6.4.7.2-10.0.1

libreoffice-help-ja: before 6.4.7.2-10.0.1

libreoffice-help-it: before 6.4.7.2-10.0.1

libreoffice-help-id: before 6.4.7.2-10.0.1

libreoffice-help-hu: before 6.4.7.2-10.0.1

libreoffice-help-hr: before 6.4.7.2-10.0.1

libreoffice-help-hi: before 6.4.7.2-10.0.1

libreoffice-help-he: before 6.4.7.2-10.0.1

libreoffice-help-gu: before 6.4.7.2-10.0.1

libreoffice-help-gl: before 6.4.7.2-10.0.1

libreoffice-help-fr: before 6.4.7.2-10.0.1

libreoffice-help-fi: before 6.4.7.2-10.0.1

libreoffice-help-eu: before 6.4.7.2-10.0.1

libreoffice-help-et: before 6.4.7.2-10.0.1

libreoffice-help-es: before 6.4.7.2-10.0.1

libreoffice-help-en: before 6.4.7.2-10.0.1

libreoffice-help-el: before 6.4.7.2-10.0.1

libreoffice-help-dz: before 6.4.7.2-10.0.1

libreoffice-help-de: before 6.4.7.2-10.0.1

libreoffice-help-da: before 6.4.7.2-10.0.1

libreoffice-help-cs: before 6.4.7.2-10.0.1

libreoffice-help-ca: before 6.4.7.2-10.0.1

libreoffice-help-bn: before 6.4.7.2-10.0.1

libreoffice-help-bg: before 6.4.7.2-10.0.1

libreoffice-help-ar: before 6.4.7.2-10.0.1

libreoffice-gtk3: before 6.4.7.2-10.0.1

libreoffice-graphicfilter: before 6.4.7.2-10.0.1

libreoffice-gdb-debug-support: before 6.4.7.2-10.0.1

libreoffice-filters: before 6.4.7.2-10.0.1

libreoffice-emailmerge: before 6.4.7.2-10.0.1

libreoffice-draw: before 6.4.7.2-10.0.1

libreoffice-core: before 6.4.7.2-10.0.1

libreoffice-calc: before 6.4.7.2-10.0.1

libreoffice-base: before 6.4.7.2-10.0.1

libreoffice-ure-common: before 6.4.7.2-10.0.1

libreoffice-opensymbol-fonts: before 6.4.7.2-10.0.1

libreoffice-data: before 6.4.7.2-10.0.1

autocorr-zh: before 6.4.7.2-10.0.1

autocorr-vi: before 6.4.7.2-10.0.1

autocorr-tr: before 6.4.7.2-10.0.1

autocorr-sv: before 6.4.7.2-10.0.1

autocorr-sr: before 6.4.7.2-10.0.1

autocorr-sl: before 6.4.7.2-10.0.1

autocorr-sk: before 6.4.7.2-10.0.1

autocorr-ru: before 6.4.7.2-10.0.1

autocorr-ro: before 6.4.7.2-10.0.1

autocorr-pt: before 6.4.7.2-10.0.1

autocorr-pl: before 6.4.7.2-10.0.1

autocorr-nl: before 6.4.7.2-10.0.1

autocorr-mn: before 6.4.7.2-10.0.1

autocorr-lt: before 6.4.7.2-10.0.1

autocorr-lb: before 6.4.7.2-10.0.1

autocorr-ko: before 6.4.7.2-10.0.1

autocorr-ja: before 6.4.7.2-10.0.1

autocorr-it: before 6.4.7.2-10.0.1

autocorr-is: before 6.4.7.2-10.0.1

autocorr-hu: before 6.4.7.2-10.0.1

autocorr-hr: before 6.4.7.2-10.0.1

autocorr-ga: before 6.4.7.2-10.0.1

autocorr-fr: before 6.4.7.2-10.0.1

autocorr-fi: before 6.4.7.2-10.0.1

autocorr-fa: before 6.4.7.2-10.0.1

autocorr-es: before 6.4.7.2-10.0.1

autocorr-en: before 6.4.7.2-10.0.1

autocorr-de: before 6.4.7.2-10.0.1

autocorr-da: before 6.4.7.2-10.0.1

autocorr-cs: before 6.4.7.2-10.0.1

autocorr-ca: before 6.4.7.2-10.0.1

autocorr-bg: before 6.4.7.2-10.0.1

autocorr-af: before 6.4.7.2-10.0.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2022:0406

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU57212

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-25635

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote user to perform spoofing attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

libreofficekit: before 6.4.7.2-10.0.1

libreoffice-xsltfilter: before 6.4.7.2-10.0.1

libreoffice-x11: before 6.4.7.2-10.0.1

libreoffice-writer: before 6.4.7.2-10.0.1

libreoffice-wiki-publisher: before 6.4.7.2-10.0.1

libreoffice-ure: before 6.4.7.2-10.0.1

libreoffice-pyuno: before 6.4.7.2-10.0.1

libreoffice-pdfimport: before 6.4.7.2-10.0.1

libreoffice-ogltrans: before 6.4.7.2-10.0.1

libreoffice-math: before 6.4.7.2-10.0.1

libreoffice-langpack-zu: before 6.4.7.2-10.0.1

libreoffice-langpack-zh-Hant: before 6.4.7.2-10.0.1

libreoffice-langpack-zh-Hans: before 6.4.7.2-10.0.1

libreoffice-langpack-xh: before 6.4.7.2-10.0.1

libreoffice-langpack-ve: before 6.4.7.2-10.0.1

libreoffice-langpack-uk: before 6.4.7.2-10.0.1

libreoffice-langpack-ts: before 6.4.7.2-10.0.1

libreoffice-langpack-tr: before 6.4.7.2-10.0.1

libreoffice-langpack-tn: before 6.4.7.2-10.0.1

libreoffice-langpack-th: before 6.4.7.2-10.0.1

libreoffice-langpack-te: before 6.4.7.2-10.0.1

libreoffice-langpack-ta: before 6.4.7.2-10.0.1

libreoffice-langpack-sv: before 6.4.7.2-10.0.1

libreoffice-langpack-st: before 6.4.7.2-10.0.1

libreoffice-langpack-ss: before 6.4.7.2-10.0.1

libreoffice-langpack-sr: before 6.4.7.2-10.0.1

libreoffice-langpack-sl: before 6.4.7.2-10.0.1

libreoffice-langpack-sk: before 6.4.7.2-10.0.1

libreoffice-langpack-si: before 6.4.7.2-10.0.1

libreoffice-langpack-ru: before 6.4.7.2-10.0.1

libreoffice-langpack-ro: before 6.4.7.2-10.0.1

libreoffice-langpack-pt-PT: before 6.4.7.2-10.0.1

libreoffice-langpack-pt-BR: before 6.4.7.2-10.0.1

libreoffice-langpack-pl: before 6.4.7.2-10.0.1

libreoffice-langpack-pa: before 6.4.7.2-10.0.1

libreoffice-langpack-or: before 6.4.7.2-10.0.1

libreoffice-langpack-nso: before 6.4.7.2-10.0.1

libreoffice-langpack-nr: before 6.4.7.2-10.0.1

libreoffice-langpack-nn: before 6.4.7.2-10.0.1

libreoffice-langpack-nl: before 6.4.7.2-10.0.1

libreoffice-langpack-nb: before 6.4.7.2-10.0.1

libreoffice-langpack-mr: before 6.4.7.2-10.0.1

libreoffice-langpack-ml: before 6.4.7.2-10.0.1

libreoffice-langpack-mai: before 6.4.7.2-10.0.1

libreoffice-langpack-lv: before 6.4.7.2-10.0.1

libreoffice-langpack-lt: before 6.4.7.2-10.0.1

libreoffice-langpack-ko: before 6.4.7.2-10.0.1

libreoffice-langpack-kn: before 6.4.7.2-10.0.1

libreoffice-langpack-kk: before 6.4.7.2-10.0.1

libreoffice-langpack-ja: before 6.4.7.2-10.0.1

libreoffice-langpack-it: before 6.4.7.2-10.0.1

libreoffice-langpack-id: before 6.4.7.2-10.0.1

libreoffice-langpack-hu: before 6.4.7.2-10.0.1

libreoffice-langpack-hr: before 6.4.7.2-10.0.1

libreoffice-langpack-hi: before 6.4.7.2-10.0.1

libreoffice-langpack-he: before 6.4.7.2-10.0.1

libreoffice-langpack-gu: before 6.4.7.2-10.0.1

libreoffice-langpack-gl: before 6.4.7.2-10.0.1

libreoffice-langpack-ga: before 6.4.7.2-10.0.1

libreoffice-langpack-fr: before 6.4.7.2-10.0.1

libreoffice-langpack-fi: before 6.4.7.2-10.0.1

libreoffice-langpack-fa: before 6.4.7.2-10.0.1

libreoffice-langpack-eu: before 6.4.7.2-10.0.1

libreoffice-langpack-et: before 6.4.7.2-10.0.1

libreoffice-langpack-es: before 6.4.7.2-10.0.1

libreoffice-langpack-en: before 6.4.7.2-10.0.1

libreoffice-langpack-el: before 6.4.7.2-10.0.1

libreoffice-langpack-dz: before 6.4.7.2-10.0.1

libreoffice-langpack-de: before 6.4.7.2-10.0.1

libreoffice-langpack-da: before 6.4.7.2-10.0.1

libreoffice-langpack-cy: before 6.4.7.2-10.0.1

libreoffice-langpack-cs: before 6.4.7.2-10.0.1

libreoffice-langpack-ca: before 6.4.7.2-10.0.1

libreoffice-langpack-br: before 6.4.7.2-10.0.1

libreoffice-langpack-bn: before 6.4.7.2-10.0.1

libreoffice-langpack-bg: before 6.4.7.2-10.0.1

libreoffice-langpack-as: before 6.4.7.2-10.0.1

libreoffice-langpack-ar: before 6.4.7.2-10.0.1

libreoffice-langpack-af: before 6.4.7.2-10.0.1

libreoffice-impress: before 6.4.7.2-10.0.1

libreoffice-help-zh-Hant: before 6.4.7.2-10.0.1

libreoffice-help-zh-Hans: before 6.4.7.2-10.0.1

libreoffice-help-uk: before 6.4.7.2-10.0.1

libreoffice-help-tr: before 6.4.7.2-10.0.1

libreoffice-help-ta: before 6.4.7.2-10.0.1

libreoffice-help-sv: before 6.4.7.2-10.0.1

libreoffice-help-sl: before 6.4.7.2-10.0.1

libreoffice-help-sk: before 6.4.7.2-10.0.1

libreoffice-help-si: before 6.4.7.2-10.0.1

libreoffice-help-ru: before 6.4.7.2-10.0.1

libreoffice-help-ro: before 6.4.7.2-10.0.1

libreoffice-help-pt-PT: before 6.4.7.2-10.0.1

libreoffice-help-pt-BR: before 6.4.7.2-10.0.1

libreoffice-help-pl: before 6.4.7.2-10.0.1

libreoffice-help-nn: before 6.4.7.2-10.0.1

libreoffice-help-nl: before 6.4.7.2-10.0.1

libreoffice-help-nb: before 6.4.7.2-10.0.1

libreoffice-help-lv: before 6.4.7.2-10.0.1

libreoffice-help-lt: before 6.4.7.2-10.0.1

libreoffice-help-ko: before 6.4.7.2-10.0.1

libreoffice-help-ja: before 6.4.7.2-10.0.1

libreoffice-help-it: before 6.4.7.2-10.0.1

libreoffice-help-id: before 6.4.7.2-10.0.1

libreoffice-help-hu: before 6.4.7.2-10.0.1

libreoffice-help-hr: before 6.4.7.2-10.0.1

libreoffice-help-hi: before 6.4.7.2-10.0.1

libreoffice-help-he: before 6.4.7.2-10.0.1

libreoffice-help-gu: before 6.4.7.2-10.0.1

libreoffice-help-gl: before 6.4.7.2-10.0.1

libreoffice-help-fr: before 6.4.7.2-10.0.1

libreoffice-help-fi: before 6.4.7.2-10.0.1

libreoffice-help-eu: before 6.4.7.2-10.0.1

libreoffice-help-et: before 6.4.7.2-10.0.1

libreoffice-help-es: before 6.4.7.2-10.0.1

libreoffice-help-en: before 6.4.7.2-10.0.1

libreoffice-help-el: before 6.4.7.2-10.0.1

libreoffice-help-dz: before 6.4.7.2-10.0.1

libreoffice-help-de: before 6.4.7.2-10.0.1

libreoffice-help-da: before 6.4.7.2-10.0.1

libreoffice-help-cs: before 6.4.7.2-10.0.1

libreoffice-help-ca: before 6.4.7.2-10.0.1

libreoffice-help-bn: before 6.4.7.2-10.0.1

libreoffice-help-bg: before 6.4.7.2-10.0.1

libreoffice-help-ar: before 6.4.7.2-10.0.1

libreoffice-gtk3: before 6.4.7.2-10.0.1

libreoffice-graphicfilter: before 6.4.7.2-10.0.1

libreoffice-gdb-debug-support: before 6.4.7.2-10.0.1

libreoffice-filters: before 6.4.7.2-10.0.1

libreoffice-emailmerge: before 6.4.7.2-10.0.1

libreoffice-draw: before 6.4.7.2-10.0.1

libreoffice-core: before 6.4.7.2-10.0.1

libreoffice-calc: before 6.4.7.2-10.0.1

libreoffice-base: before 6.4.7.2-10.0.1

libreoffice-ure-common: before 6.4.7.2-10.0.1

libreoffice-opensymbol-fonts: before 6.4.7.2-10.0.1

libreoffice-data: before 6.4.7.2-10.0.1

autocorr-zh: before 6.4.7.2-10.0.1

autocorr-vi: before 6.4.7.2-10.0.1

autocorr-tr: before 6.4.7.2-10.0.1

autocorr-sv: before 6.4.7.2-10.0.1

autocorr-sr: before 6.4.7.2-10.0.1

autocorr-sl: before 6.4.7.2-10.0.1

autocorr-sk: before 6.4.7.2-10.0.1

autocorr-ru: before 6.4.7.2-10.0.1

autocorr-ro: before 6.4.7.2-10.0.1

autocorr-pt: before 6.4.7.2-10.0.1

autocorr-pl: before 6.4.7.2-10.0.1

autocorr-nl: before 6.4.7.2-10.0.1

autocorr-mn: before 6.4.7.2-10.0.1

autocorr-lt: before 6.4.7.2-10.0.1

autocorr-lb: before 6.4.7.2-10.0.1

autocorr-ko: before 6.4.7.2-10.0.1

autocorr-ja: before 6.4.7.2-10.0.1

autocorr-it: before 6.4.7.2-10.0.1

autocorr-is: before 6.4.7.2-10.0.1

autocorr-hu: before 6.4.7.2-10.0.1

autocorr-hr: before 6.4.7.2-10.0.1

autocorr-ga: before 6.4.7.2-10.0.1

autocorr-fr: before 6.4.7.2-10.0.1

autocorr-fi: before 6.4.7.2-10.0.1

autocorr-fa: before 6.4.7.2-10.0.1

autocorr-es: before 6.4.7.2-10.0.1

autocorr-en: before 6.4.7.2-10.0.1

autocorr-de: before 6.4.7.2-10.0.1

autocorr-da: before 6.4.7.2-10.0.1

autocorr-cs: before 6.4.7.2-10.0.1

autocorr-ca: before 6.4.7.2-10.0.1

autocorr-bg: before 6.4.7.2-10.0.1

autocorr-af: before 6.4.7.2-10.0.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2022:0406

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.