Debian DSA-4988-1：libreoffice - 安全性更新

high Nessus Plugin ID 154194

語系：

概要

遠端 Debian 主機上缺少一個或多個安全性更新。

說明

遠端 Debian 11 主機上安裝的多個套件受到 dsa-4988 公告中提及的多個弱點影響。

- LibreOffice 支援 ODF 文件和文件中的巨集數位簽章，呈現自上次簽署後文件未發生任何變更的視覺輔助工具，且該簽章有效。
LibreOffice 中存在一個不當驗證憑證弱點，該弱點允許攻擊者透過操控文件中的 documentsignatures.xml 或 macrosignatures.xml 資料流來建立以數位方式簽署的 ODF 文件，以合併多個憑證資料，這會導致 LibreOffice 在開啟後顯示有效簽署的指示器，但其內容與顯示的簽章卻無關聯。此問題會影響：7.0.6 之前的 Document Foundation LibreOffice 7-0 版本；7.1.2 之前的 Document Foundation LibreOffice 7-1 版本。(CVE-2021-25633)

- LibreOffice 支援 ODF 文件和文件中的巨集數位簽章，呈現自上次簽署後文件未發生任何變更的視覺輔助工具，且該簽章有效。
LibreOffice 中存在一個不當驗證憑證弱點，該弱點允許攻擊者修改以數位方式簽署的 ODF 文件，以插入額外的簽署時間時間戳記，從而導致 LibreOffice 會在偽造的簽署時間錯誤顯示有效的已簽署簽章。此問題會影響：7.0.6 之前的 Document Foundation LibreOffice 7-0 版本；7.1.2 之前的 Document Foundation LibreOffice 7-1 版本。(CVE-2021-25634)

請注意，Nessus 並未測試此問題，而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

升級 libreoffice 套件。

針對穩定的發行版本 (bullseye)，這些問題已在版本 1 中修正

另請參閱

https://security-tracker.debian.org/tracker/source-package/libreoffice

https://www.debian.org/security/2021/dsa-4988

https://security-tracker.debian.org/tracker/CVE-2021-25633

https://security-tracker.debian.org/tracker/CVE-2021-25634

https://packages.debian.org/source/bullseye/libreoffice

Plugin 詳細資訊

嚴重性: High

ID: 154194

檔案名稱: debian_DSA-4988.nasl

版本: 1.3

類型: local

代理程式: unix

系列: Debian Local Security Checks

已發布: 2021/10/17

已更新: 2022/1/20

支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Medium

分數: 4.4

CVSS v2

風險因素: Medium

基本分數: 5

時間分數: 3.7

媒介: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS 評分資料來源: CVE-2021-25634

CVSS v3

風險因素: High

基本分數: 7.5

時間分數: 6.5

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:debian:debian_linux:fonts-opensymbol, p-cpe:/a:debian:debian_linux:gir1.2-lokdocview-0.1, p-cpe:/a:debian:debian_linux:libjuh-java, p-cpe:/a:debian:debian_linux:libjurt-java, p-cpe:/a:debian:debian_linux:liblibreoffice-java, p-cpe:/a:debian:debian_linux:liblibreofficekitgtk, p-cpe:/a:debian:debian_linux:libofficebean-java, p-cpe:/a:debian:debian_linux:libreoffice, p-cpe:/a:debian:debian_linux:libreoffice-avmedia-backend-gstreamer, p-cpe:/a:debian:debian_linux:libreoffice-base, p-cpe:/a:debian:debian_linux:libreoffice-base-core, p-cpe:/a:debian:debian_linux:libreoffice-base-drivers, p-cpe:/a:debian:debian_linux:libreoffice-base-nogui, p-cpe:/a:debian:debian_linux:libreoffice-calc, p-cpe:/a:debian:debian_linux:libreoffice-calc-nogui, p-cpe:/a:debian:debian_linux:libreoffice-common, p-cpe:/a:debian:debian_linux:libreoffice-core, p-cpe:/a:debian:debian_linux:libreoffice-core-nogui, p-cpe:/a:debian:debian_linux:libreoffice-dev, p-cpe:/a:debian:debian_linux:libreoffice-dev-common, p-cpe:/a:debian:debian_linux:libreoffice-dev-doc, p-cpe:/a:debian:debian_linux:libreoffice-dev-gui, p-cpe:/a:debian:debian_linux:libreoffice-draw, p-cpe:/a:debian:debian_linux:libreoffice-draw-nogui, p-cpe:/a:debian:debian_linux:libreoffice-evolution, p-cpe:/a:debian:debian_linux:libreoffice-gnome, p-cpe:/a:debian:debian_linux:libreoffice-gtk3, p-cpe:/a:debian:debian_linux:libreoffice-help-ca, p-cpe:/a:debian:debian_linux:libreoffice-help-common, p-cpe:/a:debian:debian_linux:libreoffice-help-cs, p-cpe:/a:debian:debian_linux:libreoffice-help-da, p-cpe:/a:debian:debian_linux:libreoffice-help-de, p-cpe:/a:debian:debian_linux:libreoffice-help-om, p-cpe:/a:debian:debian_linux:libreoffice-help-pl, p-cpe:/a:debian:debian_linux:libreoffice-help-pt, p-cpe:/a:debian:debian_linux:libreoffice-help-pt-br, p-cpe:/a:debian:debian_linux:libreoffice-help-ru, p-cpe:/a:debian:debian_linux:libreoffice-help-sk, p-cpe:/a:debian:debian_linux:libreoffice-help-sl, p-cpe:/a:debian:debian_linux:libreoffice-help-sv, p-cpe:/a:debian:debian_linux:libreoffice-help-tr, p-cpe:/a:debian:debian_linux:libreoffice-help-vi, p-cpe:/a:debian:debian_linux:libreoffice-help-zh-cn, p-cpe:/a:debian:debian_linux:libreoffice-help-zh-tw, p-cpe:/a:debian:debian_linux:libreoffice-impress, p-cpe:/a:debian:debian_linux:libreoffice-impress-nogui, p-cpe:/a:debian:debian_linux:libreoffice-java-common, p-cpe:/a:debian:debian_linux:libreoffice-l10n-it, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ja, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ka, p-cpe:/a:debian:debian_linux:libreoffice-l10n-kk, p-cpe:/a:debian:debian_linux:libreoffice-l10n-km, p-cpe:/a:debian:debian_linux:libreoffice-l10n-kmr, p-cpe:/a:debian:debian_linux:libreoffice-l10n-kn, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ko, p-cpe:/a:debian:debian_linux:libreoffice-l10n-lt, p-cpe:/a:debian:debian_linux:libreoffice-l10n-lv, p-cpe:/a:debian:debian_linux:libreoffice-l10n-mk, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ml, p-cpe:/a:debian:debian_linux:libreoffice-l10n-mn, p-cpe:/a:debian:debian_linux:libreoffice-l10n-mr, p-cpe:/a:debian:debian_linux:libreoffice-l10n-nb, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ne, p-cpe:/a:debian:debian_linux:libreoffice-l10n-nl, p-cpe:/a:debian:debian_linux:libreoffice-l10n-nn, p-cpe:/a:debian:debian_linux:libreoffice-l10n-nr, p-cpe:/a:debian:debian_linux:libreoffice-l10n-nso, p-cpe:/a:debian:debian_linux:libreoffice-l10n-oc, p-cpe:/a:debian:debian_linux:libreoffice-l10n-om, p-cpe:/a:debian:debian_linux:libreoffice-l10n-or, p-cpe:/a:debian:debian_linux:libreoffice-l10n-pa-in, p-cpe:/a:debian:debian_linux:libreoffice-l10n-pl, p-cpe:/a:debian:debian_linux:libreoffice-l10n-pt, p-cpe:/a:debian:debian_linux:libreoffice-l10n-pt-br, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ro, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ru, p-cpe:/a:debian:debian_linux:libreoffice-l10n-rw, p-cpe:/a:debian:debian_linux:libreoffice-l10n-si, p-cpe:/a:debian:debian_linux:libreoffice-l10n-sk, p-cpe:/a:debian:debian_linux:libreoffice-l10n-sl, p-cpe:/a:debian:debian_linux:libreoffice-l10n-sr, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ss, p-cpe:/a:debian:debian_linux:libreoffice-l10n-st, p-cpe:/a:debian:debian_linux:libreoffice-l10n-sv, p-cpe:/a:debian:debian_linux:libreoffice-l10n-szl, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ta, p-cpe:/a:debian:debian_linux:libreoffice-l10n-te, p-cpe:/a:debian:debian_linux:libreoffice-l10n-tg, p-cpe:/a:debian:debian_linux:libreoffice-l10n-th, p-cpe:/a:debian:debian_linux:libreoffice-l10n-tn, p-cpe:/a:debian:debian_linux:libreoffice-l10n-tr, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ts, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ug, p-cpe:/a:debian:debian_linux:libreoffice-l10n-uk, p-cpe:/a:debian:debian_linux:libreoffice-l10n-uz, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ve, p-cpe:/a:debian:debian_linux:libreoffice-l10n-vi, p-cpe:/a:debian:debian_linux:libreoffice-l10n-xh, p-cpe:/a:debian:debian_linux:libreoffice-l10n-za, p-cpe:/a:debian:debian_linux:libreoffice-l10n-zh-cn, p-cpe:/a:debian:debian_linux:libreoffice-l10n-zh-tw, p-cpe:/a:debian:debian_linux:libreoffice-l10n-zu, p-cpe:/a:debian:debian_linux:libreoffice-librelogo, p-cpe:/a:debian:debian_linux:libreoffice-math, p-cpe:/a:debian:debian_linux:libreoffice-math-nogui, p-cpe:/a:debian:debian_linux:libreoffice-mysql-connector, p-cpe:/a:debian:debian_linux:libreoffice-nlpsolver, p-cpe:/a:debian:debian_linux:libreoffice-nogui, p-cpe:/a:debian:debian_linux:libreoffice-officebean, p-cpe:/a:debian:debian_linux:libreoffice-plasma, p-cpe:/a:debian:debian_linux:libreoffice-qt5, p-cpe:/a:debian:debian_linux:libreoffice-report-builder, p-cpe:/a:debian:debian_linux:libreoffice-report-builder-bin, p-cpe:/a:debian:debian_linux:libreoffice-kde5, p-cpe:/a:debian:debian_linux:libreoffice-kf5, p-cpe:/a:debian:debian_linux:libreoffice-l10n-af, p-cpe:/a:debian:debian_linux:libreoffice-l10n-am, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ar, p-cpe:/a:debian:debian_linux:libreoffice-l10n-as, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ast, p-cpe:/a:debian:debian_linux:libreoffice-l10n-be, p-cpe:/a:debian:debian_linux:libreoffice-l10n-bg, p-cpe:/a:debian:debian_linux:libreoffice-l10n-bn, p-cpe:/a:debian:debian_linux:libreoffice-l10n-br, p-cpe:/a:debian:debian_linux:libreoffice-l10n-bs, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ca, p-cpe:/a:debian:debian_linux:libreoffice-l10n-cs, p-cpe:/a:debian:debian_linux:libreoffice-l10n-cy, p-cpe:/a:debian:debian_linux:libreoffice-l10n-da, p-cpe:/a:debian:debian_linux:libreoffice-l10n-de, p-cpe:/a:debian:debian_linux:libreoffice-l10n-dz, p-cpe:/a:debian:debian_linux:libreoffice-l10n-el, p-cpe:/a:debian:debian_linux:libreoffice-l10n-en-gb, p-cpe:/a:debian:debian_linux:libreoffice-l10n-en-za, p-cpe:/a:debian:debian_linux:libreoffice-l10n-eo, p-cpe:/a:debian:debian_linux:libreoffice-l10n-es, p-cpe:/a:debian:debian_linux:libreoffice-l10n-et, p-cpe:/a:debian:debian_linux:libreoffice-l10n-eu, p-cpe:/a:debian:debian_linux:libreoffice-l10n-fa, p-cpe:/a:debian:debian_linux:libreoffice-l10n-fi, p-cpe:/a:debian:debian_linux:libreoffice-l10n-fr, p-cpe:/a:debian:debian_linux:libreoffice-l10n-ga, p-cpe:/a:debian:debian_linux:libreoffice-l10n-gd, p-cpe:/a:debian:debian_linux:libreoffice-l10n-gl, p-cpe:/a:debian:debian_linux:libreoffice-l10n-gu, p-cpe:/a:debian:debian_linux:libreoffice-l10n-gug, p-cpe:/a:debian:debian_linux:libreoffice-l10n-he, p-cpe:/a:debian:debian_linux:libreoffice-l10n-hi, p-cpe:/a:debian:debian_linux:libreoffice-l10n-hr, p-cpe:/a:debian:debian_linux:libreoffice-l10n-hu, p-cpe:/a:debian:debian_linux:libreoffice-l10n-id, p-cpe:/a:debian:debian_linux:libreoffice-l10n-in, p-cpe:/a:debian:debian_linux:libreoffice-l10n-is, p-cpe:/a:debian:debian_linux:libreoffice-report-builder-bin-nogui, p-cpe:/a:debian:debian_linux:libreoffice-script-provider-bsh, p-cpe:/a:debian:debian_linux:libreoffice-script-provider-js, p-cpe:/a:debian:debian_linux:libreoffice-script-provider-python, p-cpe:/a:debian:debian_linux:libreoffice-sdbc-firebird, p-cpe:/a:debian:debian_linux:libreoffice-sdbc-hsqldb, p-cpe:/a:debian:debian_linux:libreoffice-sdbc-mysql, p-cpe:/a:debian:debian_linux:libreoffice-sdbc-postgresql, p-cpe:/a:debian:debian_linux:libreoffice-smoketest-data, p-cpe:/a:debian:debian_linux:libreoffice-style-breeze, p-cpe:/a:debian:debian_linux:libreoffice-style-colibre, p-cpe:/a:debian:debian_linux:libreoffice-style-elementary, p-cpe:/a:debian:debian_linux:libreoffice-style-karasa-jaga, p-cpe:/a:debian:debian_linux:libreoffice-style-sifr, p-cpe:/a:debian:debian_linux:libreoffice-style-sukapura, p-cpe:/a:debian:debian_linux:libreoffice-subsequentcheckbase, p-cpe:/a:debian:debian_linux:libreoffice-wiki-publisher, p-cpe:/a:debian:debian_linux:libreoffice-writer, p-cpe:/a:debian:debian_linux:libreoffice-writer-nogui, p-cpe:/a:debian:debian_linux:libreofficekit-data, p-cpe:/a:debian:debian_linux:libreofficekit-dev, p-cpe:/a:debian:debian_linux:libridl-java, p-cpe:/a:debian:debian_linux:libuno-cppu3, p-cpe:/a:debian:debian_linux:libuno-cppuhelpergcc3-3, p-cpe:/a:debian:debian_linux:libuno-purpenvhelpergcc3-3, p-cpe:/a:debian:debian_linux:libuno-sal3, p-cpe:/a:debian:debian_linux:libuno-salhelpergcc3-3, p-cpe:/a:debian:debian_linux:libunoil-java, p-cpe:/a:debian:debian_linux:libunoloader-java, p-cpe:/a:debian:debian_linux:python3-access2base, p-cpe:/a:debian:debian_linux:python3-uno, p-cpe:/a:debian:debian_linux:uno-libs-private, p-cpe:/a:debian:debian_linux:ure, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libreoffice-help-dz, p-cpe:/a:debian:debian_linux:libreoffice-help-el, p-cpe:/a:debian:debian_linux:libreoffice-help-en-gb, p-cpe:/a:debian:debian_linux:libreoffice-help-en-us, p-cpe:/a:debian:debian_linux:libreoffice-help-es, p-cpe:/a:debian:debian_linux:libreoffice-help-et, p-cpe:/a:debian:debian_linux:libreoffice-help-eu, p-cpe:/a:debian:debian_linux:libreoffice-help-fi, p-cpe:/a:debian:debian_linux:libreoffice-help-fr, p-cpe:/a:debian:debian_linux:libreoffice-help-gl, p-cpe:/a:debian:debian_linux:libreoffice-help-hi, p-cpe:/a:debian:debian_linux:libreoffice-help-hu, p-cpe:/a:debian:debian_linux:libreoffice-help-id, p-cpe:/a:debian:debian_linux:libreoffice-help-it, p-cpe:/a:debian:debian_linux:libreoffice-help-ja, p-cpe:/a:debian:debian_linux:libreoffice-help-km, p-cpe:/a:debian:debian_linux:libreoffice-help-ko, p-cpe:/a:debian:debian_linux:libreoffice-help-nl

必要的 KB 項目: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2021/10/16

弱點發布日期: 2021/10/11

參考資訊

CVE: CVE-2021-25633, CVE-2021-25634