it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5908-1] libreoffice security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5908-1] libreoffice security update
Date: Mon, 28 Apr 2025 19:20:07 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; dmarc=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
List-archive: https://lists.debian.org/msgid-search/aA/U577x6BlGRrWW AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=zNG8kbeMXQINBN4JVFBpTroaWL8Kco1R7pUgkotAA0I=; b=DR +jZUFUhKHxlWaxb2LS2FybZM7ZkcUNnk/iXduNsODw2y05kzk6pCFeDTNEMoK3dJks3DMJDSFTtCN bSO4FxEj9QwAbQs1nJ/U1gHSyWLfy5WNuwL3AAd1p2vUrlHWgWoJGqpXbANz7uUms5+MydKjpHjCe IxrmExcPi+ZKJTIMzdq8WxePaTFt6uhUPCe0E6MV+VmgzggS2dLxqdISAyDvs1RQe6LKt2HbtT1Me FCYOH64iXMtRvoz247eguhNXEjgfKGe1CyFDtkU0RHEwcRKexfY0r2L05+vkuEZfHfjXy7Ri3VscQ fWM2l+iNB3wyTa9QF4aEm0VMxQqfSs/w==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Mon, 28 Apr 2025 19:20:32 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <HbEvstOg8FF.A.rSUC.AU9DoB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5908-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2025-2866

Juray Sarinay discovered that PDF documents signed with the
adbe.pkcs7.sha1 standard were incompletely validated by LibreOffice,
which could cause invalid signatures to be accepted as legitimate.

For the stable distribution (bookworm), this problem has been fixed in
version 4:7.4.7-1+deb12u8.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgP1KwACgkQEMKTtsN8
TjasuRAAnAPyCH3STHeXsEVJiHnk/msFh95HPxkf9FtXnIwZqAq02CDzAJJi+9SI
a6KsPZ1tKUTgNMSd0dt7z4/jRlaB81uiaRqwinrLu153bObzmg8vigI7jglN0BiC
19TDG2+dlEKueOah6h59PFf/8oe3LZ3xHJIydN8f0u7XtUrUIg/+dBS1Zwbr4uWv
jIW+HSwbpOKSBD70SeovB6kkWuF6xGVcjfHuBcn0bwwjsXInJYJKBOCChEHAynpA
p8fecyHGRXVd2rjdQx3A8edP5NkfwXvECB220Sc2lF/8usxLVRXPdgVUlU1nWE5T
FDPUkJ6AsyysJjnnoTHRiOanxgAZPkQbioeTl117Zwv2ckgyIkdX3/dvwgJPZC5p
o3hpnc+Ie96pm4gNNO+0pa2cC+0m6jlz518XYhwak+M5IgFbjekpD9klQqLNPn6d
gba03ovqu/Tz683mIl5EWNGPIZwpouRgL9IRphtOaxp3hkrDzonhH7brv2xIC55n
pI97BoHbl8xNXC/CMDIMsF7IRPTH5ydKJXMqEmcoYfhcsrxqizemq7MbKZpWU+CV
ZOhGZbIS3rGdm+/RYWKqpIiOwDeddQP+9kzBjLQeVlOhUQM+c4lTd05Y8w987BvP
SSayZ+2pg5zIcdnC7HSLNAeXhuqV0VAX8/diVI70B/W87CIdMn0=
=Yqcr
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5908-1] libreoffice security update, Moritz Muehlenhoff, 28.04.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.