An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person.
RHEL 8.6.0 and below are all affected by this flaw. RHEL 9 uses an updated version which is not exposed to the flaw. LibreOffice improperly validated signatures that it could not verify the algorithm for. This led to LibreOffice presenting a valid signature, even though the signature could not be verified as valid.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1766 https://access.redhat.com/errata/RHSA-2022:1766
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-25635