Security update for libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1

Announcement ID:	SUSE-SU-2018:3683-1
Rating:	moderate
References:	bsc#1050305 bsc#1088263 bsc#1091606 bsc#1094779 bsc#1095601 bsc#1095639 bsc#1096360 bsc#1098891 bsc#1104876
Cross-References:	CVE-2018-10583
CVSS scores:	CVE-2018-10583 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2018-10583 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:	Basesystem Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SUSE Package Hub 15

An update that solves one vulnerability and has eight security fixes can now be installed.

Description:

This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues:

LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes:

The full changelog can be found on:

    https://wiki.documentfoundation.org/ReleaseNotes/6.1

Bugfixes:

bsc#1095639 Exporting to PPTX results in vertical labels being shown horizontally
bsc#1098891 Table in PPTX misplaced and partly blue
bsc#1088263 Labels in chart change (from white and other colors) to black when saving as PPTX
bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit
Add more translations:
Belarusian
Bodo
Dogri
Frisian
Gaelic
Paraguayan_Guaran
Upper_Sorbian
Konkani
Kashmiri
Luxembourgish
Monglolian
Manipuri
Burnese
Occitan
Kinyarwanda
Santali
Sanskrit
Sindhi
Sidamo
Tatar
Uzbek
Upper Sorbian
Venetian
Amharic
Asturian
Tibetian
Bosnian
English GB
English ZA
Indonesian
Icelandic
Georgian
Khmer
Lao
Macedonian
Nepali
Oromo
Albanian
Tajik
Uyghur
Vietnamese
Kurdish
Try to build all languages see bsc#1096360
Make sure to install the KDE5/Qt5 UI/filepicker
Try to implement safeguarding to avoid bsc#1050305
Disable base-drivers-mysql as it needs mysqlcppcon that is only for mysql and not mariadb, causes issues bsc#1094779
Users can still connect using jdbc/odbc
Fix java detection on machines with too many cpus
CVE-2018-10583: An information disclosure vulnerability occured when LibreOffice automatically processed and initiated an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606)

libepubgen was updated to 0.1.1:

Avoid <div> inside <p> or <span>.
Avoid writin vertical-align attribute without a value.
Fix generation of invalid XHTML when there is a link starting at the beginning of a footnote.
Handle relative width for images.
Fixed layout: write chapter names to improve navigation.
Support writing mode.
Start a new HTML file at every page span in addition to the splits induced by the chosen split method. This is to ensure that specified writing mode works correctly, as it is HTML <body> attribute.

liblangtag was updated to 0.6.2:

use standard function
fix leak in test

libmwaw was updated to 0.3.14:

Support MS Multiplan 1.1 files

libnumbertext was update to 1.0.5:

Various fixes in numerical calculations and issues reported on libreoffice tracker

libstaroffice was updated to 0.0.6:

retrieve some StarMath's formula,
retrieve some charts as graphic,
retrieve some fields in sda/sdc/sdp text-boxes,
.sdw: retrieve more attachments.

libwps was updated to 0.4.9:

QuattroPro: add parser to .wb3 files
Multiplan: add parser to DOS v1-v3 files
charts: try to retrieve charts in .wk, .wq files
QuattroPro: add parser to .wb[12] files

myspell-dictionaries was updated to 20181025:

Turkish dictionary added
Updated French dictionary

xmlsec1 was updated to 1.2.26:

Added xmlsec-mscng module based on Microsoft Cryptography API: Next Generation
Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R 34.10-2001 in xmlsec-mscrypto

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

Basesystem Module 15
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2616=1
SUSE Package Hub 15
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2616=1
SUSE Linux Enterprise Workstation Extension 15
zypper in -t patch SUSE-SLE-Product-WE-15-2018-2616=1

Package List:

Basesystem Module 15 (noarch)
- myspell-es-20181025-3.6.1
- myspell-nb_NO-20181025-3.6.1
- myspell-de-20181025-3.6.1
- myspell-en-20181025-3.6.1
- myspell-hu_HU-20181025-3.6.1
- myspell-es_ES-20181025-3.6.1
- myspell-ru_RU-20181025-3.6.1
- myspell-pt_BR-20181025-3.6.1
- myspell-de_DE-20181025-3.6.1
- myspell-ro_RO-20181025-3.6.1
- myspell-en_US-20181025-3.6.1
- myspell-no-20181025-3.6.1
- myspell-ro-20181025-3.6.1
Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
- myspell-lightproof-en-20181025-3.6.1
- myspell-lightproof-hu_HU-20181025-3.6.1
- myspell-lightproof-ru_RU-20181025-3.6.1
- myspell-lightproof-pt_BR-20181025-3.6.1
- myspell-dictionaries-20181025-3.6.1
SUSE Package Hub 15 (aarch64 ppc64le s390x x86_64)
- xmlsec1-openssl-devel-1.2.26-3.3.1
- xmlsec1-debuginfo-1.2.26-3.3.1
- libxmlsec1-gcrypt1-debuginfo-1.2.26-3.3.1
- libxmlsec1-openssl1-1.2.26-3.3.1
- libxmlsec1-gnutls1-debuginfo-1.2.26-3.3.1
- xmlsec1-gnutls-devel-1.2.26-3.3.1
- libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1
- libxmlsec1-gnutls1-1.2.26-3.3.1
- libxmlsec1-gcrypt1-1.2.26-3.3.1
- xmlsec1-debugsource-1.2.26-3.3.1
SUSE Linux Enterprise Workstation Extension 15 (x86_64)
- xmlsec1-openssl-devel-1.2.26-3.3.1
- liblangtag1-0.6.2-3.3.1
- libepubgen-0_1-1-0.1.1-3.3.1
- libreoffice-mailmerge-6.1.3.2-3.7.3
- liblangtag-debugsource-0.6.2-3.3.1
- libreoffice-calc-6.1.3.2-3.7.3
- libreofficekit-6.1.3.2-3.7.3
- libepubgen-0_1-1-debuginfo-0.1.1-3.3.1
- libnumbertext-debugsource-1.0.5-1.3.1
- libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1
- libnumbertext-debuginfo-1.0.5-1.3.1
- libreoffice-gtk3-6.1.3.2-3.7.3
- libreoffice-debuginfo-6.1.3.2-3.7.3
- libreoffice-impress-debuginfo-6.1.3.2-3.7.3
- libreoffice-officebean-6.1.3.2-3.7.3
- libstaroffice-debuginfo-0.0.6-3.3.1
- libreoffice-calc-extensions-6.1.3.2-3.7.3
- xmlsec1-devel-1.2.26-3.3.1
- libreoffice-gnome-debuginfo-6.1.3.2-3.7.3
- libreoffice-calc-debuginfo-6.1.3.2-3.7.3
- libreoffice-officebean-debuginfo-6.1.3.2-3.7.3
- libmwaw-debuginfo-0.3.14-4.3.1
- libxmlsec1-openssl1-1.2.26-3.3.1
- libreoffice-pyuno-6.1.3.2-3.7.3
- libnumbertext-1_0-0-1.0.5-1.3.1
- libreoffice-debugsource-6.1.3.2-3.7.3
- libwps-devel-0.4.9-3.3.1
- libepubgen-debugsource-0.1.1-3.3.1
- libreoffice-gnome-6.1.3.2-3.7.3
- libnumbertext-data-1.0.5-1.3.1
- libreoffice-writer-extensions-6.1.3.2-3.7.3
- libxmlsec1-nss1-debuginfo-1.2.26-3.3.1
- libreoffice-writer-6.1.3.2-3.7.3
- xmlsec1-debugsource-1.2.26-3.3.1
- libreoffice-base-drivers-postgresql-debuginfo-6.1.3.2-3.7.3
- liblangtag1-debuginfo-0.6.2-3.3.1
- libmwaw-0_3-3-debuginfo-0.3.14-4.3.1
- libreoffice-filters-optional-6.1.3.2-3.7.3
- libmwaw-0_3-3-0.3.14-4.3.1
- libreoffice-math-6.1.3.2-3.7.3
- libstaroffice-0_0-0-debuginfo-0.0.6-3.3.1
- libxmlsec1-1-debuginfo-1.2.26-3.3.1
- libreoffice-gtk3-debuginfo-6.1.3.2-3.7.3
- libstaroffice-debugsource-0.0.6-3.3.1
- libreoffice-impress-6.1.3.2-3.7.3
- libwps-debugsource-0.4.9-3.3.1
- libxmlsec1-nss1-1.2.26-3.3.1
- libwps-0_4-4-0.4.9-3.3.1
- libxmlsec1-1-1.2.26-3.3.1
- xmlsec1-nss-devel-1.2.26-3.3.1
- libwps-debuginfo-0.4.9-3.3.1
- liblangtag-devel-0.6.2-3.3.1
- libreoffice-math-debuginfo-6.1.3.2-3.7.3
- libreoffice-base-debuginfo-6.1.3.2-3.7.3
- libmwaw-debugsource-0.3.14-4.3.1
- libreoffice-6.1.3.2-3.7.3
- xmlsec1-debuginfo-1.2.26-3.3.1
- libwps-0_4-4-debuginfo-0.4.9-3.3.1
- libstaroffice-0_0-0-0.0.6-3.3.1
- libreoffice-draw-6.1.3.2-3.7.3
- libreoffice-writer-debuginfo-6.1.3.2-3.7.3
- libreoffice-draw-debuginfo-6.1.3.2-3.7.3
- libreoffice-pyuno-debuginfo-6.1.3.2-3.7.3
- libreoffice-base-6.1.3.2-3.7.3
- libepubgen-devel-0.1.1-3.3.1
- libreoffice-base-drivers-postgresql-6.1.3.2-3.7.3
SUSE Linux Enterprise Workstation Extension 15 (noarch)
- libreoffice-l10n-eo-6.1.3.2-3.7.3
- myspell-pl_PL-20181025-3.6.1
- myspell-hr_HR-20181025-3.6.1
- libreoffice-l10n-kk-6.1.3.2-3.7.3
- libreoffice-l10n-es-6.1.3.2-3.7.3
- myspell-pt_PT-20181025-3.6.1
- libreoffice-l10n-pt_PT-6.1.3.2-3.7.3
- libreoffice-branding-upstream-6.1.3.2-3.7.3
- myspell-da_DK-20181025-3.6.1
- libreoffice-l10n-bn-6.1.3.2-3.7.3
- myspell-te_IN-20181025-3.6.1
- libreoffice-l10n-ca-6.1.3.2-3.7.3
- libreoffice-l10n-fr-6.1.3.2-3.7.3
- myspell-fr_FR-20181025-3.6.1
- libreoffice-l10n-sr-6.1.3.2-3.7.3
- libreoffice-l10n-hi-6.1.3.2-3.7.3
- libreoffice-l10n-ve-6.1.3.2-3.7.3
- libreoffice-l10n-af-6.1.3.2-3.7.3
- libreoffice-l10n-he-6.1.3.2-3.7.3
- libreoffice-l10n-ts-6.1.3.2-3.7.3
- myspell-gl-20181025-3.6.1
- libreoffice-l10n-si-6.1.3.2-3.7.3
- libreoffice-l10n-pt_BR-6.1.3.2-3.7.3
- myspell-af_ZA-20181025-3.6.1
- libreoffice-l10n-or-6.1.3.2-3.7.3
- libreoffice-l10n-gl-6.1.3.2-3.7.3
- libreoffice-l10n-ga-6.1.3.2-3.7.3
- myspell-uk_UA-20181025-3.6.1
- myspell-ar-20181025-3.6.1
- libreoffice-l10n-pa-6.1.3.2-3.7.3
- myspell-bn_BD-20181025-3.6.1
- myspell-sl_SI-20181025-3.6.1
- libreoffice-l10n-zh_TW-6.1.3.2-3.7.3
- libreoffice-icon-themes-6.1.3.2-3.7.3
- libreoffice-l10n-fi-6.1.3.2-3.7.3
- libreoffice-l10n-mr-6.1.3.2-3.7.3
- libreoffice-l10n-nl-6.1.3.2-3.7.3
- libreoffice-l10n-sv-6.1.3.2-3.7.3
- libreoffice-l10n-tr-6.1.3.2-3.7.3
- myspell-si_LK-20181025-3.6.1
- libreoffice-l10n-nr-6.1.3.2-3.7.3
- myspell-nn_NO-20181025-3.6.1
- myspell-ca-20181025-3.6.1
- libreoffice-l10n-zh_CN-6.1.3.2-3.7.3
- libreoffice-l10n-cy-6.1.3.2-3.7.3
- libreoffice-l10n-et-6.1.3.2-3.7.3
- libreoffice-l10n-ja-6.1.3.2-3.7.3
- myspell-sr-20181025-3.6.1
- libreoffice-l10n-sl-6.1.3.2-3.7.3
- libreoffice-l10n-kn-6.1.3.2-3.7.3
- libreoffice-l10n-mai-6.1.3.2-3.7.3
- libreoffice-l10n-uk-6.1.3.2-3.7.3
- libreoffice-l10n-lt-6.1.3.2-3.7.3
- libreoffice-l10n-hr-6.1.3.2-3.7.3
- myspell-lt_LT-20181025-3.6.1
- libreoffice-l10n-eu-6.1.3.2-3.7.3
- libreoffice-l10n-ro-6.1.3.2-3.7.3
- libreoffice-l10n-tn-6.1.3.2-3.7.3
- libreoffice-l10n-it-6.1.3.2-3.7.3
- libreoffice-l10n-ar-6.1.3.2-3.7.3
- myspell-th_TH-20181025-3.6.1
- libreoffice-l10n-nn-6.1.3.2-3.7.3
- libreoffice-l10n-lv-6.1.3.2-3.7.3
- libreoffice-l10n-dz-6.1.3.2-3.7.3
- libreoffice-l10n-ss-6.1.3.2-3.7.3
- libreoffice-l10n-as-6.1.3.2-3.7.3
- libreoffice-l10n-en-6.1.3.2-3.7.3
- libreoffice-l10n-gu-6.1.3.2-3.7.3
- libreoffice-l10n-st-6.1.3.2-3.7.3
- libreoffice-l10n-zu-6.1.3.2-3.7.3
- libreoffice-l10n-hu-6.1.3.2-3.7.3
- myspell-sv_SE-20181025-3.6.1
- libreoffice-l10n-sk-6.1.3.2-3.7.3
- libreoffice-l10n-ml-6.1.3.2-3.7.3
- myspell-cs_CZ-20181025-3.6.1
- libreoffice-l10n-ta-6.1.3.2-3.7.3
- libreoffice-l10n-br-6.1.3.2-3.7.3
- myspell-lv_LV-20181025-3.6.1
- myspell-zu_ZA-20181025-3.6.1
- libreoffice-l10n-pl-6.1.3.2-3.7.3
- libreoffice-l10n-de-6.1.3.2-3.7.3
- libreoffice-l10n-xh-6.1.3.2-3.7.3
- libreoffice-l10n-te-6.1.3.2-3.7.3
- myspell-tr_TR-20181025-3.6.1
- myspell-he_IL-20181025-3.6.1
- myspell-nl_NL-20181025-3.6.1
- myspell-it_IT-20181025-3.6.1
- libreoffice-l10n-da-6.1.3.2-3.7.3
- myspell-br_FR-20181025-3.6.1
- libreoffice-l10n-el-6.1.3.2-3.7.3
- libreoffice-l10n-nb-6.1.3.2-3.7.3
- libreoffice-l10n-ru-6.1.3.2-3.7.3
- libreoffice-l10n-cs-6.1.3.2-3.7.3
- myspell-bg_BG-20181025-3.6.1
- libreoffice-l10n-ko-6.1.3.2-3.7.3
- libreoffice-l10n-bg-6.1.3.2-3.7.3
- myspell-et_EE-20181025-3.6.1
- libreoffice-l10n-fa-6.1.3.2-3.7.3
- myspell-hi_IN-20181025-3.6.1
- myspell-sk_SK-20181025-3.6.1
- myspell-el_GR-20181025-3.6.1
- libreoffice-l10n-nso-6.1.3.2-3.7.3
- myspell-gu_IN-20181025-3.6.1
- libreoffice-l10n-th-6.1.3.2-3.7.3

Security update for libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1

Description:

Patch Instructions:

Package List:

References: