Security update for LibreOffice

Announcement ID: SUSE-SU-2020:0058-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2019-9853 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
  • Basesystem Module 15-SP1
  • Basesystem Module 15
  • SUSE Linux Enterprise Desktop 15
  • SUSE Linux Enterprise Desktop 15 SP1
  • SUSE Linux Enterprise High Performance Computing 15
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise Real Time 15 SP1
  • SUSE Linux Enterprise Server 15
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  • SUSE Linux Enterprise Server for SAP Applications 15
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • SUSE Linux Enterprise Workstation Extension 15
  • SUSE Linux Enterprise Workstation Extension 15 SP1
  • SUSE Manager Proxy 4.0
  • SUSE Manager Retail Branch Server 4.0
  • SUSE Manager Server 4.0

An update that solves one vulnerability, contains one feature and has three security fixes can now be installed.

Description:

This update libreoffice and libraries fixes the following issues:

LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes.

More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3

Security issue fixed:

  • CVE-2019-9853: Fixed an issue where by executing macros, the security settings could have been bypassed (bsc#1152684).

Other issues addressed:

  • Dropped disable-kde4 switch, since it is no longer known by configure
  • Disabled gtk2 because it will be removed in future releases
  • librelogo is now a standalone sub-package (bsc#1144522).
  • Partial fixes for an issue where Table(s) from DOCX showed wrong position or color (bsc#1061210).

cmis-client was updated to 0.5.2:

  • Removed header for Uuid's sha1 header(bsc#1105173).
  • Fixed Google Drive login
  • Added support for Google Drive two-factor authentication
  • Fixed access to SharePoint root folder
  • Limited the maximal number of redirections to 20
  • Switched library implementation to C++11 (the API remains C++98-compatible)
  • Fixed encoding of OAuth2 credentials
  • Dropped cppcheck run from "make check". A new "make cppcheck" target was created for it
  • Added proper API symbol exporting
  • Speeded up building of tests a bit
  • Fixed a few issues found by coverity and cppcheck

libixion was updated to 0.15.0:

  • Updated for new liborcus
  • Switched to spdlog for compile-time debug log outputs
  • Fixed various issues

libmwaw was updated 0.3.15:

  • Fixed fuzzing issues

liborcus was updated to 0.15.3:

  • Fixed various xml related bugs
  • Improved performance
  • Fixed multiple parser issues
  • Added map and structure mode to orcus-json
  • Other improvements and fixes

mdds was updated to 1.5.0:

  • API changed to 1.5
  • Moved the API incompatibility notes from README to the rst doc.
  • Added the overview section for flat_segment_tree.

myspell-dictionaries was updated to 20191016:

  • Updated Slovenian thesaurus
  • Updated the da_DK dictionary
  • Removed the abbreviations from Thai hunspell dictionary
  • Updated the English dictionaries
  • Fixed the logo management for "ca"

spdlog was updated to 0.16.3:

  • Fixed sleep issue under MSVC that happens when changing the clock backwards
  • Ensured that macros always expand to expressions
  • Added global flush_on function

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Basesystem Module 15
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-58=1
  • Basesystem Module 15-SP1
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-58=1
  • SUSE Linux Enterprise Workstation Extension 15 SP1
    zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-58=1
  • SUSE Linux Enterprise Workstation Extension 15
    zypper in -t patch SUSE-SLE-Product-WE-15-2020-58=1

Package List:

  • Basesystem Module 15 (noarch)
    • myspell-nb_NO-20191016-3.12.1
    • myspell-es-20191016-3.12.1
    • myspell-ro_RO-20191016-3.12.1
    • myspell-en-20191016-3.12.1
    • myspell-no-20191016-3.12.1
    • myspell-pt_BR-20191016-3.12.1
    • myspell-en_US-20191016-3.12.1
    • myspell-hu_HU-20191016-3.12.1
    • myspell-de-20191016-3.12.1
    • myspell-ro-20191016-3.12.1
    • myspell-es_ES-20191016-3.12.1
    • myspell-de_DE-20191016-3.12.1
    • myspell-ru_RU-20191016-3.12.1
  • Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
    • myspell-lightproof-hu_HU-20191016-3.12.1
    • myspell-lightproof-ru_RU-20191016-3.12.1
    • myspell-dictionaries-20191016-3.12.1
    • myspell-lightproof-en-20191016-3.12.1
    • myspell-lightproof-pt_BR-20191016-3.12.1
  • Basesystem Module 15-SP1 (noarch)
    • myspell-nb_NO-20191016-3.12.1
    • myspell-es-20191016-3.12.1
    • myspell-de_AT-20191016-3.12.1
    • myspell-ro_RO-20191016-3.12.1
    • myspell-en-20191016-3.12.1
    • myspell-no-20191016-3.12.1
    • myspell-ru_RU-20191016-3.12.1
    • myspell-pt_BR-20191016-3.12.1
    • myspell-de_CH-20191016-3.12.1
    • myspell-en_US-20191016-3.12.1
    • myspell-hu_HU-20191016-3.12.1
    • myspell-ro-20191016-3.12.1
    • myspell-es_ES-20191016-3.12.1
    • myspell-de_DE-20191016-3.12.1
    • myspell-de-20191016-3.12.1
  • Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
    • myspell-lightproof-hu_HU-20191016-3.12.1
    • myspell-lightproof-ru_RU-20191016-3.12.1
    • myspell-dictionaries-20191016-3.12.1
    • myspell-lightproof-en-20191016-3.12.1
    • myspell-lightproof-pt_BR-20191016-3.12.1
  • SUSE Linux Enterprise Workstation Extension 15 SP1 (noarch)
    • myspell-el_GR-20191016-3.12.1
    • myspell-hi_IN-20191016-3.12.1
    • myspell-it_IT-20191016-3.12.1
    • myspell-gu_IN-20191016-3.12.1
    • myspell-af_ZA-20191016-3.12.1
    • myspell-sk_SK-20191016-3.12.1
    • myspell-cs_CZ-20191016-3.12.1
    • myspell-nl_NL-20191016-3.12.1
    • myspell-gl-20191016-3.12.1
    • myspell-fr_FR-20191016-3.12.1
    • myspell-tr_TR-20191016-3.12.1
    • myspell-et_EE-20191016-3.12.1
    • myspell-si_LK-20191016-3.12.1
    • myspell-sl_SI-20191016-3.12.1
    • myspell-th_TH-20191016-3.12.1
    • myspell-zu_ZA-20191016-3.12.1
    • myspell-pl_PL-20191016-3.12.1
    • myspell-te_IN-20191016-3.12.1
    • myspell-hr_HR-20191016-3.12.1
    • myspell-sv_SE-20191016-3.12.1
    • myspell-pt_PT-20191016-3.12.1
    • myspell-da_DK-20191016-3.12.1
    • myspell-he_IL-20191016-3.12.1
    • myspell-uk_UA-20191016-3.12.1
    • myspell-bn_BD-20191016-3.12.1
    • myspell-sr-20191016-3.12.1
    • myspell-ar-20191016-3.12.1
    • myspell-lt_LT-20191016-3.12.1
    • myspell-bg_BG-20191016-3.12.1
    • myspell-ca-20191016-3.12.1
    • myspell-nn_NO-20191016-3.12.1
    • myspell-lv_LV-20191016-3.12.1
    • myspell-br_FR-20191016-3.12.1
  • SUSE Linux Enterprise Workstation Extension 15 SP1 (x86_64)
    • libmwaw-0_3-3-debuginfo-0.3.15-4.6.1
    • libcmis-devel-0.5.2-3.3.1
    • libmwaw-debuginfo-0.3.15-4.6.1
    • libmwaw-0_3-3-0.3.15-4.6.1
    • libmwaw-debugsource-0.3.15-4.6.1
    • liborcus-0_15-0-0.15.3-3.6.1
    • libixion-debuginfo-0.15.0-4.6.1
    • liborcus-0_15-0-debuginfo-0.15.3-3.6.1
    • liborcus-debuginfo-0.15.3-3.6.1
    • libcmis-0_5-5-debuginfo-0.5.2-3.3.1
    • liborcus-debugsource-0.15.3-3.6.1
    • libixion-0_15-0-debuginfo-0.15.0-4.6.1
    • libixion-0_15-0-0.15.0-4.6.1
    • cmis-client-debuginfo-0.5.2-3.3.1
    • libixion-debugsource-0.15.0-4.6.1
    • cmis-client-debugsource-0.5.2-3.3.1
    • liborcus-devel-0.15.3-3.6.1
    • libcmis-0_5-5-0.5.2-3.3.1
  • SUSE Linux Enterprise Workstation Extension 15 (x86_64)
    • libmwaw-debuginfo-0.3.15-4.6.1
    • libcmis-devel-0.5.2-3.3.1
    • libreoffice-impress-6.3.3.2-3.27.1
    • libreoffice-draw-debuginfo-6.3.3.2-3.27.1
    • liborcus-0_15-0-debuginfo-0.15.3-3.6.1
    • libreoffice-pyuno-6.3.3.2-3.27.1
    • libreoffice-writer-extensions-6.3.3.2-3.27.1
    • libmwaw-0_3-3-0.3.15-4.6.1
    • liborcus-0_15-0-0.15.3-3.6.1
    • libreoffice-gtk3-debuginfo-6.3.3.2-3.27.1
    • libreoffice-gtk3-6.3.3.2-3.27.1
    • liborcus-debuginfo-0.15.3-3.6.1
    • libreoffice-gnome-6.3.3.2-3.27.1
    • libreoffice-base-drivers-postgresql-6.3.3.2-3.27.1
    • libreoffice-math-6.3.3.2-3.27.1
    • libixion-0_15-0-0.15.0-4.6.1
    • libcmis-0_5-5-0.5.2-3.3.1
    • libreoffice-writer-debuginfo-6.3.3.2-3.27.1
    • libmwaw-0_3-3-debuginfo-0.3.15-4.6.1
    • libreoffice-calc-extensions-6.3.3.2-3.27.1
    • libmwaw-debugsource-0.3.15-4.6.1
    • libreoffice-math-debuginfo-6.3.3.2-3.27.1
    • libixion-0_15-0-debuginfo-0.15.0-4.6.1
    • libreoffice-calc-6.3.3.2-3.27.1
    • libreoffice-gnome-debuginfo-6.3.3.2-3.27.1
    • cmis-client-debugsource-0.5.2-3.3.1
    • libreoffice-debugsource-6.3.3.2-3.27.1
    • libreofficekit-6.3.3.2-3.27.1
    • libreoffice-officebean-6.3.3.2-3.27.1
    • liborcus-devel-0.15.3-3.6.1
    • libreoffice-6.3.3.2-3.27.1
    • libreoffice-draw-6.3.3.2-3.27.1
    • libreoffice-calc-debuginfo-6.3.3.2-3.27.1
    • libreoffice-writer-6.3.3.2-3.27.1
    • libreoffice-base-debuginfo-6.3.3.2-3.27.1
    • libreoffice-mailmerge-6.3.3.2-3.27.1
    • libreoffice-filters-optional-6.3.3.2-3.27.1
    • libixion-debuginfo-0.15.0-4.6.1
    • libcmis-0_5-5-debuginfo-0.5.2-3.3.1
    • liborcus-debugsource-0.15.3-3.6.1
    • libreoffice-base-6.3.3.2-3.27.1
    • libreoffice-officebean-debuginfo-6.3.3.2-3.27.1
    • libreoffice-impress-debuginfo-6.3.3.2-3.27.1
    • libreoffice-base-drivers-postgresql-debuginfo-6.3.3.2-3.27.1
    • cmis-client-debuginfo-0.5.2-3.3.1
    • libixion-debugsource-0.15.0-4.6.1
    • libreoffice-pyuno-debuginfo-6.3.3.2-3.27.1
    • libreoffice-debuginfo-6.3.3.2-3.27.1
  • SUSE Linux Enterprise Workstation Extension 15 (noarch)
    • libreoffice-l10n-ar-6.3.3.2-3.27.1
    • libreoffice-l10n-ga-6.3.3.2-3.27.1
    • myspell-fr_FR-20191016-3.12.1
    • myspell-si_LK-20191016-3.12.1
    • libreoffice-icon-themes-6.3.3.2-3.27.1
    • libreoffice-l10n-te-6.3.3.2-3.27.1
    • libreoffice-l10n-it-6.3.3.2-3.27.1
    • libreoffice-l10n-ts-6.3.3.2-3.27.1
    • myspell-pl_PL-20191016-3.12.1
    • libreoffice-l10n-hu-6.3.3.2-3.27.1
    • libreoffice-l10n-br-6.3.3.2-3.27.1
    • myspell-sv_SE-20191016-3.12.1
    • libreoffice-l10n-ml-6.3.3.2-3.27.1
    • libreoffice-l10n-kk-6.3.3.2-3.27.1
    • myspell-he_IL-20191016-3.12.1
    • myspell-uk_UA-20191016-3.12.1
    • libreoffice-l10n-zh_CN-6.3.3.2-3.27.1
    • libreoffice-l10n-gl-6.3.3.2-3.27.1
    • myspell-sr-20191016-3.12.1
    • libreoffice-l10n-cs-6.3.3.2-3.27.1
    • libreoffice-l10n-mai-6.3.3.2-3.27.1
    • libreoffice-l10n-gu-6.3.3.2-3.27.1
    • libreoffice-l10n-zu-6.3.3.2-3.27.1
    • myspell-bg_BG-20191016-3.12.1
    • myspell-ca-20191016-3.12.1
    • libreoffice-l10n-es-6.3.3.2-3.27.1
    • libreoffice-l10n-sr-6.3.3.2-3.27.1
    • myspell-br_FR-20191016-3.12.1
    • libreoffice-l10n-sl-6.3.3.2-3.27.1
    • myspell-el_GR-20191016-3.12.1
    • libreoffice-l10n-pt_BR-6.3.3.2-3.27.1
    • libreoffice-l10n-mr-6.3.3.2-3.27.1
    • myspell-gu_IN-20191016-3.12.1
    • myspell-af_ZA-20191016-3.12.1
    • libreoffice-l10n-hi-6.3.3.2-3.27.1
    • myspell-nl_NL-20191016-3.12.1
    • myspell-et_EE-20191016-3.12.1
    • myspell-te_IN-20191016-3.12.1
    • libreoffice-l10n-pt_PT-6.3.3.2-3.27.1
    • myspell-hr_HR-20191016-3.12.1
    • libreoffice-l10n-eu-6.3.3.2-3.27.1
    • libreoffice-l10n-hr-6.3.3.2-3.27.1
    • myspell-da_DK-20191016-3.12.1
    • libreoffice-l10n-dz-6.3.3.2-3.27.1
    • libreoffice-l10n-ve-6.3.3.2-3.27.1
    • libreoffice-l10n-sk-6.3.3.2-3.27.1
    • libreoffice-l10n-nso-6.3.3.2-3.27.1
    • libreoffice-l10n-st-6.3.3.2-3.27.1
    • libreoffice-l10n-de-6.3.3.2-3.27.1
    • libreoffice-l10n-da-6.3.3.2-3.27.1
    • libreoffice-l10n-cy-6.3.3.2-3.27.1
    • libreoffice-l10n-tr-6.3.3.2-3.27.1
    • libreoffice-l10n-ss-6.3.3.2-3.27.1
    • libreoffice-l10n-lt-6.3.3.2-3.27.1
    • myspell-lt_LT-20191016-3.12.1
    • libreoffice-l10n-el-6.3.3.2-3.27.1
    • libreoffice-l10n-nr-6.3.3.2-3.27.1
    • libreoffice-l10n-nn-6.3.3.2-3.27.1
    • libreoffice-l10n-fa-6.3.3.2-3.27.1
    • libreoffice-l10n-th-6.3.3.2-3.27.1
    • libreoffice-l10n-ta-6.3.3.2-3.27.1
    • myspell-nn_NO-20191016-3.12.1
    • myspell-lv_LV-20191016-3.12.1
    • libreoffice-l10n-et-6.3.3.2-3.27.1
    • libreoffice-l10n-pa-6.3.3.2-3.27.1
    • libreoffice-l10n-si-6.3.3.2-3.27.1
    • myspell-hi_IN-20191016-3.12.1
    • libreoffice-l10n-xh-6.3.3.2-3.27.1
    • libreoffice-l10n-af-6.3.3.2-3.27.1
    • myspell-it_IT-20191016-3.12.1
    • libreoffice-l10n-ru-6.3.3.2-3.27.1
    • myspell-gl-20191016-3.12.1
    • myspell-th_TH-20191016-3.12.1
    • libreoffice-l10n-ro-6.3.3.2-3.27.1
    • libreoffice-l10n-fi-6.3.3.2-3.27.1
    • libreoffice-l10n-kn-6.3.3.2-3.27.1
    • libreoffice-l10n-zh_TW-6.3.3.2-3.27.1
    • libreoffice-l10n-ja-6.3.3.2-3.27.1
    • libreoffice-l10n-or-6.3.3.2-3.27.1
    • libreoffice-l10n-pl-6.3.3.2-3.27.1
    • libreoffice-l10n-nb-6.3.3.2-3.27.1
    • libreoffice-l10n-uk-6.3.3.2-3.27.1
    • libreoffice-l10n-bn-6.3.3.2-3.27.1
    • libreoffice-l10n-as-6.3.3.2-3.27.1
    • myspell-sk_SK-20191016-3.12.1
    • myspell-cs_CZ-20191016-3.12.1
    • libreoffice-l10n-tn-6.3.3.2-3.27.1
    • myspell-tr_TR-20191016-3.12.1
    • myspell-sl_SI-20191016-3.12.1
    • myspell-zu_ZA-20191016-3.12.1
    • myspell-pt_PT-20191016-3.12.1
    • libreoffice-l10n-fr-6.3.3.2-3.27.1
    • libreoffice-l10n-nl-6.3.3.2-3.27.1
    • libreoffice-l10n-ca-6.3.3.2-3.27.1
    • libreoffice-l10n-bg-6.3.3.2-3.27.1
    • libreoffice-branding-upstream-6.3.3.2-3.27.1
    • myspell-bn_BD-20191016-3.12.1
    • myspell-ar-20191016-3.12.1
    • libreoffice-l10n-sv-6.3.3.2-3.27.1
    • libreoffice-l10n-ko-6.3.3.2-3.27.1
    • libreoffice-l10n-he-6.3.3.2-3.27.1
    • libreoffice-l10n-lv-6.3.3.2-3.27.1
    • libreoffice-l10n-en-6.3.3.2-3.27.1
    • libreoffice-l10n-eo-6.3.3.2-3.27.1

References: