Security update for LibreOffice

SUSE Security Update: Security update for LibreOffice
Announcement ID: SUSE-SU-2012:0457-1
Rating: moderate
References: #417818 #621739 #653688 #655408 #657909 #677811 #685123 #693238 #693388 #695479 #699334 #703032 #704274 #705949 #705956 #705977 #705985 #705991 #706138 #706792 #707157 #714787 #715094 #715104 #715115 #715543 #717290 #718227 #718694 #718971 #719656 #719887 #719989 #720443 #720948 #722045 #722918 #723074 #724087 #726152 #726174 #727504 #728559 #728603 #733864 #734734 #735533 #736495 #737190 #737921 #738113 #740032 #740117 #740453 #741182 #742178 #746996 #747471 #748198
Affected Products:
  • SUSE Linux Enterprise Desktop 10 SP4
  • SLE SDK 10 SP4

  • An update that solves three vulnerabilities and has 56 fixes is now available. It includes one version update.

    Description:


    LibreOffice 3.4.5 includes many fixes over the previous
    LibreOffice 3.4.2.6 update.

    The update fixes the following security issues:

    * 740453: Vulnerability in RDF handling (CVE-2012-0037)
    * 752595: overflow in jpeg handling (CVE-2012-1149)
    * 736146: buffer overflow in the build in icu copy
    (736146)

    This update also fixes the following non-security issues:

    Extras:

    * add SUSE color palette (fate#312645)

    Filters:

    * crash when loading embedded elements (bnc#693238)
    * crash when importing an empty paragraph (rh#667082)
    * more on bentConnectors (bnc#736495)
    * wrong text color in smartArt (bnc#746996)
    * reading of w:textbox contents (bnc#693388)
    * textbox position and size DOCX import (fdo#45560)
    * RTF/DOCX import of transparent frames (bnc#695479)
    * consecutive frames in RTF/DOCX import (bnc#703032)
    * handling of frame properties in RTF import
    (bnc#417818)
    * force imported XLSX active tab to be shown
    (bnc#748198)
    * create TableManager for inside shapes (bnc#747471,
    bnc#693238)
    * textboxes import with OLE objects inside (bnc#747471,
    bnc#693238)
    * table style (bnc#705991)
    * text rotation fixes (bnc#734734)
    * crash in PPTX import (bnc#706792)
    * read w:sdt* contents (bnc#705949)
    * connector shape fixes (bnc#719989)
    * legacy fragment import (bnc#699334)
    * non-working Excel macros (bnc#705977)
    * free drawn curves import (bnc#657909)
    * group shape transformations (bnc#621739)
    * extLst of drawings in diagrams import (bnc#655408)
    * flip properties of custom shapes import (bnc#705985)
    * line spacing is used from previous values (bnc#734734)
    * missing ooxml customshape->mso shape name entries
    (bnc#737921)
    * word doesn't break the numberings and prefers hiding
    them (bnc#707157)

    Base:

    * iterator misuse (fdo #44040, bnc#742178)

    Writer:

    * do not use an invalidated iterator (fdo#46337)
    * field refreshing (fdo#39694)
    * more layout crashers (i#101776, fdo#39510)
    * textbox borders style and width in DOCX import
    (fdo#45560)
    * expand all text fields when setting properties
    (fdo#42073)
    * version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)
    * SmartArt import
    * custom shapes import
    * Oracle Java 1.7.0 detection
    * reading AES-encrypted ODF 1.2 documents as generated
    by LO 3.5
    * frame selection (bnc#740117)
    * crash when editing index (bnc#726174)
    * order database properties (bnc#740032)
    * numbering levels in DOC import (bnc#715115)
    * image size issue in DOC import (bnc#718971)
    * pointless forward moving of a table (bnc#706138)
    * tabs set after the end margin in DOCX import
    (bnc#693238)
    * add hyperlinks by default in Table of Contents
    (bnc#705956)

    Calc:

    * pie charts colors messed in XLS import (fdo#40320)
    * correctly import data point formats in data series
    (fdo#40320)

    Components:

    * crash when parsing XML signatures (fdo#39657)
    * broken getDataArray (fdo#46165, fdo#38441, i#117010)
    * don't paint a frame around the list of edit boxes
    (fdo#42543)
    * inconsistent compression method for encrypted
    documents (bnc#653688)
    * allow pasting to multiple ranges (bnc#715094)
    * correctly convert chart data ranges (bnc#727504)
    * definedName corruption for XLSX export (bnc#741182)
    * adjust/shrink the ranges while copying (bnc#677811)
    * extra graph data is displayed for label (bnc#717290)
    * getCellRangeByName failure for named range
    (bnc#738113)
    * graph in XLS file has dates displayed wrong
    (bnc#720443)
    * improve performance of large Excel documents
    (bnc#715104)
    * display page background color/image properly
    (bnc#722045)
    * pivot table output becoming empty on re-save
    (bnc#715543)
    * encode virtual paths to local volume correctly
    (bnc#719887)
    * avoid adjusting cell-anchored objects on other sheets
    (bnc#726152)
    * make sure to adjust the sheet index of drawing
    objects (bnc#733864)
    * make the data validation popup more reliable (fdo
    #36851, bnc#737190)

    Impress:

    * do not create an empty slide when printing handouts
    (fdo#31966)
    * undo corruption (bnc#685123)
    * do not set duplicate master slide names (bnc#735533)

    Libraries:

    * default shortcut for .uno:SearchDialog should be
    Ctrl+H
    * crash using instances dialog of dataform navigator
    (fdo#44816)
    * disable problematic reading of external entities in
    raptor
    * correctly calculate leap year
    * use proper Indian Rupee currency symbol U+20B9
    (rh#794679)
    * handle copy and paste from ConsoleOne (bnc#704274)
    * VBA control events not working, broken eventattacher
    (bnc#718227)
    * "General Error" when double-click graphic in
    presentation (bnc#720948)
    * upgrade graphite to 1.0.3 fix surrogate support
    * crash at exit (bnc#728603)
    * radial gradient offset (bnc#714787)
    * horizontal scrollbars with KDE oxygen style
    (bnc#722918)
    * rendering of metafiles embedded in EMF+ (updated)
    (bnc#705956)

    Postprocess:

    * make the 3D transitions work again (bnc#728559)

    URE:

    * make Duden Korrektor 5 and 6 work

    General:

    * add compat symlinks for the old main desktop icon
    (bnc#724087)
    * Fix tooltips are all black in KDE4 (bnc#723074,
    fdo#40461)
    * do-not-display-math-in-desktop-menu.diff: do not
    display math in desktop menu (fdo#41681)
    * desktop-submenu.diff: display LO application in the
    right desktop submenu (bnc#718694)
    * bash-completion-for-loffice.diff: define bash
    completion for 'loffice' wrapper (bnc#719656)
    * svx-globlmn-hrc-build-dep.diff: fix build dependency
    problem in svx

    Security Issue references:

    * CVE-2011-4599
    >
    * CVE-2012-1149
    >
    * CVE-2012-0037
    >

    Package List:

    • SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.4.5.5]:
    • libreoffice-3.4.5.5-0.7.1
    • libreoffice-af-3.4.5.5-0.7.1
    • libreoffice-ar-3.4.5.5-0.7.1
    • libreoffice-ca-3.4.5.5-0.7.1
    • libreoffice-cs-3.4.5.5-0.7.1
    • libreoffice-da-3.4.5.5-0.7.1
    • libreoffice-de-3.4.5.5-0.7.1
    • libreoffice-el-3.4.5.5-0.7.1
    • libreoffice-en-GB-3.4.5.5-0.7.1
    • libreoffice-es-3.4.5.5-0.7.1
    • libreoffice-fi-3.4.5.5-0.7.1
    • libreoffice-fr-3.4.5.5-0.7.1
    • libreoffice-galleries-3.4.5.5-0.7.1
    • libreoffice-gnome-3.4.5.5-0.7.1
    • libreoffice-gu-IN-3.4.5.5-0.7.1
    • libreoffice-hi-IN-3.4.5.5-0.7.1
    • libreoffice-hu-3.4.5.5-0.7.1
    • libreoffice-it-3.4.5.5-0.7.1
    • libreoffice-ja-3.4.5.5-0.7.1
    • libreoffice-kde-3.4.5.5-0.7.1
    • libreoffice-ko-3.4.5.5-0.7.1
    • libreoffice-mono-3.4.5.5-0.7.1
    • libreoffice-nb-3.4.5.5-0.7.1
    • libreoffice-nl-3.4.5.5-0.7.1
    • libreoffice-nn-3.4.5.5-0.7.1
    • libreoffice-pl-3.4.5.5-0.7.1
    • libreoffice-pt-BR-3.4.5.5-0.7.1
    • libreoffice-ru-3.4.5.5-0.7.1
    • libreoffice-sk-3.4.5.5-0.7.1
    • libreoffice-sv-3.4.5.5-0.7.1
    • libreoffice-xh-3.4.5.5-0.7.1
    • libreoffice-zh-CN-3.4.5.5-0.7.1
    • libreoffice-zh-TW-3.4.5.5-0.7.1
    • libreoffice-zu-3.4.5.5-0.7.1
    • SLE SDK 10 SP4 (i586) [New Version: 3.4.5.5]:
    • libreoffice-3.4.5.5-0.7.1
    • libreoffice-cs-3.4.5.5-0.7.1
    • libreoffice-de-3.4.5.5-0.7.1
    • libreoffice-es-3.4.5.5-0.7.1
    • libreoffice-fr-3.4.5.5-0.7.1
    • libreoffice-galleries-3.4.5.5-0.7.1
    • libreoffice-gnome-3.4.5.5-0.7.1
    • libreoffice-hu-3.4.5.5-0.7.1
    • libreoffice-it-3.4.5.5-0.7.1
    • libreoffice-ja-3.4.5.5-0.7.1
    • libreoffice-kde-3.4.5.5-0.7.1
    • libreoffice-mono-3.4.5.5-0.7.1
    • libreoffice-pl-3.4.5.5-0.7.1
    • libreoffice-pt-BR-3.4.5.5-0.7.1
    • libreoffice-sk-3.4.5.5-0.7.1
    • libreoffice-zh-CN-3.4.5.5-0.7.1
    • libreoffice-zh-TW-3.4.5.5-0.7.1

    References:

    • http://support.novell.com/security/cve/CVE-2011-4599.html
    • http://support.novell.com/security/cve/CVE-2012-0037.html
    • http://support.novell.com/security/cve/CVE-2012-1149.html
    • https://bugzilla.novell.com/417818
    • https://bugzilla.novell.com/621739
    • https://bugzilla.novell.com/653688
    • https://bugzilla.novell.com/655408
    • https://bugzilla.novell.com/657909
    • https://bugzilla.novell.com/677811
    • https://bugzilla.novell.com/685123
    • https://bugzilla.novell.com/693238
    • https://bugzilla.novell.com/693388
    • https://bugzilla.novell.com/695479
    • https://bugzilla.novell.com/699334
    • https://bugzilla.novell.com/703032
    • https://bugzilla.novell.com/704274
    • https://bugzilla.novell.com/705949
    • https://bugzilla.novell.com/705956
    • https://bugzilla.novell.com/705977
    • https://bugzilla.novell.com/705985
    • https://bugzilla.novell.com/705991
    • https://bugzilla.novell.com/706138
    • https://bugzilla.novell.com/706792
    • https://bugzilla.novell.com/707157
    • https://bugzilla.novell.com/714787
    • https://bugzilla.novell.com/715094
    • https://bugzilla.novell.com/715104
    • https://bugzilla.novell.com/715115
    • https://bugzilla.novell.com/715543
    • https://bugzilla.novell.com/717290
    • https://bugzilla.novell.com/718227
    • https://bugzilla.novell.com/718694
    • https://bugzilla.novell.com/718971
    • https://bugzilla.novell.com/719656
    • https://bugzilla.novell.com/719887
    • https://bugzilla.novell.com/719989
    • https://bugzilla.novell.com/720443
    • https://bugzilla.novell.com/720948
    • https://bugzilla.novell.com/722045
    • https://bugzilla.novell.com/722918
    • https://bugzilla.novell.com/723074
    • https://bugzilla.novell.com/724087
    • https://bugzilla.novell.com/726152
    • https://bugzilla.novell.com/726174
    • https://bugzilla.novell.com/727504
    • https://bugzilla.novell.com/728559
    • https://bugzilla.novell.com/728603
    • https://bugzilla.novell.com/733864
    • https://bugzilla.novell.com/734734
    • https://bugzilla.novell.com/735533
    • https://bugzilla.novell.com/736495
    • https://bugzilla.novell.com/737190
    • https://bugzilla.novell.com/737921
    • https://bugzilla.novell.com/738113
    • https://bugzilla.novell.com/740032
    • https://bugzilla.novell.com/740117
    • https://bugzilla.novell.com/740453
    • https://bugzilla.novell.com/741182
    • https://bugzilla.novell.com/742178
    • https://bugzilla.novell.com/746996
    • https://bugzilla.novell.com/747471
    • https://bugzilla.novell.com/748198
    • http://download.suse.com/patch/finder/?keywords=212ca99750b4a43554de347c255f56fb