Security update for LibreOffice
SUSE Security Update: Security update for LibreOffice
LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag
suse-4.0-26, based on upstream 4.0.3.3).
Two security issues have been fixed:
* DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)
* Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141)
The following non-security issues have been fixed:
* chart shown flipped (bnc#834722)
* chart missing dataset (bnc#839727)
* import new line in text (bnc#828390)
* lines running off screens (bnc#819614)
* add set-all language menu (bnc#863021)
* text rotation (bnc#783433, bnc#862510)
* page border shadow testcase (bnc#817956)
* one more clickable field fix (bnc#802888)
* multilevel labels are rotated (bnc#820273)
* incorrect nested table margins (bnc#816593)
* use BitmapURL only if its valid (bnc#821567)
* import gradfill for text colors (bnc#870234)
* fix undo of paragraph attributes (bnc#828598)
* stop-gap solution to avoid crash (bnc#830205)
* import images with duotone filter (bnc#820077)
* missing drop downs for autofilter (bnc#834705)
* typos in first page style creation (bnc#820836)
* labels wrongly interpreted as dates (bnc#834720)
* RTF import of fFilled shape property (bnc#825305)
* placeholders text size is not correct (bnc#831457)
* cells value formatted with wrong output (bnc#821795)
* RTF import of freeform shape coordinates (bnc#823655)
* styles (rename &) copy to different decks (bnc#757432)
* XLSX Chart import with internal data table (bnc#819822)
* handle M.d.yyyy date format in DOCX import (bnc#820509)
* paragraph style in empty first page header (bnc#823651)
* copying slides having same master page name (bnc#753460)
* printing handouts using the default, 'Order' (bnc#835985)
* wrap polygon was based on dest size of picture (bnc#820800)
* added common flags support for SEQ field import (bnc#825976)
* hyperlinks of illustration index in DOCX export (bnc#834035)
* allow insertion of redlines with an empty author (bnc#837302)
* handle drawinglayer rectangle inset in VML import (bnc#779642)
* don't apply complex font size to non-complex font (bnc#820819)
* issue with negative seeks in win32 shell extension (bnc#829017)
* slide appears quite garbled when imported from PPTX (bnc#593612)
* initial MCE support in writerfilter ooxml tokenizer (bnc#820503)
* MSWord uses xb for linebreaks in DB fields, take 2 (bnc#878854)
* try harder to convert floating tables to text frames (bnc#779620)
* itemstate in parent style incorrectly reported as set (bnc#819865)
* default color hidden by Default style in writerfilter (bnc#820504)
* DOCX document crashes when using internal OOXML filter (bnc#382137)
* ugly workaround for external leading with symbol fonts (bnc#823626)
* followup fix for exported xlsx causes errors for mso2007 (bnc#823935)
* we only support simple labels in the InternalDataProvider
(bnc#864396)
* RTF import: fix import of numbering bullet associated font
(bnc#823675)
* page specific footer extended to every pages in DOCX export
(bnc#654230)
* v:textbox mso-fit-shape-to-text style property in VML import
(bnc#820788)
* w:spacing in a paragraph should also apply to as-char objects
(bnc#780044)
* compatibility setting for MS Word wrapping text in less space
(bnc#822908)
* fix SwWrtShell::SelAll() to work with empty table at doc start
(bnc#825891)
Security Issues:
* CVE-2014-3575
* CVE-2013-4156
| Announcement ID: | SUSE-SU-2014:1116-1 |
| Rating: | important |
| References: | #382137 #593612 #654230 #753460 #757432 #779620 #779642 #780044 #783433 #802888 #816593 #817956 #819614 #819822 #819865 #820077 #820273 #820503 #820504 #820509 #820788 #820800 #820819 #820836 #821567 #821795 #822908 #823626 #823651 #823655 #823675 #823935 #825305 #825891 #825976 #828390 #828598 #829017 #830205 #831457 #831578 #834035 #834705 #834720 #834722 #835985 #837302 #839727 #862510 #863021 #864396 #870234 #878854 #893141 |
| Affected Products: |
An update that solves two vulnerabilities and has 52 fixes is now available. It includes one version update.
Description:
LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag
suse-4.0-26, based on upstream 4.0.3.3).
Two security issues have been fixed:
* DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)
* Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141)
The following non-security issues have been fixed:
* chart shown flipped (bnc#834722)
* chart missing dataset (bnc#839727)
* import new line in text (bnc#828390)
* lines running off screens (bnc#819614)
* add set-all language menu (bnc#863021)
* text rotation (bnc#783433, bnc#862510)
* page border shadow testcase (bnc#817956)
* one more clickable field fix (bnc#802888)
* multilevel labels are rotated (bnc#820273)
* incorrect nested table margins (bnc#816593)
* use BitmapURL only if its valid (bnc#821567)
* import gradfill for text colors (bnc#870234)
* fix undo of paragraph attributes (bnc#828598)
* stop-gap solution to avoid crash (bnc#830205)
* import images with duotone filter (bnc#820077)
* missing drop downs for autofilter (bnc#834705)
* typos in first page style creation (bnc#820836)
* labels wrongly interpreted as dates (bnc#834720)
* RTF import of fFilled shape property (bnc#825305)
* placeholders text size is not correct (bnc#831457)
* cells value formatted with wrong output (bnc#821795)
* RTF import of freeform shape coordinates (bnc#823655)
* styles (rename &) copy to different decks (bnc#757432)
* XLSX Chart import with internal data table (bnc#819822)
* handle M.d.yyyy date format in DOCX import (bnc#820509)
* paragraph style in empty first page header (bnc#823651)
* copying slides having same master page name (bnc#753460)
* printing handouts using the default, 'Order' (bnc#835985)
* wrap polygon was based on dest size of picture (bnc#820800)
* added common flags support for SEQ field import (bnc#825976)
* hyperlinks of illustration index in DOCX export (bnc#834035)
* allow insertion of redlines with an empty author (bnc#837302)
* handle drawinglayer rectangle inset in VML import (bnc#779642)
* don't apply complex font size to non-complex font (bnc#820819)
* issue with negative seeks in win32 shell extension (bnc#829017)
* slide appears quite garbled when imported from PPTX (bnc#593612)
* initial MCE support in writerfilter ooxml tokenizer (bnc#820503)
* MSWord uses xb for linebreaks in DB fields, take 2 (bnc#878854)
* try harder to convert floating tables to text frames (bnc#779620)
* itemstate in parent style incorrectly reported as set (bnc#819865)
* default color hidden by Default style in writerfilter (bnc#820504)
* DOCX document crashes when using internal OOXML filter (bnc#382137)
* ugly workaround for external leading with symbol fonts (bnc#823626)
* followup fix for exported xlsx causes errors for mso2007 (bnc#823935)
* we only support simple labels in the InternalDataProvider
(bnc#864396)
* RTF import: fix import of numbering bullet associated font
(bnc#823675)
* page specific footer extended to every pages in DOCX export
(bnc#654230)
* v:textbox mso-fit-shape-to-text style property in VML import
(bnc#820788)
* w:spacing in a paragraph should also apply to as-char objects
(bnc#780044)
* compatibility setting for MS Word wrapping text in less space
(bnc#822908)
* fix SwWrtShell::SelAll() to work with empty table at doc start
(bnc#825891)
Security Issues:
* CVE-2014-3575
* CVE-2013-4156
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-libreoffice-201409-9677 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-libreoffice-201409-9677
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]:
- libreoffice-4.0.3.3.26-0.6.2
- libreoffice-base-4.0.3.3.26-0.6.2
- libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2
- libreoffice-base-extensions-4.0.3.3.26-0.6.2
- libreoffice-calc-4.0.3.3.26-0.6.2
- libreoffice-calc-extensions-4.0.3.3.26-0.6.2
- libreoffice-draw-4.0.3.3.26-0.6.2
- libreoffice-draw-extensions-4.0.3.3.26-0.6.2
- libreoffice-filters-optional-4.0.3.3.26-0.6.2
- libreoffice-gnome-4.0.3.3.26-0.6.2
- libreoffice-impress-4.0.3.3.26-0.6.2
- libreoffice-impress-extensions-4.0.3.3.26-0.6.2
- libreoffice-kde-4.0.3.3.26-0.6.2
- libreoffice-kde4-4.0.3.3.26-0.6.2
- libreoffice-l10n-prebuilt-4.0.3.3.26-0.6.2
- libreoffice-mailmerge-4.0.3.3.26-0.6.2
- libreoffice-math-4.0.3.3.26-0.6.2
- libreoffice-mono-4.0.3.3.26-0.6.2
- libreoffice-officebean-4.0.3.3.26-0.6.2
- libreoffice-pyuno-4.0.3.3.26-0.6.2
- libreoffice-sdk-4.0.3.3.26-0.6.2
- libreoffice-writer-4.0.3.3.26-0.6.2
- libreoffice-writer-extensions-4.0.3.3.26-0.6.2
- SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 4.0.3.3.26]:
- libreoffice-branding-upstream-4.0.3.3.26-0.6.1
- libreoffice-help-cs-4.0.3.3.26-0.6.1
- libreoffice-help-da-4.0.3.3.26-0.6.1
- libreoffice-help-de-4.0.3.3.26-0.6.1
- libreoffice-help-en-GB-4.0.3.3.26-0.6.1
- libreoffice-help-en-US-4.0.3.3.26-0.6.1
- libreoffice-help-es-4.0.3.3.26-0.6.1
- libreoffice-help-fr-4.0.3.3.26-0.6.1
- libreoffice-help-gu-IN-4.0.3.3.26-0.6.1
- libreoffice-help-hi-IN-4.0.3.3.26-0.6.1
- libreoffice-help-hu-4.0.3.3.26-0.6.1
- libreoffice-help-it-4.0.3.3.26-0.6.1
- libreoffice-help-ja-4.0.3.3.26-0.6.1
- libreoffice-help-ko-4.0.3.3.26-0.6.1
- libreoffice-help-nl-4.0.3.3.26-0.6.1
- libreoffice-help-pl-4.0.3.3.26-0.6.1
- libreoffice-help-pt-4.0.3.3.26-0.6.1
- libreoffice-help-pt-BR-4.0.3.3.26-0.6.1
- libreoffice-help-ru-4.0.3.3.26-0.6.1
- libreoffice-help-sv-4.0.3.3.26-0.6.1
- libreoffice-help-zh-CN-4.0.3.3.26-0.6.1
- libreoffice-help-zh-TW-4.0.3.3.26-0.6.1
- libreoffice-icon-themes-4.0.3.3.26-0.6.2
- libreoffice-l10n-af-4.0.3.3.26-0.6.2
- libreoffice-l10n-ar-4.0.3.3.26-0.6.2
- libreoffice-l10n-ca-4.0.3.3.26-0.6.2
- libreoffice-l10n-cs-4.0.3.3.26-0.6.2
- libreoffice-l10n-da-4.0.3.3.26-0.6.2
- libreoffice-l10n-de-4.0.3.3.26-0.6.2
- libreoffice-l10n-el-4.0.3.3.26-0.6.2
- libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2
- libreoffice-l10n-es-4.0.3.3.26-0.6.2
- libreoffice-l10n-fi-4.0.3.3.26-0.6.2
- libreoffice-l10n-fr-4.0.3.3.26-0.6.2
- libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2
- libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2
- libreoffice-l10n-hu-4.0.3.3.26-0.6.2
- libreoffice-l10n-it-4.0.3.3.26-0.6.2
- libreoffice-l10n-ja-4.0.3.3.26-0.6.2
- libreoffice-l10n-ko-4.0.3.3.26-0.6.2
- libreoffice-l10n-nb-4.0.3.3.26-0.6.2
- libreoffice-l10n-nl-4.0.3.3.26-0.6.2
- libreoffice-l10n-nn-4.0.3.3.26-0.6.2
- libreoffice-l10n-pl-4.0.3.3.26-0.6.2
- libreoffice-l10n-pt-4.0.3.3.26-0.6.2
- libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2
- libreoffice-l10n-ru-4.0.3.3.26-0.6.2
- libreoffice-l10n-sk-4.0.3.3.26-0.6.2
- libreoffice-l10n-sv-4.0.3.3.26-0.6.2
- libreoffice-l10n-xh-4.0.3.3.26-0.6.2
- libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2
- libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2
- libreoffice-l10n-zu-4.0.3.3.26-0.6.2
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]:
- libreoffice-4.0.3.3.26-0.6.2
- libreoffice-base-4.0.3.3.26-0.6.2
- libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2
- libreoffice-base-extensions-4.0.3.3.26-0.6.2
- libreoffice-calc-4.0.3.3.26-0.6.2
- libreoffice-calc-extensions-4.0.3.3.26-0.6.2
- libreoffice-draw-4.0.3.3.26-0.6.2
- libreoffice-draw-extensions-4.0.3.3.26-0.6.2
- libreoffice-filters-optional-4.0.3.3.26-0.6.2
- libreoffice-gnome-4.0.3.3.26-0.6.2
- libreoffice-impress-4.0.3.3.26-0.6.2
- libreoffice-impress-extensions-4.0.3.3.26-0.6.2
- libreoffice-kde-4.0.3.3.26-0.6.2
- libreoffice-kde4-4.0.3.3.26-0.6.2
- libreoffice-mailmerge-4.0.3.3.26-0.6.2
- libreoffice-math-4.0.3.3.26-0.6.2
- libreoffice-mono-4.0.3.3.26-0.6.2
- libreoffice-officebean-4.0.3.3.26-0.6.2
- libreoffice-pyuno-4.0.3.3.26-0.6.2
- libreoffice-writer-4.0.3.3.26-0.6.2
- libreoffice-writer-extensions-4.0.3.3.26-0.6.2
- SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 4.0.3.3.26]:
- libreoffice-help-cs-4.0.3.3.26-0.6.1
- libreoffice-help-da-4.0.3.3.26-0.6.1
- libreoffice-help-de-4.0.3.3.26-0.6.1
- libreoffice-help-en-GB-4.0.3.3.26-0.6.1
- libreoffice-help-en-US-4.0.3.3.26-0.6.1
- libreoffice-help-es-4.0.3.3.26-0.6.1
- libreoffice-help-fr-4.0.3.3.26-0.6.1
- libreoffice-help-gu-IN-4.0.3.3.26-0.6.1
- libreoffice-help-hi-IN-4.0.3.3.26-0.6.1
- libreoffice-help-hu-4.0.3.3.26-0.6.1
- libreoffice-help-it-4.0.3.3.26-0.6.1
- libreoffice-help-ja-4.0.3.3.26-0.6.1
- libreoffice-help-ko-4.0.3.3.26-0.6.1
- libreoffice-help-nl-4.0.3.3.26-0.6.1
- libreoffice-help-pl-4.0.3.3.26-0.6.1
- libreoffice-help-pt-4.0.3.3.26-0.6.1
- libreoffice-help-pt-BR-4.0.3.3.26-0.6.1
- libreoffice-help-ru-4.0.3.3.26-0.6.1
- libreoffice-help-sv-4.0.3.3.26-0.6.1
- libreoffice-help-zh-CN-4.0.3.3.26-0.6.1
- libreoffice-help-zh-TW-4.0.3.3.26-0.6.1
- libreoffice-icon-themes-4.0.3.3.26-0.6.2
- libreoffice-l10n-af-4.0.3.3.26-0.6.2
- libreoffice-l10n-ar-4.0.3.3.26-0.6.2
- libreoffice-l10n-ca-4.0.3.3.26-0.6.2
- libreoffice-l10n-cs-4.0.3.3.26-0.6.2
- libreoffice-l10n-da-4.0.3.3.26-0.6.2
- libreoffice-l10n-de-4.0.3.3.26-0.6.2
- libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2
- libreoffice-l10n-es-4.0.3.3.26-0.6.2
- libreoffice-l10n-fi-4.0.3.3.26-0.6.2
- libreoffice-l10n-fr-4.0.3.3.26-0.6.2
- libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2
- libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2
- libreoffice-l10n-hu-4.0.3.3.26-0.6.2
- libreoffice-l10n-it-4.0.3.3.26-0.6.2
- libreoffice-l10n-ja-4.0.3.3.26-0.6.2
- libreoffice-l10n-ko-4.0.3.3.26-0.6.2
- libreoffice-l10n-nb-4.0.3.3.26-0.6.2
- libreoffice-l10n-nl-4.0.3.3.26-0.6.2
- libreoffice-l10n-nn-4.0.3.3.26-0.6.2
- libreoffice-l10n-pl-4.0.3.3.26-0.6.2
- libreoffice-l10n-pt-4.0.3.3.26-0.6.2
- libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2
- libreoffice-l10n-ru-4.0.3.3.26-0.6.2
- libreoffice-l10n-sk-4.0.3.3.26-0.6.2
- libreoffice-l10n-sv-4.0.3.3.26-0.6.2
- libreoffice-l10n-xh-4.0.3.3.26-0.6.2
- libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2
- libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2
- libreoffice-l10n-zu-4.0.3.3.26-0.6.2
References:
- http://support.novell.com/security/cve/CVE-2013-4156.html
- http://support.novell.com/security/cve/CVE-2014-3575.html
- https://bugzilla.novell.com/382137
- https://bugzilla.novell.com/593612
- https://bugzilla.novell.com/654230
- https://bugzilla.novell.com/753460
- https://bugzilla.novell.com/757432
- https://bugzilla.novell.com/779620
- https://bugzilla.novell.com/779642
- https://bugzilla.novell.com/780044
- https://bugzilla.novell.com/783433
- https://bugzilla.novell.com/802888
- https://bugzilla.novell.com/816593
- https://bugzilla.novell.com/817956
- https://bugzilla.novell.com/819614
- https://bugzilla.novell.com/819822
- https://bugzilla.novell.com/819865
- https://bugzilla.novell.com/820077
- https://bugzilla.novell.com/820273
- https://bugzilla.novell.com/820503
- https://bugzilla.novell.com/820504
- https://bugzilla.novell.com/820509
- https://bugzilla.novell.com/820788
- https://bugzilla.novell.com/820800
- https://bugzilla.novell.com/820819
- https://bugzilla.novell.com/820836
- https://bugzilla.novell.com/821567
- https://bugzilla.novell.com/821795
- https://bugzilla.novell.com/822908
- https://bugzilla.novell.com/823626
- https://bugzilla.novell.com/823651
- https://bugzilla.novell.com/823655
- https://bugzilla.novell.com/823675
- https://bugzilla.novell.com/823935
- https://bugzilla.novell.com/825305
- https://bugzilla.novell.com/825891
- https://bugzilla.novell.com/825976
- https://bugzilla.novell.com/828390
- https://bugzilla.novell.com/828598
- https://bugzilla.novell.com/829017
- https://bugzilla.novell.com/830205
- https://bugzilla.novell.com/831457
- https://bugzilla.novell.com/831578
- https://bugzilla.novell.com/834035
- https://bugzilla.novell.com/834705
- https://bugzilla.novell.com/834720
- https://bugzilla.novell.com/834722
- https://bugzilla.novell.com/835985
- https://bugzilla.novell.com/837302
- https://bugzilla.novell.com/839727
- https://bugzilla.novell.com/862510
- https://bugzilla.novell.com/863021
- https://bugzilla.novell.com/864396
- https://bugzilla.novell.com/870234
- https://bugzilla.novell.com/878854
- https://bugzilla.novell.com/893141
- http://download.suse.com/patch/finder/?keywords=d2e2531d51923f3c40bbd114b7e6c32e