[security-announce] SUSE-SU-2014:1116-1: important: Security update for LibreOffice

SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1116-1 Rating: important References: #382137 #593612 #654230 #753460 #757432 #779620 #779642 #780044 #783433 #802888 #816593 #817956 #819614 #819822 #819865 #820077 #820273 #820503 #820504 #820509 #820788 #820800 #820819 #820836 #821567 #821795 #822908 #823626 #823651 #823655 #823675 #823935 #825305 #825891 #825976 #828390 #828598 #829017 #830205 #831457 #831578 #834035 #834705 #834720 #834722 #835985 #837302 #839727 #862510 #863021 #864396 #870234 #878854 #893141 Cross-References: CVE-2013-4156 CVE-2014-3575 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has 52 fixes is now available. It includes one version update. Description: LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3). Two security issues have been fixed: * DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578) * Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed: * chart shown flipped (bnc#834722) * chart missing dataset (bnc#839727) * import new line in text (bnc#828390) * lines running off screens (bnc#819614) * add set-all language menu (bnc#863021) * text rotation (bnc#783433, bnc#862510) * page border shadow testcase (bnc#817956) * one more clickable field fix (bnc#802888) * multilevel labels are rotated (bnc#820273) * incorrect nested table margins (bnc#816593) * use BitmapURL only if its valid (bnc#821567) * import gradfill for text colors (bnc#870234) * fix undo of paragraph attributes (bnc#828598) * stop-gap solution to avoid crash (bnc#830205) * import images with duotone filter (bnc#820077) * missing drop downs for autofilter (bnc#834705) * typos in first page style creation (bnc#820836) * labels wrongly interpreted as dates (bnc#834720) * RTF import of fFilled shape property (bnc#825305) * placeholders text size is not correct (bnc#831457) * cells value formatted with wrong output (bnc#821795) * RTF import of freeform shape coordinates (bnc#823655) * styles (rename &) copy to different decks (bnc#757432) * XLSX Chart import with internal data table (bnc#819822) * handle M.d.yyyy date format in DOCX import (bnc#820509) * paragraph style in empty first page header (bnc#823651) * copying slides having same master page name (bnc#753460) * printing handouts using the default, 'Order' (bnc#835985) * wrap polygon was based on dest size of picture (bnc#820800) * added common flags support for SEQ field import (bnc#825976) * hyperlinks of illustration index in DOCX export (bnc#834035) * allow insertion of redlines with an empty author (bnc#837302) * handle drawinglayer rectangle inset in VML import (bnc#779642) * don't apply complex font size to non-complex font (bnc#820819) * issue with negative seeks in win32 shell extension (bnc#829017) * slide appears quite garbled when imported from PPTX (bnc#593612) * initial MCE support in writerfilter ooxml tokenizer (bnc#820503) * MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854) * try harder to convert floating tables to text frames (bnc#779620) * itemstate in parent style incorrectly reported as set (bnc#819865) * default color hidden by Default style in writerfilter (bnc#820504) * DOCX document crashes when using internal OOXML filter (bnc#382137) * ugly workaround for external leading with symbol fonts (bnc#823626) * followup fix for exported xlsx causes errors for mso2007 (bnc#823935) * we only support simple labels in the InternalDataProvider (bnc#864396) * RTF import: fix import of numbering bullet associated font (bnc#823675) * page specific footer extended to every pages in DOCX export (bnc#654230) * v:textbox mso-fit-shape-to-text style property in VML import (bnc#820788) * w:spacing in a paragraph should also apply to as-char objects (bnc#780044) * compatibility setting for MS Word wrapping text in less space (bnc#822908) * fix SwWrtShell::SelAll() to work with empty table at doc start (bnc#825891) Security Issues: * CVE-2014-3575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575> * CVE-2013-4156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4156> Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libreoffice-201409-9677 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libreoffice-201409-9677 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]: libreoffice-4.0.3.3.26-0.6.2 libreoffice-base-4.0.3.3.26-0.6.2 libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2 libreoffice-base-extensions-4.0.3.3.26-0.6.2 libreoffice-calc-4.0.3.3.26-0.6.2 libreoffice-calc-extensions-4.0.3.3.26-0.6.2 libreoffice-draw-4.0.3.3.26-0.6.2 libreoffice-draw-extensions-4.0.3.3.26-0.6.2 libreoffice-filters-optional-4.0.3.3.26-0.6.2 libreoffice-gnome-4.0.3.3.26-0.6.2 libreoffice-impress-4.0.3.3.26-0.6.2 libreoffice-impress-extensions-4.0.3.3.26-0.6.2 libreoffice-kde-4.0.3.3.26-0.6.2 libreoffice-kde4-4.0.3.3.26-0.6.2 libreoffice-l10n-prebuilt-4.0.3.3.26-0.6.2 libreoffice-mailmerge-4.0.3.3.26-0.6.2 libreoffice-math-4.0.3.3.26-0.6.2 libreoffice-mono-4.0.3.3.26-0.6.2 libreoffice-officebean-4.0.3.3.26-0.6.2 libreoffice-pyuno-4.0.3.3.26-0.6.2 libreoffice-sdk-4.0.3.3.26-0.6.2 libreoffice-writer-4.0.3.3.26-0.6.2 libreoffice-writer-extensions-4.0.3.3.26-0.6.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 4.0.3.3.26]: libreoffice-branding-upstream-4.0.3.3.26-0.6.1 libreoffice-help-cs-4.0.3.3.26-0.6.1 libreoffice-help-da-4.0.3.3.26-0.6.1 libreoffice-help-de-4.0.3.3.26-0.6.1 libreoffice-help-en-GB-4.0.3.3.26-0.6.1 libreoffice-help-en-US-4.0.3.3.26-0.6.1 libreoffice-help-es-4.0.3.3.26-0.6.1 libreoffice-help-fr-4.0.3.3.26-0.6.1 libreoffice-help-gu-IN-4.0.3.3.26-0.6.1 libreoffice-help-hi-IN-4.0.3.3.26-0.6.1 libreoffice-help-hu-4.0.3.3.26-0.6.1 libreoffice-help-it-4.0.3.3.26-0.6.1 libreoffice-help-ja-4.0.3.3.26-0.6.1 libreoffice-help-ko-4.0.3.3.26-0.6.1 libreoffice-help-nl-4.0.3.3.26-0.6.1 libreoffice-help-pl-4.0.3.3.26-0.6.1 libreoffice-help-pt-4.0.3.3.26-0.6.1 libreoffice-help-pt-BR-4.0.3.3.26-0.6.1 libreoffice-help-ru-4.0.3.3.26-0.6.1 libreoffice-help-sv-4.0.3.3.26-0.6.1 libreoffice-help-zh-CN-4.0.3.3.26-0.6.1 libreoffice-help-zh-TW-4.0.3.3.26-0.6.1 libreoffice-icon-themes-4.0.3.3.26-0.6.2 libreoffice-l10n-af-4.0.3.3.26-0.6.2 libreoffice-l10n-ar-4.0.3.3.26-0.6.2 libreoffice-l10n-ca-4.0.3.3.26-0.6.2 libreoffice-l10n-cs-4.0.3.3.26-0.6.2 libreoffice-l10n-da-4.0.3.3.26-0.6.2 libreoffice-l10n-de-4.0.3.3.26-0.6.2 libreoffice-l10n-el-4.0.3.3.26-0.6.2 libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2 libreoffice-l10n-es-4.0.3.3.26-0.6.2 libreoffice-l10n-fi-4.0.3.3.26-0.6.2 libreoffice-l10n-fr-4.0.3.3.26-0.6.2 libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2 libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2 libreoffice-l10n-hu-4.0.3.3.26-0.6.2 libreoffice-l10n-it-4.0.3.3.26-0.6.2 libreoffice-l10n-ja-4.0.3.3.26-0.6.2 libreoffice-l10n-ko-4.0.3.3.26-0.6.2 libreoffice-l10n-nb-4.0.3.3.26-0.6.2 libreoffice-l10n-nl-4.0.3.3.26-0.6.2 libreoffice-l10n-nn-4.0.3.3.26-0.6.2 libreoffice-l10n-pl-4.0.3.3.26-0.6.2 libreoffice-l10n-pt-4.0.3.3.26-0.6.2 libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2 libreoffice-l10n-ru-4.0.3.3.26-0.6.2 libreoffice-l10n-sk-4.0.3.3.26-0.6.2 libreoffice-l10n-sv-4.0.3.3.26-0.6.2 libreoffice-l10n-xh-4.0.3.3.26-0.6.2 libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2 libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2 libreoffice-l10n-zu-4.0.3.3.26-0.6.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]: libreoffice-4.0.3.3.26-0.6.2 libreoffice-base-4.0.3.3.26-0.6.2 libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2 libreoffice-base-extensions-4.0.3.3.26-0.6.2 libreoffice-calc-4.0.3.3.26-0.6.2 libreoffice-calc-extensions-4.0.3.3.26-0.6.2 libreoffice-draw-4.0.3.3.26-0.6.2 libreoffice-draw-extensions-4.0.3.3.26-0.6.2 libreoffice-filters-optional-4.0.3.3.26-0.6.2 libreoffice-gnome-4.0.3.3.26-0.6.2 libreoffice-impress-4.0.3.3.26-0.6.2 libreoffice-impress-extensions-4.0.3.3.26-0.6.2 libreoffice-kde-4.0.3.3.26-0.6.2 libreoffice-kde4-4.0.3.3.26-0.6.2 libreoffice-mailmerge-4.0.3.3.26-0.6.2 libreoffice-math-4.0.3.3.26-0.6.2 libreoffice-mono-4.0.3.3.26-0.6.2 libreoffice-officebean-4.0.3.3.26-0.6.2 libreoffice-pyuno-4.0.3.3.26-0.6.2 libreoffice-writer-4.0.3.3.26-0.6.2 libreoffice-writer-extensions-4.0.3.3.26-0.6.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 4.0.3.3.26]: libreoffice-help-cs-4.0.3.3.26-0.6.1 libreoffice-help-da-4.0.3.3.26-0.6.1 libreoffice-help-de-4.0.3.3.26-0.6.1 libreoffice-help-en-GB-4.0.3.3.26-0.6.1 libreoffice-help-en-US-4.0.3.3.26-0.6.1 libreoffice-help-es-4.0.3.3.26-0.6.1 libreoffice-help-fr-4.0.3.3.26-0.6.1 libreoffice-help-gu-IN-4.0.3.3.26-0.6.1 libreoffice-help-hi-IN-4.0.3.3.26-0.6.1 libreoffice-help-hu-4.0.3.3.26-0.6.1 libreoffice-help-it-4.0.3.3.26-0.6.1 libreoffice-help-ja-4.0.3.3.26-0.6.1 libreoffice-help-ko-4.0.3.3.26-0.6.1 libreoffice-help-nl-4.0.3.3.26-0.6.1 libreoffice-help-pl-4.0.3.3.26-0.6.1 libreoffice-help-pt-4.0.3.3.26-0.6.1 libreoffice-help-pt-BR-4.0.3.3.26-0.6.1 libreoffice-help-ru-4.0.3.3.26-0.6.1 libreoffice-help-sv-4.0.3.3.26-0.6.1 libreoffice-help-zh-CN-4.0.3.3.26-0.6.1 libreoffice-help-zh-TW-4.0.3.3.26-0.6.1 libreoffice-icon-themes-4.0.3.3.26-0.6.2 libreoffice-l10n-af-4.0.3.3.26-0.6.2 libreoffice-l10n-ar-4.0.3.3.26-0.6.2 libreoffice-l10n-ca-4.0.3.3.26-0.6.2 libreoffice-l10n-cs-4.0.3.3.26-0.6.2 libreoffice-l10n-da-4.0.3.3.26-0.6.2 libreoffice-l10n-de-4.0.3.3.26-0.6.2 libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2 libreoffice-l10n-es-4.0.3.3.26-0.6.2 libreoffice-l10n-fi-4.0.3.3.26-0.6.2 libreoffice-l10n-fr-4.0.3.3.26-0.6.2 libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2 libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2 libreoffice-l10n-hu-4.0.3.3.26-0.6.2 libreoffice-l10n-it-4.0.3.3.26-0.6.2 libreoffice-l10n-ja-4.0.3.3.26-0.6.2 libreoffice-l10n-ko-4.0.3.3.26-0.6.2 libreoffice-l10n-nb-4.0.3.3.26-0.6.2 libreoffice-l10n-nl-4.0.3.3.26-0.6.2 libreoffice-l10n-nn-4.0.3.3.26-0.6.2 libreoffice-l10n-pl-4.0.3.3.26-0.6.2 libreoffice-l10n-pt-4.0.3.3.26-0.6.2 libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2 libreoffice-l10n-ru-4.0.3.3.26-0.6.2 libreoffice-l10n-sk-4.0.3.3.26-0.6.2 libreoffice-l10n-sv-4.0.3.3.26-0.6.2 libreoffice-l10n-xh-4.0.3.3.26-0.6.2 libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2 libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2 libreoffice-l10n-zu-4.0.3.3.26-0.6.2 References: http://support.novell.com/security/cve/CVE-2013-4156.html http://support.novell.com/security/cve/CVE-2014-3575.html https://bugzilla.novell.com/382137 https://bugzilla.novell.com/593612 https://bugzilla.novell.com/654230 https://bugzilla.novell.com/753460 https://bugzilla.novell.com/757432 https://bugzilla.novell.com/779620 https://bugzilla.novell.com/779642 https://bugzilla.novell.com/780044 https://bugzilla.novell.com/783433 https://bugzilla.novell.com/802888 https://bugzilla.novell.com/816593 https://bugzilla.novell.com/817956 https://bugzilla.novell.com/819614 https://bugzilla.novell.com/819822 https://bugzilla.novell.com/819865 https://bugzilla.novell.com/820077 https://bugzilla.novell.com/820273 https://bugzilla.novell.com/820503 https://bugzilla.novell.com/820504 https://bugzilla.novell.com/820509 https://bugzilla.novell.com/820788 https://bugzilla.novell.com/820800 https://bugzilla.novell.com/820819 https://bugzilla.novell.com/820836 https://bugzilla.novell.com/821567 https://bugzilla.novell.com/821795 https://bugzilla.novell.com/822908 https://bugzilla.novell.com/823626 https://bugzilla.novell.com/823651 https://bugzilla.novell.com/823655 https://bugzilla.novell.com/823675 https://bugzilla.novell.com/823935 https://bugzilla.novell.com/825305 https://bugzilla.novell.com/825891 https://bugzilla.novell.com/825976 https://bugzilla.novell.com/828390 https://bugzilla.novell.com/828598 https://bugzilla.novell.com/829017 https://bugzilla.novell.com/830205 https://bugzilla.novell.com/831457 https://bugzilla.novell.com/831578 https://bugzilla.novell.com/834035 https://bugzilla.novell.com/834705 https://bugzilla.novell.com/834720 https://bugzilla.novell.com/834722 https://bugzilla.novell.com/835985 https://bugzilla.novell.com/837302 https://bugzilla.novell.com/839727 https://bugzilla.novell.com/862510 https://bugzilla.novell.com/863021 https://bugzilla.novell.com/864396 https://bugzilla.novell.com/870234 https://bugzilla.novell.com/878854 https://bugzilla.novell.com/893141 http://download.suse.com/patch/finder/?keywords=d2e2531d51923f3c40bbd114b7e6... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org