SUSE Security Update: Security update for LibreOffice
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1116-1
Rating:             important
References:         #382137 #593612 #654230 #753460 #757432 #779620 
                    #779642 #780044 #783433 #802888 #816593 #817956 
                    #819614 #819822 #819865 #820077 #820273 #820503 
                    #820504 #820509 #820788 #820800 #820819 #820836 
                    #821567 #821795 #822908 #823626 #823651 #823655 
                    #823675 #823935 #825305 #825891 #825976 #828390 
                    #828598 #829017 #830205 #831457 #831578 #834035 
                    #834705 #834720 #834722 #835985 #837302 #839727 
                    #862510 #863021 #864396 #870234 #878854 #893141 
                    
Cross-References:   CVE-2013-4156 CVE-2014-3575
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves two vulnerabilities and has 52 fixes
   is now available. It includes one version update.

Description:


   LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag
   suse-4.0-26, based on upstream 4.0.3.3).

   Two security issues have been fixed:

       * DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)
       * Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141)

   The following non-security issues have been fixed:

       * chart shown flipped (bnc#834722)
       * chart missing dataset (bnc#839727)
       * import new line in text (bnc#828390)
       * lines running off screens (bnc#819614)
       * add set-all language menu (bnc#863021)
       * text rotation (bnc#783433, bnc#862510)
       * page border shadow testcase (bnc#817956)
       * one more clickable field fix (bnc#802888)
       * multilevel labels are rotated (bnc#820273)
       * incorrect nested table margins (bnc#816593)
       * use BitmapURL only if its valid (bnc#821567)
       * import gradfill for text colors (bnc#870234)
       * fix undo of paragraph attributes (bnc#828598)
       * stop-gap solution to avoid crash (bnc#830205)
       * import images with duotone filter (bnc#820077)
       * missing drop downs for autofilter (bnc#834705)
       * typos in first page style creation (bnc#820836)
       * labels wrongly interpreted as dates (bnc#834720)
       * RTF import of fFilled shape property (bnc#825305)
       * placeholders text size is not correct (bnc#831457)
       * cells value formatted with wrong output (bnc#821795)
       * RTF import of freeform shape coordinates (bnc#823655)
       * styles (rename &) copy to different decks (bnc#757432)
       * XLSX Chart import with internal data table (bnc#819822)
       * handle M.d.yyyy date format in DOCX import (bnc#820509)
       * paragraph style in empty first page header (bnc#823651)
       * copying slides having same master page name (bnc#753460)
       * printing handouts using the default, 'Order' (bnc#835985)
       * wrap polygon was based on dest size of picture (bnc#820800)
       * added common flags support for SEQ field import (bnc#825976)
       * hyperlinks of illustration index in DOCX export (bnc#834035)
       * allow insertion of redlines with an empty author (bnc#837302)
       * handle drawinglayer rectangle inset in VML import (bnc#779642)
       * don't apply complex font size to non-complex font (bnc#820819)
       * issue with negative seeks in win32 shell extension (bnc#829017)
       * slide appears quite garbled when imported from PPTX (bnc#593612)
       * initial MCE support in writerfilter ooxml tokenizer (bnc#820503)
       * MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854)
       * try harder to convert floating tables to text frames (bnc#779620)
       * itemstate in parent style incorrectly reported as set (bnc#819865)
       * default color hidden by Default style in writerfilter (bnc#820504)
       * DOCX document crashes when using internal OOXML filter (bnc#382137)
       * ugly workaround for external leading with symbol fonts (bnc#823626)
       * followup fix for exported xlsx causes errors for mso2007 (bnc#823935)
       * we only support simple labels in the InternalDataProvider
         (bnc#864396)
       * RTF import: fix import of numbering bullet associated font
         (bnc#823675)
       * page specific footer extended to every pages in DOCX export
         (bnc#654230)
       * v:textbox mso-fit-shape-to-text style property in VML import
         (bnc#820788)
       * w:spacing in a paragraph should also apply to as-char objects
         (bnc#780044)
       * compatibility setting for MS Word wrapping text in less space
         (bnc#822908)
       * fix SwWrtShell::SelAll() to work with empty table at doc start
         (bnc#825891)

   Security Issues:

       * CVE-2014-3575
         
       * CVE-2013-4156
         


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-libreoffice-201409-9677

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-libreoffice-201409-9677

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]:

      libreoffice-4.0.3.3.26-0.6.2
      libreoffice-base-4.0.3.3.26-0.6.2
      libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2
      libreoffice-base-extensions-4.0.3.3.26-0.6.2
      libreoffice-calc-4.0.3.3.26-0.6.2
      libreoffice-calc-extensions-4.0.3.3.26-0.6.2
      libreoffice-draw-4.0.3.3.26-0.6.2
      libreoffice-draw-extensions-4.0.3.3.26-0.6.2
      libreoffice-filters-optional-4.0.3.3.26-0.6.2
      libreoffice-gnome-4.0.3.3.26-0.6.2
      libreoffice-impress-4.0.3.3.26-0.6.2
      libreoffice-impress-extensions-4.0.3.3.26-0.6.2
      libreoffice-kde-4.0.3.3.26-0.6.2
      libreoffice-kde4-4.0.3.3.26-0.6.2
      libreoffice-l10n-prebuilt-4.0.3.3.26-0.6.2
      libreoffice-mailmerge-4.0.3.3.26-0.6.2
      libreoffice-math-4.0.3.3.26-0.6.2
      libreoffice-mono-4.0.3.3.26-0.6.2
      libreoffice-officebean-4.0.3.3.26-0.6.2
      libreoffice-pyuno-4.0.3.3.26-0.6.2
      libreoffice-sdk-4.0.3.3.26-0.6.2
      libreoffice-writer-4.0.3.3.26-0.6.2
      libreoffice-writer-extensions-4.0.3.3.26-0.6.2

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 4.0.3.3.26]:

      libreoffice-branding-upstream-4.0.3.3.26-0.6.1
      libreoffice-help-cs-4.0.3.3.26-0.6.1
      libreoffice-help-da-4.0.3.3.26-0.6.1
      libreoffice-help-de-4.0.3.3.26-0.6.1
      libreoffice-help-en-GB-4.0.3.3.26-0.6.1
      libreoffice-help-en-US-4.0.3.3.26-0.6.1
      libreoffice-help-es-4.0.3.3.26-0.6.1
      libreoffice-help-fr-4.0.3.3.26-0.6.1
      libreoffice-help-gu-IN-4.0.3.3.26-0.6.1
      libreoffice-help-hi-IN-4.0.3.3.26-0.6.1
      libreoffice-help-hu-4.0.3.3.26-0.6.1
      libreoffice-help-it-4.0.3.3.26-0.6.1
      libreoffice-help-ja-4.0.3.3.26-0.6.1
      libreoffice-help-ko-4.0.3.3.26-0.6.1
      libreoffice-help-nl-4.0.3.3.26-0.6.1
      libreoffice-help-pl-4.0.3.3.26-0.6.1
      libreoffice-help-pt-4.0.3.3.26-0.6.1
      libreoffice-help-pt-BR-4.0.3.3.26-0.6.1
      libreoffice-help-ru-4.0.3.3.26-0.6.1
      libreoffice-help-sv-4.0.3.3.26-0.6.1
      libreoffice-help-zh-CN-4.0.3.3.26-0.6.1
      libreoffice-help-zh-TW-4.0.3.3.26-0.6.1
      libreoffice-icon-themes-4.0.3.3.26-0.6.2
      libreoffice-l10n-af-4.0.3.3.26-0.6.2
      libreoffice-l10n-ar-4.0.3.3.26-0.6.2
      libreoffice-l10n-ca-4.0.3.3.26-0.6.2
      libreoffice-l10n-cs-4.0.3.3.26-0.6.2
      libreoffice-l10n-da-4.0.3.3.26-0.6.2
      libreoffice-l10n-de-4.0.3.3.26-0.6.2
      libreoffice-l10n-el-4.0.3.3.26-0.6.2
      libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2
      libreoffice-l10n-es-4.0.3.3.26-0.6.2
      libreoffice-l10n-fi-4.0.3.3.26-0.6.2
      libreoffice-l10n-fr-4.0.3.3.26-0.6.2
      libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2
      libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2
      libreoffice-l10n-hu-4.0.3.3.26-0.6.2
      libreoffice-l10n-it-4.0.3.3.26-0.6.2
      libreoffice-l10n-ja-4.0.3.3.26-0.6.2
      libreoffice-l10n-ko-4.0.3.3.26-0.6.2
      libreoffice-l10n-nb-4.0.3.3.26-0.6.2
      libreoffice-l10n-nl-4.0.3.3.26-0.6.2
      libreoffice-l10n-nn-4.0.3.3.26-0.6.2
      libreoffice-l10n-pl-4.0.3.3.26-0.6.2
      libreoffice-l10n-pt-4.0.3.3.26-0.6.2
      libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2
      libreoffice-l10n-ru-4.0.3.3.26-0.6.2
      libreoffice-l10n-sk-4.0.3.3.26-0.6.2
      libreoffice-l10n-sv-4.0.3.3.26-0.6.2
      libreoffice-l10n-xh-4.0.3.3.26-0.6.2
      libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2
      libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2
      libreoffice-l10n-zu-4.0.3.3.26-0.6.2

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]:

      libreoffice-4.0.3.3.26-0.6.2
      libreoffice-base-4.0.3.3.26-0.6.2
      libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2
      libreoffice-base-extensions-4.0.3.3.26-0.6.2
      libreoffice-calc-4.0.3.3.26-0.6.2
      libreoffice-calc-extensions-4.0.3.3.26-0.6.2
      libreoffice-draw-4.0.3.3.26-0.6.2
      libreoffice-draw-extensions-4.0.3.3.26-0.6.2
      libreoffice-filters-optional-4.0.3.3.26-0.6.2
      libreoffice-gnome-4.0.3.3.26-0.6.2
      libreoffice-impress-4.0.3.3.26-0.6.2
      libreoffice-impress-extensions-4.0.3.3.26-0.6.2
      libreoffice-kde-4.0.3.3.26-0.6.2
      libreoffice-kde4-4.0.3.3.26-0.6.2
      libreoffice-mailmerge-4.0.3.3.26-0.6.2
      libreoffice-math-4.0.3.3.26-0.6.2
      libreoffice-mono-4.0.3.3.26-0.6.2
      libreoffice-officebean-4.0.3.3.26-0.6.2
      libreoffice-pyuno-4.0.3.3.26-0.6.2
      libreoffice-writer-4.0.3.3.26-0.6.2
      libreoffice-writer-extensions-4.0.3.3.26-0.6.2

   - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 4.0.3.3.26]:

      libreoffice-help-cs-4.0.3.3.26-0.6.1
      libreoffice-help-da-4.0.3.3.26-0.6.1
      libreoffice-help-de-4.0.3.3.26-0.6.1
      libreoffice-help-en-GB-4.0.3.3.26-0.6.1
      libreoffice-help-en-US-4.0.3.3.26-0.6.1
      libreoffice-help-es-4.0.3.3.26-0.6.1
      libreoffice-help-fr-4.0.3.3.26-0.6.1
      libreoffice-help-gu-IN-4.0.3.3.26-0.6.1
      libreoffice-help-hi-IN-4.0.3.3.26-0.6.1
      libreoffice-help-hu-4.0.3.3.26-0.6.1
      libreoffice-help-it-4.0.3.3.26-0.6.1
      libreoffice-help-ja-4.0.3.3.26-0.6.1
      libreoffice-help-ko-4.0.3.3.26-0.6.1
      libreoffice-help-nl-4.0.3.3.26-0.6.1
      libreoffice-help-pl-4.0.3.3.26-0.6.1
      libreoffice-help-pt-4.0.3.3.26-0.6.1
      libreoffice-help-pt-BR-4.0.3.3.26-0.6.1
      libreoffice-help-ru-4.0.3.3.26-0.6.1
      libreoffice-help-sv-4.0.3.3.26-0.6.1
      libreoffice-help-zh-CN-4.0.3.3.26-0.6.1
      libreoffice-help-zh-TW-4.0.3.3.26-0.6.1
      libreoffice-icon-themes-4.0.3.3.26-0.6.2
      libreoffice-l10n-af-4.0.3.3.26-0.6.2
      libreoffice-l10n-ar-4.0.3.3.26-0.6.2
      libreoffice-l10n-ca-4.0.3.3.26-0.6.2
      libreoffice-l10n-cs-4.0.3.3.26-0.6.2
      libreoffice-l10n-da-4.0.3.3.26-0.6.2
      libreoffice-l10n-de-4.0.3.3.26-0.6.2
      libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2
      libreoffice-l10n-es-4.0.3.3.26-0.6.2
      libreoffice-l10n-fi-4.0.3.3.26-0.6.2
      libreoffice-l10n-fr-4.0.3.3.26-0.6.2
      libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2
      libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2
      libreoffice-l10n-hu-4.0.3.3.26-0.6.2
      libreoffice-l10n-it-4.0.3.3.26-0.6.2
      libreoffice-l10n-ja-4.0.3.3.26-0.6.2
      libreoffice-l10n-ko-4.0.3.3.26-0.6.2
      libreoffice-l10n-nb-4.0.3.3.26-0.6.2
      libreoffice-l10n-nl-4.0.3.3.26-0.6.2
      libreoffice-l10n-nn-4.0.3.3.26-0.6.2
      libreoffice-l10n-pl-4.0.3.3.26-0.6.2
      libreoffice-l10n-pt-4.0.3.3.26-0.6.2
      libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2
      libreoffice-l10n-ru-4.0.3.3.26-0.6.2
      libreoffice-l10n-sk-4.0.3.3.26-0.6.2
      libreoffice-l10n-sv-4.0.3.3.26-0.6.2
      libreoffice-l10n-xh-4.0.3.3.26-0.6.2
      libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2
      libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2
      libreoffice-l10n-zu-4.0.3.3.26-0.6.2


References:

   https://www.suse.com/security/cve/CVE-2013-4156.html
   https://www.suse.com/security/cve/CVE-2014-3575.html
   https://bugzilla.novell.com/382137
   https://bugzilla.novell.com/593612
   https://bugzilla.novell.com/654230
   https://bugzilla.novell.com/753460
   https://bugzilla.novell.com/757432
   https://bugzilla.novell.com/779620
   https://bugzilla.novell.com/779642
   https://bugzilla.novell.com/780044
   https://bugzilla.novell.com/783433
   https://bugzilla.novell.com/802888
   https://bugzilla.novell.com/816593
   https://bugzilla.novell.com/817956
   https://bugzilla.novell.com/819614
   https://bugzilla.novell.com/819822
   https://bugzilla.novell.com/819865
   https://bugzilla.novell.com/820077
   https://bugzilla.novell.com/820273
   https://bugzilla.novell.com/820503
   https://bugzilla.novell.com/820504
   https://bugzilla.novell.com/820509
   https://bugzilla.novell.com/820788
   https://bugzilla.novell.com/820800
   https://bugzilla.novell.com/820819
   https://bugzilla.novell.com/820836
   https://bugzilla.novell.com/821567
   https://bugzilla.novell.com/821795
   https://bugzilla.novell.com/822908
   https://bugzilla.novell.com/823626
   https://bugzilla.novell.com/823651
   https://bugzilla.novell.com/823655
   https://bugzilla.novell.com/823675
   https://bugzilla.novell.com/823935
   https://bugzilla.novell.com/825305
   https://bugzilla.novell.com/825891
   https://bugzilla.novell.com/825976
   https://bugzilla.novell.com/828390
   https://bugzilla.novell.com/828598
   https://bugzilla.novell.com/829017
   https://bugzilla.novell.com/830205
   https://bugzilla.novell.com/831457
   https://bugzilla.novell.com/831578
   https://bugzilla.novell.com/834035
   https://bugzilla.novell.com/834705
   https://bugzilla.novell.com/834720
   https://bugzilla.novell.com/834722
   https://bugzilla.novell.com/835985
   https://bugzilla.novell.com/837302
   https://bugzilla.novell.com/839727
   https://bugzilla.novell.com/862510
   https://bugzilla.novell.com/863021
   https://bugzilla.novell.com/864396
   https://bugzilla.novell.com/870234
   https://bugzilla.novell.com/878854
   https://bugzilla.novell.com/893141
   https://scc.suse.com:443/patches/

SuSE: 2014:1116-1: important: LibreOffice

September 11, 2014
An update that solves two vulnerabilities and has 52 fixes An update that solves two vulnerabilities and has 52 fixes An update that solves two vulnerabilities and has 52 fixes is ...

Summary

LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3). Two security issues have been fixed: * DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578) * Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed: * chart shown flipped (bnc#834722) * chart missing dataset (bnc#839727) * import new line in text (bnc#828390) * lines running off screens (bnc#819614) * add set-all language menu (bnc#863021) * text rotation (bnc#783433, bnc#862510) * page border shadow testcase (bnc#817956) * one more clickable field fix (bnc#802888) * multilevel labels are rotated (bnc#820273) * incorrect nested table margins (bnc#816593) * use BitmapURL only if its valid (bnc#821567) * import gradfill for text colors (bnc#870234) * fix undo of paragraph attri...

Read the Full Advisory

References

#382137 #593612 #654230 #753460 #757432 #779620

#779642 #780044 #783433 #802888 #816593 #817956

#819614 #819822 #819865 #820077 #820273 #820503

#820504 #820509 #820788 #820800 #820819 #820836

#821567 #821795 #822908 #823626 #823651 #823655

#823675 #823935 #825305 #825891 #825976 #828390

#828598 #829017 #830205 #831457 #831578 #834035

#834705 #834720 #834722 #835985 #837302 #839727

#862510 #863021 #864396 #870234 #878854 #893141

Cross- CVE-2013-4156 CVE-2014-3575

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP3

SUSE Linux Enterprise Desktop 11 SP3

https://www.suse.com/security/cve/CVE-2013-4156.html

https://www.suse.com/security/cve/CVE-2014-3575.html

https://bugzilla.novell.com/382137

https://bugzilla.novell.com/593612

https:...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2014:1116-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved