You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa LibreOffice

Sigurnosni nedostaci programskog paketa LibreOffice

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

SUSE Security Update: Security update for LibreOffice
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:1116-1
Rating: important
References: #382137 #593612 #654230 #753460 #757432 #779620
#779642 #780044 #783433 #802888 #816593 #817956
#819614 #819822 #819865 #820077 #820273 #820503
#820504 #820509 #820788 #820800 #820819 #820836
#821567 #821795 #822908 #823626 #823651 #823655
#823675 #823935 #825305 #825891 #825976 #828390
#828598 #829017 #830205 #831457 #831578 #834035
#834705 #834720 #834722 #835985 #837302 #839727
#862510 #863021 #864396 #870234 #878854 #893141

Cross-References: CVE-2013-4156 CVE-2014-3575
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

An update that solves two vulnerabilities and has 52 fixes
is now available. It includes one version update.

Description:

LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag
suse-4.0-26, based on upstream 4.0.3.3).

Two security issues have been fixed:

* DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)
* Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141)

The following non-security issues have been fixed:

* chart shown flipped (bnc#834722)
* chart missing dataset (bnc#839727)
* import new line in text (bnc#828390)
* lines running off screens (bnc#819614)
* add set-all language menu (bnc#863021)
* text rotation (bnc#783433, bnc#862510)
* page border shadow testcase (bnc#817956)
* one more clickable field fix (bnc#802888)
* multilevel labels are rotated (bnc#820273)
* incorrect nested table margins (bnc#816593)
* use BitmapURL only if its valid (bnc#821567)
* import gradfill for text colors (bnc#870234)
* fix undo of paragraph attributes (bnc#828598)
* stop-gap solution to avoid crash (bnc#830205)
* import images with duotone filter (bnc#820077)
* missing drop downs for autofilter (bnc#834705)
* typos in first page style creation (bnc#820836)
* labels wrongly interpreted as dates (bnc#834720)
* RTF import of fFilled shape property (bnc#825305)
* placeholders text size is not correct (bnc#831457)
* cells value formatted with wrong output (bnc#821795)
* RTF import of freeform shape coordinates (bnc#823655)
* styles (rename &) copy to different decks (bnc#757432)
* XLSX Chart import with internal data table (bnc#819822)
* handle M.d.yyyy date format in DOCX import (bnc#820509)
* paragraph style in empty first page header (bnc#823651)
* copying slides having same master page name (bnc#753460)
* printing handouts using the default, ‘Order’ (bnc#835985)
* wrap polygon was based on dest size of picture (bnc#820800)
* added common flags support for SEQ field import (bnc#825976)
* hyperlinks of illustration index in DOCX export (bnc#834035)
* allow insertion of redlines with an empty author (bnc#837302)
* handle drawinglayer rectangle inset in VML import (bnc#779642)
* don’t apply complex font size to non-complex font (bnc#820819)
* issue with negative seeks in win32 shell extension (bnc#829017)
* slide appears quite garbled when imported from PPTX (bnc#593612)
* initial MCE support in writerfilter ooxml tokenizer (bnc#820503)
* MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854)
* try harder to convert floating tables to text frames (bnc#779620)
* itemstate in parent style incorrectly reported as set (bnc#819865)
* default color hidden by Default style in writerfilter (bnc#820504)
* DOCX document crashes when using internal OOXML filter (bnc#382137)
* ugly workaround for external leading with symbol fonts (bnc#823626)
* followup fix for exported xlsx causes errors for mso2007 (bnc#823935)
* we only support simple labels in the InternalDataProvider
(bnc#864396)
* RTF import: fix import of numbering bullet associated font
(bnc#823675)
* page specific footer extended to every pages in DOCX export
(bnc#654230)
* v:textbox mso-fit-shape-to-text style property in VML import
(bnc#820788)
* w:spacing in a paragraph should also apply to as-char objects
(bnc#780044)
* compatibility setting for MS Word wrapping text in less space
(bnc#822908)
* fix SwWrtShell::SelAll() to work with empty table at doc start
(bnc#825891)

Security Issues:

* CVE-2014-3575
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575>
* CVE-2013-4156
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4156>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 11 SP3:

zypper in -t patch sdksp3-libreoffice-201409-9677

– SUSE Linux Enterprise Desktop 11 SP3:

zypper in -t patch sledsp3-libreoffice-201409-9677

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]:

libreoffice-4.0.3.3.26-0.6.2
libreoffice-base-4.0.3.3.26-0.6.2
libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2
libreoffice-base-extensions-4.0.3.3.26-0.6.2
libreoffice-calc-4.0.3.3.26-0.6.2
libreoffice-calc-extensions-4.0.3.3.26-0.6.2
libreoffice-draw-4.0.3.3.26-0.6.2
libreoffice-draw-extensions-4.0.3.3.26-0.6.2
libreoffice-filters-optional-4.0.3.3.26-0.6.2
libreoffice-gnome-4.0.3.3.26-0.6.2
libreoffice-impress-4.0.3.3.26-0.6.2
libreoffice-impress-extensions-4.0.3.3.26-0.6.2
libreoffice-kde-4.0.3.3.26-0.6.2
libreoffice-kde4-4.0.3.3.26-0.6.2
libreoffice-l10n-prebuilt-4.0.3.3.26-0.6.2
libreoffice-mailmerge-4.0.3.3.26-0.6.2
libreoffice-math-4.0.3.3.26-0.6.2
libreoffice-mono-4.0.3.3.26-0.6.2
libreoffice-officebean-4.0.3.3.26-0.6.2
libreoffice-pyuno-4.0.3.3.26-0.6.2
libreoffice-sdk-4.0.3.3.26-0.6.2
libreoffice-writer-4.0.3.3.26-0.6.2
libreoffice-writer-extensions-4.0.3.3.26-0.6.2

– SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 4.0.3.3.26]:

libreoffice-branding-upstream-4.0.3.3.26-0.6.1
libreoffice-help-cs-4.0.3.3.26-0.6.1
libreoffice-help-da-4.0.3.3.26-0.6.1
libreoffice-help-de-4.0.3.3.26-0.6.1
libreoffice-help-en-GB-4.0.3.3.26-0.6.1
libreoffice-help-en-US-4.0.3.3.26-0.6.1
libreoffice-help-es-4.0.3.3.26-0.6.1
libreoffice-help-fr-4.0.3.3.26-0.6.1
libreoffice-help-gu-IN-4.0.3.3.26-0.6.1
libreoffice-help-hi-IN-4.0.3.3.26-0.6.1
libreoffice-help-hu-4.0.3.3.26-0.6.1
libreoffice-help-it-4.0.3.3.26-0.6.1
libreoffice-help-ja-4.0.3.3.26-0.6.1
libreoffice-help-ko-4.0.3.3.26-0.6.1
libreoffice-help-nl-4.0.3.3.26-0.6.1
libreoffice-help-pl-4.0.3.3.26-0.6.1
libreoffice-help-pt-4.0.3.3.26-0.6.1
libreoffice-help-pt-BR-4.0.3.3.26-0.6.1
libreoffice-help-ru-4.0.3.3.26-0.6.1
libreoffice-help-sv-4.0.3.3.26-0.6.1
libreoffice-help-zh-CN-4.0.3.3.26-0.6.1
libreoffice-help-zh-TW-4.0.3.3.26-0.6.1
libreoffice-icon-themes-4.0.3.3.26-0.6.2
libreoffice-l10n-af-4.0.3.3.26-0.6.2
libreoffice-l10n-ar-4.0.3.3.26-0.6.2
libreoffice-l10n-ca-4.0.3.3.26-0.6.2
libreoffice-l10n-cs-4.0.3.3.26-0.6.2
libreoffice-l10n-da-4.0.3.3.26-0.6.2
libreoffice-l10n-de-4.0.3.3.26-0.6.2
libreoffice-l10n-el-4.0.3.3.26-0.6.2
libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2
libreoffice-l10n-es-4.0.3.3.26-0.6.2
libreoffice-l10n-fi-4.0.3.3.26-0.6.2
libreoffice-l10n-fr-4.0.3.3.26-0.6.2
libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2
libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2
libreoffice-l10n-hu-4.0.3.3.26-0.6.2
libreoffice-l10n-it-4.0.3.3.26-0.6.2
libreoffice-l10n-ja-4.0.3.3.26-0.6.2
libreoffice-l10n-ko-4.0.3.3.26-0.6.2
libreoffice-l10n-nb-4.0.3.3.26-0.6.2
libreoffice-l10n-nl-4.0.3.3.26-0.6.2
libreoffice-l10n-nn-4.0.3.3.26-0.6.2
libreoffice-l10n-pl-4.0.3.3.26-0.6.2
libreoffice-l10n-pt-4.0.3.3.26-0.6.2
libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2
libreoffice-l10n-ru-4.0.3.3.26-0.6.2
libreoffice-l10n-sk-4.0.3.3.26-0.6.2
libreoffice-l10n-sv-4.0.3.3.26-0.6.2
libreoffice-l10n-xh-4.0.3.3.26-0.6.2
libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2
libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2
libreoffice-l10n-zu-4.0.3.3.26-0.6.2

– SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]:

libreoffice-4.0.3.3.26-0.6.2
libreoffice-base-4.0.3.3.26-0.6.2
libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2
libreoffice-base-extensions-4.0.3.3.26-0.6.2
libreoffice-calc-4.0.3.3.26-0.6.2
libreoffice-calc-extensions-4.0.3.3.26-0.6.2
libreoffice-draw-4.0.3.3.26-0.6.2
libreoffice-draw-extensions-4.0.3.3.26-0.6.2
libreoffice-filters-optional-4.0.3.3.26-0.6.2
libreoffice-gnome-4.0.3.3.26-0.6.2
libreoffice-impress-4.0.3.3.26-0.6.2
libreoffice-impress-extensions-4.0.3.3.26-0.6.2
libreoffice-kde-4.0.3.3.26-0.6.2
libreoffice-kde4-4.0.3.3.26-0.6.2
libreoffice-mailmerge-4.0.3.3.26-0.6.2
libreoffice-math-4.0.3.3.26-0.6.2
libreoffice-mono-4.0.3.3.26-0.6.2
libreoffice-officebean-4.0.3.3.26-0.6.2
libreoffice-pyuno-4.0.3.3.26-0.6.2
libreoffice-writer-4.0.3.3.26-0.6.2
libreoffice-writer-extensions-4.0.3.3.26-0.6.2

– SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 4.0.3.3.26]:

libreoffice-help-cs-4.0.3.3.26-0.6.1
libreoffice-help-da-4.0.3.3.26-0.6.1
libreoffice-help-de-4.0.3.3.26-0.6.1
libreoffice-help-en-GB-4.0.3.3.26-0.6.1
libreoffice-help-en-US-4.0.3.3.26-0.6.1
libreoffice-help-es-4.0.3.3.26-0.6.1
libreoffice-help-fr-4.0.3.3.26-0.6.1
libreoffice-help-gu-IN-4.0.3.3.26-0.6.1
libreoffice-help-hi-IN-4.0.3.3.26-0.6.1
libreoffice-help-hu-4.0.3.3.26-0.6.1
libreoffice-help-it-4.0.3.3.26-0.6.1
libreoffice-help-ja-4.0.3.3.26-0.6.1
libreoffice-help-ko-4.0.3.3.26-0.6.1
libreoffice-help-nl-4.0.3.3.26-0.6.1
libreoffice-help-pl-4.0.3.3.26-0.6.1
libreoffice-help-pt-4.0.3.3.26-0.6.1
libreoffice-help-pt-BR-4.0.3.3.26-0.6.1
libreoffice-help-ru-4.0.3.3.26-0.6.1
libreoffice-help-sv-4.0.3.3.26-0.6.1
libreoffice-help-zh-CN-4.0.3.3.26-0.6.1
libreoffice-help-zh-TW-4.0.3.3.26-0.6.1
libreoffice-icon-themes-4.0.3.3.26-0.6.2
libreoffice-l10n-af-4.0.3.3.26-0.6.2
libreoffice-l10n-ar-4.0.3.3.26-0.6.2
libreoffice-l10n-ca-4.0.3.3.26-0.6.2
libreoffice-l10n-cs-4.0.3.3.26-0.6.2
libreoffice-l10n-da-4.0.3.3.26-0.6.2
libreoffice-l10n-de-4.0.3.3.26-0.6.2
libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2
libreoffice-l10n-es-4.0.3.3.26-0.6.2
libreoffice-l10n-fi-4.0.3.3.26-0.6.2
libreoffice-l10n-fr-4.0.3.3.26-0.6.2
libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2
libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2
libreoffice-l10n-hu-4.0.3.3.26-0.6.2
libreoffice-l10n-it-4.0.3.3.26-0.6.2
libreoffice-l10n-ja-4.0.3.3.26-0.6.2
libreoffice-l10n-ko-4.0.3.3.26-0.6.2
libreoffice-l10n-nb-4.0.3.3.26-0.6.2
libreoffice-l10n-nl-4.0.3.3.26-0.6.2
libreoffice-l10n-nn-4.0.3.3.26-0.6.2
libreoffice-l10n-pl-4.0.3.3.26-0.6.2
libreoffice-l10n-pt-4.0.3.3.26-0.6.2
libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2
libreoffice-l10n-ru-4.0.3.3.26-0.6.2
libreoffice-l10n-sk-4.0.3.3.26-0.6.2
libreoffice-l10n-sv-4.0.3.3.26-0.6.2
libreoffice-l10n-xh-4.0.3.3.26-0.6.2
libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2
libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2
libreoffice-l10n-zu-4.0.3.3.26-0.6.2

References:

http://support.novell.com/security/cve/CVE-2013-4156.html
http://support.novell.com/security/cve/CVE-2014-3575.html
https://bugzilla.novell.com/382137
https://bugzilla.novell.com/593612
https://bugzilla.novell.com/654230
https://bugzilla.novell.com/753460
https://bugzilla.novell.com/757432
https://bugzilla.novell.com/779620
https://bugzilla.novell.com/779642
https://bugzilla.novell.com/780044
https://bugzilla.novell.com/783433
https://bugzilla.novell.com/802888
https://bugzilla.novell.com/816593
https://bugzilla.novell.com/817956
https://bugzilla.novell.com/819614
https://bugzilla.novell.com/819822
https://bugzilla.novell.com/819865
https://bugzilla.novell.com/820077
https://bugzilla.novell.com/820273
https://bugzilla.novell.com/820503
https://bugzilla.novell.com/820504
https://bugzilla.novell.com/820509
https://bugzilla.novell.com/820788
https://bugzilla.novell.com/820800
https://bugzilla.novell.com/820819
https://bugzilla.novell.com/820836
https://bugzilla.novell.com/821567
https://bugzilla.novell.com/821795
https://bugzilla.novell.com/822908
https://bugzilla.novell.com/823626
https://bugzilla.novell.com/823651
https://bugzilla.novell.com/823655
https://bugzilla.novell.com/823675
https://bugzilla.novell.com/823935
https://bugzilla.novell.com/825305
https://bugzilla.novell.com/825891
https://bugzilla.novell.com/825976
https://bugzilla.novell.com/828390
https://bugzilla.novell.com/828598
https://bugzilla.novell.com/829017
https://bugzilla.novell.com/830205
https://bugzilla.novell.com/831457
https://bugzilla.novell.com/831578
https://bugzilla.novell.com/834035
https://bugzilla.novell.com/834705
https://bugzilla.novell.com/834720
https://bugzilla.novell.com/834722
https://bugzilla.novell.com/835985
https://bugzilla.novell.com/837302
https://bugzilla.novell.com/839727
https://bugzilla.novell.com/862510
https://bugzilla.novell.com/863021
https://bugzilla.novell.com/864396
https://bugzilla.novell.com/870234
https://bugzilla.novell.com/878854
https://bugzilla.novell.com/893141
http://download.suse.com/patch/finder/?keywords=d2e2531d51923f3c40bbd114b7e6c32e


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

AutorMarko Stanec
Cert idNCERT-REF-2014-09-0005-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Ranjivost programskog paketa bind9

Otkrivena je ranjivost u funkciji "query_findclosestnsec3" (query.c) unutar pozadinskog procesa named. Ranjivost udaljenim napadačima omogućuje izazivanje DoS stanja slanjem preoblikovanog...

Close