SuSE 11.3 Security Update : LibreOffice (SAT Patch Number 9677)

medium Nessus Plugin ID 77663

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3).

Two security issues have been fixed :

- DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)

- Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed :

- chart shown flipped. (bnc#834722)

- chart missing dataset. (bnc#839727)

- import new line in text. (bnc#828390)

- lines running off screens. (bnc#819614)

- add set-all language menu. (bnc#863021)

- text rotation. (bnc#783433, bnc#862510)

- page border shadow testcase. (bnc#817956)

- one more clickable field fix. (bnc#802888)

- multilevel labels are rotated. (bnc#820273)

- incorrect nested table margins. (bnc#816593)

- use BitmapURL only if its valid. (bnc#821567)

- import gradfill for text colors. (bnc#870234)

- fix undo of paragraph attributes. (bnc#828598)

- stop-gap solution to avoid crash. (bnc#830205)

- import images with duotone filter. (bnc#820077)

- missing drop downs for autofilter. (bnc#834705)

- typos in first page style creation. (bnc#820836)

- labels wrongly interpreted as dates. (bnc#834720)

- RTF import of fFilled shape property. (bnc#825305)

- placeholders text size is not correct. (bnc#831457)

- cells value formatted with wrong output. (bnc#821795)

- RTF import of freeform shape coordinates. (bnc#823655)

- styles (rename &) copy to different decks.
(bnc#757432)

- XLSX Chart import with internal data table. (bnc#819822)

- handle M.d.yyyy date format in DOCX import. (bnc#820509)

- paragraph style in empty first page header. (bnc#823651)

- copying slides having same master page name.
(bnc#753460)

- printing handouts using the default, 'Order'.
(bnc#835985)

- wrap polygon was based on dest size of picture.
(bnc#820800)

- added common flags support for SEQ field import.
(bnc#825976)

- hyperlinks of illustration index in DOCX export.
(bnc#834035)

- allow insertion of redlines with an empty author.
(bnc#837302)

- handle drawinglayer rectangle inset in VML import.
(bnc#779642)

- don't apply complex font size to non-complex font.
(bnc#820819)

- issue with negative seeks in win32 shell extension.
(bnc#829017)

- slide appears quite garbled when imported from PPTX.
(bnc#593612)

- initial MCE support in writerfilter ooxml tokenizer.
(bnc#820503)

- MSWord uses \xb for linebreaks in DB fields, take 2.
(bnc#878854)

- try harder to convert floating tables to text frames.
(bnc#779620)

- itemstate in parent style incorrectly reported as set.
(bnc#819865)

- default color hidden by Default style in writerfilter.
(bnc#820504)

- DOCX document crashes when using internal OOXML filter.
(bnc#382137)

- ugly workaround for external leading with symbol fonts.
(bnc#823626)

- followup fix for exported xlsx causes errors for mso2007. (bnc#823935)

- we only support simple labels in the InternalDataProvider. (bnc#864396)

- RTF import: fix import of numbering bullet associated font. (bnc#823675)

- page specific footer extended to every pages in DOCX export. (bnc#654230)

- v:textbox mso-fit-shape-to-text style property in VML import. (bnc#820788)

- w:spacing in a paragraph should also apply to as-char objects. (bnc#780044)

- compatibility setting for MS Word wrapping text in less space. (bnc#822908)

- fix SwWrtShell::SelAll() to work with empty table at doc start (bnc#825891)

Solution

Apply SAT patch number 9677.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=382137

https://bugzilla.novell.com/show_bug.cgi?id=593612

https://bugzilla.novell.com/show_bug.cgi?id=823675

https://bugzilla.novell.com/show_bug.cgi?id=823935

https://bugzilla.novell.com/show_bug.cgi?id=825305

https://bugzilla.novell.com/show_bug.cgi?id=825891

https://bugzilla.novell.com/show_bug.cgi?id=825976

https://bugzilla.novell.com/show_bug.cgi?id=828390

https://bugzilla.novell.com/show_bug.cgi?id=828598

https://bugzilla.novell.com/show_bug.cgi?id=829017

https://bugzilla.novell.com/show_bug.cgi?id=830205

https://bugzilla.novell.com/show_bug.cgi?id=831457

https://bugzilla.novell.com/show_bug.cgi?id=831578

https://bugzilla.novell.com/show_bug.cgi?id=834035

https://bugzilla.novell.com/show_bug.cgi?id=834705

https://bugzilla.novell.com/show_bug.cgi?id=834720

https://bugzilla.novell.com/show_bug.cgi?id=834722

https://bugzilla.novell.com/show_bug.cgi?id=835985

https://bugzilla.novell.com/show_bug.cgi?id=837302

https://bugzilla.novell.com/show_bug.cgi?id=839727

https://bugzilla.novell.com/show_bug.cgi?id=862510

https://bugzilla.novell.com/show_bug.cgi?id=863021

https://bugzilla.novell.com/show_bug.cgi?id=864396

https://bugzilla.novell.com/show_bug.cgi?id=870234

https://bugzilla.novell.com/show_bug.cgi?id=878854

https://bugzilla.novell.com/show_bug.cgi?id=893141

http://support.novell.com/security/cve/CVE-2013-4156.html

http://support.novell.com/security/cve/CVE-2014-3575.html

https://bugzilla.novell.com/show_bug.cgi?id=654230

https://bugzilla.novell.com/show_bug.cgi?id=753460

https://bugzilla.novell.com/show_bug.cgi?id=757432

https://bugzilla.novell.com/show_bug.cgi?id=779620

https://bugzilla.novell.com/show_bug.cgi?id=779642

https://bugzilla.novell.com/show_bug.cgi?id=780044

https://bugzilla.novell.com/show_bug.cgi?id=783433

https://bugzilla.novell.com/show_bug.cgi?id=802888

https://bugzilla.novell.com/show_bug.cgi?id=816593

https://bugzilla.novell.com/show_bug.cgi?id=817956

https://bugzilla.novell.com/show_bug.cgi?id=819614

https://bugzilla.novell.com/show_bug.cgi?id=819822

https://bugzilla.novell.com/show_bug.cgi?id=819865

https://bugzilla.novell.com/show_bug.cgi?id=820077

https://bugzilla.novell.com/show_bug.cgi?id=820273

https://bugzilla.novell.com/show_bug.cgi?id=820503

https://bugzilla.novell.com/show_bug.cgi?id=820504

https://bugzilla.novell.com/show_bug.cgi?id=820509

https://bugzilla.novell.com/show_bug.cgi?id=820788

https://bugzilla.novell.com/show_bug.cgi?id=820800

https://bugzilla.novell.com/show_bug.cgi?id=820819

https://bugzilla.novell.com/show_bug.cgi?id=820836

https://bugzilla.novell.com/show_bug.cgi?id=821567

https://bugzilla.novell.com/show_bug.cgi?id=821795

https://bugzilla.novell.com/show_bug.cgi?id=822908

https://bugzilla.novell.com/show_bug.cgi?id=823626

https://bugzilla.novell.com/show_bug.cgi?id=823651

https://bugzilla.novell.com/show_bug.cgi?id=823655

Plugin Details

Severity: Medium

ID: 77663

File Name: suse_11_libreoffice-201409-140902.nasl

Version: 1.6

Type: local

Agent: unix

Published: 9/12/2014

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libreoffice, p-cpe:/a:novell:suse_linux:11:libreoffice-base, p-cpe:/a:novell:suse_linux:11:libreoffice-base-drivers-postgresql, p-cpe:/a:novell:suse_linux:11:libreoffice-base-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-calc, p-cpe:/a:novell:suse_linux:11:libreoffice-calc-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-draw, p-cpe:/a:novell:suse_linux:11:libreoffice-draw-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-filters-optional, p-cpe:/a:novell:suse_linux:11:libreoffice-gnome, p-cpe:/a:novell:suse_linux:11:libreoffice-help-cs, p-cpe:/a:novell:suse_linux:11:libreoffice-help-da, p-cpe:/a:novell:suse_linux:11:libreoffice-help-de, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nn, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pl, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pt, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pt-br, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ru, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-sk, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-sv, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-xh, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zh-cn, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zh-tw, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zu, p-cpe:/a:novell:suse_linux:11:libreoffice-mailmerge, p-cpe:/a:novell:suse_linux:11:libreoffice-math, p-cpe:/a:novell:suse_linux:11:libreoffice-mono, p-cpe:/a:novell:suse_linux:11:libreoffice-officebean, p-cpe:/a:novell:suse_linux:11:libreoffice-pyuno, p-cpe:/a:novell:suse_linux:11:libreoffice-writer, p-cpe:/a:novell:suse_linux:11:libreoffice-writer-extensions, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:libreoffice-help-en-gb, p-cpe:/a:novell:suse_linux:11:libreoffice-help-en-us, p-cpe:/a:novell:suse_linux:11:libreoffice-help-es, p-cpe:/a:novell:suse_linux:11:libreoffice-help-fr, p-cpe:/a:novell:suse_linux:11:libreoffice-help-gu-in, p-cpe:/a:novell:suse_linux:11:libreoffice-help-hi-in, p-cpe:/a:novell:suse_linux:11:libreoffice-help-hu, p-cpe:/a:novell:suse_linux:11:libreoffice-help-it, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ja, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ko, p-cpe:/a:novell:suse_linux:11:libreoffice-help-nl, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pl, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pt, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pt-br, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ru, p-cpe:/a:novell:suse_linux:11:libreoffice-help-sv, p-cpe:/a:novell:suse_linux:11:libreoffice-help-zh-cn, p-cpe:/a:novell:suse_linux:11:libreoffice-help-zh-tw, p-cpe:/a:novell:suse_linux:11:libreoffice-icon-themes, p-cpe:/a:novell:suse_linux:11:libreoffice-impress, p-cpe:/a:novell:suse_linux:11:libreoffice-impress-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-kde, p-cpe:/a:novell:suse_linux:11:libreoffice-kde4, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-af, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ar, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ca, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-cs, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-da, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-de, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-en-gb, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-es, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-fi, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-fr, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-gu-in, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-hi-in, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-hu, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-it, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ja, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ko, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nb, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nl

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/2/2014

Reference Information

CVE: CVE-2013-4156, CVE-2014-3575