SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

LibreOffice 3.4.5 includes many fixes over the previous LibreOffice
3.4.2.6 update.

The update fixes the following security issues :

- 740453: Vulnerability in RDF handling. (CVE-2012-0037)

- 752595: overflow in jpeg handling. (CVE-2012-1149)

- 736146: buffer overflow in the build in icu copy
(736146) This update also fixes the following
non-security issues :

Extras :

- add SUSE color palette (fate#312645) Filters :

- crash when loading embedded elements. (bnc#693238)

- crash when importing an empty paragraph (rh#667082)

- more on bentConnectors. (bnc#736495)

- wrong text color in smartArt. (bnc#746996)

- reading of w:textbox contents. (bnc#693388)

- textbox position and size DOCX import (fdo#45560)

- RTF/DOCX import of transparent frames. (bnc#695479)

- consecutive frames in RTF/DOCX import. (bnc#703032)

- handling of frame properties in RTF import. (bnc#417818)

- force imported XLSX active tab to be shown. (bnc#748198)

- create TableManager for inside shapes. (bnc#747471,
bnc#693238)

- textboxes import with OLE objects inside. (bnc#747471,
bnc#693238)

- table style. (bnc#705991)

- text rotation fixes. (bnc#734734)

- crash in PPTX import. (bnc#706792)

- read w:sdt* contents. (bnc#705949)

- connector shape fixes. (bnc#719989)

- legacy fragment import. (bnc#699334)

- non-working Excel macros. (bnc#705977)

- free drawn curves import. (bnc#657909)

- group shape transformations. (bnc#621739)

- extLst of drawings in diagrams import. (bnc#655408)

- flip properties of custom shapes import. (bnc#705985)

- line spacing is used from previous values. (bnc#734734)

- missing ooxml customshape->mso shape name entries.
(bnc#737921)

- word doesn't break the numberings and prefers hiding
them. (bnc#707157)

Base :

- iterator misuse (fdo #44040, bnc#742178) Writer :

- do not use an invalidated iterator (fdo#46337)

- field refreshing (fdo#39694)

- more layout crashers (i#101776, fdo#39510)

- textbox borders style and width in DOCX import
(fdo#45560)

- expand all text fields when setting properties
(fdo#42073)

- version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)

- SmartArt import

- custom shapes import

- Oracle Java 1.7.0 detection

- reading AES-encrypted ODF 1.2 documents as generated by
LO 3.5

- frame selection. (bnc#740117)

- crash when editing index. (bnc#726174)

- order database properties. (bnc#740032)

- numbering levels in DOC import. (bnc#715115)

- image size issue in DOC import. (bnc#718971)

- pointless forward moving of a table. (bnc#706138)

- tabs set after the end margin in DOCX import.
(bnc#693238)

- add hyperlinks by default in Table of Contents
(bnc#705956) Calc :

- pie charts colors messed in XLS import (fdo#40320)

- correctly import data point formats in data series
(fdo#40320) Components :

- crash when parsing XML signatures (fdo#39657)

- broken getDataArray (fdo#46165, fdo#38441, i#117010)

- don't paint a frame around the list of edit boxes
(fdo#42543)

- inconsistent compression method for encrypted documents.
(bnc#653688)

- allow pasting to multiple ranges. (bnc#715094)

- correctly convert chart data ranges. (bnc#727504)

- definedName corruption for XLSX export. (bnc#741182)

- adjust/shrink the ranges while copying. (bnc#677811)

- extra graph data is displayed for label. (bnc#717290)

- getCellRangeByName failure for named range. (bnc#738113)

- graph in XLS file has dates displayed wrong.
(bnc#720443)

- improve performance of large Excel documents.
(bnc#715104)

- display page background color/image properly.
(bnc#722045)

- pivot table output becoming empty on re-save.
(bnc#715543)

- encode virtual paths to local volume correctly.
(bnc#719887)

- avoid adjusting cell-anchored objects on other sheets.
(bnc#726152)

- make sure to adjust the sheet index of drawing objects.
(bnc#733864)

- make the data validation popup more reliable (fdo
#36851, bnc#737190) Impress :

- do not create an empty slide when printing handouts
(fdo#31966)

- undo corruption. (bnc#685123)

- do not set duplicate master slide names (bnc#735533)
Libraries :

- default shortcut for .uno:SearchDialog should be Ctrl+H

- crash using instances dialog of dataform navigator
(fdo#44816)

- disable problematic reading of external entities in
raptor

- correctly calculate leap year

- use proper Indian Rupee currency symbol U+20B9
(rh#794679)

- handle copy and paste from ConsoleOne. (bnc#704274)

- VBA control events not working, broken eventattacher.
(bnc#718227)

- 'General Error' when double-click graphic in
presentation. (bnc#720948)

- upgrade graphite to 1.0.3 fix surrogate support

- crash at exit. (bnc#728603)

- radial gradient offset. (bnc#714787)

- horizontal scrollbars with KDE oxygen style.
(bnc#722918)

- rendering of metafiles embedded in EMF+ (updated)
(bnc#705956) Postprocess :

- make the 3D transitions work again (bnc#728559) URE :

- make Duden Korrektor 5 and 6 work General :

- add compat symlinks for the old main desktop icon.
(bnc#724087)

- Fix tooltips are all black in KDE4 (bnc#723074,
fdo#40461)

- do-not-display-math-in-desktop-menu.diff: do not display
math in desktop menu (fdo#41681)

- desktop-submenu.diff: display LO application in the
right desktop submenu. (bnc#718694)

- bash-completion-for-loffice.diff: define bash completion
for 'loffice' wrapper. (bnc#719656)

- svx-globlmn-hrc-build-dep.diff: fix build dependency
problem in svx

See also :

http://support.novell.com/security/cve/CVE-2012-0037.html
http://support.novell.com/security/cve/CVE-2012-1149.html

Solution :

Apply ZYPP patch number 8022.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 58577 ()

Bugtraq ID:

CVE ID: CVE-2012-0037
CVE-2012-1149

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now