openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

Maintenance update to LibreOffice-3.3.1. It adds some interesting
features, fixes many bugs, including several security vulnerabilities.

The previous OpenOffice_org packages are also renamed to libreoffice.

LibreOffice is continuation of the project. This update
replaces the installation, including helper packages,
e.g. dictionaries, templates. The new stuff is backward compatible.

- fixed security bugs :

- PowerPoint document processing (CVE-2010-2935,

- extensions and filter package files (CVE-2010-3450)

- RTF document processing (CVE-2010-3451, CVE-2010-3452)

- Word document processing (CVE-2010-3453, CVE-2010-3454)

- insecure LD_LIBRARY_PATH usage (CVE-2010-3689)

- PDF Import extension resulting from 3rd party library
XPD (CVE-2010-3702, CVE-2010-3704)

- PNG file processing (CVE-2010-4253)

- TGA file processing (CVE-2010-4643)

- most important changes :

- add conflicts to force migration to libreoffice

- obsolete Quickstarter

- enabled KDE3 support (bnc#678998)

- libreoffice- == 3.3.1-rc2 == final

- fixed audio/video playback in presentation (deb#612940,

- fixed non-working input methods in KDE4 (bnc#665112)

- fixed occasional blank first slide (fdo#34533)

- fixed cairo canvas edge count calculation (bnc#647959)

- updated to libreoffice- (3.3.1-rc2) :

- l10n

- updated some translations

- libs-core

- crashing oosplash and malformed picture (bnc#652562)

- Byref and declare Basic statement (fdo#33964, i#115716)

- fixed BorderLine(2) conversion to SvxBorderLine

- libs-gui

- getEnglishSearchFontName() searches Takao fonts

- sdk

- fix ODK to only set STLPORTLIB if needed

- writer

- rtfExport::HackIsWW8OrHigher(): return true (fdo#33478)

- visual editor destroys formulas containing symbols
(fdo#32759, fdo#32755)

- enabled KDE4 support for SLED11; LO-3.3.1 fixed the
remaining annoying bugs

- fixed EMF+ import (bnc#650049)

- updated to libreoffice- (3.3.1-rc1) :

- artwork

- new MIME type icons for LibreOffice

- bootstrap

- wrong line break with ( (fdo#31271)

- build

- default formula string (n#664516)

- don't version the bundled ct2n extension

- last update of translations from Pootle for 3.3.1

- calc

- import of cell attributes from Excel documents

- incorrect page number in page preview mode (fdo#33155)

- components

- remove pesky on-line registration menu entry (fdo#33112)

- crash on changing position of drawing object in header

- extras

- start using technical.dic instead of oracle.dic

- filters

- pictures DOCX import (bnc#655763)

- parse 'color' property (fdo#33551)

- fix ole object import for writer (DOCX) (fdo#33237)

- help

- OOo -> LibO on Getting Support page (fdo#33249)

- libs-core

- handle css::table::BorderLine

- add preferred Malayalam fonts (fdo#32953)

- fix KDE3 library search order (fdo#32797)

- StarDesktop.terminate macro behaviour (#30879)

- Sun Microsystems -> TDF in desktop file (fdo#31191)

- fixed several crashes around config UNO API (fdo#33994)

- implementation names weren't matching with xcu

- improve the check for existence of the localized help

- libs-extern

- upgrade libwpd to 0.9.1

- libs-gui

- painting of axial gradients (116318)

- fix wrong collation for Catalan language

- crash when moving through database types (fdo#32561)

- paint toolbar handle positioned properly (fdo#32558)

- remove the menu when Left Alt Key was pressed; for GTK

- default currency for Estonia should be Euro (fdo#33160)

- year of era in long format for zh_TW by default

- writer

- use standard Edit button width of 50 (fdo#32633)

- improve formfield checkbox binary export (bnc#660816)

- infinite loop while exporting some files in DOC/DOCX/RTF

- CTL/Other Default Font (i#25247, i#25561, i#48064,

- libreoffice-build- == 3.3.0-rc4 == final

- updated to libreoffice- (3.3-rc4) :

- common :

- remove pesky on-line registration menu entry (fdo#33112)

- artwork :

- fix search toolbar up/down search button icons

- base :

- report builder not shows properties on report fields

- report left/right page margin setting ignored on 64-bit

- build :

- updated translations

- calc :

- reverted problematic and dangerous :

- performance of filters with many filtered ranges

- obtain correct data range for external references

- libs-core :

- FMR crasher (fdo#33099)

- backgrounds for polypolygons in metafile (i#116371)

- unopkg crasher on SLED11-SP1 (bnc#655912)

- libs-gui :

- use sane scrollbar sizes when drawing

- painting of axial gradients (i#116318)

- do not mix unrelated X11 Visuals (fdo#33108)

- avoid GetHelpText() call which can be quite heavy

- writer :

- fields fixes: key inputs, 0-length fields import

- replaced obsolete SuSEconfig gtk2 module call with
%%icon_theme_cache_post(un) macros for openSUSE > 11.3

- updated to libreoffice- (3.3-rc3) :

- build :

- use libreoffice and lo* wrappers; update man pages

- navigation buttons' patch selection handling (fdo#32380,

- calc :

- bogus check for numerical sheet names (fdo#32570)

- performance of filters with many filtered ranges

- obtain correct data range for external references

- avoid double-paste when pasting text into cell comment

- components :

- fix nsplugin for LibreOffice name

- fixing large OOXML files (i#115944)

- layout breakage for KDE, X11 and (possibly) Mac

- extensions :

- patching xpdf to patchlevel 3.02pl5

- extras :

- creating technical.dic based on src/*.dic

- filters :

- small TGAReader improvement (i#164349)

- PageRange handling in writer PDF export (#116085)

- impress :

- missing font color (rhbz#663857)

- use updated anchor for group shapes (i#115898)

- presentation objects on master pages (i#115993)

- libs-core :

- survive missing window (rhbz#666216)

- better font selection in Japanese locale.

- do not block when launching Firefox (fdo#32427)

- show the license information in a separate dialog

- make unopkg --suppress-license skip license in all cases

- libs-extern-sys :

- better XPATH handling (i#164350)

- libs-gui :

- use the initial language if not specified (fdo#32523)

- clean up search cache singleton in correct order

- writer :

- undo/redo crash with postits (rhbz#660342)

- rearrange title dialog to get translations (fdo#32633)

- move to the next record during mail merge (fdo#32790)

- updated to libreoffice- (3.3-rc2) :

- common :

- copy & paste a text formatted cell (i#115825)

- replaced (fdo#32169)

- bootstrap :

- check if KDE is >= 4.2

- cleanup unfortunate license duplication

- calc :

- ignore preceding spaces when parsing numbers

- make the string 'New Record' localizable (fdo#32209)

- remove trailing spaces too when parsing CSV simple

- display correct record information in Data Form dialog

- components :

- make the ODMA check box clickable again (fdo#32132)

- fixed the sizes of Tips and Extended tips check boxes

- make 'Reset help agent' button clickable again

- extensions :

- fix filled polygons on PDF import

- filters :

- performance for import of XLSX files with drawing
objects (i#115940)

- impress :

- missing embedded object in ODP export (i#115898)

- grey as default color for native tables in Impress

- graphics on master page cannot be deleted (i#115993)

- libs-core :

- save with the proper DOC variant (fdo#32219)

- removed dupe para ids introduced by copy&paste

- colon needed for LD_LIBRARY_PATH set but empty

- wikihelp: use the right Help ID URL (fdo#32338)

- MySQL Cast(col1 as CHAR) yields error (i#115436)

- import compatibility for enhanced fields names

- libs-extern-sys :

- XPATH handling fix

- libs-gui :

- PPTX import crasher (bnc#654065)

- copy&paste problem of metafiles (i#115825)

- force Qt paint system to native (fdo#30991)

- display problem with Vegur font (fdo#31243)

- URIs must be exported as 7bit ASCII (i#115788)

- regression in WMF text rendering (fdo#32236, i#115825)

- postprocess :

- only register EvolutionLocal when EVO support is enabled

- writer :

- after 'data to fields' mail merge does not work

- missing outline feature in new RTF export filter

- encoding of Greek letters names with accent in French

- build bits :

- better build identification in the about dialog

- updated to libreoffice- (3.3-rc1) :

- ooo integration :

- Merge commit 'ooo/OOO330_m17' into libreoffice-3-3

- common :

- more RTF import/export fixes

- updated branding for rc

- artwork :

- fixed icons with PNG optimizations

- remove remaining ODF MIME type icons

- bootstrap :

- Add BrOffice artwork / branding support

- Do not install HTML versions of LICENSE and README

- install credits file

- build :

- empty toolbar (bnc#654039)

- pack PostgreSQL driver as .oxt instead of .zip

- calc :

- avoid pasting data from OOo Calc as an OLE object

- scaling factor calculation for drawing layer (i#115313)

- broken filter option in Datapilot (i#115431)

- 'Precision as shown' not working if automatic decimal

- disable document modify and broadcasting of changes on
range names

- don't update visible ranges for invisible panes

- changing margins in print preview should mark the
document modified

- make VLOOKUP work with an external reference once again

- more strict parsing of external range names

- no automatic width adjustment of the dropdown popups

- re-calculate visible range when switching sheets

- skip hidden cells while expanding range selection

- components :

- overlapping controls

- bad alloc and convert to ZipIOException (rh#656191)

- divide by zero (rh#657628)

- extras :

- use consistent autocorrect file names

- filters :

- fix writerfilter XSL to handle more elements

- missing call to importDocumentProperties (bnc#655194)

- rotated text DOCX import (fdo#30474)

- impress :

- avoid antialiasing for drag rect

- libs-core :

- Adapted README according to list feedback

- register EvolutionLocal when evolution support is
enabled (fdo#32007)

- crash during toolpanel re-docking

- crash in FR version when typing / as first character

- only start the quick-starter on restart

- don't crash when quickstarter is exited by user

- shutdown quickstarter at end of desktop session

- exit quickstarter if physically deleted (rh#610103)

- autocorrect crasher (rh#647392)

- start quickstarter on every launch if configured to use

- Switch toolbar icon size to 'auto-detect'

- libs-extern :

- Use the new stable libwp* releases as default

- libs-extern-sys :

- fixed urllib.urlopen in the internal python (fdo#31466)

- libs-gui :

- Allow the dropdown list of a combo box to be scrollable.

- PDF export regression for simple RTL cases (i#115618)

- freeze with ODP import (i#115761)

- make toolbar icon size native-widget controlled

- use BrOffice in pt_BR locale (fdo#31770)

- release the clipboard after flush (i#163153)

- l10n :

- BrOffice in Brazil => %PRODUCTNAME_BR for win32

- sdk :

- correct resolveLink function (i#115310)

- writer :

- crash when opening File/Print dialog fixed (i#115354)

- better enhanced fields navigation

- allow to localize the 'My AutoText' string (i#66304)

- table alignment set to 'From Left' when moving the right

- font color selection didn't effect new text (bnc#652204)

- column break DOC import problem (bnc#652364)

- build bits :

- install branding for the welcome screen (bnc#653519)

- fixed URL, summary, and description for LibreOffice

- bumped requires to libreoffice-branding-upstream >

- created l10n-prebuilt subpackage for prebuilt registry
files (bnc#651964)

- disabled KDE3 stuff on openSUSE >= 11.2 (bnc#605472,

- added gcc-c++ and libxml2-devel into BuildRequires; were
required by kdelibs3-devel before

- updated to libreoffice- (3.3-beta3) :

- ooo integration :

- Merge commit 'ooo/OOO330_m13'

- common :

- impress ruler behaviour

- add Title Page dialog (i#7065)

- save 1MB on wizards per language

- images optimized for smaller size

- do not insert a new cell beyond the end

- handle multiple selection for printing (i#115266)

- remove VBAForm property and associated geometry hack

- base :

- key columns in all tables (i#114026)

- reports executed for data display (i#114627)

- calc :

- non-functional select

- defined names in Calc functions (i#79854)

- use Ctrl-Shift-D to launch selection list

- regression for range array input, e.g. {=A1:A5}

- crash on importing docs with database functions

- crash on importing named ranges on higher sheets

- remove the 'insert new sheet' tab in read-only mode

- incorrect display of references from the formula input

- new tab page 'Compatibility' in the Options dialog

- components :

- default to evolution

- crash in scanner dialog (rh#648475)

- extras :

- added LibreOffice and Tango palettes

- filters :

- crash on unsupported .tiffs (i#93300)

- vertical text alignment and placeholder style

- impress :

- broken zoom behaviour

- crash in OGL transitions

- support for PPT newsflash slide transition

- libs-core :

- register EVO address book

- more quickstarter fixes (i#108846)

- missing media-type for ODF thumbnails

- add credits hyperlink into about dialog

- freeze when adding an extension (i#114933)

- -quickstart option, and help fix (i#108846)

- GNOME filepicker filter selection (i#112411)

- use 'Enter Password' in all dialogs (fdo#31075)

- add display properties to control shapes (i#112597)

- disable user migration when SAL_DISABLE_USERMIGRATION is

- libs-gui :

- disable KDE's crash handler

- refresh of OLE object previews

- adding font aliases (i#114706)

- comparison of key events for IM

- show Java error just once by default

- underlining problem with Graphite fonts (i#114765)

- saving tempfiles when locking is not supported.

- better selection of localized font names (i#114703)

- MetricFields SetUnit conversions (fdo#30899, bnc#610921)

- make Presenter Screen default to the projector

- Qt event loop integration (when Glib is used) for KDE4

- writer :

- title pages (i#i66619)

- more RTF import/export fixes

- tables in page styles (i#114366)

- round-trip of DOC unhandled fields

- double-click behavior on enhanced fields

- leaky pStream after RTF import (fdo#31362)

- crash when choosing starmath from start screen

- OLE Links round-trip fixed for links as pictures

- setup XML namespaces also for footers and headers

- switched to the LibreOffice code base,

- renamed packages from OpenOffice_org* to libreoffice*

- updated to libreoffice- (3.3-beta2) :

- common :

- show menus in icons fixup

- show all appropriate formats by default on save as

- RenderBadPicture on multihead setups and Cairo (i#94007,

- base :

- use correct table name (i#114246)

- calc :

- better performance on Excel doc import

- components :

- bound image controls (i#112659)

- Appearance config dialog crasher (i#108246)

- Euro converter didn't work with ODS (i#100686)

- ImageURL and Graphic properties handling (i#113991)

- extensions :

- some reportbuilder fixes (i#114111, i#112652)

- extras :

- fix malformed XML file (i#111741)

- add Croatian autocorrection (i#96706)

- updated Hungarian standard.bau (i#112387)

- eensgezinswoning replaces eensgezinswoning

- add 1/2, 3/4 and 1/4 symbols to af-ZA, de, en-ZA, mn and

- filters :

- adjust for table::BorderLine2

- table DOCX import crasher (rh#632236)

- misc improvements for DOCX VML import

- text position bug in DOC import (bnc#532920)

- implement import of alpha channel for RGBA .tiffs

- impress :

- improve randomisation in 'dissolve' transition

- libs-core :

- add in MonoSpace setting

- print the formula itself by default

- extension can contain compiled help (i#114008)

- no update menu entry for bundled extensions (i#113524)

- prevent online update for bundled extensions (i#113524)

- make search/replace of colour names with translations
safer (i#110142)

- libs-gui :

- maths brackets misformed in presentation mode (i#113400)

- better font-name localization, i.e. en fallback

- default to UTF-8 for HTML unless we know differently

- writer :

- color problem in RTF export (fdo#30604)

- crash on export of TOC to .doc (i#112384)

- prevent document modification while printing (i#112518)

- dotted and dashed border types (fate#307731,

- changes from libreoffice- (3.3-beta1) :

- features :

- renamed to LibreOffice

- based on ooo330-m7

- changed default branding

- started to support the LibreOffice code base [all]

- ordinal suffixes autocorrection improvements

- updated Numbertext extension to version 0.9.3

- support new distros Raw, LibreOfficeLinux,
LibreOfficeMacOSX, LibreOfficeWin32

- performance bits :

- memory footprint during PPT import (bnc#637925)

- performance bug on row height adjustments (bnc#640112)

- common bits :

- don't set header in DDE tables (bnc#634517)

- Calc bits :

- cell content rendering [bnc#640128]

- Excel's cell border thickness mapping (bnc#636691)

- relative and absolute references toggling (bnc#634260)

- more on the Flat MSO XML file type detection

- Writer bits :

- SwXTextRange DOC import (i#112564)

- table formulas DOC import (bnc#631912)

- input field fixes (bnc#628098, bnc#623944)

- OLE Links with image DOC import (bnc#628098)

- nested SET/FILLIN fields DOC import (bnc#634478)

- broken floating tables formatting in DOC import

- double-clicking on field gives 'read only' message

- OOXML bits :

- text paragraph autofit PPTX import

- VBA bits :

- implicit indexes handling

- logical operator precedence

- column para for Range.Cells (bnc#639297)

- build bits :

- update internal ICU to version 4.2.1

- fetch 185d60944ea767075d27247c3162b3bc-unowinreg.dll

- updated to version (3.3-alpha1) :

- features :

- RTF export rewrite

- writer navigation

- remove obsolete Industrial icon theme

- common bits :

- gray read-only styles (i#85003)

- Accelerators for OK/Cancel buttons in GTK (bnc#608572)

- Calc bits :

- cell borders not saved (bnc#612263)

- external reference rework (bnc#628876)

- Flat MSO XML file type detection (bnc#631993)

- disable custom tab colors in high contrast mode

- display correct field in data pilot (bnc#629920)

- Watch Window extension doesn't show sheet name

- Draw bits :

- associate application/x-wpg with oodraw (bnc#589624)

- Impress bits :

- More on avmedia soundhandler (i#83753, bnc#515553)

- Writer bits :

- ww8 styles import (i#21939)

- hairline table borders export

- saving new document comparison data

- Ruby in MS Word format (i#79246)


- better internal hlinks XLSX export (bnc#594248)

- numbering roundtripping issues in DOCX (bnc#569266)

- untis translation from EMU in PPTX import (bnc#621739)

- group shapes geometry calculation in PPTX import

- many other import/export fixes and improvements

- VBA bits :

- changes in event handling

- more container control fixes

- more on invalid code name import for sheet (bnc#507768)

- build bits :

- update prebuilt cli dlls for OOo-3.3

- moving ooo-build patches to ooo git sources

- use --without-junit on Win32 and openSUSE < 11.2

- used the prepatched OOo sources from ooo-build git

- used mozilla-xulrunner192 for openSUSE > 11.3
MaintenanceTracker-35044, CVE-2010-2935,
CVE-2010-2936) :

- Calc bits :

- custom field names handling in Data Pilot (bnc#634974)

- remember 'sort by' selection in Data Pilot (bnc#634974)

- more on the Flat MSO XML file type detection

- Impress bits :

- cairocanvas border treatment (bnc#629546, rh#557317)
MaintenanceTracker-35044, CVE-2010-2935,
CVE-2010-2936) :

- security fixes :

- two impress vulnerabilities (CVE-2010-2935,
CVE-2010-2936, bnc#629085)

- common bits :

- honour ure-link in SDK

- macro recording crasher (i#113084) [upstream, Rene]

- Calc bits :

- DataPilot sort by ID (bnc#622920)

- Flat MSO XML file type detection (bnc#527738)

- DDE linkage upon loading documents (bnc#618846,

- file name as sheet name in Excel 2.1 docs import

- Draw bits :

- random extra arrows around the custom shape (i#105654)

- Impress bits :

- slideshow clipping (i#112422)

- cairocanvas border treatment (bnc#629546, rh#557317)

- Writer bits :

- input field fixes (bnc#628098, bnc#623944)

- non-breaking space erasing freeze (i#i113461) [upstream,

- broken floating tables formatting in DOC import

- Netbooks bits :

- decorate help window (bnc#621116)

- more restrictive top level document window check

- reduce height of PDF export and recovery dialogs

- Win32 bits :

- allow view 'details' in File Open dialog on XP

- l10n bits :

- non-localized Tools/Options/OOo Writer/Comparison

See also :

Solution :

Update the affected OpenOffice_org packages.

Risk factor :

High / CVSS Base Score : 9.3

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now