SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)

High Nessus Plugin ID 58577

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update.

The update fixes the following security issues :

- 740453: Vulnerability in RDF handling. (CVE-2012-0037)

- 752595: overflow in jpeg handling. (CVE-2012-1149)

- 736146: buffer overflow in the build in icu copy (736146) This update also fixes the following non-security issues :

Extras :

- add SUSE color palette (fate#312645) Filters :

- crash when loading embedded elements. (bnc#693238)

- crash when importing an empty paragraph (rh#667082)

- more on bentConnectors. (bnc#736495)

- wrong text color in smartArt. (bnc#746996)

- reading of w:textbox contents. (bnc#693388)

- textbox position and size DOCX import (fdo#45560)

- RTF/DOCX import of transparent frames. (bnc#695479)

- consecutive frames in RTF/DOCX import. (bnc#703032)

- handling of frame properties in RTF import. (bnc#417818)

- force imported XLSX active tab to be shown. (bnc#748198)

- create TableManager for inside shapes. (bnc#747471, bnc#693238)

- textboxes import with OLE objects inside. (bnc#747471, bnc#693238)

- table style. (bnc#705991)

- text rotation fixes. (bnc#734734)

- crash in PPTX import. (bnc#706792)

- read w:sdt* contents. (bnc#705949)

- connector shape fixes. (bnc#719989)

- legacy fragment import. (bnc#699334)

- non-working Excel macros. (bnc#705977)

- free drawn curves import. (bnc#657909)

- group shape transformations. (bnc#621739)

- extLst of drawings in diagrams import. (bnc#655408)

- flip properties of custom shapes import. (bnc#705985)

- line spacing is used from previous values. (bnc#734734)

- missing ooxml customshape->mso shape name entries.
(bnc#737921)

- word doesn't break the numberings and prefers hiding them. (bnc#707157)

Base :

- iterator misuse (fdo #44040, bnc#742178) Writer :

- do not use an invalidated iterator (fdo#46337)

- field refreshing (fdo#39694)

- more layout crashers (i#101776, fdo#39510)

- textbox borders style and width in DOCX import (fdo#45560)

- expand all text fields when setting properties (fdo#42073)

- version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)

- SmartArt import

- custom shapes import

- Oracle Java 1.7.0 detection

- reading AES-encrypted ODF 1.2 documents as generated by LO 3.5

- frame selection. (bnc#740117)

- crash when editing index. (bnc#726174)

- order database properties. (bnc#740032)

- numbering levels in DOC import. (bnc#715115)

- image size issue in DOC import. (bnc#718971)

- pointless forward moving of a table. (bnc#706138)

- tabs set after the end margin in DOCX import.
(bnc#693238)

- add hyperlinks by default in Table of Contents (bnc#705956) Calc :

- pie charts colors messed in XLS import (fdo#40320)

- correctly import data point formats in data series (fdo#40320) Components :

- crash when parsing XML signatures (fdo#39657)

- broken getDataArray (fdo#46165, fdo#38441, i#117010)

- don't paint a frame around the list of edit boxes (fdo#42543)

- inconsistent compression method for encrypted documents.
(bnc#653688)

- allow pasting to multiple ranges. (bnc#715094)

- correctly convert chart data ranges. (bnc#727504)

- definedName corruption for XLSX export. (bnc#741182)

- adjust/shrink the ranges while copying. (bnc#677811)

- extra graph data is displayed for label. (bnc#717290)

- getCellRangeByName failure for named range. (bnc#738113)

- graph in XLS file has dates displayed wrong.
(bnc#720443)

- improve performance of large Excel documents.
(bnc#715104)

- display page background color/image properly.
(bnc#722045)

- pivot table output becoming empty on re-save.
(bnc#715543)

- encode virtual paths to local volume correctly.
(bnc#719887)

- avoid adjusting cell-anchored objects on other sheets.
(bnc#726152)

- make sure to adjust the sheet index of drawing objects.
(bnc#733864)

- make the data validation popup more reliable (fdo #36851, bnc#737190) Impress :

- do not create an empty slide when printing handouts (fdo#31966)

- undo corruption. (bnc#685123)

- do not set duplicate master slide names (bnc#735533) Libraries :

- default shortcut for .uno:SearchDialog should be Ctrl+H

- crash using instances dialog of dataform navigator (fdo#44816)

- disable problematic reading of external entities in raptor

- correctly calculate leap year

- use proper Indian Rupee currency symbol U+20B9 (rh#794679)

- handle copy and paste from ConsoleOne. (bnc#704274)

- VBA control events not working, broken eventattacher.
(bnc#718227)

- 'General Error' when double-click graphic in presentation. (bnc#720948)

- upgrade graphite to 1.0.3 fix surrogate support

- crash at exit. (bnc#728603)

- radial gradient offset. (bnc#714787)

- horizontal scrollbars with KDE oxygen style.
(bnc#722918)

- rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess :

- make the 3D transitions work again (bnc#728559) URE :

- make Duden Korrektor 5 and 6 work General :

- add compat symlinks for the old main desktop icon.
(bnc#724087)

- Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461)

- do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681)

- desktop-submenu.diff: display LO application in the right desktop submenu. (bnc#718694)

- bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper. (bnc#719656)

- svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx

Solution

Apply ZYPP patch number 8022.

See Also

http://support.novell.com/security/cve/CVE-2011-4599.html

http://support.novell.com/security/cve/CVE-2012-0037.html

http://support.novell.com/security/cve/CVE-2012-1149.html

Plugin Details

Severity: High

ID: 58577

File Name: suse_libreoffice-345-8022.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2012/04/03

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2012/03/16

Vulnerability Publication Date: 2012/06/16

Reference Information

CVE: CVE-2011-4599, CVE-2012-0037, CVE-2012-1149