SuSE 11.1 Security Update : LibreOffice (SAT Patch Number 6003)

High Nessus Plugin ID 58721

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The update fixes the following security issues :

- 740453: Vulnerability in RDF handling. (CVE-2012-0037)

- 752595: overflow in jpeg handling (CVE-2012-1149) This update also fixes the following non-security issues :

Extras :

- add SUSE color palette (fate#312645) Filters :

- crash when loading embedded elements. (bnc#693238)

- crash when importing an empty paragraph (rh#667082)

- more on bentConnectors. (bnc#736495)

- wrong text color in smartArt. (bnc#746996)

- reading of w:textbox contents. (bnc#693388)

- textbox position and size DOCX import (fdo#45560)

- RTF/DOCX import of transparent frames. (bnc#695479)

- consecutive frames in RTF/DOCX import. (bnc#703032)

- handling of frame properties in RTF import. (bnc#417818)

- force imported XLSX active tab to be shown. (bnc#748198)

- create TableManager for inside shapes. (bnc#747471, bnc#693238)

- textboxes import with OLE objects inside. (bnc#747471, bnc#693238)

- table style. (bnc#705991)

- text rotation fixes. (bnc#734734)

- crash in PPTX import. (bnc#706792)

- read w:sdt* contents. (bnc#705949)

- connector shape fixes. (bnc#719989)

- legacy fragment import. (bnc#699334)

- non-working Excel macros. (bnc#705977)

- free drawn curves import. (bnc#657909)

- group shape transformations. (bnc#621739)

- extLst of drawings in diagrams import. (bnc#655408)

- flip properties of custom shapes import. (bnc#705985)

- line spacing is used from previous values. (bnc#734734)

- missing ooxml customshape->mso shape name entries.
(bnc#737921)

- word doesn't break the numberings and prefers hiding them (bnc#707157) Base :

- iterator misuse (fdo #44040, bnc#742178) Writer :

- do not use an invalidated iterator (fdo#46337)

- field refreshing (fdo#39694)

- more layout crashers (i#101776, fdo#39510)

- textbox borders style and width in DOCX import (fdo#45560)

- expand all text fields when setting properties (fdo#42073)

- version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)

- SmartArt import

- custom shapes import

- Oracle Java 1.7.0 detection

- reading AES-encrypted ODF 1.2 documents as generated by LO 3.5

- frame selection. (bnc#740117)

- crash when editing index. (bnc#726174)

- order database properties. (bnc#740032)

- numbering levels in DOC import. (bnc#715115)

- image size issue in DOC import. (bnc#718971)

- pointless forward moving of a table. (bnc#706138)

- tabs set after the end margin in DOCX import.
(bnc#693238)

- add hyperlinks by default in Table of Contents (bnc#705956) Calc :

- pie charts colors messed in XLS import (fdo#40320)

- correctly import data point formats in data series (fdo#40320) Components :

- crash when parsing XML signatures (fdo#39657)

- broken getDataArray (fdo#46165, fdo#38441, i#117010)

- don't paint a frame around the list of edit boxes (fdo#42543)

- inconsistent compression method for encrypted documents.
(bnc#653688)

- allow pasting to multiple ranges. (bnc#715094)

- correctly convert chart data ranges. (bnc#727504)

- definedName corruption for XLSX export. (bnc#741182)

- adjust/shrink the ranges while copying. (bnc#677811)

- extra graph data is displayed for label. (bnc#717290)

- getCellRangeByName failure for named range. (bnc#738113)

- graph in XLS file has dates displayed wrong.
(bnc#720443)

- improve performance of large Excel documents.
(bnc#715104)

- display page background color/image properly.
(bnc#722045)

- pivot table output becoming empty on re-save.
(bnc#715543)

- encode virtual paths to local volume correctly.
(bnc#719887)

- avoid adjusting cell-anchored objects on other sheets.
(bnc#726152)

- make sure to adjust the sheet index of drawing objects.
(bnc#733864)

- make the data validation popup more reliable (fdo #36851, bnc#737190) Impress :

- do not create an empty slide when printing handouts (fdo#31966)

- undo corruption. (bnc#685123)

- do not set duplicate master slide names (bnc#735533) Libraries :

- default shortcut for .uno:SearchDialog should be Ctrl+H

- crash using instances dialog of dataform navigator (fdo#44816)

- disable problematic reading of external entities in raptor

- correctly calculate leap year

- use proper Indian Rupee currency symbol U+20B9 (rh#794679)

- handle copy and paste from ConsoleOne. (bnc#704274)

- VBA control events not working, broken eventattacher.
(bnc#718227)

- 'General Error' when double-click graphic in presentation. (bnc#720948)

- upgrade graphite to 1.0.3 fix surrogate support

- crash at exit. (bnc#728603)

- radial gradient offset. (bnc#714787)

- horizontal scrollbars with KDE oxygen style.
(bnc#722918)

- rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess :

- make the 3D transitions work again (bnc#728559) URE :

- make Duden Korrektor 5 and 6 work General :

- add compat symlinks for the old main desktop icon.
(bnc#724087)

- Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461)

- do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681)

- desktop-submenu.diff: display LO application in the right desktop submenu. (bnc#718694)

- bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper. (bnc#719656)

- svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx

- Update gdocs extension to version 3.0.0; needed to make it working with the current Google Docs interface

Solution

Apply SAT patch number 6003.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=417818

https://bugzilla.novell.com/show_bug.cgi?id=621739

https://bugzilla.novell.com/show_bug.cgi?id=653688

https://bugzilla.novell.com/show_bug.cgi?id=655408

https://bugzilla.novell.com/show_bug.cgi?id=657909

https://bugzilla.novell.com/show_bug.cgi?id=677811

https://bugzilla.novell.com/show_bug.cgi?id=685123

https://bugzilla.novell.com/show_bug.cgi?id=693238

https://bugzilla.novell.com/show_bug.cgi?id=693388

https://bugzilla.novell.com/show_bug.cgi?id=695479

https://bugzilla.novell.com/show_bug.cgi?id=699334

https://bugzilla.novell.com/show_bug.cgi?id=703032

https://bugzilla.novell.com/show_bug.cgi?id=704274

https://bugzilla.novell.com/show_bug.cgi?id=705949

https://bugzilla.novell.com/show_bug.cgi?id=705956

https://bugzilla.novell.com/show_bug.cgi?id=705977

https://bugzilla.novell.com/show_bug.cgi?id=705985

https://bugzilla.novell.com/show_bug.cgi?id=705991

https://bugzilla.novell.com/show_bug.cgi?id=706138

https://bugzilla.novell.com/show_bug.cgi?id=706792

https://bugzilla.novell.com/show_bug.cgi?id=707157

https://bugzilla.novell.com/show_bug.cgi?id=714787

https://bugzilla.novell.com/show_bug.cgi?id=715094

https://bugzilla.novell.com/show_bug.cgi?id=715104

https://bugzilla.novell.com/show_bug.cgi?id=715115

https://bugzilla.novell.com/show_bug.cgi?id=715543

https://bugzilla.novell.com/show_bug.cgi?id=717290

https://bugzilla.novell.com/show_bug.cgi?id=718227

https://bugzilla.novell.com/show_bug.cgi?id=718971

https://bugzilla.novell.com/show_bug.cgi?id=719887

https://bugzilla.novell.com/show_bug.cgi?id=719989

https://bugzilla.novell.com/show_bug.cgi?id=720443

https://bugzilla.novell.com/show_bug.cgi?id=720948

https://bugzilla.novell.com/show_bug.cgi?id=722045

https://bugzilla.novell.com/show_bug.cgi?id=722644

https://bugzilla.novell.com/show_bug.cgi?id=722918

https://bugzilla.novell.com/show_bug.cgi?id=726152

https://bugzilla.novell.com/show_bug.cgi?id=726174

https://bugzilla.novell.com/show_bug.cgi?id=727504

https://bugzilla.novell.com/show_bug.cgi?id=728559

https://bugzilla.novell.com/show_bug.cgi?id=728603

https://bugzilla.novell.com/show_bug.cgi?id=733864

https://bugzilla.novell.com/show_bug.cgi?id=734734

https://bugzilla.novell.com/show_bug.cgi?id=735533

https://bugzilla.novell.com/show_bug.cgi?id=736495

https://bugzilla.novell.com/show_bug.cgi?id=737190

https://bugzilla.novell.com/show_bug.cgi?id=737921

https://bugzilla.novell.com/show_bug.cgi?id=738113

https://bugzilla.novell.com/show_bug.cgi?id=740032

https://bugzilla.novell.com/show_bug.cgi?id=740117

https://bugzilla.novell.com/show_bug.cgi?id=740453

https://bugzilla.novell.com/show_bug.cgi?id=741182

https://bugzilla.novell.com/show_bug.cgi?id=742178

https://bugzilla.novell.com/show_bug.cgi?id=746996

https://bugzilla.novell.com/show_bug.cgi?id=747471

https://bugzilla.novell.com/show_bug.cgi?id=748198

https://bugzilla.novell.com/show_bug.cgi?id=748548

http://support.novell.com/security/cve/CVE-2012-0037.html

http://support.novell.com/security/cve/CVE-2012-1149.html

Plugin Details

Severity: High

ID: 58721

File Name: suse_11_libreoffice-345-120316.nasl

Version: Revision: 1.3

Type: local

Agent: unix

Published: 2012/04/12

Updated: 2013/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libreoffice, p-cpe:/a:novell:suse_linux:11:libreoffice-base, p-cpe:/a:novell:suse_linux:11:libreoffice-base-drivers-postgresql, p-cpe:/a:novell:suse_linux:11:libreoffice-base-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-calc, p-cpe:/a:novell:suse_linux:11:libreoffice-calc-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-draw, p-cpe:/a:novell:suse_linux:11:libreoffice-draw-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-filters-optional, p-cpe:/a:novell:suse_linux:11:libreoffice-gnome, p-cpe:/a:novell:suse_linux:11:libreoffice-help-cs, p-cpe:/a:novell:suse_linux:11:libreoffice-help-da, p-cpe:/a:novell:suse_linux:11:libreoffice-help-de, p-cpe:/a:novell:suse_linux:11:libreoffice-help-en-GB, p-cpe:/a:novell:suse_linux:11:libreoffice-help-en-US, p-cpe:/a:novell:suse_linux:11:libreoffice-help-es, p-cpe:/a:novell:suse_linux:11:libreoffice-help-fr, p-cpe:/a:novell:suse_linux:11:libreoffice-help-gu-IN, p-cpe:/a:novell:suse_linux:11:libreoffice-help-hi-IN, p-cpe:/a:novell:suse_linux:11:libreoffice-help-hu, p-cpe:/a:novell:suse_linux:11:libreoffice-help-it, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ja, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ko, p-cpe:/a:novell:suse_linux:11:libreoffice-help-nl, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pl, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pt, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pt-BR, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ru, p-cpe:/a:novell:suse_linux:11:libreoffice-help-sv, p-cpe:/a:novell:suse_linux:11:libreoffice-help-zh-CN, p-cpe:/a:novell:suse_linux:11:libreoffice-help-zh-TW, p-cpe:/a:novell:suse_linux:11:libreoffice-icon-themes, p-cpe:/a:novell:suse_linux:11:libreoffice-impress, p-cpe:/a:novell:suse_linux:11:libreoffice-impress-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-kde, p-cpe:/a:novell:suse_linux:11:libreoffice-kde4, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-af, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ar, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ca, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-cs, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-da, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-de, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-en-GB, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-es, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-fi, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-fr, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-gu-IN, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-hi-IN, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-hu, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-it, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ja, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ko, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nb, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nl, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nn, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pl, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pt, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pt-BR, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ru, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-sk, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-sv, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-xh, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zh-CN, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zh-TW, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zu, p-cpe:/a:novell:suse_linux:11:libreoffice-mailmerge, p-cpe:/a:novell:suse_linux:11:libreoffice-math, p-cpe:/a:novell:suse_linux:11:libreoffice-mono, p-cpe:/a:novell:suse_linux:11:libreoffice-officebean, p-cpe:/a:novell:suse_linux:11:libreoffice-pyuno, p-cpe:/a:novell:suse_linux:11:libreoffice-writer, p-cpe:/a:novell:suse_linux:11:libreoffice-writer-extensions, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2012/03/16

Reference Information

CVE: CVE-2012-0037, CVE-2012-1149