SUSE-SU-2016:0324-1: moderate: Recommended update for LibreOffice

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Feb 3 09:11:18 MST 2016


   SUSE Security Update: Recommended update for LibreOffice
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:0324-1
Rating:             moderate
References:         #306333 #547549 #668145 #679938 #681560 #688200 
                    #718113 #806250 #857026 #889755 #890735 #907636 
                    #907966 #910805 #910806 #914911 #934423 #936188 
                    #936190 #939996 #940838 #943075 #945047 #945692 
                    #951579 #954345 
Cross-References:   CVE-2014-8146 CVE-2014-8147 CVE-2014-9093
                    CVE-2015-4551 CVE-2015-5212 CVE-2015-5213
                    CVE-2015-5214
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Desktop 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has 19 fixes is
   now available.

Description:


   This update brings LibreOffice to version 5.0.4, a major version update.

   It brings lots of new features, bug fixes and also security fixes.

   Features as seen on http://www.libreoffice.org/discover/new-features/

   * LibreOffice 5.0 ships an impressive number of new features for its
     spreadsheet module, Calc: complex formulae image cropping, new
     functions, more powerful conditional formatting, table addressing and
     much more. Calc's blend of performance and features makes it an
     enterprise-ready, heavy duty spreadsheet application capable of handling
     all kinds of workload for an impressive range of use cases
   * New icons, major improvements to menus and sidebar : no other
     LibreOffice version has looked that good and helped you be creative and
     get things done the right way. In addition, style management is now more
     intuitive thanks to the visualization of styles right in the interface.
   * LibreOffice 5 ships with numerous improvements to document import and
     export filters for MS Office, PDF, RTF, and more. You can now timestamp
     PDF documents generated with LibreOffice and enjoy enhanced document
     conversion fidelity all around.

   The Pentaho Flow Reporting Engine is now added and used.

   Security issues fixed:

   * CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in
     the Unicode Bidirectional Algorithm implementation in ICU4C in
     International Components for Unicode (ICU) before 55.1 did not properly
     track directionally isolated pieces of text, which allowed remote
     attackers to cause a denial of service (heap-based buffer overflow)
     or possibly execute arbitrary code via crafted text.
   * CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in
     the Unicode Bidirectional Algorithm implementation in ICU4C in
     International Components for Unicode (ICU) before 55.1 used an integer
     data type that is inconsistent with a header file, which allowed remote
     attackers to cause a denial of service (incorrect malloc followed by
     invalid free) or possibly execute arbitrary code via crafted text.
   * CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice
     and Openoffice Calc and Writer was fixed.
   * CVE-2015-5212: A LibreOffice "PrinterSetup Length" integer underflow
     vulnerability could be used by attackers supplying documents to execute
     code as the user opening the document.
   * CVE-2015-5213: A LibreOffice "Piece Table Counter" invalid check design
     error vulnerability allowed attackers supplying documents to execute
     code as the user opening the document.
   * CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory
     Corruption Vulnerability allowed attackers supplying documents to
     execute code as the user opening the document.


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-libreoffice-504-1174=1

   - SUSE Linux Enterprise Desktop 11-SP4:

      zypper in -t patch sledsp4-libreoffice-504-1174=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-libreoffice-504-1174=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):

      hyphen-devel-2.8.8-2.1
      libhyphen0-2.8.8-2.1
      libmythes-1_2-0-1.2.4-2.1
      libreoffice-5.0.4.2-23.1
      libreoffice-base-5.0.4.2-23.1
      libreoffice-base-drivers-postgresql-5.0.4.2-23.1
      libreoffice-branding-upstream-5.0.4.2-23.1
      libreoffice-calc-5.0.4.2-23.1
      libreoffice-calc-extensions-5.0.4.2-23.1
      libreoffice-draw-5.0.4.2-23.1
      libreoffice-filters-optional-5.0.4.2-23.1
      libreoffice-gnome-5.0.4.2-23.1
      libreoffice-icon-theme-galaxy-5.0.4.2-23.1
      libreoffice-icon-theme-tango-5.0.4.2-23.1
      libreoffice-impress-5.0.4.2-23.1
      libreoffice-kde4-5.0.4.2-23.1
      libreoffice-l10n-af-5.0.4.2-23.1
      libreoffice-l10n-ar-5.0.4.2-23.1
      libreoffice-l10n-ca-5.0.4.2-23.1
      libreoffice-l10n-cs-5.0.4.2-23.1
      libreoffice-l10n-da-5.0.4.2-23.1
      libreoffice-l10n-de-5.0.4.2-23.1
      libreoffice-l10n-en-5.0.4.2-23.1
      libreoffice-l10n-es-5.0.4.2-23.1
      libreoffice-l10n-fi-5.0.4.2-23.1
      libreoffice-l10n-fr-5.0.4.2-23.1
      libreoffice-l10n-gu-5.0.4.2-23.1
      libreoffice-l10n-hi-5.0.4.2-23.1
      libreoffice-l10n-hu-5.0.4.2-23.1
      libreoffice-l10n-it-5.0.4.2-23.1
      libreoffice-l10n-ja-5.0.4.2-23.1
      libreoffice-l10n-ko-5.0.4.2-23.1
      libreoffice-l10n-nb-5.0.4.2-23.1
      libreoffice-l10n-nl-5.0.4.2-23.1
      libreoffice-l10n-nn-5.0.4.2-23.1
      libreoffice-l10n-pl-5.0.4.2-23.1
      libreoffice-l10n-pt-BR-5.0.4.2-23.1
      libreoffice-l10n-pt-PT-5.0.4.2-23.1
      libreoffice-l10n-ru-5.0.4.2-23.1
      libreoffice-l10n-sk-5.0.4.2-23.1
      libreoffice-l10n-sv-5.0.4.2-23.1
      libreoffice-l10n-xh-5.0.4.2-23.1
      libreoffice-l10n-zh-Hans-5.0.4.2-23.1
      libreoffice-l10n-zh-Hant-5.0.4.2-23.1
      libreoffice-l10n-zu-5.0.4.2-23.1
      libreoffice-mailmerge-5.0.4.2-23.1
      libreoffice-math-5.0.4.2-23.1
      libreoffice-officebean-5.0.4.2-23.1
      libreoffice-pyuno-5.0.4.2-23.1
      libreoffice-sdk-5.0.4.2-23.1
      libreoffice-voikko-4.1-2.26
      libreoffice-writer-5.0.4.2-23.1
      libreoffice-writer-extensions-5.0.4.2-23.1
      libvoikko-devel-3.7.1-5.2
      libvoikko1-3.7.1-5.2
      myspell-af_NA-20150827-23.1
      myspell-af_ZA-20150827-23.1
      myspell-ar-20150827-23.1
      myspell-ar_AE-20150827-23.1
      myspell-ar_BH-20150827-23.1
      myspell-ar_DZ-20150827-23.1
      myspell-ar_EG-20150827-23.1
      myspell-ar_IQ-20150827-23.1
      myspell-ar_JO-20150827-23.1
      myspell-ar_KW-20150827-23.1
      myspell-ar_LB-20150827-23.1
      myspell-ar_LY-20150827-23.1
      myspell-ar_MA-20150827-23.1
      myspell-ar_OM-20150827-23.1
      myspell-ar_QA-20150827-23.1
      myspell-ar_SA-20150827-23.1
      myspell-ar_SD-20150827-23.1
      myspell-ar_SY-20150827-23.1
      myspell-ar_TN-20150827-23.1
      myspell-ar_YE-20150827-23.1
      myspell-be_BY-20150827-23.1
      myspell-bg_BG-20150827-23.1
      myspell-bn_BD-20150827-23.1
      myspell-bn_IN-20150827-23.1
      myspell-bs-20150827-23.1
      myspell-bs_BA-20150827-23.1
      myspell-ca-20150827-23.1
      myspell-ca_AD-20150827-23.1
      myspell-ca_ES-20150827-23.1
      myspell-ca_ES_valencia-20150827-23.1
      myspell-ca_FR-20150827-23.1
      myspell-ca_IT-20150827-23.1
      myspell-cs_CZ-20150827-23.1
      myspell-da_DK-20150827-23.1
      myspell-de-20150827-23.1
      myspell-de_AT-20150827-23.1
      myspell-de_CH-20150827-23.1
      myspell-de_DE-20150827-23.1
      myspell-dictionaries-20150827-23.1
      myspell-el_GR-20150827-23.1
      myspell-en-20150827-23.1
      myspell-en_AU-20150827-23.1
      myspell-en_BS-20150827-23.1
      myspell-en_BZ-20150827-23.1
      myspell-en_CA-20150827-23.1
      myspell-en_GB-20150827-23.1
      myspell-en_GH-20150827-23.1
      myspell-en_IE-20150827-23.1
      myspell-en_IN-20150827-23.1
      myspell-en_JM-20150827-23.1
      myspell-en_MW-20150827-23.1
      myspell-en_NA-20150827-23.1
      myspell-en_NZ-20150827-23.1
      myspell-en_PH-20150827-23.1
      myspell-en_TT-20150827-23.1
      myspell-en_US-20150827-23.1
      myspell-en_ZA-20150827-23.1
      myspell-en_ZW-20150827-23.1
      myspell-es-20150827-23.1
      myspell-es_AR-20150827-23.1
      myspell-es_BO-20150827-23.1
      myspell-es_CL-20150827-23.1
      myspell-es_CO-20150827-23.1
      myspell-es_CR-20150827-23.1
      myspell-es_CU-20150827-23.1
      myspell-es_DO-20150827-23.1
      myspell-es_EC-20150827-23.1
      myspell-es_ES-20150827-23.1
      myspell-es_GT-20150827-23.1
      myspell-es_HN-20150827-23.1
      myspell-es_MX-20150827-23.1
      myspell-es_NI-20150827-23.1
      myspell-es_PA-20150827-23.1
      myspell-es_PE-20150827-23.1
      myspell-es_PR-20150827-23.1
      myspell-es_PY-20150827-23.1
      myspell-es_SV-20150827-23.1
      myspell-es_UY-20150827-23.1
      myspell-es_VE-20150827-23.1
      myspell-et_EE-20150827-23.1
      myspell-fr_BE-20150827-23.1
      myspell-fr_CA-20150827-23.1
      myspell-fr_CH-20150827-23.1
      myspell-fr_FR-20150827-23.1
      myspell-fr_LU-20150827-23.1
      myspell-fr_MC-20150827-23.1
      myspell-gu_IN-20150827-23.1
      myspell-he_IL-20150827-23.1
      myspell-hi_IN-20150827-23.1
      myspell-hr_HR-20150827-23.1
      myspell-hu_HU-20150827-23.1
      myspell-it_IT-20150827-23.1
      myspell-lightproof-en-20150827-23.1
      myspell-lightproof-hu_HU-20150827-23.1
      myspell-lightproof-pt_BR-20150827-23.1
      myspell-lightproof-ru_RU-20150827-23.1
      myspell-lo_LA-20150827-23.1
      myspell-lt_LT-20150827-23.1
      myspell-lv_LV-20150827-23.1
      myspell-nb_NO-20150827-23.1
      myspell-nl_BE-20150827-23.1
      myspell-nl_NL-20150827-23.1
      myspell-nn_NO-20150827-23.1
      myspell-no-20150827-23.1
      myspell-pl_PL-20150827-23.1
      myspell-pt_AO-20150827-23.1
      myspell-pt_BR-20150827-23.1
      myspell-pt_PT-20150827-23.1
      myspell-ro-20150827-23.1
      myspell-ro_RO-20150827-23.1
      myspell-ru_RU-20150827-23.1
      myspell-sk_SK-20150827-23.1
      myspell-sl_SI-20150827-23.1
      myspell-sr-20150827-23.1
      myspell-sr_CS-20150827-23.1
      myspell-sr_Latn_CS-20150827-23.1
      myspell-sr_Latn_RS-20150827-23.1
      myspell-sr_RS-20150827-23.1
      myspell-sv_FI-20150827-23.1
      myspell-sv_SE-20150827-23.1
      myspell-te-20150827-23.1
      myspell-te_IN-20150827-23.1
      myspell-th_TH-20150827-23.1
      myspell-vi-20150827-23.1
      myspell-vi_VN-20150827-23.1
      myspell-zu_ZA-20150827-23.1
      mythes-devel-1.2.4-2.1
      python-importlib-1.0.2-0.8.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      google-carlito-fonts-1.1.03.beta1-2.1
      libreoffice-share-linker-1-2.1

   - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):

      libhyphen0-2.8.8-2.1
      libmythes-1_2-0-1.2.4-2.1
      libreoffice-5.0.4.2-23.1
      libreoffice-base-5.0.4.2-23.1
      libreoffice-base-drivers-postgresql-5.0.4.2-23.1
      libreoffice-calc-5.0.4.2-23.1
      libreoffice-calc-extensions-5.0.4.2-23.1
      libreoffice-draw-5.0.4.2-23.1
      libreoffice-filters-optional-5.0.4.2-23.1
      libreoffice-gnome-5.0.4.2-23.1
      libreoffice-icon-theme-galaxy-5.0.4.2-23.1
      libreoffice-icon-theme-tango-5.0.4.2-23.1
      libreoffice-impress-5.0.4.2-23.1
      libreoffice-kde4-5.0.4.2-23.1
      libreoffice-l10n-af-5.0.4.2-23.1
      libreoffice-l10n-ar-5.0.4.2-23.1
      libreoffice-l10n-ca-5.0.4.2-23.1
      libreoffice-l10n-cs-5.0.4.2-23.1
      libreoffice-l10n-da-5.0.4.2-23.1
      libreoffice-l10n-de-5.0.4.2-23.1
      libreoffice-l10n-en-5.0.4.2-23.1
      libreoffice-l10n-es-5.0.4.2-23.1
      libreoffice-l10n-fi-5.0.4.2-23.1
      libreoffice-l10n-fr-5.0.4.2-23.1
      libreoffice-l10n-gu-5.0.4.2-23.1
      libreoffice-l10n-hi-5.0.4.2-23.1
      libreoffice-l10n-hu-5.0.4.2-23.1
      libreoffice-l10n-it-5.0.4.2-23.1
      libreoffice-l10n-ja-5.0.4.2-23.1
      libreoffice-l10n-ko-5.0.4.2-23.1
      libreoffice-l10n-nb-5.0.4.2-23.1
      libreoffice-l10n-nl-5.0.4.2-23.1
      libreoffice-l10n-nn-5.0.4.2-23.1
      libreoffice-l10n-pl-5.0.4.2-23.1
      libreoffice-l10n-pt-BR-5.0.4.2-23.1
      libreoffice-l10n-pt-PT-5.0.4.2-23.1
      libreoffice-l10n-ru-5.0.4.2-23.1
      libreoffice-l10n-sk-5.0.4.2-23.1
      libreoffice-l10n-sv-5.0.4.2-23.1
      libreoffice-l10n-xh-5.0.4.2-23.1
      libreoffice-l10n-zh-Hans-5.0.4.2-23.1
      libreoffice-l10n-zh-Hant-5.0.4.2-23.1
      libreoffice-l10n-zu-5.0.4.2-23.1
      libreoffice-mailmerge-5.0.4.2-23.1
      libreoffice-math-5.0.4.2-23.1
      libreoffice-officebean-5.0.4.2-23.1
      libreoffice-pyuno-5.0.4.2-23.1
      libreoffice-sdk-5.0.4.2-23.1
      libreoffice-voikko-4.1-2.26
      libreoffice-writer-5.0.4.2-23.1
      libreoffice-writer-extensions-5.0.4.2-23.1
      libvoikko1-3.7.1-5.2
      myspell-af_NA-20150827-23.1
      myspell-af_ZA-20150827-23.1
      myspell-ar-20150827-23.1
      myspell-ar_AE-20150827-23.1
      myspell-ar_BH-20150827-23.1
      myspell-ar_DZ-20150827-23.1
      myspell-ar_EG-20150827-23.1
      myspell-ar_IQ-20150827-23.1
      myspell-ar_JO-20150827-23.1
      myspell-ar_KW-20150827-23.1
      myspell-ar_LB-20150827-23.1
      myspell-ar_LY-20150827-23.1
      myspell-ar_MA-20150827-23.1
      myspell-ar_OM-20150827-23.1
      myspell-ar_QA-20150827-23.1
      myspell-ar_SA-20150827-23.1
      myspell-ar_SD-20150827-23.1
      myspell-ar_SY-20150827-23.1
      myspell-ar_TN-20150827-23.1
      myspell-ar_YE-20150827-23.1
      myspell-be_BY-20150827-23.1
      myspell-bg_BG-20150827-23.1
      myspell-bn_BD-20150827-23.1
      myspell-bn_IN-20150827-23.1
      myspell-bs-20150827-23.1
      myspell-bs_BA-20150827-23.1
      myspell-ca-20150827-23.1
      myspell-ca_AD-20150827-23.1
      myspell-ca_ES-20150827-23.1
      myspell-ca_ES_valencia-20150827-23.1
      myspell-ca_FR-20150827-23.1
      myspell-ca_IT-20150827-23.1
      myspell-cs_CZ-20150827-23.1
      myspell-da_DK-20150827-23.1
      myspell-de-20150827-23.1
      myspell-de_AT-20150827-23.1
      myspell-de_CH-20150827-23.1
      myspell-de_DE-20150827-23.1
      myspell-dictionaries-20150827-23.1
      myspell-el_GR-20150827-23.1
      myspell-en-20150827-23.1
      myspell-en_AU-20150827-23.1
      myspell-en_BS-20150827-23.1
      myspell-en_BZ-20150827-23.1
      myspell-en_CA-20150827-23.1
      myspell-en_GB-20150827-23.1
      myspell-en_GH-20150827-23.1
      myspell-en_IE-20150827-23.1
      myspell-en_IN-20150827-23.1
      myspell-en_JM-20150827-23.1
      myspell-en_MW-20150827-23.1
      myspell-en_NA-20150827-23.1
      myspell-en_NZ-20150827-23.1
      myspell-en_PH-20150827-23.1
      myspell-en_TT-20150827-23.1
      myspell-en_US-20150827-23.1
      myspell-en_ZA-20150827-23.1
      myspell-en_ZW-20150827-23.1
      myspell-es-20150827-23.1
      myspell-es_AR-20150827-23.1
      myspell-es_BO-20150827-23.1
      myspell-es_CL-20150827-23.1
      myspell-es_CO-20150827-23.1
      myspell-es_CR-20150827-23.1
      myspell-es_CU-20150827-23.1
      myspell-es_DO-20150827-23.1
      myspell-es_EC-20150827-23.1
      myspell-es_ES-20150827-23.1
      myspell-es_GT-20150827-23.1
      myspell-es_HN-20150827-23.1
      myspell-es_MX-20150827-23.1
      myspell-es_NI-20150827-23.1
      myspell-es_PA-20150827-23.1
      myspell-es_PE-20150827-23.1
      myspell-es_PR-20150827-23.1
      myspell-es_PY-20150827-23.1
      myspell-es_SV-20150827-23.1
      myspell-es_UY-20150827-23.1
      myspell-es_VE-20150827-23.1
      myspell-et_EE-20150827-23.1
      myspell-fr_BE-20150827-23.1
      myspell-fr_CA-20150827-23.1
      myspell-fr_CH-20150827-23.1
      myspell-fr_FR-20150827-23.1
      myspell-fr_LU-20150827-23.1
      myspell-fr_MC-20150827-23.1
      myspell-gu_IN-20150827-23.1
      myspell-he_IL-20150827-23.1
      myspell-hi_IN-20150827-23.1
      myspell-hr_HR-20150827-23.1
      myspell-hu_HU-20150827-23.1
      myspell-it_IT-20150827-23.1
      myspell-lightproof-en-20150827-23.1
      myspell-lightproof-hu_HU-20150827-23.1
      myspell-lightproof-pt_BR-20150827-23.1
      myspell-lightproof-ru_RU-20150827-23.1
      myspell-lo_LA-20150827-23.1
      myspell-lt_LT-20150827-23.1
      myspell-lv_LV-20150827-23.1
      myspell-nb_NO-20150827-23.1
      myspell-nl_BE-20150827-23.1
      myspell-nl_NL-20150827-23.1
      myspell-nn_NO-20150827-23.1
      myspell-no-20150827-23.1
      myspell-pl_PL-20150827-23.1
      myspell-pt_AO-20150827-23.1
      myspell-pt_BR-20150827-23.1
      myspell-pt_PT-20150827-23.1
      myspell-ro-20150827-23.1
      myspell-ro_RO-20150827-23.1
      myspell-ru_RU-20150827-23.1
      myspell-sk_SK-20150827-23.1
      myspell-sl_SI-20150827-23.1
      myspell-sr-20150827-23.1
      myspell-sr_CS-20150827-23.1
      myspell-sr_Latn_CS-20150827-23.1
      myspell-sr_Latn_RS-20150827-23.1
      myspell-sr_RS-20150827-23.1
      myspell-sv_FI-20150827-23.1
      myspell-sv_SE-20150827-23.1
      myspell-te-20150827-23.1
      myspell-te_IN-20150827-23.1
      myspell-th_TH-20150827-23.1
      myspell-vi-20150827-23.1
      myspell-vi_VN-20150827-23.1
      myspell-zu_ZA-20150827-23.1
      python-importlib-1.0.2-0.8.1

   - SUSE Linux Enterprise Desktop 11-SP4 (noarch):

      google-carlito-fonts-1.1.03.beta1-2.1
      libreoffice-share-linker-1-2.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      hyphen-debuginfo-2.8.8-2.1
      hyphen-debugsource-2.8.8-2.1
      libreoffice-debuginfo-5.0.4.2-23.1
      libvoikko-debuginfo-3.7.1-5.2
      libvoikko-debugsource-3.7.1-5.2
      mythes-debuginfo-1.2.4-2.1
      mythes-debugsource-1.2.4-2.1


References:

   https://www.suse.com/security/cve/CVE-2014-8146.html
   https://www.suse.com/security/cve/CVE-2014-8147.html
   https://www.suse.com/security/cve/CVE-2014-9093.html
   https://www.suse.com/security/cve/CVE-2015-4551.html
   https://www.suse.com/security/cve/CVE-2015-5212.html
   https://www.suse.com/security/cve/CVE-2015-5213.html
   https://www.suse.com/security/cve/CVE-2015-5214.html
   https://bugzilla.suse.com/306333
   https://bugzilla.suse.com/547549
   https://bugzilla.suse.com/668145
   https://bugzilla.suse.com/679938
   https://bugzilla.suse.com/681560
   https://bugzilla.suse.com/688200
   https://bugzilla.suse.com/718113
   https://bugzilla.suse.com/806250
   https://bugzilla.suse.com/857026
   https://bugzilla.suse.com/889755
   https://bugzilla.suse.com/890735
   https://bugzilla.suse.com/907636
   https://bugzilla.suse.com/907966
   https://bugzilla.suse.com/910805
   https://bugzilla.suse.com/910806
   https://bugzilla.suse.com/914911
   https://bugzilla.suse.com/934423
   https://bugzilla.suse.com/936188
   https://bugzilla.suse.com/936190
   https://bugzilla.suse.com/939996
   https://bugzilla.suse.com/940838
   https://bugzilla.suse.com/943075
   https://bugzilla.suse.com/945047
   https://bugzilla.suse.com/945692
   https://bugzilla.suse.com/951579
   https://bugzilla.suse.com/954345



More information about the sle-security-updates mailing list