SUSE-SU-2016:0324-1: moderate: Recommended update for LibreOffice
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Feb 3 09:11:18 MST 2016
SUSE Security Update: Recommended update for LibreOffice
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:0324-1
Rating: moderate
References: #306333 #547549 #668145 #679938 #681560 #688200
#718113 #806250 #857026 #889755 #890735 #907636
#907966 #910805 #910806 #914911 #934423 #936188
#936190 #939996 #940838 #943075 #945047 #945692
#951579 #954345
Cross-References: CVE-2014-8146 CVE-2014-8147 CVE-2014-9093
CVE-2015-4551 CVE-2015-5212 CVE-2015-5213
CVE-2015-5214
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Desktop 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 19 fixes is
now available.
Description:
This update brings LibreOffice to version 5.0.4, a major version update.
It brings lots of new features, bug fixes and also security fixes.
Features as seen on http://www.libreoffice.org/discover/new-features/
* LibreOffice 5.0 ships an impressive number of new features for its
spreadsheet module, Calc: complex formulae image cropping, new
functions, more powerful conditional formatting, table addressing and
much more. Calc's blend of performance and features makes it an
enterprise-ready, heavy duty spreadsheet application capable of handling
all kinds of workload for an impressive range of use cases
* New icons, major improvements to menus and sidebar : no other
LibreOffice version has looked that good and helped you be creative and
get things done the right way. In addition, style management is now more
intuitive thanks to the visualization of styles right in the interface.
* LibreOffice 5 ships with numerous improvements to document import and
export filters for MS Office, PDF, RTF, and more. You can now timestamp
PDF documents generated with LibreOffice and enjoy enhanced document
conversion fidelity all around.
The Pentaho Flow Reporting Engine is now added and used.
Security issues fixed:
* CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in
the Unicode Bidirectional Algorithm implementation in ICU4C in
International Components for Unicode (ICU) before 55.1 did not properly
track directionally isolated pieces of text, which allowed remote
attackers to cause a denial of service (heap-based buffer overflow)
or possibly execute arbitrary code via crafted text.
* CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in
the Unicode Bidirectional Algorithm implementation in ICU4C in
International Components for Unicode (ICU) before 55.1 used an integer
data type that is inconsistent with a header file, which allowed remote
attackers to cause a denial of service (incorrect malloc followed by
invalid free) or possibly execute arbitrary code via crafted text.
* CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice
and Openoffice Calc and Writer was fixed.
* CVE-2015-5212: A LibreOffice "PrinterSetup Length" integer underflow
vulnerability could be used by attackers supplying documents to execute
code as the user opening the document.
* CVE-2015-5213: A LibreOffice "Piece Table Counter" invalid check design
error vulnerability allowed attackers supplying documents to execute
code as the user opening the document.
* CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory
Corruption Vulnerability allowed attackers supplying documents to
execute code as the user opening the document.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-libreoffice-504-1174=1
- SUSE Linux Enterprise Desktop 11-SP4:
zypper in -t patch sledsp4-libreoffice-504-1174=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-libreoffice-504-1174=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
hyphen-devel-2.8.8-2.1
libhyphen0-2.8.8-2.1
libmythes-1_2-0-1.2.4-2.1
libreoffice-5.0.4.2-23.1
libreoffice-base-5.0.4.2-23.1
libreoffice-base-drivers-postgresql-5.0.4.2-23.1
libreoffice-branding-upstream-5.0.4.2-23.1
libreoffice-calc-5.0.4.2-23.1
libreoffice-calc-extensions-5.0.4.2-23.1
libreoffice-draw-5.0.4.2-23.1
libreoffice-filters-optional-5.0.4.2-23.1
libreoffice-gnome-5.0.4.2-23.1
libreoffice-icon-theme-galaxy-5.0.4.2-23.1
libreoffice-icon-theme-tango-5.0.4.2-23.1
libreoffice-impress-5.0.4.2-23.1
libreoffice-kde4-5.0.4.2-23.1
libreoffice-l10n-af-5.0.4.2-23.1
libreoffice-l10n-ar-5.0.4.2-23.1
libreoffice-l10n-ca-5.0.4.2-23.1
libreoffice-l10n-cs-5.0.4.2-23.1
libreoffice-l10n-da-5.0.4.2-23.1
libreoffice-l10n-de-5.0.4.2-23.1
libreoffice-l10n-en-5.0.4.2-23.1
libreoffice-l10n-es-5.0.4.2-23.1
libreoffice-l10n-fi-5.0.4.2-23.1
libreoffice-l10n-fr-5.0.4.2-23.1
libreoffice-l10n-gu-5.0.4.2-23.1
libreoffice-l10n-hi-5.0.4.2-23.1
libreoffice-l10n-hu-5.0.4.2-23.1
libreoffice-l10n-it-5.0.4.2-23.1
libreoffice-l10n-ja-5.0.4.2-23.1
libreoffice-l10n-ko-5.0.4.2-23.1
libreoffice-l10n-nb-5.0.4.2-23.1
libreoffice-l10n-nl-5.0.4.2-23.1
libreoffice-l10n-nn-5.0.4.2-23.1
libreoffice-l10n-pl-5.0.4.2-23.1
libreoffice-l10n-pt-BR-5.0.4.2-23.1
libreoffice-l10n-pt-PT-5.0.4.2-23.1
libreoffice-l10n-ru-5.0.4.2-23.1
libreoffice-l10n-sk-5.0.4.2-23.1
libreoffice-l10n-sv-5.0.4.2-23.1
libreoffice-l10n-xh-5.0.4.2-23.1
libreoffice-l10n-zh-Hans-5.0.4.2-23.1
libreoffice-l10n-zh-Hant-5.0.4.2-23.1
libreoffice-l10n-zu-5.0.4.2-23.1
libreoffice-mailmerge-5.0.4.2-23.1
libreoffice-math-5.0.4.2-23.1
libreoffice-officebean-5.0.4.2-23.1
libreoffice-pyuno-5.0.4.2-23.1
libreoffice-sdk-5.0.4.2-23.1
libreoffice-voikko-4.1-2.26
libreoffice-writer-5.0.4.2-23.1
libreoffice-writer-extensions-5.0.4.2-23.1
libvoikko-devel-3.7.1-5.2
libvoikko1-3.7.1-5.2
myspell-af_NA-20150827-23.1
myspell-af_ZA-20150827-23.1
myspell-ar-20150827-23.1
myspell-ar_AE-20150827-23.1
myspell-ar_BH-20150827-23.1
myspell-ar_DZ-20150827-23.1
myspell-ar_EG-20150827-23.1
myspell-ar_IQ-20150827-23.1
myspell-ar_JO-20150827-23.1
myspell-ar_KW-20150827-23.1
myspell-ar_LB-20150827-23.1
myspell-ar_LY-20150827-23.1
myspell-ar_MA-20150827-23.1
myspell-ar_OM-20150827-23.1
myspell-ar_QA-20150827-23.1
myspell-ar_SA-20150827-23.1
myspell-ar_SD-20150827-23.1
myspell-ar_SY-20150827-23.1
myspell-ar_TN-20150827-23.1
myspell-ar_YE-20150827-23.1
myspell-be_BY-20150827-23.1
myspell-bg_BG-20150827-23.1
myspell-bn_BD-20150827-23.1
myspell-bn_IN-20150827-23.1
myspell-bs-20150827-23.1
myspell-bs_BA-20150827-23.1
myspell-ca-20150827-23.1
myspell-ca_AD-20150827-23.1
myspell-ca_ES-20150827-23.1
myspell-ca_ES_valencia-20150827-23.1
myspell-ca_FR-20150827-23.1
myspell-ca_IT-20150827-23.1
myspell-cs_CZ-20150827-23.1
myspell-da_DK-20150827-23.1
myspell-de-20150827-23.1
myspell-de_AT-20150827-23.1
myspell-de_CH-20150827-23.1
myspell-de_DE-20150827-23.1
myspell-dictionaries-20150827-23.1
myspell-el_GR-20150827-23.1
myspell-en-20150827-23.1
myspell-en_AU-20150827-23.1
myspell-en_BS-20150827-23.1
myspell-en_BZ-20150827-23.1
myspell-en_CA-20150827-23.1
myspell-en_GB-20150827-23.1
myspell-en_GH-20150827-23.1
myspell-en_IE-20150827-23.1
myspell-en_IN-20150827-23.1
myspell-en_JM-20150827-23.1
myspell-en_MW-20150827-23.1
myspell-en_NA-20150827-23.1
myspell-en_NZ-20150827-23.1
myspell-en_PH-20150827-23.1
myspell-en_TT-20150827-23.1
myspell-en_US-20150827-23.1
myspell-en_ZA-20150827-23.1
myspell-en_ZW-20150827-23.1
myspell-es-20150827-23.1
myspell-es_AR-20150827-23.1
myspell-es_BO-20150827-23.1
myspell-es_CL-20150827-23.1
myspell-es_CO-20150827-23.1
myspell-es_CR-20150827-23.1
myspell-es_CU-20150827-23.1
myspell-es_DO-20150827-23.1
myspell-es_EC-20150827-23.1
myspell-es_ES-20150827-23.1
myspell-es_GT-20150827-23.1
myspell-es_HN-20150827-23.1
myspell-es_MX-20150827-23.1
myspell-es_NI-20150827-23.1
myspell-es_PA-20150827-23.1
myspell-es_PE-20150827-23.1
myspell-es_PR-20150827-23.1
myspell-es_PY-20150827-23.1
myspell-es_SV-20150827-23.1
myspell-es_UY-20150827-23.1
myspell-es_VE-20150827-23.1
myspell-et_EE-20150827-23.1
myspell-fr_BE-20150827-23.1
myspell-fr_CA-20150827-23.1
myspell-fr_CH-20150827-23.1
myspell-fr_FR-20150827-23.1
myspell-fr_LU-20150827-23.1
myspell-fr_MC-20150827-23.1
myspell-gu_IN-20150827-23.1
myspell-he_IL-20150827-23.1
myspell-hi_IN-20150827-23.1
myspell-hr_HR-20150827-23.1
myspell-hu_HU-20150827-23.1
myspell-it_IT-20150827-23.1
myspell-lightproof-en-20150827-23.1
myspell-lightproof-hu_HU-20150827-23.1
myspell-lightproof-pt_BR-20150827-23.1
myspell-lightproof-ru_RU-20150827-23.1
myspell-lo_LA-20150827-23.1
myspell-lt_LT-20150827-23.1
myspell-lv_LV-20150827-23.1
myspell-nb_NO-20150827-23.1
myspell-nl_BE-20150827-23.1
myspell-nl_NL-20150827-23.1
myspell-nn_NO-20150827-23.1
myspell-no-20150827-23.1
myspell-pl_PL-20150827-23.1
myspell-pt_AO-20150827-23.1
myspell-pt_BR-20150827-23.1
myspell-pt_PT-20150827-23.1
myspell-ro-20150827-23.1
myspell-ro_RO-20150827-23.1
myspell-ru_RU-20150827-23.1
myspell-sk_SK-20150827-23.1
myspell-sl_SI-20150827-23.1
myspell-sr-20150827-23.1
myspell-sr_CS-20150827-23.1
myspell-sr_Latn_CS-20150827-23.1
myspell-sr_Latn_RS-20150827-23.1
myspell-sr_RS-20150827-23.1
myspell-sv_FI-20150827-23.1
myspell-sv_SE-20150827-23.1
myspell-te-20150827-23.1
myspell-te_IN-20150827-23.1
myspell-th_TH-20150827-23.1
myspell-vi-20150827-23.1
myspell-vi_VN-20150827-23.1
myspell-zu_ZA-20150827-23.1
mythes-devel-1.2.4-2.1
python-importlib-1.0.2-0.8.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
google-carlito-fonts-1.1.03.beta1-2.1
libreoffice-share-linker-1-2.1
- SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
libhyphen0-2.8.8-2.1
libmythes-1_2-0-1.2.4-2.1
libreoffice-5.0.4.2-23.1
libreoffice-base-5.0.4.2-23.1
libreoffice-base-drivers-postgresql-5.0.4.2-23.1
libreoffice-calc-5.0.4.2-23.1
libreoffice-calc-extensions-5.0.4.2-23.1
libreoffice-draw-5.0.4.2-23.1
libreoffice-filters-optional-5.0.4.2-23.1
libreoffice-gnome-5.0.4.2-23.1
libreoffice-icon-theme-galaxy-5.0.4.2-23.1
libreoffice-icon-theme-tango-5.0.4.2-23.1
libreoffice-impress-5.0.4.2-23.1
libreoffice-kde4-5.0.4.2-23.1
libreoffice-l10n-af-5.0.4.2-23.1
libreoffice-l10n-ar-5.0.4.2-23.1
libreoffice-l10n-ca-5.0.4.2-23.1
libreoffice-l10n-cs-5.0.4.2-23.1
libreoffice-l10n-da-5.0.4.2-23.1
libreoffice-l10n-de-5.0.4.2-23.1
libreoffice-l10n-en-5.0.4.2-23.1
libreoffice-l10n-es-5.0.4.2-23.1
libreoffice-l10n-fi-5.0.4.2-23.1
libreoffice-l10n-fr-5.0.4.2-23.1
libreoffice-l10n-gu-5.0.4.2-23.1
libreoffice-l10n-hi-5.0.4.2-23.1
libreoffice-l10n-hu-5.0.4.2-23.1
libreoffice-l10n-it-5.0.4.2-23.1
libreoffice-l10n-ja-5.0.4.2-23.1
libreoffice-l10n-ko-5.0.4.2-23.1
libreoffice-l10n-nb-5.0.4.2-23.1
libreoffice-l10n-nl-5.0.4.2-23.1
libreoffice-l10n-nn-5.0.4.2-23.1
libreoffice-l10n-pl-5.0.4.2-23.1
libreoffice-l10n-pt-BR-5.0.4.2-23.1
libreoffice-l10n-pt-PT-5.0.4.2-23.1
libreoffice-l10n-ru-5.0.4.2-23.1
libreoffice-l10n-sk-5.0.4.2-23.1
libreoffice-l10n-sv-5.0.4.2-23.1
libreoffice-l10n-xh-5.0.4.2-23.1
libreoffice-l10n-zh-Hans-5.0.4.2-23.1
libreoffice-l10n-zh-Hant-5.0.4.2-23.1
libreoffice-l10n-zu-5.0.4.2-23.1
libreoffice-mailmerge-5.0.4.2-23.1
libreoffice-math-5.0.4.2-23.1
libreoffice-officebean-5.0.4.2-23.1
libreoffice-pyuno-5.0.4.2-23.1
libreoffice-sdk-5.0.4.2-23.1
libreoffice-voikko-4.1-2.26
libreoffice-writer-5.0.4.2-23.1
libreoffice-writer-extensions-5.0.4.2-23.1
libvoikko1-3.7.1-5.2
myspell-af_NA-20150827-23.1
myspell-af_ZA-20150827-23.1
myspell-ar-20150827-23.1
myspell-ar_AE-20150827-23.1
myspell-ar_BH-20150827-23.1
myspell-ar_DZ-20150827-23.1
myspell-ar_EG-20150827-23.1
myspell-ar_IQ-20150827-23.1
myspell-ar_JO-20150827-23.1
myspell-ar_KW-20150827-23.1
myspell-ar_LB-20150827-23.1
myspell-ar_LY-20150827-23.1
myspell-ar_MA-20150827-23.1
myspell-ar_OM-20150827-23.1
myspell-ar_QA-20150827-23.1
myspell-ar_SA-20150827-23.1
myspell-ar_SD-20150827-23.1
myspell-ar_SY-20150827-23.1
myspell-ar_TN-20150827-23.1
myspell-ar_YE-20150827-23.1
myspell-be_BY-20150827-23.1
myspell-bg_BG-20150827-23.1
myspell-bn_BD-20150827-23.1
myspell-bn_IN-20150827-23.1
myspell-bs-20150827-23.1
myspell-bs_BA-20150827-23.1
myspell-ca-20150827-23.1
myspell-ca_AD-20150827-23.1
myspell-ca_ES-20150827-23.1
myspell-ca_ES_valencia-20150827-23.1
myspell-ca_FR-20150827-23.1
myspell-ca_IT-20150827-23.1
myspell-cs_CZ-20150827-23.1
myspell-da_DK-20150827-23.1
myspell-de-20150827-23.1
myspell-de_AT-20150827-23.1
myspell-de_CH-20150827-23.1
myspell-de_DE-20150827-23.1
myspell-dictionaries-20150827-23.1
myspell-el_GR-20150827-23.1
myspell-en-20150827-23.1
myspell-en_AU-20150827-23.1
myspell-en_BS-20150827-23.1
myspell-en_BZ-20150827-23.1
myspell-en_CA-20150827-23.1
myspell-en_GB-20150827-23.1
myspell-en_GH-20150827-23.1
myspell-en_IE-20150827-23.1
myspell-en_IN-20150827-23.1
myspell-en_JM-20150827-23.1
myspell-en_MW-20150827-23.1
myspell-en_NA-20150827-23.1
myspell-en_NZ-20150827-23.1
myspell-en_PH-20150827-23.1
myspell-en_TT-20150827-23.1
myspell-en_US-20150827-23.1
myspell-en_ZA-20150827-23.1
myspell-en_ZW-20150827-23.1
myspell-es-20150827-23.1
myspell-es_AR-20150827-23.1
myspell-es_BO-20150827-23.1
myspell-es_CL-20150827-23.1
myspell-es_CO-20150827-23.1
myspell-es_CR-20150827-23.1
myspell-es_CU-20150827-23.1
myspell-es_DO-20150827-23.1
myspell-es_EC-20150827-23.1
myspell-es_ES-20150827-23.1
myspell-es_GT-20150827-23.1
myspell-es_HN-20150827-23.1
myspell-es_MX-20150827-23.1
myspell-es_NI-20150827-23.1
myspell-es_PA-20150827-23.1
myspell-es_PE-20150827-23.1
myspell-es_PR-20150827-23.1
myspell-es_PY-20150827-23.1
myspell-es_SV-20150827-23.1
myspell-es_UY-20150827-23.1
myspell-es_VE-20150827-23.1
myspell-et_EE-20150827-23.1
myspell-fr_BE-20150827-23.1
myspell-fr_CA-20150827-23.1
myspell-fr_CH-20150827-23.1
myspell-fr_FR-20150827-23.1
myspell-fr_LU-20150827-23.1
myspell-fr_MC-20150827-23.1
myspell-gu_IN-20150827-23.1
myspell-he_IL-20150827-23.1
myspell-hi_IN-20150827-23.1
myspell-hr_HR-20150827-23.1
myspell-hu_HU-20150827-23.1
myspell-it_IT-20150827-23.1
myspell-lightproof-en-20150827-23.1
myspell-lightproof-hu_HU-20150827-23.1
myspell-lightproof-pt_BR-20150827-23.1
myspell-lightproof-ru_RU-20150827-23.1
myspell-lo_LA-20150827-23.1
myspell-lt_LT-20150827-23.1
myspell-lv_LV-20150827-23.1
myspell-nb_NO-20150827-23.1
myspell-nl_BE-20150827-23.1
myspell-nl_NL-20150827-23.1
myspell-nn_NO-20150827-23.1
myspell-no-20150827-23.1
myspell-pl_PL-20150827-23.1
myspell-pt_AO-20150827-23.1
myspell-pt_BR-20150827-23.1
myspell-pt_PT-20150827-23.1
myspell-ro-20150827-23.1
myspell-ro_RO-20150827-23.1
myspell-ru_RU-20150827-23.1
myspell-sk_SK-20150827-23.1
myspell-sl_SI-20150827-23.1
myspell-sr-20150827-23.1
myspell-sr_CS-20150827-23.1
myspell-sr_Latn_CS-20150827-23.1
myspell-sr_Latn_RS-20150827-23.1
myspell-sr_RS-20150827-23.1
myspell-sv_FI-20150827-23.1
myspell-sv_SE-20150827-23.1
myspell-te-20150827-23.1
myspell-te_IN-20150827-23.1
myspell-th_TH-20150827-23.1
myspell-vi-20150827-23.1
myspell-vi_VN-20150827-23.1
myspell-zu_ZA-20150827-23.1
python-importlib-1.0.2-0.8.1
- SUSE Linux Enterprise Desktop 11-SP4 (noarch):
google-carlito-fonts-1.1.03.beta1-2.1
libreoffice-share-linker-1-2.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
hyphen-debuginfo-2.8.8-2.1
hyphen-debugsource-2.8.8-2.1
libreoffice-debuginfo-5.0.4.2-23.1
libvoikko-debuginfo-3.7.1-5.2
libvoikko-debugsource-3.7.1-5.2
mythes-debuginfo-1.2.4-2.1
mythes-debugsource-1.2.4-2.1
References:
https://www.suse.com/security/cve/CVE-2014-8146.html
https://www.suse.com/security/cve/CVE-2014-8147.html
https://www.suse.com/security/cve/CVE-2014-9093.html
https://www.suse.com/security/cve/CVE-2015-4551.html
https://www.suse.com/security/cve/CVE-2015-5212.html
https://www.suse.com/security/cve/CVE-2015-5213.html
https://www.suse.com/security/cve/CVE-2015-5214.html
https://bugzilla.suse.com/306333
https://bugzilla.suse.com/547549
https://bugzilla.suse.com/668145
https://bugzilla.suse.com/679938
https://bugzilla.suse.com/681560
https://bugzilla.suse.com/688200
https://bugzilla.suse.com/718113
https://bugzilla.suse.com/806250
https://bugzilla.suse.com/857026
https://bugzilla.suse.com/889755
https://bugzilla.suse.com/890735
https://bugzilla.suse.com/907636
https://bugzilla.suse.com/907966
https://bugzilla.suse.com/910805
https://bugzilla.suse.com/910806
https://bugzilla.suse.com/914911
https://bugzilla.suse.com/934423
https://bugzilla.suse.com/936188
https://bugzilla.suse.com/936190
https://bugzilla.suse.com/939996
https://bugzilla.suse.com/940838
https://bugzilla.suse.com/943075
https://bugzilla.suse.com/945047
https://bugzilla.suse.com/945692
https://bugzilla.suse.com/951579
https://bugzilla.suse.com/954345
More information about the sle-security-updates
mailing list