SUSE-SU-2012:0457-1: moderate: Security update for LibreOffice

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Apr 2 16:08:33 MDT 2012


   SUSE Security Update: Security update for LibreOffice
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0457-1
Rating:             moderate
References:         #417818 #621739 #653688 #655408 #657909 #677811 
                    #685123 #693238 #693388 #695479 #699334 #703032 
                    #704274 #705949 #705956 #705977 #705985 #705991 
                    #706138 #706792 #707157 #714787 #715094 #715104 
                    #715115 #715543 #717290 #718227 #718694 #718971 
                    #719656 #719887 #719989 #720443 #720948 #722045 
                    #722918 #723074 #724087 #726152 #726174 #727504 
                    #728559 #728603 #733864 #734734 #735533 #736495 
                    #737190 #737921 #738113 #740032 #740117 #740453 
                    #741182 #742178 #746996 #747471 #748198 
Cross-References:   CVE-2011-4599 CVE-2012-0037 CVE-2012-1149
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves three vulnerabilities and has 56
   fixes is now available. It includes one version update.

Description:


   LibreOffice 3.4.5 includes many fixes over the previous
   LibreOffice 3.4.2.6  update.

   The update fixes the following security issues:

   * 740453: Vulnerability in RDF handling (CVE-2012-0037)
   * 752595: overflow in jpeg handling (CVE-2012-1149)
   * 736146: buffer overflow in the build in icu copy
   (736146)

   This update also fixes the following non-security issues:

   Extras:

   * add SUSE color palette (fate#312645)

   Filters:

   * crash when loading embedded elements (bnc#693238)
   * crash when importing an empty paragraph (rh#667082)
   * more on bentConnectors (bnc#736495)
   * wrong text color in smartArt (bnc#746996)
   * reading of w:textbox contents (bnc#693388)
   * textbox position and size DOCX import (fdo#45560)
   * RTF/DOCX import of transparent frames (bnc#695479)
   * consecutive frames in RTF/DOCX import (bnc#703032)
   * handling of frame properties in RTF import
   (bnc#417818)
   * force imported XLSX active tab to be shown
   (bnc#748198)
   * create TableManager for inside shapes (bnc#747471,
   bnc#693238)
   * textboxes import with OLE objects inside (bnc#747471,
   bnc#693238)
   * table style (bnc#705991)
   * text rotation fixes (bnc#734734)
   * crash in PPTX import (bnc#706792)
   * read w:sdt* contents (bnc#705949)
   * connector shape fixes (bnc#719989)
   * legacy fragment import (bnc#699334)
   * non-working Excel macros (bnc#705977)
   * free drawn curves import (bnc#657909)
   * group shape transformations (bnc#621739)
   * extLst of drawings in diagrams import (bnc#655408)
   * flip properties of custom shapes import (bnc#705985)
   * line spacing is used from previous values (bnc#734734)
   * missing ooxml customshape->mso shape name entries
   (bnc#737921)
   * word doesn't break the numberings and prefers hiding
   them (bnc#707157)

   Base:

   * iterator misuse (fdo #44040, bnc#742178)

   Writer:

   * do not use an invalidated iterator (fdo#46337)
   * field refreshing (fdo#39694)
   * more layout crashers (i#101776, fdo#39510)
   * textbox borders style and width in DOCX import
   (fdo#45560)
   * expand all text fields when setting properties
   (fdo#42073)
   * version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)
   * SmartArt import
   * custom shapes import
   * Oracle Java 1.7.0 detection
   * reading AES-encrypted ODF 1.2 documents as generated
   by LO 3.5
   * frame selection (bnc#740117)
   * crash when editing index (bnc#726174)
   * order database properties (bnc#740032)
   * numbering levels in DOC import (bnc#715115)
   * image size issue in DOC import (bnc#718971)
   * pointless forward moving of a table (bnc#706138)
   * tabs set after the end margin in DOCX import
   (bnc#693238)
   * add hyperlinks by default in Table of Contents
   (bnc#705956)

   Calc:

   * pie charts colors messed in XLS import (fdo#40320)
   * correctly import data point formats in data series
   (fdo#40320)

   Components:

   * crash when parsing XML signatures (fdo#39657)
   * broken getDataArray (fdo#46165, fdo#38441, i#117010)
   * don't paint a frame around the list of edit boxes
   (fdo#42543)
   * inconsistent compression method for encrypted
   documents (bnc#653688)
   * allow pasting to multiple ranges (bnc#715094)
   * correctly convert chart data ranges (bnc#727504)
   * definedName corruption for XLSX export (bnc#741182)
   * adjust/shrink the ranges while copying (bnc#677811)
   * extra graph data is displayed for label (bnc#717290)
   * getCellRangeByName failure for named range
   (bnc#738113)
   * graph in XLS file has dates displayed wrong
   (bnc#720443)
   * improve performance of large Excel documents
   (bnc#715104)
   * display page background color/image properly
   (bnc#722045)
   * pivot table output becoming empty on re-save
   (bnc#715543)
   * encode virtual paths to local volume correctly
   (bnc#719887)
   * avoid adjusting cell-anchored objects on other sheets
   (bnc#726152)
   * make sure to adjust the sheet index of drawing
   objects (bnc#733864)
   * make the data validation popup more reliable (fdo
   #36851, bnc#737190)

   Impress:

   * do not create an empty slide when printing handouts
   (fdo#31966)
   * undo corruption (bnc#685123)
   * do not set duplicate master slide names (bnc#735533)

   Libraries:

   * default shortcut for .uno:SearchDialog should be
   Ctrl+H
   * crash using instances dialog of dataform navigator
   (fdo#44816)
   * disable problematic reading of external entities in
   raptor
   * correctly calculate leap year
   * use proper Indian Rupee currency symbol U+20B9
   (rh#794679)
   * handle copy and paste from ConsoleOne (bnc#704274)
   * VBA control events not working, broken eventattacher
   (bnc#718227)
   * "General Error" when double-click graphic in
   presentation (bnc#720948)
   * upgrade graphite to 1.0.3 fix surrogate support
   * crash at exit (bnc#728603)
   * radial gradient offset (bnc#714787)
   * horizontal scrollbars with KDE oxygen style
   (bnc#722918)
   * rendering of metafiles embedded in EMF+ (updated)
   (bnc#705956)

   Postprocess:

   * make the 3D transitions work again (bnc#728559)

   URE:

   * make Duden Korrektor 5 and 6 work

   General:

   * add compat symlinks for the old main desktop icon
   (bnc#724087)
   * Fix tooltips are all black in KDE4 (bnc#723074,
   fdo#40461)
   * do-not-display-math-in-desktop-menu.diff: do not
   display math in desktop menu (fdo#41681)
   * desktop-submenu.diff: display LO application in the
   right desktop submenu (bnc#718694)
   * bash-completion-for-loffice.diff: define bash
   completion for 'loffice' wrapper (bnc#719656)
   * svx-globlmn-hrc-build-dep.diff: fix build dependency
   problem in svx

   Security Issue references:

   * CVE-2011-4599
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599
   >
   * CVE-2012-1149
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1149
   >
   * CVE-2012-0037
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037
   >



Package List:

   - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.4.5.5]:

      libreoffice-3.4.5.5-0.7.1
      libreoffice-af-3.4.5.5-0.7.1
      libreoffice-ar-3.4.5.5-0.7.1
      libreoffice-ca-3.4.5.5-0.7.1
      libreoffice-cs-3.4.5.5-0.7.1
      libreoffice-da-3.4.5.5-0.7.1
      libreoffice-de-3.4.5.5-0.7.1
      libreoffice-el-3.4.5.5-0.7.1
      libreoffice-en-GB-3.4.5.5-0.7.1
      libreoffice-es-3.4.5.5-0.7.1
      libreoffice-fi-3.4.5.5-0.7.1
      libreoffice-fr-3.4.5.5-0.7.1
      libreoffice-galleries-3.4.5.5-0.7.1
      libreoffice-gnome-3.4.5.5-0.7.1
      libreoffice-gu-IN-3.4.5.5-0.7.1
      libreoffice-hi-IN-3.4.5.5-0.7.1
      libreoffice-hu-3.4.5.5-0.7.1
      libreoffice-it-3.4.5.5-0.7.1
      libreoffice-ja-3.4.5.5-0.7.1
      libreoffice-kde-3.4.5.5-0.7.1
      libreoffice-ko-3.4.5.5-0.7.1
      libreoffice-mono-3.4.5.5-0.7.1
      libreoffice-nb-3.4.5.5-0.7.1
      libreoffice-nl-3.4.5.5-0.7.1
      libreoffice-nn-3.4.5.5-0.7.1
      libreoffice-pl-3.4.5.5-0.7.1
      libreoffice-pt-BR-3.4.5.5-0.7.1
      libreoffice-ru-3.4.5.5-0.7.1
      libreoffice-sk-3.4.5.5-0.7.1
      libreoffice-sv-3.4.5.5-0.7.1
      libreoffice-xh-3.4.5.5-0.7.1
      libreoffice-zh-CN-3.4.5.5-0.7.1
      libreoffice-zh-TW-3.4.5.5-0.7.1
      libreoffice-zu-3.4.5.5-0.7.1

   - SLE SDK 10 SP4 (i586) [New Version: 3.4.5.5]:

      libreoffice-3.4.5.5-0.7.1
      libreoffice-cs-3.4.5.5-0.7.1
      libreoffice-de-3.4.5.5-0.7.1
      libreoffice-es-3.4.5.5-0.7.1
      libreoffice-fr-3.4.5.5-0.7.1
      libreoffice-galleries-3.4.5.5-0.7.1
      libreoffice-gnome-3.4.5.5-0.7.1
      libreoffice-hu-3.4.5.5-0.7.1
      libreoffice-it-3.4.5.5-0.7.1
      libreoffice-ja-3.4.5.5-0.7.1
      libreoffice-kde-3.4.5.5-0.7.1
      libreoffice-mono-3.4.5.5-0.7.1
      libreoffice-pl-3.4.5.5-0.7.1
      libreoffice-pt-BR-3.4.5.5-0.7.1
      libreoffice-sk-3.4.5.5-0.7.1
      libreoffice-zh-CN-3.4.5.5-0.7.1
      libreoffice-zh-TW-3.4.5.5-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2011-4599.html
   http://support.novell.com/security/cve/CVE-2012-0037.html
   http://support.novell.com/security/cve/CVE-2012-1149.html
   https://bugzilla.novell.com/417818
   https://bugzilla.novell.com/621739
   https://bugzilla.novell.com/653688
   https://bugzilla.novell.com/655408
   https://bugzilla.novell.com/657909
   https://bugzilla.novell.com/677811
   https://bugzilla.novell.com/685123
   https://bugzilla.novell.com/693238
   https://bugzilla.novell.com/693388
   https://bugzilla.novell.com/695479
   https://bugzilla.novell.com/699334
   https://bugzilla.novell.com/703032
   https://bugzilla.novell.com/704274
   https://bugzilla.novell.com/705949
   https://bugzilla.novell.com/705956
   https://bugzilla.novell.com/705977
   https://bugzilla.novell.com/705985
   https://bugzilla.novell.com/705991
   https://bugzilla.novell.com/706138
   https://bugzilla.novell.com/706792
   https://bugzilla.novell.com/707157
   https://bugzilla.novell.com/714787
   https://bugzilla.novell.com/715094
   https://bugzilla.novell.com/715104
   https://bugzilla.novell.com/715115
   https://bugzilla.novell.com/715543
   https://bugzilla.novell.com/717290
   https://bugzilla.novell.com/718227
   https://bugzilla.novell.com/718694
   https://bugzilla.novell.com/718971
   https://bugzilla.novell.com/719656
   https://bugzilla.novell.com/719887
   https://bugzilla.novell.com/719989
   https://bugzilla.novell.com/720443
   https://bugzilla.novell.com/720948
   https://bugzilla.novell.com/722045
   https://bugzilla.novell.com/722918
   https://bugzilla.novell.com/723074
   https://bugzilla.novell.com/724087
   https://bugzilla.novell.com/726152
   https://bugzilla.novell.com/726174
   https://bugzilla.novell.com/727504
   https://bugzilla.novell.com/728559
   https://bugzilla.novell.com/728603
   https://bugzilla.novell.com/733864
   https://bugzilla.novell.com/734734
   https://bugzilla.novell.com/735533
   https://bugzilla.novell.com/736495
   https://bugzilla.novell.com/737190
   https://bugzilla.novell.com/737921
   https://bugzilla.novell.com/738113
   https://bugzilla.novell.com/740032
   https://bugzilla.novell.com/740117
   https://bugzilla.novell.com/740453
   https://bugzilla.novell.com/741182
   https://bugzilla.novell.com/742178
   https://bugzilla.novell.com/746996
   https://bugzilla.novell.com/747471
   https://bugzilla.novell.com/748198
   http://download.novell.com/patch/finder/?keywords=212ca99750b4a43554de347c255f56fb



More information about the sle-security-updates mailing list