SUSE-SU-2012:0457-1: moderate: Security update for LibreOffice
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Apr 2 16:08:33 MDT 2012
SUSE Security Update: Security update for LibreOffice
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0457-1
Rating: moderate
References: #417818 #621739 #653688 #655408 #657909 #677811
#685123 #693238 #693388 #695479 #699334 #703032
#704274 #705949 #705956 #705977 #705985 #705991
#706138 #706792 #707157 #714787 #715094 #715104
#715115 #715543 #717290 #718227 #718694 #718971
#719656 #719887 #719989 #720443 #720948 #722045
#722918 #723074 #724087 #726152 #726174 #727504
#728559 #728603 #733864 #734734 #735533 #736495
#737190 #737921 #738113 #740032 #740117 #740453
#741182 #742178 #746996 #747471 #748198
Cross-References: CVE-2011-4599 CVE-2012-0037 CVE-2012-1149
Affected Products:
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that solves three vulnerabilities and has 56
fixes is now available. It includes one version update.
Description:
LibreOffice 3.4.5 includes many fixes over the previous
LibreOffice 3.4.2.6 update.
The update fixes the following security issues:
* 740453: Vulnerability in RDF handling (CVE-2012-0037)
* 752595: overflow in jpeg handling (CVE-2012-1149)
* 736146: buffer overflow in the build in icu copy
(736146)
This update also fixes the following non-security issues:
Extras:
* add SUSE color palette (fate#312645)
Filters:
* crash when loading embedded elements (bnc#693238)
* crash when importing an empty paragraph (rh#667082)
* more on bentConnectors (bnc#736495)
* wrong text color in smartArt (bnc#746996)
* reading of w:textbox contents (bnc#693388)
* textbox position and size DOCX import (fdo#45560)
* RTF/DOCX import of transparent frames (bnc#695479)
* consecutive frames in RTF/DOCX import (bnc#703032)
* handling of frame properties in RTF import
(bnc#417818)
* force imported XLSX active tab to be shown
(bnc#748198)
* create TableManager for inside shapes (bnc#747471,
bnc#693238)
* textboxes import with OLE objects inside (bnc#747471,
bnc#693238)
* table style (bnc#705991)
* text rotation fixes (bnc#734734)
* crash in PPTX import (bnc#706792)
* read w:sdt* contents (bnc#705949)
* connector shape fixes (bnc#719989)
* legacy fragment import (bnc#699334)
* non-working Excel macros (bnc#705977)
* free drawn curves import (bnc#657909)
* group shape transformations (bnc#621739)
* extLst of drawings in diagrams import (bnc#655408)
* flip properties of custom shapes import (bnc#705985)
* line spacing is used from previous values (bnc#734734)
* missing ooxml customshape->mso shape name entries
(bnc#737921)
* word doesn't break the numberings and prefers hiding
them (bnc#707157)
Base:
* iterator misuse (fdo #44040, bnc#742178)
Writer:
* do not use an invalidated iterator (fdo#46337)
* field refreshing (fdo#39694)
* more layout crashers (i#101776, fdo#39510)
* textbox borders style and width in DOCX import
(fdo#45560)
* expand all text fields when setting properties
(fdo#42073)
* version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)
* SmartArt import
* custom shapes import
* Oracle Java 1.7.0 detection
* reading AES-encrypted ODF 1.2 documents as generated
by LO 3.5
* frame selection (bnc#740117)
* crash when editing index (bnc#726174)
* order database properties (bnc#740032)
* numbering levels in DOC import (bnc#715115)
* image size issue in DOC import (bnc#718971)
* pointless forward moving of a table (bnc#706138)
* tabs set after the end margin in DOCX import
(bnc#693238)
* add hyperlinks by default in Table of Contents
(bnc#705956)
Calc:
* pie charts colors messed in XLS import (fdo#40320)
* correctly import data point formats in data series
(fdo#40320)
Components:
* crash when parsing XML signatures (fdo#39657)
* broken getDataArray (fdo#46165, fdo#38441, i#117010)
* don't paint a frame around the list of edit boxes
(fdo#42543)
* inconsistent compression method for encrypted
documents (bnc#653688)
* allow pasting to multiple ranges (bnc#715094)
* correctly convert chart data ranges (bnc#727504)
* definedName corruption for XLSX export (bnc#741182)
* adjust/shrink the ranges while copying (bnc#677811)
* extra graph data is displayed for label (bnc#717290)
* getCellRangeByName failure for named range
(bnc#738113)
* graph in XLS file has dates displayed wrong
(bnc#720443)
* improve performance of large Excel documents
(bnc#715104)
* display page background color/image properly
(bnc#722045)
* pivot table output becoming empty on re-save
(bnc#715543)
* encode virtual paths to local volume correctly
(bnc#719887)
* avoid adjusting cell-anchored objects on other sheets
(bnc#726152)
* make sure to adjust the sheet index of drawing
objects (bnc#733864)
* make the data validation popup more reliable (fdo
#36851, bnc#737190)
Impress:
* do not create an empty slide when printing handouts
(fdo#31966)
* undo corruption (bnc#685123)
* do not set duplicate master slide names (bnc#735533)
Libraries:
* default shortcut for .uno:SearchDialog should be
Ctrl+H
* crash using instances dialog of dataform navigator
(fdo#44816)
* disable problematic reading of external entities in
raptor
* correctly calculate leap year
* use proper Indian Rupee currency symbol U+20B9
(rh#794679)
* handle copy and paste from ConsoleOne (bnc#704274)
* VBA control events not working, broken eventattacher
(bnc#718227)
* "General Error" when double-click graphic in
presentation (bnc#720948)
* upgrade graphite to 1.0.3 fix surrogate support
* crash at exit (bnc#728603)
* radial gradient offset (bnc#714787)
* horizontal scrollbars with KDE oxygen style
(bnc#722918)
* rendering of metafiles embedded in EMF+ (updated)
(bnc#705956)
Postprocess:
* make the 3D transitions work again (bnc#728559)
URE:
* make Duden Korrektor 5 and 6 work
General:
* add compat symlinks for the old main desktop icon
(bnc#724087)
* Fix tooltips are all black in KDE4 (bnc#723074,
fdo#40461)
* do-not-display-math-in-desktop-menu.diff: do not
display math in desktop menu (fdo#41681)
* desktop-submenu.diff: display LO application in the
right desktop submenu (bnc#718694)
* bash-completion-for-loffice.diff: define bash
completion for 'loffice' wrapper (bnc#719656)
* svx-globlmn-hrc-build-dep.diff: fix build dependency
problem in svx
Security Issue references:
* CVE-2011-4599
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599
>
* CVE-2012-1149
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1149
>
* CVE-2012-0037
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037
>
Package List:
- SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.4.5.5]:
libreoffice-3.4.5.5-0.7.1
libreoffice-af-3.4.5.5-0.7.1
libreoffice-ar-3.4.5.5-0.7.1
libreoffice-ca-3.4.5.5-0.7.1
libreoffice-cs-3.4.5.5-0.7.1
libreoffice-da-3.4.5.5-0.7.1
libreoffice-de-3.4.5.5-0.7.1
libreoffice-el-3.4.5.5-0.7.1
libreoffice-en-GB-3.4.5.5-0.7.1
libreoffice-es-3.4.5.5-0.7.1
libreoffice-fi-3.4.5.5-0.7.1
libreoffice-fr-3.4.5.5-0.7.1
libreoffice-galleries-3.4.5.5-0.7.1
libreoffice-gnome-3.4.5.5-0.7.1
libreoffice-gu-IN-3.4.5.5-0.7.1
libreoffice-hi-IN-3.4.5.5-0.7.1
libreoffice-hu-3.4.5.5-0.7.1
libreoffice-it-3.4.5.5-0.7.1
libreoffice-ja-3.4.5.5-0.7.1
libreoffice-kde-3.4.5.5-0.7.1
libreoffice-ko-3.4.5.5-0.7.1
libreoffice-mono-3.4.5.5-0.7.1
libreoffice-nb-3.4.5.5-0.7.1
libreoffice-nl-3.4.5.5-0.7.1
libreoffice-nn-3.4.5.5-0.7.1
libreoffice-pl-3.4.5.5-0.7.1
libreoffice-pt-BR-3.4.5.5-0.7.1
libreoffice-ru-3.4.5.5-0.7.1
libreoffice-sk-3.4.5.5-0.7.1
libreoffice-sv-3.4.5.5-0.7.1
libreoffice-xh-3.4.5.5-0.7.1
libreoffice-zh-CN-3.4.5.5-0.7.1
libreoffice-zh-TW-3.4.5.5-0.7.1
libreoffice-zu-3.4.5.5-0.7.1
- SLE SDK 10 SP4 (i586) [New Version: 3.4.5.5]:
libreoffice-3.4.5.5-0.7.1
libreoffice-cs-3.4.5.5-0.7.1
libreoffice-de-3.4.5.5-0.7.1
libreoffice-es-3.4.5.5-0.7.1
libreoffice-fr-3.4.5.5-0.7.1
libreoffice-galleries-3.4.5.5-0.7.1
libreoffice-gnome-3.4.5.5-0.7.1
libreoffice-hu-3.4.5.5-0.7.1
libreoffice-it-3.4.5.5-0.7.1
libreoffice-ja-3.4.5.5-0.7.1
libreoffice-kde-3.4.5.5-0.7.1
libreoffice-mono-3.4.5.5-0.7.1
libreoffice-pl-3.4.5.5-0.7.1
libreoffice-pt-BR-3.4.5.5-0.7.1
libreoffice-sk-3.4.5.5-0.7.1
libreoffice-zh-CN-3.4.5.5-0.7.1
libreoffice-zh-TW-3.4.5.5-0.7.1
References:
http://support.novell.com/security/cve/CVE-2011-4599.html
http://support.novell.com/security/cve/CVE-2012-0037.html
http://support.novell.com/security/cve/CVE-2012-1149.html
https://bugzilla.novell.com/417818
https://bugzilla.novell.com/621739
https://bugzilla.novell.com/653688
https://bugzilla.novell.com/655408
https://bugzilla.novell.com/657909
https://bugzilla.novell.com/677811
https://bugzilla.novell.com/685123
https://bugzilla.novell.com/693238
https://bugzilla.novell.com/693388
https://bugzilla.novell.com/695479
https://bugzilla.novell.com/699334
https://bugzilla.novell.com/703032
https://bugzilla.novell.com/704274
https://bugzilla.novell.com/705949
https://bugzilla.novell.com/705956
https://bugzilla.novell.com/705977
https://bugzilla.novell.com/705985
https://bugzilla.novell.com/705991
https://bugzilla.novell.com/706138
https://bugzilla.novell.com/706792
https://bugzilla.novell.com/707157
https://bugzilla.novell.com/714787
https://bugzilla.novell.com/715094
https://bugzilla.novell.com/715104
https://bugzilla.novell.com/715115
https://bugzilla.novell.com/715543
https://bugzilla.novell.com/717290
https://bugzilla.novell.com/718227
https://bugzilla.novell.com/718694
https://bugzilla.novell.com/718971
https://bugzilla.novell.com/719656
https://bugzilla.novell.com/719887
https://bugzilla.novell.com/719989
https://bugzilla.novell.com/720443
https://bugzilla.novell.com/720948
https://bugzilla.novell.com/722045
https://bugzilla.novell.com/722918
https://bugzilla.novell.com/723074
https://bugzilla.novell.com/724087
https://bugzilla.novell.com/726152
https://bugzilla.novell.com/726174
https://bugzilla.novell.com/727504
https://bugzilla.novell.com/728559
https://bugzilla.novell.com/728603
https://bugzilla.novell.com/733864
https://bugzilla.novell.com/734734
https://bugzilla.novell.com/735533
https://bugzilla.novell.com/736495
https://bugzilla.novell.com/737190
https://bugzilla.novell.com/737921
https://bugzilla.novell.com/738113
https://bugzilla.novell.com/740032
https://bugzilla.novell.com/740117
https://bugzilla.novell.com/740453
https://bugzilla.novell.com/741182
https://bugzilla.novell.com/742178
https://bugzilla.novell.com/746996
https://bugzilla.novell.com/747471
https://bugzilla.novell.com/748198
http://download.novell.com/patch/finder/?keywords=212ca99750b4a43554de347c255f56fb
More information about the sle-security-updates
mailing list