SUSE-SU-2024:0075-1: important: Security update for LibreOffice
SLE-UPDATES
null at suse.de
Wed Jan 10 12:30:08 UTC 2024
# Security update for LibreOffice
Announcement ID: SUSE-SU-2024:0075-1
Rating: important
References:
* bsc#1198666
* bsc#1200085
* bsc#1204040
* bsc#1209242
* bsc#1210687
* bsc#1211746
* jsc#PED-1785
* jsc#PED-3550
* jsc#PED-3561
Cross-References:
* CVE-2023-0950
* CVE-2023-2255
CVSS scores:
* CVE-2023-0950 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2023-0950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-2255 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-2255 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP4
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Software Development Kit 12 SP5
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
* SUSE OpenStack Cloud 9
* SUSE OpenStack Cloud Crowbar 9
An update that solves two vulnerabilities, contains three features and has four
security fixes can now be installed.
## Description:
This update for LibreOffice fixes the following issues:
libreoffice:
* Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550,
jsc#PED-1785):
* For the highlights of changes of version 7.5 please consult the official
release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5
* For the highlights of changes of version 7.4 please consult the official
release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4
* Security issues fixed:
* CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
* CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
* Fix PPTX shadow effect for table offset (bsc#1204040)
* Fix ability to set the default tab size for each text object (bsc#1198666)
* Fix PPTX extra vertical space between different text formats (bsc#1200085)
* Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
* poppler-data version update from 0.4.10 to 0.4.11
* skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466
* New build dependencies:
* fixmath-devel
* libwebp-devel
* zlib-devel
* dragonbox-devel
* at-spi2-core-devel
* libtiff-devel
dragonbox:
* New package at version 1.1.3 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
fixmath:
* New package at version 2022.07.20 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
libmwaw:
* Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
* Add debug code to read some private rsrc data
* Allow to read some MacWrite which does not have printer informations
* Add a parser for Scoop files
* Add a parser for ScriptWriter files
* Add a parser for ReadySetGo 1-4 files
xmlsec1:
* Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2
(jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list "xmlsec at aleksey.com" and the XMLSec Online
Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by
default when XMLSec library is compiled against OpenSSL 3.0. To re-enable
OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will
be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and
will be removed in the future versions of XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings
and enabled `-Werror` and `-pedantic` flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by
default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix
for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
* Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using
certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5
algorithm is sufficiently doubtful that its use is discouraged at this time.
It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE OpenStack Cloud 9
zypper in -t patch SUSE-OpenStack-Cloud-9-2024-75=1
* SUSE OpenStack Cloud Crowbar 9
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2024-75=1
* SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-75=1
* SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1
* SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
zypper in -t patch SUSE-SLE-WE-12-SP5-2024-75=1
## Package List:
* SUSE OpenStack Cloud 9 (x86_64)
* libatk-1_0-0-2.28.1-6.5.23
* libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
* typelib-1_0-Atk-1_0-2.28.1-6.5.23
* libatk-1_0-0-debuginfo-2.28.1-6.5.23
* libxmlsec1-1-debuginfo-1.2.37-8.6.21
* atk-debugsource-2.28.1-6.5.23
* libxmlsec1-gcrypt1-1.2.37-8.6.21
* libxmlsec1-openssl1-1.2.37-8.6.21
* libxmlsec1-1-1.2.37-8.6.21
* libxmlsec1-gnutls1-1.2.37-8.6.21
* libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
* libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
* libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
* libatk-1_0-0-32bit-2.28.1-6.5.23
* xmlsec1-debuginfo-1.2.37-8.6.21
* xmlsec1-debugsource-1.2.37-8.6.21
* libxmlsec1-nss1-1.2.37-8.6.21
* libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
* xmlsec1-1.2.37-8.6.21
* SUSE OpenStack Cloud 9 (noarch)
* atk-doc-2.28.1-6.5.23
* atk-lang-2.28.1-6.5.23
* SUSE OpenStack Cloud Crowbar 9 (x86_64)
* libatk-1_0-0-2.28.1-6.5.23
* libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
* typelib-1_0-Atk-1_0-2.28.1-6.5.23
* libatk-1_0-0-debuginfo-2.28.1-6.5.23
* libxmlsec1-1-debuginfo-1.2.37-8.6.21
* atk-debugsource-2.28.1-6.5.23
* libxmlsec1-gcrypt1-1.2.37-8.6.21
* libxmlsec1-openssl1-1.2.37-8.6.21
* libxmlsec1-1-1.2.37-8.6.21
* libxmlsec1-gnutls1-1.2.37-8.6.21
* libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
* libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
* libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
* libatk-1_0-0-32bit-2.28.1-6.5.23
* xmlsec1-debuginfo-1.2.37-8.6.21
* xmlsec1-debugsource-1.2.37-8.6.21
* libxmlsec1-nss1-1.2.37-8.6.21
* libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
* xmlsec1-1.2.37-8.6.21
* SUSE OpenStack Cloud Crowbar 9 (noarch)
* atk-doc-2.28.1-6.5.23
* atk-lang-2.28.1-6.5.23
* SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
x86_64)
* xmlsec1-openssl-devel-1.2.37-8.6.21
* xmlsec1-devel-1.2.37-8.6.21
* xmlsec1-gnutls-devel-1.2.37-8.6.21
* atk-debugsource-2.28.1-6.5.23
* xmlsec1-gcrypt-devel-1.2.37-8.6.21
* atk-devel-2.28.1-6.5.23
* xmlsec1-nss-devel-1.2.37-8.6.21
* libmwaw-0_3-3-0.3.21-7.24.14
* xmlsec1-debuginfo-1.2.37-8.6.21
* xmlsec1-debugsource-1.2.37-8.6.21
* libmwaw-debugsource-0.3.21-7.24.14
* xmlsec1-1.2.37-8.6.21
* libmwaw-devel-0.3.21-7.24.14
* SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
* libmwaw-devel-doc-0.3.21-7.24.14
* SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64)
* libreoffice-sdk-debuginfo-7.5.4.1-48.44.2
* libreoffice-debugsource-7.5.4.1-48.44.2
* libreoffice-debuginfo-7.5.4.1-48.44.2
* libreoffice-sdk-7.5.4.1-48.44.2
* SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
* libatk-1_0-0-2.28.1-6.5.23
* libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
* typelib-1_0-Atk-1_0-2.28.1-6.5.23
* libatk-1_0-0-debuginfo-2.28.1-6.5.23
* libxmlsec1-1-debuginfo-1.2.37-8.6.21
* atk-debugsource-2.28.1-6.5.23
* libxmlsec1-gcrypt1-1.2.37-8.6.21
* libxmlsec1-openssl1-1.2.37-8.6.21
* libxmlsec1-1-1.2.37-8.6.21
* libxmlsec1-gnutls1-1.2.37-8.6.21
* libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
* libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
* xmlsec1-debuginfo-1.2.37-8.6.21
* xmlsec1-debugsource-1.2.37-8.6.21
* libxmlsec1-nss1-1.2.37-8.6.21
* libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
* xmlsec1-1.2.37-8.6.21
* SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
* atk-doc-2.28.1-6.5.23
* atk-lang-2.28.1-6.5.23
* SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
* libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
* libatk-1_0-0-32bit-2.28.1-6.5.23
* SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
* libatk-1_0-0-2.28.1-6.5.23
* libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
* typelib-1_0-Atk-1_0-2.28.1-6.5.23
* libatk-1_0-0-debuginfo-2.28.1-6.5.23
* libxmlsec1-1-debuginfo-1.2.37-8.6.21
* atk-debugsource-2.28.1-6.5.23
* libxmlsec1-gcrypt1-1.2.37-8.6.21
* libxmlsec1-openssl1-1.2.37-8.6.21
* libxmlsec1-1-1.2.37-8.6.21
* libxmlsec1-gnutls1-1.2.37-8.6.21
* libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
* libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
* xmlsec1-debuginfo-1.2.37-8.6.21
* xmlsec1-debugsource-1.2.37-8.6.21
* libxmlsec1-nss1-1.2.37-8.6.21
* libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
* xmlsec1-1.2.37-8.6.21
* SUSE Linux Enterprise Server 12 SP5 (noarch)
* atk-doc-2.28.1-6.5.23
* atk-lang-2.28.1-6.5.23
* SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
* libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
* libatk-1_0-0-32bit-2.28.1-6.5.23
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
* libatk-1_0-0-2.28.1-6.5.23
* libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
* typelib-1_0-Atk-1_0-2.28.1-6.5.23
* libatk-1_0-0-debuginfo-2.28.1-6.5.23
* libxmlsec1-1-debuginfo-1.2.37-8.6.21
* atk-debugsource-2.28.1-6.5.23
* libxmlsec1-gcrypt1-1.2.37-8.6.21
* libxmlsec1-openssl1-1.2.37-8.6.21
* libxmlsec1-1-1.2.37-8.6.21
* libxmlsec1-gnutls1-1.2.37-8.6.21
* libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
* libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
* xmlsec1-debuginfo-1.2.37-8.6.21
* xmlsec1-debugsource-1.2.37-8.6.21
* libxmlsec1-nss1-1.2.37-8.6.21
* libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
* xmlsec1-1.2.37-8.6.21
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
* atk-doc-2.28.1-6.5.23
* atk-lang-2.28.1-6.5.23
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
* libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
* libatk-1_0-0-32bit-2.28.1-6.5.23
* SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
* libreoffice-7.5.4.1-48.44.2
* libreoffice-impress-debuginfo-7.5.4.1-48.44.2
* libreoffice-debuginfo-7.5.4.1-48.44.2
* libreoffice-calc-debuginfo-7.5.4.1-48.44.2
* libreoffice-gnome-debuginfo-7.5.4.1-48.44.2
* libreoffice-mailmerge-7.5.4.1-48.44.2
* libreoffice-writer-debuginfo-7.5.4.1-48.44.2
* libreoffice-base-debuginfo-7.5.4.1-48.44.2
* libreoffice-writer-extensions-7.5.4.1-48.44.2
* libreoffice-base-7.5.4.1-48.44.2
* libreoffice-math-debuginfo-7.5.4.1-48.44.2
* libreoffice-writer-7.5.4.1-48.44.2
* libreoffice-calc-extensions-7.5.4.1-48.44.2
* dragonbox-devel-1.1.3-8.3.48
* libreoffice-librelogo-7.5.4.1-48.44.2
* libmwaw-0_3-3-debuginfo-0.3.21-7.24.14
* libreoffice-gtk3-debuginfo-7.5.4.1-48.44.2
* libreoffice-gnome-7.5.4.1-48.44.2
* libreoffice-pyuno-7.5.4.1-48.44.2
* libreoffice-gtk3-7.5.4.1-48.44.2
* libreoffice-debugsource-7.5.4.1-48.44.2
* libreoffice-pyuno-debuginfo-7.5.4.1-48.44.2
* libreoffice-officebean-debuginfo-7.5.4.1-48.44.2
* libreoffice-filters-optional-7.5.4.1-48.44.2
* libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-48.44.2
* libreoffice-draw-7.5.4.1-48.44.2
* libreoffice-math-7.5.4.1-48.44.2
* libmwaw-0_3-3-0.3.21-7.24.14
* libreoffice-impress-7.5.4.1-48.44.2
* libreoffice-base-drivers-postgresql-7.5.4.1-48.44.2
* libreoffice-officebean-7.5.4.1-48.44.2
* libreoffice-draw-debuginfo-7.5.4.1-48.44.2
* fixmath-devel-2022.07.20-8.3.48
* libmwaw-debugsource-0.3.21-7.24.14
* libreoffice-calc-7.5.4.1-48.44.2
* SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch)
* libreoffice-l10n-zh_CN-7.5.4.1-48.44.2
* libreoffice-l10n-lt-7.5.4.1-48.44.2
* libreoffice-l10n-de-7.5.4.1-48.44.2
* libreoffice-l10n-it-7.5.4.1-48.44.2
* libreoffice-l10n-sk-7.5.4.1-48.44.2
* libreoffice-l10n-zh_TW-7.5.4.1-48.44.2
* libreoffice-l10n-bg-7.5.4.1-48.44.2
* libreoffice-l10n-uk-7.5.4.1-48.44.2
* libreoffice-l10n-ar-7.5.4.1-48.44.2
* libreoffice-l10n-cs-7.5.4.1-48.44.2
* libreoffice-l10n-fr-7.5.4.1-48.44.2
* libreoffice-l10n-gu-7.5.4.1-48.44.2
* libreoffice-icon-themes-7.5.4.1-48.44.2
* libreoffice-l10n-ru-7.5.4.1-48.44.2
* libreoffice-l10n-hr-7.5.4.1-48.44.2
* libreoffice-l10n-xh-7.5.4.1-48.44.2
* libreoffice-l10n-ko-7.5.4.1-48.44.2
* libreoffice-l10n-pt_PT-7.5.4.1-48.44.2
* libreoffice-l10n-nb-7.5.4.1-48.44.2
* libreoffice-l10n-nl-7.5.4.1-48.44.2
* libreoffice-l10n-da-7.5.4.1-48.44.2
* libreoffice-l10n-zu-7.5.4.1-48.44.2
* libreoffice-l10n-af-7.5.4.1-48.44.2
* libreoffice-branding-upstream-7.5.4.1-48.44.2
* libreoffice-l10n-hu-7.5.4.1-48.44.2
* libreoffice-l10n-hi-7.5.4.1-48.44.2
* libreoffice-l10n-fi-7.5.4.1-48.44.2
* libreoffice-l10n-nn-7.5.4.1-48.44.2
* libreoffice-l10n-ja-7.5.4.1-48.44.2
* libreoffice-l10n-ro-7.5.4.1-48.44.2
* libreoffice-l10n-pl-7.5.4.1-48.44.2
* libreoffice-l10n-ca-7.5.4.1-48.44.2
* libreoffice-l10n-sv-7.5.4.1-48.44.2
* libreoffice-l10n-pt_BR-7.5.4.1-48.44.2
* libreoffice-l10n-es-7.5.4.1-48.44.2
* libreoffice-l10n-en-7.5.4.1-48.44.2
## References:
* https://www.suse.com/security/cve/CVE-2023-0950.html
* https://www.suse.com/security/cve/CVE-2023-2255.html
* https://bugzilla.suse.com/show_bug.cgi?id=1198666
* https://bugzilla.suse.com/show_bug.cgi?id=1200085
* https://bugzilla.suse.com/show_bug.cgi?id=1204040
* https://bugzilla.suse.com/show_bug.cgi?id=1209242
* https://bugzilla.suse.com/show_bug.cgi?id=1210687
* https://bugzilla.suse.com/show_bug.cgi?id=1211746
* https://jira.suse.com/browse/PED-1785
* https://jira.suse.com/browse/PED-3550
* https://jira.suse.com/browse/PED-3561
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240110/ce60a6fb/attachment.htm>
More information about the sle-updates
mailing list