SUSE-SU-2024:0075-1: important: Security update for LibreOffice

SLE-UPDATES null at suse.de
Wed Jan 10 12:30:08 UTC 2024



# Security update for LibreOffice

Announcement ID: SUSE-SU-2024:0075-1  
Rating: important  
References:

  * bsc#1198666
  * bsc#1200085
  * bsc#1204040
  * bsc#1209242
  * bsc#1210687
  * bsc#1211746
  * jsc#PED-1785
  * jsc#PED-3550
  * jsc#PED-3561

  
Cross-References:

  * CVE-2023-0950
  * CVE-2023-2255

  
CVSS scores:

  * CVE-2023-0950 ( SUSE ):  7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
  * CVE-2023-0950 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  * CVE-2023-2255 ( SUSE ):  7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
  * CVE-2023-2255 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP4
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5
  * SUSE Linux Enterprise Software Development Kit 12 SP5
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5
  * SUSE OpenStack Cloud 9
  * SUSE OpenStack Cloud Crowbar 9

  
  
An update that solves two vulnerabilities, contains three features and has four
security fixes can now be installed.

## Description:

This update for LibreOffice fixes the following issues:

libreoffice:

  * Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550,
    jsc#PED-1785):
  * For the highlights of changes of version 7.5 please consult the official
    release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5
  * For the highlights of changes of version 7.4 please consult the official
    release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4
  * Security issues fixed:
    * CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
    * CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
  * Bug fixes:
    * Fix PPTX shadow effect for table offset (bsc#1204040)
    * Fix ability to set the default tab size for each text object (bsc#1198666)
    * Fix PPTX extra vertical space between different text formats (bsc#1200085)
    * Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
  * Updated bundled dependencies:
    * boost version update from 1_77_0 to 1_80_0
    * curl version update from 7.83.1 to 8.0.1
    * icu4c-data version update from 70_1 to 72_1
    * icu4c version update from 70_1 to 72_1
    * pdfium version update from 4699 to 5408
    * poppler version update from 21.11.0 to 22.12.0
    * poppler-data version update from 0.4.10 to 0.4.11
    * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 
  * New build dependencies:
    * fixmath-devel
    * libwebp-devel
    * zlib-devel
    * dragonbox-devel
    * at-spi2-core-devel
    * libtiff-devel

dragonbox:

  * New package at version 1.1.3 (jsc#PED-1785)
    * New dependency for LibreOffice 7.4

fixmath:

  * New package at version 2022.07.20 (jsc#PED-1785)
    * New dependency for LibreOffice 7.4

libmwaw:

  * Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
  * Add debug code to read some private rsrc data
  * Allow to read some MacWrite which does not have printer informations
  * Add a parser for Scoop files
  * Add a parser for ScriptWriter files
  * Add a parser for ReadySetGo 1-4 files

xmlsec1:

  * Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2
    (jsc#PED-3561, jsc#PED-3550):
  * Retired the XMLSec mailing list "xmlsec at aleksey.com" and the XMLSec Online
    Signature Verifier.
  * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by
    default when XMLSec library is compiled against OpenSSL 3.0. To re-enable
    OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will
    be a lot of deprecation warnings).
  * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and
    will be removed in the future versions of XMLSec Library.
  * Refactored all the integer casts to ensure cast-safety. Fixed all warnings
    and enabled `-Werror` and `-pedantic` flags on CI builds.
  * Added configure flag to use size_t for xmlSecSize (currently disabled by
    default for backward compatibility).
  * Support for OpenSSL compiled with OPENSSL_NO_ERR.
  * Full support for LibreSSL 3.5.0 and above
  * Several other small fixes
  * Fix decrypting session key for two recipients
  * Added `--privkey-openssl-engine` option to enhance openssl engine support
  * Remove MD5 for NSS 3.59 and above
  * Fix PKCS12_parse return code handling
  * Fix OpenSSL lookup
  * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix
    for LibreOffice
  * Unload error strings in OpenSSL shutdown.
  * Make userData available when executing preExecCallback function
  * Add an option to use secure memset.
  * Enabled XML_PARSE_HUGE for all xml parsers.
  * Various build and tests fixes and improvements.
  * Move remaining private header files away from xmlsec/include/`` folder
  * Other packaging changes:
  * Relax the crypto policies for the test-suite. It allows the tests using
    certificates with small key lengths to pass.
  * Pass `--disable-md5` to configure: The cryptographic strength of the MD5
    algorithm is sufficiently doubtful that its use is discouraged at this time.
    It is not listed as an algorithm in [XMLDSIG-CORE1]
    https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE OpenStack Cloud 9  
    zypper in -t patch SUSE-OpenStack-Cloud-9-2024-75=1

  * SUSE OpenStack Cloud Crowbar 9  
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2024-75=1

  * SUSE Linux Enterprise Software Development Kit 12 SP5  
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-75=1

  * SUSE Linux Enterprise High Performance Computing 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1

  * SUSE Linux Enterprise Server 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1

  * SUSE Linux Enterprise Workstation Extension 12 12-SP5  
    zypper in -t patch SUSE-SLE-WE-12-SP5-2024-75=1

## Package List:

  * SUSE OpenStack Cloud 9 (x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE OpenStack Cloud 9 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE OpenStack Cloud Crowbar 9 (x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE OpenStack Cloud Crowbar 9 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
    x86_64)
    * xmlsec1-openssl-devel-1.2.37-8.6.21
    * xmlsec1-devel-1.2.37-8.6.21
    * xmlsec1-gnutls-devel-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * xmlsec1-gcrypt-devel-1.2.37-8.6.21
    * atk-devel-2.28.1-6.5.23
    * xmlsec1-nss-devel-1.2.37-8.6.21
    * libmwaw-0_3-3-0.3.21-7.24.14
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libmwaw-debugsource-0.3.21-7.24.14
    * xmlsec1-1.2.37-8.6.21
    * libmwaw-devel-0.3.21-7.24.14
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
    * libmwaw-devel-doc-0.3.21-7.24.14
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64)
    * libreoffice-sdk-debuginfo-7.5.4.1-48.44.2
    * libreoffice-debugsource-7.5.4.1-48.44.2
    * libreoffice-debuginfo-7.5.4.1-48.44.2
    * libreoffice-sdk-7.5.4.1-48.44.2
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
  * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE Linux Enterprise Server 12 SP5 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
    * libreoffice-7.5.4.1-48.44.2
    * libreoffice-impress-debuginfo-7.5.4.1-48.44.2
    * libreoffice-debuginfo-7.5.4.1-48.44.2
    * libreoffice-calc-debuginfo-7.5.4.1-48.44.2
    * libreoffice-gnome-debuginfo-7.5.4.1-48.44.2
    * libreoffice-mailmerge-7.5.4.1-48.44.2
    * libreoffice-writer-debuginfo-7.5.4.1-48.44.2
    * libreoffice-base-debuginfo-7.5.4.1-48.44.2
    * libreoffice-writer-extensions-7.5.4.1-48.44.2
    * libreoffice-base-7.5.4.1-48.44.2
    * libreoffice-math-debuginfo-7.5.4.1-48.44.2
    * libreoffice-writer-7.5.4.1-48.44.2
    * libreoffice-calc-extensions-7.5.4.1-48.44.2
    * dragonbox-devel-1.1.3-8.3.48
    * libreoffice-librelogo-7.5.4.1-48.44.2
    * libmwaw-0_3-3-debuginfo-0.3.21-7.24.14
    * libreoffice-gtk3-debuginfo-7.5.4.1-48.44.2
    * libreoffice-gnome-7.5.4.1-48.44.2
    * libreoffice-pyuno-7.5.4.1-48.44.2
    * libreoffice-gtk3-7.5.4.1-48.44.2
    * libreoffice-debugsource-7.5.4.1-48.44.2
    * libreoffice-pyuno-debuginfo-7.5.4.1-48.44.2
    * libreoffice-officebean-debuginfo-7.5.4.1-48.44.2
    * libreoffice-filters-optional-7.5.4.1-48.44.2
    * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-48.44.2
    * libreoffice-draw-7.5.4.1-48.44.2
    * libreoffice-math-7.5.4.1-48.44.2
    * libmwaw-0_3-3-0.3.21-7.24.14
    * libreoffice-impress-7.5.4.1-48.44.2
    * libreoffice-base-drivers-postgresql-7.5.4.1-48.44.2
    * libreoffice-officebean-7.5.4.1-48.44.2
    * libreoffice-draw-debuginfo-7.5.4.1-48.44.2
    * fixmath-devel-2022.07.20-8.3.48
    * libmwaw-debugsource-0.3.21-7.24.14
    * libreoffice-calc-7.5.4.1-48.44.2
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch)
    * libreoffice-l10n-zh_CN-7.5.4.1-48.44.2
    * libreoffice-l10n-lt-7.5.4.1-48.44.2
    * libreoffice-l10n-de-7.5.4.1-48.44.2
    * libreoffice-l10n-it-7.5.4.1-48.44.2
    * libreoffice-l10n-sk-7.5.4.1-48.44.2
    * libreoffice-l10n-zh_TW-7.5.4.1-48.44.2
    * libreoffice-l10n-bg-7.5.4.1-48.44.2
    * libreoffice-l10n-uk-7.5.4.1-48.44.2
    * libreoffice-l10n-ar-7.5.4.1-48.44.2
    * libreoffice-l10n-cs-7.5.4.1-48.44.2
    * libreoffice-l10n-fr-7.5.4.1-48.44.2
    * libreoffice-l10n-gu-7.5.4.1-48.44.2
    * libreoffice-icon-themes-7.5.4.1-48.44.2
    * libreoffice-l10n-ru-7.5.4.1-48.44.2
    * libreoffice-l10n-hr-7.5.4.1-48.44.2
    * libreoffice-l10n-xh-7.5.4.1-48.44.2
    * libreoffice-l10n-ko-7.5.4.1-48.44.2
    * libreoffice-l10n-pt_PT-7.5.4.1-48.44.2
    * libreoffice-l10n-nb-7.5.4.1-48.44.2
    * libreoffice-l10n-nl-7.5.4.1-48.44.2
    * libreoffice-l10n-da-7.5.4.1-48.44.2
    * libreoffice-l10n-zu-7.5.4.1-48.44.2
    * libreoffice-l10n-af-7.5.4.1-48.44.2
    * libreoffice-branding-upstream-7.5.4.1-48.44.2
    * libreoffice-l10n-hu-7.5.4.1-48.44.2
    * libreoffice-l10n-hi-7.5.4.1-48.44.2
    * libreoffice-l10n-fi-7.5.4.1-48.44.2
    * libreoffice-l10n-nn-7.5.4.1-48.44.2
    * libreoffice-l10n-ja-7.5.4.1-48.44.2
    * libreoffice-l10n-ro-7.5.4.1-48.44.2
    * libreoffice-l10n-pl-7.5.4.1-48.44.2
    * libreoffice-l10n-ca-7.5.4.1-48.44.2
    * libreoffice-l10n-sv-7.5.4.1-48.44.2
    * libreoffice-l10n-pt_BR-7.5.4.1-48.44.2
    * libreoffice-l10n-es-7.5.4.1-48.44.2
    * libreoffice-l10n-en-7.5.4.1-48.44.2

## References:

  * https://www.suse.com/security/cve/CVE-2023-0950.html
  * https://www.suse.com/security/cve/CVE-2023-2255.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1198666
  * https://bugzilla.suse.com/show_bug.cgi?id=1200085
  * https://bugzilla.suse.com/show_bug.cgi?id=1204040
  * https://bugzilla.suse.com/show_bug.cgi?id=1209242
  * https://bugzilla.suse.com/show_bug.cgi?id=1210687
  * https://bugzilla.suse.com/show_bug.cgi?id=1211746
  * https://jira.suse.com/browse/PED-1785
  * https://jira.suse.com/browse/PED-3550
  * https://jira.suse.com/browse/PED-3561

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240110/ce60a6fb/attachment.htm>


More information about the sle-updates mailing list