<div class="container">
<h1>Security update for libreoffice</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:4648-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209243">bsc#1209243</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212444">bsc#1212444</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215595">bsc#1215595</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-5199">jsc#PED-5199</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-6799">jsc#PED-6799</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-6800">jsc#PED-6800</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1183.html">CVE-2023-1183</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1183</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1183</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Workstation Extension 12 12-SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability, contains three features and has two security fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for fixes the following issues:</p>
<p>libreoffice was updated rom 7.5.4.1 to 7.6.2.1 (jsc#PED-6799, jsc#PED-6800):</p>
<ul>
<li>
<p>For the highlights of changes of version 7.6 please consult the official release notes:</p>
</li>
<li>
<p>https://wiki.documentfoundation.org/ReleaseNotes/7.6</p>
</li>
<li>
<p>You can check for each minor release notes here:</p>
</li>
<li>
<p>https://wiki.documentfoundation.org/Releases/7.6.2/RC1</p>
</li>
<li>https://wiki.documentfoundation.org/Releases/7.6.1/RC2</li>
<li>https://wiki.documentfoundation.org/Releases/7.6.1/RC1</li>
<li>https://wiki.documentfoundation.org/Releases/7.6.0/RC3</li>
<li>https://wiki.documentfoundation.org/Releases/7.6.0/RC2</li>
<li>
<p>https://wiki.documentfoundation.org/Releases/7.6.0/RC1</p>
</li>
<li>
<p>Security issues fixed:</p>
</li>
<li>
<p>CVE-2023-1183, Fixed arbitrary file write in LibreOffice Base (bsc#1212444, bsc#1209243)</p>
</li>
<li>
<p>Updated bundled dependencies:</p>
</li>
<li>
<p>boost version update from 1_80_0 to 1_82_0</p>
</li>
<li>curl version update from 8.0.1 to 8.2.1</li>
<li>icu4c-data version update from 72_1 to 73_2</li>
<li>icu4c version update from 72_1 to 73_2</li>
<li>pdfium version update from 5408 to 5778</li>
<li>poppler version update from 22.12.0 to 23.06.0</li>
<li>poppler-data version update from 0.4.11 to 0.4.12</li>
<li>
<p>skia version from m103-b301ff025004c9cd82816c86c547588e6c24b466 to
skia-m111-a31e897fb3dcbc96b2b40999751611d029bf5404</p>
</li>
<li>
<p>New bundled dependencies:</p>
</li>
<li>
<p>graphite2-minimal-1.3.14.tgz</p>
</li>
<li>
<p>harfbuzz-8.0.0.tar.xz</p>
</li>
<li>
<p>New build dependencies:</p>
</li>
<li>
<p>frozen-devel</p>
</li>
<li>liborcus-0_18-0</li>
<li>libixion</li>
<li>
<p>mdds-2_1</p>
</li>
<li>
<p>New runtime dependencies:</p>
</li>
<li>
<p><code>libreoffice-draw</code> requires <code>libreoffice-impress</code> (bsc#1215595)</p>
</li>
</ul>
<p>frozen was implemented:</p>
<ul>
<li>New Libreoffice package dependency</li>
</ul>
<p>libixion was updated to version 0.18.1:</p>
<ul>
<li>
<p>Updated to 0.18.1:</p>
</li>
<li>
<p>Fixed a 32-bit Linux build issue as discovered on Debian, due to a clash on
two 32-bit unsigned integer types being used with std::variant.</p>
</li>
<li>
<p>Updated to 0.18.0:</p>
</li>
<li>
<p>Removed the formula_model_access interface from model_context, and switched
to using model_context directly everywhere.</p>
</li>
<li>Revised formula_tokens_t type to remove use of std::unique_ptr for each
formula_token instance. This should improve memory locality when
iterating through an array of formula token values. A similar change has
also been made to lexer_tokens_t and lexer_token types.</li>
<li>Added 41 built-in functions</li>
<li>Added support for multi-sheet references in Excel A1 and Excel R1C1
grammers.</li>
</ul>
<p>liborcus was updated to version 0.18.1:</p>
<ul>
<li>
<p>Updated to 0.18.1:</p>
</li>
<li>
<p>sax parser:</p>
<ul>
<li>added support for optionally skipping multiple BOM's in the beginning of
XML stream. This affects all XML-based file format filters such as
xls-xml (aka Excel 2003 XML).</li>
</ul>
</li>
<li>
<p>xml-map:</p>
<ul>
<li>fixed a bug where an XML document consisting of simple single-column
records were not properly converted to sheet data</li>
</ul>
</li>
<li>
<p>xls-xml:</p>
<ul>
<li>fixed a bug where the filter would always pass border color even when it
was not set</li>
</ul>
</li>
<li>
<p>buildsystem:</p>
<ul>
<li>added new configure switches --without-benchmark and --without-doc-example
to optinally skip building of these two directories</li>
</ul>
</li>
</ul>
<p>mdds-2_1 was implemented:</p>
<ul>
<li>New Libreoffice package dependency</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4648=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Workstation Extension 12 12-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4648=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
<ul>
<li>libetonyek-devel-doc-0.1.10-10.11.2</li>
<li>frozen-devel-1.1.1-8.3.3</li>
<li>mdds-2_1-devel-2.1.1-8.3.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>libixion-debugsource-0.18.1-21.3.3</li>
<li>liborcus-debugsource-0.18.1-18.3.3</li>
<li>liborcus-devel-0.18.1-18.3.3</li>
<li>liborcus-0_18-0-0.18.1-18.3.3</li>
<li>libetonyek-devel-0.1.10-10.11.2</li>
<li>liborcus-0_18-0-debuginfo-0.18.1-18.3.3</li>
<li>libetonyek-debugsource-0.1.10-10.11.2</li>
<li>libetonyek-0_1-1-0.1.10-10.11.2</li>
<li>libixion-0_18-0-debuginfo-0.18.1-21.3.3</li>
<li>libixion-0_18-0-0.18.1-21.3.3</li>
<li>libixion-devel-0.18.1-21.3.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64)
<ul>
<li>libreoffice-debugsource-7.6.2.1-48.47.6</li>
<li>libreoffice-sdk-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-sdk-7.6.2.1-48.47.6</li>
<li>libreoffice-debuginfo-7.6.2.1-48.47.6</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
<ul>
<li>libreoffice-debugsource-7.6.2.1-48.47.6</li>
<li>libreoffice-draw-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-librelogo-7.6.2.1-48.47.6</li>
<li>libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-impress-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-pyuno-7.6.2.1-48.47.6</li>
<li>libreoffice-writer-extensions-7.6.2.1-48.47.6</li>
<li>libetonyek-0_1-1-0.1.10-10.11.2</li>
<li>libixion-0_18-0-0.18.1-21.3.3</li>
<li>libreoffice-writer-7.6.2.1-48.47.6</li>
<li>libreoffice-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-writer-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-calc-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-draw-7.6.2.1-48.47.6</li>
<li>libixion-0_18-0-debuginfo-0.18.1-21.3.3</li>
<li>libreoffice-calc-extensions-7.6.2.1-48.47.6</li>
<li>libreoffice-gtk3-7.6.2.1-48.47.6</li>
<li>liborcus-0_18-0-debuginfo-0.18.1-18.3.3</li>
<li>libreoffice-base-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-math-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-pyuno-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-gtk3-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-mailmerge-7.6.2.1-48.47.6</li>
<li>libetonyek-debugsource-0.1.10-10.11.2</li>
<li>libreoffice-calc-7.6.2.1-48.47.6</li>
<li>libreoffice-base-drivers-postgresql-7.6.2.1-48.47.6</li>
<li>libreoffice-base-7.6.2.1-48.47.6</li>
<li>libetonyek-0_1-1-debuginfo-0.1.10-10.11.2</li>
<li>libreoffice-officebean-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-filters-optional-7.6.2.1-48.47.6</li>
<li>libreoffice-gnome-debuginfo-7.6.2.1-48.47.6</li>
<li>libreoffice-impress-7.6.2.1-48.47.6</li>
<li>libixion-debugsource-0.18.1-21.3.3</li>
<li>liborcus-debugsource-0.18.1-18.3.3</li>
<li>libreoffice-officebean-7.6.2.1-48.47.6</li>
<li>liborcus-0_18-0-0.18.1-18.3.3</li>
<li>libreoffice-7.6.2.1-48.47.6</li>
<li>libreoffice-math-7.6.2.1-48.47.6</li>
<li>libreoffice-gnome-7.6.2.1-48.47.6</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch)
<ul>
<li>libreoffice-l10n-fi-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-da-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-zh_CN-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-ro-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-bg-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-de-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-sk-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-ja-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-nn-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-zu-7.6.2.1-48.47.6</li>
<li>libreoffice-icon-themes-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-uk-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-gu-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-zh_TW-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-nb-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-af-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-cs-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-hr-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-lt-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-pl-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-it-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-ar-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-en-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-es-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-ko-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-pt_PT-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-fr-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-hi-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-hu-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-sv-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-ca-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-nl-7.6.2.1-48.47.6</li>
<li>libreoffice-branding-upstream-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-pt_BR-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-ru-7.6.2.1-48.47.6</li>
<li>libreoffice-l10n-xh-7.6.2.1-48.47.6</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1183.html">https://www.suse.com/security/cve/CVE-2023-1183.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209243">https://bugzilla.suse.com/show_bug.cgi?id=1209243</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212444">https://bugzilla.suse.com/show_bug.cgi?id=1212444</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215595">https://bugzilla.suse.com/show_bug.cgi?id=1215595</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-5199">https://jira.suse.com/browse/PED-5199</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-6799">https://jira.suse.com/browse/PED-6799</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-6800">https://jira.suse.com/browse/PED-6800</a>
</li>
</ul>
</div>