SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)

high Nessus Plugin ID 58577

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update.

The update fixes the following security issues :

- 740453: Vulnerability in RDF handling. (CVE-2012-0037)

- 752595: overflow in jpeg handling. (CVE-2012-1149)

- 736146: buffer overflow in the build in icu copy (736146) This update also fixes the following non-security issues :

Extras :

- add SUSE color palette (fate#312645) Filters :

- crash when loading embedded elements. (bnc#693238)

- crash when importing an empty paragraph (rh#667082)

- more on bentConnectors. (bnc#736495)

- wrong text color in smartArt. (bnc#746996)

- reading of w:textbox contents. (bnc#693388)

- textbox position and size DOCX import (fdo#45560)

- RTF/DOCX import of transparent frames. (bnc#695479)

- consecutive frames in RTF/DOCX import. (bnc#703032)

- handling of frame properties in RTF import. (bnc#417818)

- force imported XLSX active tab to be shown. (bnc#748198)

- create TableManager for inside shapes. (bnc#747471, bnc#693238)

- textboxes import with OLE objects inside. (bnc#747471, bnc#693238)

- table style. (bnc#705991)

- text rotation fixes. (bnc#734734)

- crash in PPTX import. (bnc#706792)

- read w:sdt* contents. (bnc#705949)

- connector shape fixes. (bnc#719989)

- legacy fragment import. (bnc#699334)

- non-working Excel macros. (bnc#705977)

- free drawn curves import. (bnc#657909)

- group shape transformations. (bnc#621739)

- extLst of drawings in diagrams import. (bnc#655408)

- flip properties of custom shapes import. (bnc#705985)

- line spacing is used from previous values. (bnc#734734)

- missing ooxml customshape->mso shape name entries.
(bnc#737921)

- word doesn't break the numberings and prefers hiding them. (bnc#707157)

Base :

- iterator misuse (fdo #44040, bnc#742178) Writer :

- do not use an invalidated iterator (fdo#46337)

- field refreshing (fdo#39694)

- more layout crashers (i#101776, fdo#39510)

- textbox borders style and width in DOCX import (fdo#45560)

- expand all text fields when setting properties (fdo#42073)

- version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)

- SmartArt import

- custom shapes import

- Oracle Java 1.7.0 detection

- reading AES-encrypted ODF 1.2 documents as generated by LO 3.5

- frame selection. (bnc#740117)

- crash when editing index. (bnc#726174)

- order database properties. (bnc#740032)

- numbering levels in DOC import. (bnc#715115)

- image size issue in DOC import. (bnc#718971)

- pointless forward moving of a table. (bnc#706138)

- tabs set after the end margin in DOCX import.
(bnc#693238)

- add hyperlinks by default in Table of Contents (bnc#705956) Calc :

- pie charts colors messed in XLS import (fdo#40320)

- correctly import data point formats in data series (fdo#40320) Components :

- crash when parsing XML signatures (fdo#39657)

- broken getDataArray (fdo#46165, fdo#38441, i#117010)

- don't paint a frame around the list of edit boxes (fdo#42543)

- inconsistent compression method for encrypted documents.
(bnc#653688)

- allow pasting to multiple ranges. (bnc#715094)

- correctly convert chart data ranges. (bnc#727504)

- definedName corruption for XLSX export. (bnc#741182)

- adjust/shrink the ranges while copying. (bnc#677811)

- extra graph data is displayed for label. (bnc#717290)

- getCellRangeByName failure for named range. (bnc#738113)

- graph in XLS file has dates displayed wrong.
(bnc#720443)

- improve performance of large Excel documents.
(bnc#715104)

- display page background color/image properly.
(bnc#722045)

- pivot table output becoming empty on re-save.
(bnc#715543)

- encode virtual paths to local volume correctly.
(bnc#719887)

- avoid adjusting cell-anchored objects on other sheets.
(bnc#726152)

- make sure to adjust the sheet index of drawing objects.
(bnc#733864)

- make the data validation popup more reliable (fdo #36851, bnc#737190) Impress :

- do not create an empty slide when printing handouts (fdo#31966)

- undo corruption. (bnc#685123)

- do not set duplicate master slide names (bnc#735533) Libraries :

- default shortcut for .uno:SearchDialog should be Ctrl+H

- crash using instances dialog of dataform navigator (fdo#44816)

- disable problematic reading of external entities in raptor

- correctly calculate leap year

- use proper Indian Rupee currency symbol U+20B9 (rh#794679)

- handle copy and paste from ConsoleOne. (bnc#704274)

- VBA control events not working, broken eventattacher.
(bnc#718227)

- 'General Error' when double-click graphic in presentation. (bnc#720948)

- upgrade graphite to 1.0.3 fix surrogate support

- crash at exit. (bnc#728603)

- radial gradient offset. (bnc#714787)

- horizontal scrollbars with KDE oxygen style.
(bnc#722918)

- rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess :

- make the 3D transitions work again (bnc#728559) URE :

- make Duden Korrektor 5 and 6 work General :

- add compat symlinks for the old main desktop icon.
(bnc#724087)

- Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461)

- do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681)

- desktop-submenu.diff: display LO application in the right desktop submenu. (bnc#718694)

- bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper. (bnc#719656)

- svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx

Solution

Apply ZYPP patch number 8022.

See Also

http://support.novell.com/security/cve/CVE-2011-4599.html

http://support.novell.com/security/cve/CVE-2012-0037.html

http://support.novell.com/security/cve/CVE-2012-1149.html

Plugin Details

Severity: High

ID: 58577

File Name: suse_libreoffice-345-8022.nasl

Version: 1.8

Type: local

Agent: unix

Published: 4/3/2012

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/16/2012

Vulnerability Publication Date: 6/16/2012

Reference Information

CVE: CVE-2011-4599, CVE-2012-0037, CVE-2012-1149