Detections
Analytics

SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)

high Nessus Plugin ID 58577

Language:

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update.

The update fixes the following security issues :

 - 740453: Vulnerability in RDF handling. (CVE-2012-0037)

 - 752595: overflow in jpeg handling. (CVE-2012-1149)

 - 736146: buffer overflow in the build in icu copy (736146) This update also fixes the following non-security issues :

Extras :

 - add SUSE color palette (fate#312645) Filters :

 - crash when loading embedded elements. (bnc#693238)

 - crash when importing an empty paragraph (rh#667082)

 - more on bentConnectors. (bnc#736495)

 - wrong text color in smartArt. (bnc#746996)

 - reading of w:textbox contents. (bnc#693388)

 - textbox position and size DOCX import (fdo#45560)

 - RTF/DOCX import of transparent frames. (bnc#695479)

 - consecutive frames in RTF/DOCX import. (bnc#703032)

 - handling of frame properties in RTF import. (bnc#417818)

 - force imported XLSX active tab to be shown. (bnc#748198)

 - create TableManager for inside shapes. (bnc#747471, bnc#693238)

 - textboxes import with OLE objects inside. (bnc#747471, bnc#693238)

 - table style. (bnc#705991)

 - text rotation fixes. (bnc#734734)

 - crash in PPTX import. (bnc#706792)

 - read w:sdt* contents. (bnc#705949)

 - connector shape fixes. (bnc#719989)

 - legacy fragment import. (bnc#699334)

 - non-working Excel macros. (bnc#705977)

 - free drawn curves import. (bnc#657909)

 - group shape transformations. (bnc#621739)

 - extLst of drawings in diagrams import. (bnc#655408)

 - flip properties of custom shapes import. (bnc#705985)

 - line spacing is used from previous values. (bnc#734734)

 - missing ooxml customshape->mso shape name entries.
 (bnc#737921)

 - word doesn't break the numberings and prefers hiding them. (bnc#707157)

Base :

 - iterator misuse (fdo #44040, bnc#742178) Writer :

 - do not use an invalidated iterator (fdo#46337)

 - field refreshing (fdo#39694)

 - more layout crashers (i#101776, fdo#39510)

 - textbox borders style and width in DOCX import (fdo#45560)

 - expand all text fields when setting properties (fdo#42073)

 - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)

 - SmartArt import

 - custom shapes import

 - Oracle Java 1.7.0 detection

 - reading AES-encrypted ODF 1.2 documents as generated by LO 3.5

 - frame selection. (bnc#740117)

 - crash when editing index. (bnc#726174)

 - order database properties. (bnc#740032)

 - numbering levels in DOC import. (bnc#715115)

 - image size issue in DOC import. (bnc#718971)

 - pointless forward moving of a table. (bnc#706138)

 - tabs set after the end margin in DOCX import.
 (bnc#693238)

 - add hyperlinks by default in Table of Contents (bnc#705956) Calc :

 - pie charts colors messed in XLS import (fdo#40320)

 - correctly import data point formats in data series (fdo#40320) Components :

 - crash when parsing XML signatures (fdo#39657)

 - broken getDataArray (fdo#46165, fdo#38441, i#117010)

 - don't paint a frame around the list of edit boxes (fdo#42543)

 - inconsistent compression method for encrypted documents.
 (bnc#653688)

 - allow pasting to multiple ranges. (bnc#715094)

 - correctly convert chart data ranges. (bnc#727504)

 - definedName corruption for XLSX export. (bnc#741182)

 - adjust/shrink the ranges while copying. (bnc#677811)

 - extra graph data is displayed for label. (bnc#717290)

 - getCellRangeByName failure for named range. (bnc#738113)

 - graph in XLS file has dates displayed wrong.
 (bnc#720443)

 - improve performance of large Excel documents.
 (bnc#715104)

 - display page background color/image properly.
 (bnc#722045)

 - pivot table output becoming empty on re-save.
 (bnc#715543)

 - encode virtual paths to local volume correctly.
 (bnc#719887)

 - avoid adjusting cell-anchored objects on other sheets.
 (bnc#726152)

 - make sure to adjust the sheet index of drawing objects.
 (bnc#733864)

 - make the data validation popup more reliable (fdo #36851, bnc#737190) Impress :

 - do not create an empty slide when printing handouts (fdo#31966)

 - undo corruption. (bnc#685123)

 - do not set duplicate master slide names (bnc#735533) Libraries :

 - default shortcut for .uno:SearchDialog should be Ctrl+H

 - crash using instances dialog of dataform navigator (fdo#44816)

 - disable problematic reading of external entities in raptor

 - correctly calculate leap year

 - use proper Indian Rupee currency symbol U+20B9 (rh#794679)

 - handle copy and paste from ConsoleOne. (bnc#704274)

 - VBA control events not working, broken eventattacher.
 (bnc#718227)

 - 'General Error' when double-click graphic in presentation. (bnc#720948)

 - upgrade graphite to 1.0.3 fix surrogate support

 - crash at exit. (bnc#728603)

 - radial gradient offset. (bnc#714787)

 - horizontal scrollbars with KDE oxygen style.
 (bnc#722918)

 - rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess :

 - make the 3D transitions work again (bnc#728559) URE :

 - make Duden Korrektor 5 and 6 work General :

 - add compat symlinks for the old main desktop icon.
 (bnc#724087)

 - Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461)

 - do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681)

 - desktop-submenu.diff: display LO application in the right desktop submenu. (bnc#718694)

 - bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper. (bnc#719656)

 - svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx

Solution

Apply ZYPP patch number 8022.

See Also

http://support.novell.com/security/cve/CVE-2011-4599.html

http://support.novell.com/security/cve/CVE-2012-0037.html

http://support.novell.com/security/cve/CVE-2012-1149.html

Plugin Details

Severity: High

ID: 58577

File Name: suse_libreoffice-345-8022.nasl

Version: 1.8

Type: local

Agent: unix

Published: 4/3/2012

Updated: 1/19/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/16/2012

Vulnerability Publication Date: 6/16/2012

Reference Information

CVE: CVE-2011-4599, CVE-2012-0037, CVE-2012-1149