SuSE 11.3 Security Update : LibreOffice (SAT Patch Number 9677)

medium Nessus Plugin ID 77663

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3).

Two security issues have been fixed :

- DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)

- Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed :

- chart shown flipped. (bnc#834722)

- chart missing dataset. (bnc#839727)

- import new line in text. (bnc#828390)

- lines running off screens. (bnc#819614)

- add set-all language menu. (bnc#863021)

- text rotation. (bnc#783433, bnc#862510)

- page border shadow testcase. (bnc#817956)

- one more clickable field fix. (bnc#802888)

- multilevel labels are rotated. (bnc#820273)

- incorrect nested table margins. (bnc#816593)

- use BitmapURL only if its valid. (bnc#821567)

- import gradfill for text colors. (bnc#870234)

- fix undo of paragraph attributes. (bnc#828598)

- stop-gap solution to avoid crash. (bnc#830205)

- import images with duotone filter. (bnc#820077)

- missing drop downs for autofilter. (bnc#834705)

- typos in first page style creation. (bnc#820836)

- labels wrongly interpreted as dates. (bnc#834720)

- RTF import of fFilled shape property. (bnc#825305)

- placeholders text size is not correct. (bnc#831457)

- cells value formatted with wrong output. (bnc#821795)

- RTF import of freeform shape coordinates. (bnc#823655)

- styles (rename &) copy to different decks.
(bnc#757432)

- XLSX Chart import with internal data table. (bnc#819822)

- handle M.d.yyyy date format in DOCX import. (bnc#820509)

- paragraph style in empty first page header. (bnc#823651)

- copying slides having same master page name.
(bnc#753460)

- printing handouts using the default, 'Order'.
(bnc#835985)

- wrap polygon was based on dest size of picture.
(bnc#820800)

- added common flags support for SEQ field import.
(bnc#825976)

- hyperlinks of illustration index in DOCX export.
(bnc#834035)

- allow insertion of redlines with an empty author.
(bnc#837302)

- handle drawinglayer rectangle inset in VML import.
(bnc#779642)

- don't apply complex font size to non-complex font.
(bnc#820819)

- issue with negative seeks in win32 shell extension.
(bnc#829017)

- slide appears quite garbled when imported from PPTX.
(bnc#593612)

- initial MCE support in writerfilter ooxml tokenizer.
(bnc#820503)

- MSWord uses \xb for linebreaks in DB fields, take 2.
(bnc#878854)

- try harder to convert floating tables to text frames.
(bnc#779620)

- itemstate in parent style incorrectly reported as set.
(bnc#819865)

- default color hidden by Default style in writerfilter.
(bnc#820504)

- DOCX document crashes when using internal OOXML filter.
(bnc#382137)

- ugly workaround for external leading with symbol fonts.
(bnc#823626)

- followup fix for exported xlsx causes errors for mso2007. (bnc#823935)

- we only support simple labels in the InternalDataProvider. (bnc#864396)

- RTF import: fix import of numbering bullet associated font. (bnc#823675)

- page specific footer extended to every pages in DOCX export. (bnc#654230)

- v:textbox mso-fit-shape-to-text style property in VML import. (bnc#820788)

- w:spacing in a paragraph should also apply to as-char objects. (bnc#780044)

- compatibility setting for MS Word wrapping text in less space. (bnc#822908)

- fix SwWrtShell::SelAll() to work with empty table at doc start (bnc#825891)

Solution

Apply SAT patch number 9677.

Plugin Details

Severity: Medium

ID: 77663

File Name: suse_11_libreoffice-201409-140902.nasl

Version: 1.6

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 9/12/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nb, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nl, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-nn, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pl, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pt, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-pt-br, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ru, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-sk, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-sv, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-xh, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zh-cn, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zh-tw, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-zu, p-cpe:/a:novell:suse_linux:11:libreoffice-mailmerge, p-cpe:/a:novell:suse_linux:11:libreoffice-math, p-cpe:/a:novell:suse_linux:11:libreoffice-mono, p-cpe:/a:novell:suse_linux:11:libreoffice-officebean, p-cpe:/a:novell:suse_linux:11:libreoffice-pyuno, p-cpe:/a:novell:suse_linux:11:libreoffice-writer, p-cpe:/a:novell:suse_linux:11:libreoffice-writer-extensions, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:libreoffice, p-cpe:/a:novell:suse_linux:11:libreoffice-base, p-cpe:/a:novell:suse_linux:11:libreoffice-base-drivers-postgresql, p-cpe:/a:novell:suse_linux:11:libreoffice-base-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-calc, p-cpe:/a:novell:suse_linux:11:libreoffice-calc-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-draw, p-cpe:/a:novell:suse_linux:11:libreoffice-draw-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-filters-optional, p-cpe:/a:novell:suse_linux:11:libreoffice-gnome, p-cpe:/a:novell:suse_linux:11:libreoffice-help-cs, p-cpe:/a:novell:suse_linux:11:libreoffice-help-da, p-cpe:/a:novell:suse_linux:11:libreoffice-help-de, p-cpe:/a:novell:suse_linux:11:libreoffice-help-en-gb, p-cpe:/a:novell:suse_linux:11:libreoffice-help-en-us, p-cpe:/a:novell:suse_linux:11:libreoffice-help-es, p-cpe:/a:novell:suse_linux:11:libreoffice-help-fr, p-cpe:/a:novell:suse_linux:11:libreoffice-help-gu-in, p-cpe:/a:novell:suse_linux:11:libreoffice-help-hi-in, p-cpe:/a:novell:suse_linux:11:libreoffice-help-hu, p-cpe:/a:novell:suse_linux:11:libreoffice-help-it, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ja, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ko, p-cpe:/a:novell:suse_linux:11:libreoffice-help-nl, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pl, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pt, p-cpe:/a:novell:suse_linux:11:libreoffice-help-pt-br, p-cpe:/a:novell:suse_linux:11:libreoffice-help-ru, p-cpe:/a:novell:suse_linux:11:libreoffice-help-sv, p-cpe:/a:novell:suse_linux:11:libreoffice-help-zh-cn, p-cpe:/a:novell:suse_linux:11:libreoffice-help-zh-tw, p-cpe:/a:novell:suse_linux:11:libreoffice-icon-themes, p-cpe:/a:novell:suse_linux:11:libreoffice-impress, p-cpe:/a:novell:suse_linux:11:libreoffice-impress-extensions, p-cpe:/a:novell:suse_linux:11:libreoffice-kde, p-cpe:/a:novell:suse_linux:11:libreoffice-kde4, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-af, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ar, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ca, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-cs, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-da, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-de, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-en-gb, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-es, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-fi, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-fr, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-gu-in, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-hi-in, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-hu, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-it, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ja, p-cpe:/a:novell:suse_linux:11:libreoffice-l10n-ko

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/2/2014

Reference Information

CVE: CVE-2013-4156, CVE-2014-3575

Detections

Analytics