Detections
Analytics
SUSE SLED11 Security Update : Recommended update for LibreOffice (SUSE-SU-2016:0324-1)
high Nessus Plugin ID 88575
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
This update brings LibreOffice to version 5.0.4, a major version update.It brings lots of new features, bug fixes and also security fixes.
Features as seen on http://www.libreoffice.org/discover/new-features/
- LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more.
Calc's blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases
- New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface.
- LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around.
The Pentaho Flow Reporting Engine is now added and used.
Security issues fixed :
- CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
- CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.
- CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice and Openoffice Calc and Writer was fixed.
- CVE-2015-5212: A LibreOffice 'PrinterSetup Length' integer underflow vulnerability could be used by attackers supplying documents to execute code as the user opening the document.
- CVE-2015-5213: A LibreOffice 'Piece Table Counter' invalid check design error vulnerability allowed attackers supplying documents to execute code as the user opening the document.
- CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory Corruption Vulnerability allowed attackers supplying documents to execute code as the user opening the document.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use YaST online_update.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 11-SP4 :
zypper in -t patch sdksp4-libreoffice-504-1174=1
SUSE Linux Enterprise Desktop 11-SP4 :
zypper in -t patch sledsp4-libreoffice-504-1174=1
SUSE Linux Enterprise Debuginfo 11-SP4 :
zypper in -t patch dbgsp4-libreoffice-504-1174=1
To bring your system up-to-date, use 'zypper patch'.
See Also
https://www.libreoffice.org/discover/new-features/
https://bugzilla.suse.com/show_bug.cgi?id=306333
https://bugzilla.suse.com/show_bug.cgi?id=547549
https://bugzilla.suse.com/show_bug.cgi?id=668145
https://bugzilla.suse.com/show_bug.cgi?id=679938
https://bugzilla.suse.com/show_bug.cgi?id=681560
https://bugzilla.suse.com/show_bug.cgi?id=688200
https://bugzilla.suse.com/show_bug.cgi?id=718113
https://bugzilla.suse.com/show_bug.cgi?id=806250
https://bugzilla.suse.com/show_bug.cgi?id=857026
https://bugzilla.suse.com/show_bug.cgi?id=889755
https://bugzilla.suse.com/show_bug.cgi?id=890735
https://bugzilla.suse.com/show_bug.cgi?id=907636
https://bugzilla.suse.com/show_bug.cgi?id=907966
https://bugzilla.suse.com/show_bug.cgi?id=910805
https://bugzilla.suse.com/show_bug.cgi?id=910806
https://bugzilla.suse.com/show_bug.cgi?id=914911
https://bugzilla.suse.com/show_bug.cgi?id=934423
https://bugzilla.suse.com/show_bug.cgi?id=936188
https://bugzilla.suse.com/show_bug.cgi?id=936190
https://bugzilla.suse.com/show_bug.cgi?id=939996
https://bugzilla.suse.com/show_bug.cgi?id=940838
https://bugzilla.suse.com/show_bug.cgi?id=943075
https://bugzilla.suse.com/show_bug.cgi?id=945047
https://bugzilla.suse.com/show_bug.cgi?id=945692
https://bugzilla.suse.com/show_bug.cgi?id=951579
https://bugzilla.suse.com/show_bug.cgi?id=954345
https://www.suse.com/security/cve/CVE-2014-8146/
https://www.suse.com/security/cve/CVE-2014-8147/
https://www.suse.com/security/cve/CVE-2014-9093/
https://www.suse.com/security/cve/CVE-2015-4551/
https://www.suse.com/security/cve/CVE-2015-5212/
https://www.suse.com/security/cve/CVE-2015-5213/
Plugin Details
Severity: High
ID: 88575
File Name: suse_SU-2016-0324-1.nasl
Version: 2.9
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/4/2016
Updated: 1/6/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:libreoffice-l10n-fi, p-cpe:/a:novell:suse_linux:libreoffice-l10n-fr, p-cpe:/a:novell:suse_linux:libreoffice-l10n-gu, p-cpe:/a:novell:suse_linux:libreoffice-l10n-hi, p-cpe:/a:novell:suse_linux:libreoffice-l10n-hu, p-cpe:/a:novell:suse_linux:libreoffice-l10n-it, p-cpe:/a:novell:suse_linux:libreoffice-l10n-ja, p-cpe:/a:novell:suse_linux:libreoffice-l10n-ko, p-cpe:/a:novell:suse_linux:libreoffice-l10n-nb, p-cpe:/a:novell:suse_linux:libreoffice-l10n-nl, p-cpe:/a:novell:suse_linux:libreoffice-l10n-nn, p-cpe:/a:novell:suse_linux:libreoffice-l10n-pl, p-cpe:/a:novell:suse_linux:libreoffice-l10n-pt-br, p-cpe:/a:novell:suse_linux:libreoffice-l10n-pt-pt, p-cpe:/a:novell:suse_linux:libreoffice-l10n-ru, p-cpe:/a:novell:suse_linux:libreoffice-l10n-sk, p-cpe:/a:novell:suse_linux:libreoffice-l10n-sv, p-cpe:/a:novell:suse_linux:libreoffice-l10n-xh, p-cpe:/a:novell:suse_linux:libreoffice-l10n-zh-hans, p-cpe:/a:novell:suse_linux:libreoffice-l10n-zh-hant, p-cpe:/a:novell:suse_linux:libreoffice-l10n-zu, p-cpe:/a:novell:suse_linux:libreoffice-mailmerge, p-cpe:/a:novell:suse_linux:libreoffice-math, p-cpe:/a:novell:suse_linux:libreoffice-officebean, p-cpe:/a:novell:suse_linux:libreoffice-pyuno, p-cpe:/a:novell:suse_linux:libreoffice-sdk, p-cpe:/a:novell:suse_linux:libreoffice-voikko, p-cpe:/a:novell:suse_linux:libreoffice-writer, p-cpe:/a:novell:suse_linux:libreoffice-writer-extensions, p-cpe:/a:novell:suse_linux:libvoikko1, p-cpe:/a:novell:suse_linux:myspell-af_na, p-cpe:/a:novell:suse_linux:myspell-af_za, p-cpe:/a:novell:suse_linux:myspell-ar, p-cpe:/a:novell:suse_linux:myspell-ar_ae, p-cpe:/a:novell:suse_linux:myspell-ar_bh, p-cpe:/a:novell:suse_linux:myspell-ar_dz, p-cpe:/a:novell:suse_linux:myspell-ar_eg, p-cpe:/a:novell:suse_linux:libhyphen0, p-cpe:/a:novell:suse_linux:libmythes-1_2, p-cpe:/a:novell:suse_linux:libreoffice, p-cpe:/a:novell:suse_linux:libreoffice-base, p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql, p-cpe:/a:novell:suse_linux:libreoffice-calc, p-cpe:/a:novell:suse_linux:libreoffice-calc-extensions, p-cpe:/a:novell:suse_linux:libreoffice-draw, p-cpe:/a:novell:suse_linux:libreoffice-filters-optional, p-cpe:/a:novell:suse_linux:libreoffice-gnome, p-cpe:/a:novell:suse_linux:libreoffice-icon-theme-galaxy, p-cpe:/a:novell:suse_linux:libreoffice-icon-theme-tango, p-cpe:/a:novell:suse_linux:libreoffice-impress, p-cpe:/a:novell:suse_linux:libreoffice-kde4, p-cpe:/a:novell:suse_linux:libreoffice-l10n-af, p-cpe:/a:novell:suse_linux:libreoffice-l10n-ar, p-cpe:/a:novell:suse_linux:libreoffice-l10n-ca, p-cpe:/a:novell:suse_linux:libreoffice-l10n-cs, p-cpe:/a:novell:suse_linux:libreoffice-l10n-da, p-cpe:/a:novell:suse_linux:libreoffice-l10n-de, p-cpe:/a:novell:suse_linux:libreoffice-l10n-en, p-cpe:/a:novell:suse_linux:libreoffice-l10n-es, p-cpe:/a:novell:suse_linux:myspell-de_de, p-cpe:/a:novell:suse_linux:myspell-dictionaries, p-cpe:/a:novell:suse_linux:myspell-el_gr, p-cpe:/a:novell:suse_linux:myspell-en, p-cpe:/a:novell:suse_linux:myspell-en_au, p-cpe:/a:novell:suse_linux:myspell-en_bs, p-cpe:/a:novell:suse_linux:myspell-en_bz, p-cpe:/a:novell:suse_linux:myspell-en_ca, p-cpe:/a:novell:suse_linux:myspell-en_gb, p-cpe:/a:novell:suse_linux:myspell-en_gh, p-cpe:/a:novell:suse_linux:myspell-en_ie, p-cpe:/a:novell:suse_linux:myspell-en_in, p-cpe:/a:novell:suse_linux:myspell-en_jm, p-cpe:/a:novell:suse_linux:myspell-en_mw, p-cpe:/a:novell:suse_linux:myspell-en_na, p-cpe:/a:novell:suse_linux:myspell-en_nz, p-cpe:/a:novell:suse_linux:myspell-en_ph, p-cpe:/a:novell:suse_linux:myspell-en_tt, p-cpe:/a:novell:suse_linux:myspell-en_us, p-cpe:/a:novell:suse_linux:myspell-en_za, p-cpe:/a:novell:suse_linux:myspell-en_zw, p-cpe:/a:novell:suse_linux:myspell-es, p-cpe:/a:novell:suse_linux:myspell-es_ar, p-cpe:/a:novell:suse_linux:myspell-es_bo, p-cpe:/a:novell:suse_linux:myspell-es_cl, p-cpe:/a:novell:suse_linux:myspell-es_co, p-cpe:/a:novell:suse_linux:myspell-es_cr, p-cpe:/a:novell:suse_linux:myspell-es_cu, p-cpe:/a:novell:suse_linux:myspell-es_do, p-cpe:/a:novell:suse_linux:myspell-es_ec, p-cpe:/a:novell:suse_linux:myspell-es_es, p-cpe:/a:novell:suse_linux:myspell-es_gt, p-cpe:/a:novell:suse_linux:myspell-es_hn, p-cpe:/a:novell:suse_linux:myspell-es_mx, p-cpe:/a:novell:suse_linux:myspell-es_ni, p-cpe:/a:novell:suse_linux:myspell-es_pa, p-cpe:/a:novell:suse_linux:myspell-es_pe, p-cpe:/a:novell:suse_linux:myspell-es_pr, p-cpe:/a:novell:suse_linux:myspell-es_py, p-cpe:/a:novell:suse_linux:myspell-ar_iq, p-cpe:/a:novell:suse_linux:myspell-ar_jo, p-cpe:/a:novell:suse_linux:myspell-ar_kw, p-cpe:/a:novell:suse_linux:myspell-ar_lb, p-cpe:/a:novell:suse_linux:myspell-ar_ly, p-cpe:/a:novell:suse_linux:myspell-ar_ma, p-cpe:/a:novell:suse_linux:myspell-ar_om, p-cpe:/a:novell:suse_linux:myspell-ar_qa, p-cpe:/a:novell:suse_linux:myspell-ar_sa, p-cpe:/a:novell:suse_linux:myspell-ar_sd, p-cpe:/a:novell:suse_linux:myspell-ar_sy, p-cpe:/a:novell:suse_linux:myspell-ar_tn, p-cpe:/a:novell:suse_linux:myspell-ar_ye, p-cpe:/a:novell:suse_linux:myspell-be_by, p-cpe:/a:novell:suse_linux:myspell-bg_bg, p-cpe:/a:novell:suse_linux:myspell-bn_bd, p-cpe:/a:novell:suse_linux:myspell-bn_in, p-cpe:/a:novell:suse_linux:myspell-bs, p-cpe:/a:novell:suse_linux:myspell-bs_ba, p-cpe:/a:novell:suse_linux:myspell-ca, p-cpe:/a:novell:suse_linux:myspell-ca_ad, p-cpe:/a:novell:suse_linux:myspell-ca_es, p-cpe:/a:novell:suse_linux:myspell-ca_es_valencia, p-cpe:/a:novell:suse_linux:myspell-ca_fr, p-cpe:/a:novell:suse_linux:myspell-ca_it, p-cpe:/a:novell:suse_linux:myspell-cs_cz, p-cpe:/a:novell:suse_linux:myspell-da_dk, p-cpe:/a:novell:suse_linux:myspell-de, p-cpe:/a:novell:suse_linux:myspell-de_at, p-cpe:/a:novell:suse_linux:myspell-de_ch, p-cpe:/a:novell:suse_linux:myspell-es_sv, p-cpe:/a:novell:suse_linux:myspell-es_uy, p-cpe:/a:novell:suse_linux:myspell-es_ve, p-cpe:/a:novell:suse_linux:myspell-et_ee, p-cpe:/a:novell:suse_linux:myspell-fr_be, p-cpe:/a:novell:suse_linux:myspell-fr_ca, p-cpe:/a:novell:suse_linux:myspell-fr_ch, p-cpe:/a:novell:suse_linux:myspell-fr_fr, p-cpe:/a:novell:suse_linux:myspell-fr_lu, p-cpe:/a:novell:suse_linux:myspell-fr_mc, p-cpe:/a:novell:suse_linux:myspell-gu_in, p-cpe:/a:novell:suse_linux:myspell-he_il, p-cpe:/a:novell:suse_linux:myspell-hi_in, p-cpe:/a:novell:suse_linux:myspell-hr_hr, p-cpe:/a:novell:suse_linux:myspell-hu_hu, p-cpe:/a:novell:suse_linux:myspell-it_it, p-cpe:/a:novell:suse_linux:myspell-lightproof-en, p-cpe:/a:novell:suse_linux:myspell-lightproof-hu_hu, p-cpe:/a:novell:suse_linux:myspell-lightproof-pt_br, p-cpe:/a:novell:suse_linux:myspell-lightproof-ru_ru, p-cpe:/a:novell:suse_linux:myspell-lo_la, p-cpe:/a:novell:suse_linux:myspell-lt_lt, p-cpe:/a:novell:suse_linux:myspell-lv_lv, p-cpe:/a:novell:suse_linux:myspell-nb_no, p-cpe:/a:novell:suse_linux:myspell-nl_be, p-cpe:/a:novell:suse_linux:myspell-nl_nl, p-cpe:/a:novell:suse_linux:myspell-nn_no, p-cpe:/a:novell:suse_linux:myspell-no, p-cpe:/a:novell:suse_linux:myspell-pl_pl, p-cpe:/a:novell:suse_linux:myspell-pt_ao, p-cpe:/a:novell:suse_linux:myspell-pt_br, p-cpe:/a:novell:suse_linux:myspell-pt_pt, p-cpe:/a:novell:suse_linux:myspell-ro, p-cpe:/a:novell:suse_linux:myspell-ro_ro, p-cpe:/a:novell:suse_linux:myspell-ru_ru, p-cpe:/a:novell:suse_linux:myspell-sk_sk, p-cpe:/a:novell:suse_linux:myspell-sl_si, p-cpe:/a:novell:suse_linux:myspell-sr, p-cpe:/a:novell:suse_linux:myspell-sr_cs, p-cpe:/a:novell:suse_linux:myspell-sr_latn_cs, p-cpe:/a:novell:suse_linux:myspell-sr_latn_rs, p-cpe:/a:novell:suse_linux:myspell-sr_rs, p-cpe:/a:novell:suse_linux:myspell-sv_fi, p-cpe:/a:novell:suse_linux:myspell-sv_se, p-cpe:/a:novell:suse_linux:myspell-te, p-cpe:/a:novell:suse_linux:myspell-te_in, p-cpe:/a:novell:suse_linux:myspell-th_th, p-cpe:/a:novell:suse_linux:myspell-vi, p-cpe:/a:novell:suse_linux:myspell-vi_vn, p-cpe:/a:novell:suse_linux:myspell-zu_za, p-cpe:/a:novell:suse_linux:python-importlib, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/25/2016
Vulnerability Publication Date: 11/26/2014
Reference Information
CVE: CVE-2014-8146, CVE-2014-8147, CVE-2014-9093, CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214