NASLDB: SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)
General
ID: 58577
Name: SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)
Summary: Checks rpm output for the updated packages
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –
Port: 0
Family: SuSE Local Security Checks
Type: Local
Description
LibreOffice 3.4.5 includes many fixes over the previous LibreOffice
3.4.2.6 update.
The update fixes the following security issues :
– 740453: Vulnerability in RDF handling. (CVE-2012-0037)
– 752595: overflow in jpeg handling. (CVE-2012-1149)
– 736146: buffer overflow in the build in icu copy
(736146) This update also fixes the following
non-security issues :
Extras :
– add SUSE color palette (fate#312645) Filters :
– crash when loading embedded elements. (bnc#693238)
– crash when importing an empty paragraph (rh#667082)
– more on bentConnectors. (bnc#736495)
– wrong text color in smartArt. (bnc#746996)
– reading of w:textbox contents. (bnc#693388)
– textbox position and size DOCX import (fdo#45560)
– RTF/DOCX import of transparent frames. (bnc#695479)
– consecutive frames in RTF/DOCX import. (bnc#703032)
– handling of frame properties in RTF import. (bnc#417818)
– force imported XLSX active tab to be shown. (bnc#748198)
– create TableManager for inside shapes. (bnc#747471,
bnc#693238)
– textboxes import with OLE objects inside. (bnc#747471,
bnc#693238)
– table style. (bnc#705991)
– text rotation fixes. (bnc#734734)
– crash in PPTX import. (bnc#706792)
– read w:sdt* contents. (bnc#705949)
– connector shape fixes. (bnc#719989)
– legacy fragment import. (bnc#699334)
– non-working Excel macros. (bnc#705977)
– free drawn curves import. (bnc#657909)
– group shape transformations. (bnc#621739)
– extLst of drawings in diagrams import. (bnc#655408)
– flip properties of custom shapes import. (bnc#705985)
– line spacing is used from previous values. (bnc#734734)
– missing ooxml customshape->mso shape name entries.
(bnc#737921)
– word doesn’t break the numberings and prefers hiding
them. (bnc#707157)
Base :
– iterator misuse (fdo #44040, bnc#742178) Writer :
– do not use an invalidated iterator (fdo#46337)
– field refreshing (fdo#39694)
– more layout crashers (i#101776, fdo#39510)
– textbox borders style and width in DOCX import
(fdo#45560)
– expand all text fields when setting properties
(fdo#42073)
– version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)
– SmartArt import
– custom shapes import
– Oracle Java 1.7.0 detection
– reading AES-encrypted ODF 1.2 documents as generated by
LO 3.5
– frame selection. (bnc#740117)
– crash when editing index. (bnc#726174)
– order database properties. (bnc#740032)
– numbering levels in DOC import. (bnc#715115)
– image size issue in DOC import. (bnc#718971)
– pointless forward moving of a table. (bnc#706138)
– tabs set after the end margin in DOCX import.
(bnc#693238)
– add hyperlinks by default in Table of Contents
(bnc#705956) Calc :
– pie charts colors messed in XLS import (fdo#40320)
– correctly import data point formats in data series
(fdo#40320) Components :
– crash when parsing XML signatures (fdo#39657)
– broken getDataArray (fdo#46165, fdo#38441, i#117010)
– don’t paint a frame around the list of edit boxes
(fdo#42543)
– inconsistent compression method for encrypted documents.
(bnc#653688)
– allow pasting to multiple ranges. (bnc#715094)
– correctly convert chart data ranges. (bnc#727504)
– definedName corruption for XLSX export. (bnc#741182)
– adjust/shrink the ranges while copying. (bnc#677811)
– extra graph data is displayed for label. (bnc#717290)
– getCellRangeByName failure for named range. (bnc#738113)
– graph in XLS file has dates displayed wrong.
(bnc#720443)
– improve performance of large Excel documents.
(bnc#715104)
– display page background color/image properly.
(bnc#722045)
– pivot table output becoming empty on re-save.
(bnc#715543)
– encode virtual paths to local volume correctly.
(bnc#719887)
– avoid adjusting cell-anchored objects on other sheets.
(bnc#726152)
– make sure to adjust the sheet index of drawing objects.
(bnc#733864)
– make the data validation popup more reliable (fdo
#36851, bnc#737190) Impress :
– do not create an empty slide when printing handouts
(fdo#31966)
– undo corruption. (bnc#685123)
– do not set duplicate master slide names (bnc#735533)
Libraries :
– default shortcut for .uno:SearchDialog should be Ctrl+H
– crash using instances dialog of dataform navigator
(fdo#44816)
– disable problematic reading of external entities in
raptor
– correctly calculate leap year
– use proper Indian Rupee currency symbol U+20B9
(rh#794679)
– handle copy and paste from ConsoleOne. (bnc#704274)
– VBA control events not working, broken eventattacher.
(bnc#718227)
– ‘General Error’ when double-click graphic in
presentation. (bnc#720948)
– upgrade graphite to 1.0.3 fix surrogate support
– crash at exit. (bnc#728603)
– radial gradient offset. (bnc#714787)
– horizontal scrollbars with KDE oxygen style.
(bnc#722918)
– rendering of metafiles embedded in EMF+ (updated)
(bnc#705956) Postprocess :
– make the 3D transitions work again (bnc#728559) URE :
– make Duden Korrektor 5 and 6 work General :
– add compat symlinks for the old main desktop icon.
(bnc#724087)
– Fix tooltips are all black in KDE4 (bnc#723074,
fdo#40461)
– do-not-display-math-in-desktop-menu.diff: do not display
math in desktop menu (fdo#41681)
– desktop-submenu.diff: display LO application in the
right desktop submenu. (bnc#718694)
– bash-completion-for-loffice.diff: define bash completion
for ‘loffice’ wrapper. (bnc#719656)
– svx-globlmn-hrc-build-dep.diff: fix build dependency
problem in svx
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2012-0037
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2012/03/16
Plugin Release: 2012/04/03
Plugin
Version: 1.5
Filename: suse_libreoffice-345-8022.nasl
Filesize: 11329 bytes
MD5 Hash: 9f038fca605d2955d8b45244293a1d43
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack