Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

openSUSE Leap 42.3: 2018:2532-1 Moderate: LibreOffice Info Disclosure

opensuse
Calendar Grey August 28, 2018
Scroller Opensuse
The latest LibreOffice update for openSUSE Leap 42.3 tackles a serious vulnerability and includes ten crucial bug fixes, enhancing security and stability for users
An update that solves one vulnerability and has 10 fixes is now available.

Description

This update for libreoffice to 6.0.5.2 fixes the following issues:

Security issues fixed:

- CVE-2018-10583: An information disclosure vulnerability occurs during

automatic processing and initiating an SMB connection embedded in a

malicious file, as demonstrated by

xlink:href=file://192.168.0.2/test.jpg within an

office:document-content element in a .odt XML document. (bsc#1091606)

Non security issues fixed:

- Bugfix: Table borders appear black in LibreOffice (while white in

PowerPoint) (bsc#1088262)

- Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed

update (bsc#1050305)

- Bugfix: libreoffice-gnome can no longer be installed in parallel to

libreoffice-gtk3 as there is a potential file conflict (bsc#1096673)

- Bugfix: LibreOffice Writer: Text in boxes were not visible (bsc#1094359)

- Use libreoffice-gtk3 if xfce is present (bsc#1092699)

- Various other bug fixes

- Exporting to PPTX results in...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-941=1

Package List

- openSUSE Leap 42.3 (x86_64):

libreoffice-6.0.5.2-24.2

libreoffice-base-6.0.5.2-24.2

libreoffice-base-debuginfo-6.0.5.2-24.2

libreoffice-base-drivers-mysql-6.0.5.2-24.2

libreoffice-base-drivers-mysql-debuginfo-6.0.5.2-24.2

libreoffice-base-drivers-postgresql-6.0.5.2-24.2

libreoffice-base-drivers-postgresql-debuginfo-6.0.5.2-24.2

libreoffice-calc-6.0.5.2-24.2

libreoffice-calc-debuginfo-6.0.5.2-24.2

libreoffice-calc-extensions-6.0.5.2-24.2

libreoffice-debuginfo-6.0.5.2-24.2

libreoffice-debugsource-6.0.5.2-24.2

libreoffice-draw-6.0.5.2-24.2

libreoffice-draw-debuginfo-6.0.5.2-24.2

libreoffice-filters-optional-6.0.5.2-24.2

libreoffice-gnome-6.0.5.2-24.2

libreoffice-gnome-debuginfo-6.0.5.2-24.2

libreoffice-gtk2-6.0.5.2-24.2

libreoffice-gtk2-debuginfo-6.0.5.2-24.2

libreoffice-gtk3-6.0.5.2-24.2

libreoffice-gtk3-debuginfo-6.0.5.2-24.2

libreoffice-impress-6.0.5.2-24.2

libreoffice-impress-debuginfo-6.0.5.2-24.2

libreoffice-kde4-6.0.5.2-24.2

libreoffice-kde4-debuginfo-6.0.5.2-24.2

libreoffice-mailmerge-6.0.5.2-24.2

libreof...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-10583.html

https://bugzilla.suse.com/1050305

https://bugzilla.suse.com/1088262

https://bugzilla.suse.com/1088263

https://bugzilla.suse.com/1091606

https://bugzilla.suse.com/1091772

https://bugzilla.suse.com/1092699

https://bugzilla.suse.com/1094359

https://bugzilla.suse.com/1095601

https://bugzilla.suse.com/1095639

https://bugzilla.suse.com/1096673

https://bugzilla.suse.com/1098891

--

Announcement ID: openSUSE-SU-2018:2532-1
Rating: moderate
Affected Products: openSUSE Leap 42.3 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.