openSUSE Leap 15.0: 2019:2057-1 Important: LibreOffice Remote Threats
opensuse
September 2, 2019
An update that solves 5 vulnerabilities and has one errata is now available.
Description
This update for libreoffice fixes the following issues:
Security issues fixed:
- CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth
mode' (bsc#1141861).
- CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo
(bsc#1141862).
- CVE-2019-9851: Fixed LibreLogo global-event script execution issue
(bsc#1146105).
- CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script
location check (bsc#1146107).
- CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo
script execution (bsc#1146098).
Non-security issue fixed:
- SmartArt: Basic rendering of Trapezoid List (bsc#1133534)
This update was imported from the SUSE:SLE-15:Update update project.
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-2057=1
Package List
- openSUSE Leap 15.0 (noarch):
libreoffice-branding-upstream-6.2.6.2-lp150.2.16.1
libreoffice-gdb-pretty-printers-6.2.6.2-lp150.2.16.1
libreoffice-glade-6.2.6.2-lp150.2.16.1
libreoffice-icon-themes-6.2.6.2-lp150.2.16.1
libreoffice-l10n-af-6.2.6.2-lp150.2.16.1
libreoffice-l10n-am-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ar-6.2.6.2-lp150.2.16.1
libreoffice-l10n-as-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ast-6.2.6.2-lp150.2.16.1
libreoffice-l10n-be-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bg-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bn-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bn_IN-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bo-6.2.6.2-lp150.2.16.1
libreoffice-l10n-br-6.2.6.2-lp150.2.16.1
libreoffice-l10n-brx-6.2.6.2-lp150.2.16.1
libreoffice-l10n-bs-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ca-6.2.6.2-lp150.2.16.1
libreoffice-l10n-ca_valencia-6.2.6.2-lp150.2.16.1
libreoffice-l10n-cs-6.2.6.2-lp150.2.16.1
libreoffice-l10n-cy-6.2.6.2-lp150.2.16.1
libreoffice-l10n-da-6.2.6.2-lp150.2.16.1
libreoffice-l10n-de-6.2.6.2-lp150.2.16.1
libreoffice-...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2019-9848.html
https://www.suse.com/security/cve/CVE-2019-9849.html
https://www.suse.com/security/cve/CVE-2019-9850.html
https://www.suse.com/security/cve/CVE-2019-9851.html
https://www.suse.com/security/cve/CVE-2019-9852.html
https://bugzilla.suse.com/1133534
https://bugzilla.suse.com/1141861
https://bugzilla.suse.com/1141862
https://bugzilla.suse.com/1146098
https://bugzilla.suse.com/1146105
https://bugzilla.suse.com/1146107
--
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2019:2057-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!