Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of LibreOffice applications must be restarted for
this update to take effect.
LibreOffice is an open source, community-developed office productivity
suite. It includes key desktop applications, such as a word processor, a
spreadsheet, a presentation manager, a formula editor, and a drawing
program. LibreOffice replaces OpenOffice and provides a similar but
enhanced and extended office suite.
Security Fix(es):
* libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class
allows for denial of service with crafted document (CVE-2018-10119)
* libreoffice: Out of bounds write in
filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service
with crafted document (CVE-2018-10120)
* libreoffice: Information disclosure via SMB connection embedded in
malicious file (CVE-2018-10583)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.6 Release Notes linked from the References section.
https://access.redhat.com/security/cve/CVE-2018-10119 https://access.redhat.com/security/cve/CVE-2018-10120 https://access.redhat.com/security/cve/CVE-2018-10583 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
Red Hat Enterprise Linux Client (v. 7):
Source:
libreoffice-5.3.6.1-19.el7.src.rpm
noarch:
autocorr-af-5.3.6.1-19.el7.noarch.rpm
autocorr-bg-5.3.6.1-19.el7.noarch.rpm
autocorr-ca-5.3.6.1-19.el7.noarch.rpm
autocorr-cs-5.3.6.1-19.el7.noarch.rpm
autocorr-da-5.3.6.1-19.el7.noarch.rpm
autocorr-de-5.3.6.1-19.el7.noarch.rpm
autocorr-en-5.3.6.1-19.el7.noarch.rpm
autocorr-es-5.3.6.1-19.el7.noarch.rpm
autocorr-fa-5.3.6.1-19.el7.noarch.rpm
autocorr-fi-5.3.6.1-19.el7.noarch.rpm
autocorr-fr-5.3.6.1-19.el7.noarch.rpm
autocorr-ga-5.3.6.1-19.el7.noarch.rpm
autocorr-hr-5.3.6.1-19.el7.noarch.rpm
autocorr-hu-5.3.6.1-19.el7.noarch.rpm
autocorr-is-5.3.6.1-19.el7.noarch.rpm
autocorr-it-5.3.6.1-19.el7.noarch.rpm
autocorr-ja-5.3.6.1-19.el7.noarch.rpm
autocorr-ko-5.3.6.1-19.el7.noarch.rpm
autocorr-lb-5.3.6.1-19.el7.noarch.rpm
autocorr-lt-5.3.6.1-19.el7.noarch.rpm
autocorr-mn-5.3.6.1-19.el7.noarch.rpm
autocorr-nl-5.3.6.1-19.el7.noarch.rpm
autocorr-pl-5.3.6.1-19.el7.noarch.rpm
autocorr-pt-5.3.6.1-19.el7.noarch.rpm
autocorr-ro-5.3.6.1-19.el7.noarch.rpm
autocorr-ru-5.3.6.1-19.el7.noarch.rpm
autocorr-sk-5.3.6.1-19.el7.noarch.rpm
autocorr-sl-5.3.6.1-19.el7.noarch.rpm
autocorr-sr-5.3.6.1-19.el7.noarch.rpm
autocorr-sv-5.3.6.1-19.el7.noarch.rpm
autocorr-tr-5.3.6.1-19.el7.noarch.rpm
Read the Full Advisory
An update for libreoffice is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le
1388764 - [fix available] When editting text in LibreOffice Calc the new and old texts are shown on top of each other
1545262 - [fix available] ppc64le Fatal exception: Signal 6
1546997 - [fix available][ALL_LANG except zh,ko] Text overlap observed in libreoffice applications on search bar
1568579 - [fix available] LibreOffice leaves a zombie when run in daemon mode.
1569836 - CVE-2018-10119 libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document
1569840 - CVE-2018-10120 libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document
1574998 - CVE-2018-10583 libreoffice: Information disclosure via SMB connection embedded in malicious file
1589029 - Impress not showing text background in presentation mode
1610692 - [fix available] (soffice:13740): Gtk-CRITICAL **: 10:28:04.861: gtk_widget_queue_draw_area: assertion 'height >= 0' failed
1610904 - [fix available] rendering line cursor when moving selected text
1614419 - libreoffice-calc crashes in FIPS mode when handling password protected documents
Get the latest Linux and open source security news straight to your inbox.