Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 585
Alerts This Week
Warning Icon 1 585

SUSE: 2018:2485-1 Moderate: LibreOffice Information Disclosure Fix

suse
Calendar Grey August 23, 2018
Dist Suse Esm H88
SUSE unveils an upgrade for LibreOffice to remedy a data exposure concern, coupled with enhancements resolving 10 other defects.
An update that solves one vulnerability and has 10 fixes is now available

Summary

This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) Non security issues fixed: - Bugfix: Table borders appear black in LibreOffice (while white in PowerPoint) (bsc#1088262) - Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed update (bsc#1050305) - Bugfix: libreoffice-gnome can no longer be installed in parallel to libreoffice-gtk3 as there is a potential file conflict (bsc#1096673)

References

#1050305 #1088262 #1088263 #1091606 #1091772

#1092699 #1094359 #1095601 #1095639 #1096673

#1098891

Cross- CVE-2018-10583

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP3

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2018-10583.html

https://bugzilla.suse.com/1050305

https://bugzilla.suse.com/1088262

https://bugzilla.suse.com/1088263

https://bugzilla.suse.com/1091606

https://bugzilla.suse.com/1091772

https://bugzilla.suse.com/1092699

https://bugzilla.suse.com/1094359

https://bugzilla.suse.com/1095601

https://bugzilla.suse.com/1095639

https://bugzilla.suse.com/1096673

https://bugzilla.suse.com/1098891

Announcement ID: SUSE-SU-2018:2485-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.