SUSE Security Update: Security update for libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3683-1
Rating:             moderate
References:         #1050305 #1088263 #1091606 #1094779 #1095601 
                    #1095639 #1096360 #1098891 #1104876 
Cross-References:   CVE-2018-10583
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
                    SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________

   An update that solves one vulnerability and has 8 fixes is
   now available.

Description:



   This update for LibreOffice, libepubgen, liblangtag, libmwaw,
   libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes
   the following issues:

   LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features
   and lots of bugfixes:

   The full changelog can be found on:

           https://wiki.documentfoundation.org/ReleaseNotes/6.1

   Bugfixes:

   - bsc#1095639 Exporting to PPTX results in vertical labels being shown
     horizontally
   - bsc#1098891 Table in PPTX misplaced and partly blue
   - bsc#1088263 Labels in chart change (from white and other colors) to
     black when saving as PPTX
   - bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit

   - Add more translations:
     * Belarusian
     * Bodo
     * Dogri
     * Frisian
     * Gaelic
     * Paraguayan_Guaran
     * Upper_Sorbian
     * Konkani
     * Kashmiri
     * Luxembourgish
     * Monglolian
     * Manipuri
     * Burnese
     * Occitan
     * Kinyarwanda
     * Santali
     * Sanskrit
     * Sindhi
     * Sidamo
     * Tatar
     * Uzbek
     * Upper Sorbian
     * Venetian
     * Amharic
     * Asturian
     * Tibetian
     * Bosnian
     * English GB
     * English ZA
     * Indonesian
     * Icelandic
     * Georgian
     * Khmer
     * Lao
     * Macedonian
     * Nepali
     * Oromo
     * Albanian
     * Tajik
     * Uyghur
     * Vietnamese
     * Kurdish

   - Try to build all languages see bsc#1096360
   - Make sure to install the KDE5/Qt5 UI/filepicker
   - Try to implement safeguarding to avoid bsc#1050305
   - Disable base-drivers-mysql as it needs mysqlcppcon that is only for
     mysql and not mariadb, causes issues bsc#1094779
     * Users can still connect using jdbc/odbc
   - Fix java detection on machines with too many cpus

   - CVE-2018-10583: An information disclosure vulnerability occured when
     LibreOffice automatically processed and initiated an SMB connection
     embedded in a malicious file, as demonstrated by
     xlink:href=file://192.168.0.2/test.jpg within an office:document-content
     element in a .odt XML document. (bsc#1091606)

   libepubgen was updated to 0.1.1:

   - Avoid 
inside

or . - Avoid writin vertical-align attribute without a value. - Fix generation of invalid XHTML when there is a link starting at the beginning of a footnote. - Handle relative width for images. - Fixed layout: write chapter names to improve navigation. - Support writing mode. - Start a new HTML file at every page span in addition to the splits induced by the chosen split method. This is to ensure that specified writing mode works correctly, as it is HTML attribute. liblangtag was updated to 0.6.2: - use standard function - fix leak in test libmwaw was updated to 0.3.14: - Support MS Multiplan 1.1 files libnumbertext was update to 1.0.5: - Various fixes in numerical calculations and issues reported on libreoffice tracker libstaroffice was updated to 0.0.6: - retrieve some StarMath's formula, - retrieve some charts as graphic, - retrieve some fields in sda/sdc/sdp text-boxes, - .sdw: retrieve more attachments. libwps was updated to 0.4.9: - QuattroPro: add parser to .wb3 files - Multiplan: add parser to DOS v1-v3 files - charts: try to retrieve charts in .wk*, .wq* files - QuattroPro: add parser to .wb[12] files myspell-dictionaries was updated to 20181025: - Turkish dictionary added - Updated French dictionary xmlsec1 was updated to 1.2.26: - Added xmlsec-mscng module based on Microsoft Cryptography API: Next Generation - Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R 34.10-2001 in xmlsec-mscrypto Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2616=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2616=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2616=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2616=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libepubgen-0_1-1-0.1.1-3.3.1 libepubgen-0_1-1-debuginfo-0.1.1-3.3.1 libepubgen-debugsource-0.1.1-3.3.1 libepubgen-devel-0.1.1-3.3.1 liblangtag-debugsource-0.6.2-3.3.1 liblangtag-devel-0.6.2-3.3.1 liblangtag1-0.6.2-3.3.1 liblangtag1-debuginfo-0.6.2-3.3.1 libmwaw-0_3-3-0.3.14-4.3.1 libmwaw-0_3-3-debuginfo-0.3.14-4.3.1 libmwaw-debuginfo-0.3.14-4.3.1 libmwaw-debugsource-0.3.14-4.3.1 libnumbertext-1_0-0-1.0.5-1.3.1 libnumbertext-data-1.0.5-1.3.1 libnumbertext-debuginfo-1.0.5-1.3.1 libnumbertext-debugsource-1.0.5-1.3.1 libreoffice-6.1.3.2-3.7.3 libreoffice-base-6.1.3.2-3.7.3 libreoffice-base-debuginfo-6.1.3.2-3.7.3 libreoffice-base-drivers-postgresql-6.1.3.2-3.7.3 libreoffice-base-drivers-postgresql-debuginfo-6.1.3.2-3.7.3 libreoffice-calc-6.1.3.2-3.7.3 libreoffice-calc-debuginfo-6.1.3.2-3.7.3 libreoffice-calc-extensions-6.1.3.2-3.7.3 libreoffice-debuginfo-6.1.3.2-3.7.3 libreoffice-debugsource-6.1.3.2-3.7.3 libreoffice-draw-6.1.3.2-3.7.3 libreoffice-draw-debuginfo-6.1.3.2-3.7.3 libreoffice-filters-optional-6.1.3.2-3.7.3 libreoffice-gnome-6.1.3.2-3.7.3 libreoffice-gnome-debuginfo-6.1.3.2-3.7.3 libreoffice-gtk3-6.1.3.2-3.7.3 libreoffice-gtk3-debuginfo-6.1.3.2-3.7.3 libreoffice-impress-6.1.3.2-3.7.3 libreoffice-impress-debuginfo-6.1.3.2-3.7.3 libreoffice-mailmerge-6.1.3.2-3.7.3 libreoffice-math-6.1.3.2-3.7.3 libreoffice-math-debuginfo-6.1.3.2-3.7.3 libreoffice-officebean-6.1.3.2-3.7.3 libreoffice-officebean-debuginfo-6.1.3.2-3.7.3 libreoffice-pyuno-6.1.3.2-3.7.3 libreoffice-pyuno-debuginfo-6.1.3.2-3.7.3 libreoffice-writer-6.1.3.2-3.7.3 libreoffice-writer-debuginfo-6.1.3.2-3.7.3 libreoffice-writer-extensions-6.1.3.2-3.7.3 libreofficekit-6.1.3.2-3.7.3 libstaroffice-0_0-0-0.0.6-3.3.1 libstaroffice-0_0-0-debuginfo-0.0.6-3.3.1 libstaroffice-debuginfo-0.0.6-3.3.1 libstaroffice-debugsource-0.0.6-3.3.1 libwps-0_4-4-0.4.9-3.3.1 libwps-0_4-4-debuginfo-0.4.9-3.3.1 libwps-debuginfo-0.4.9-3.3.1 libwps-debugsource-0.4.9-3.3.1 libwps-devel-0.4.9-3.3.1 libxmlsec1-1-1.2.26-3.3.1 libxmlsec1-1-debuginfo-1.2.26-3.3.1 libxmlsec1-nss1-1.2.26-3.3.1 libxmlsec1-nss1-debuginfo-1.2.26-3.3.1 libxmlsec1-openssl1-1.2.26-3.3.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1 xmlsec1-debuginfo-1.2.26-3.3.1 xmlsec1-debugsource-1.2.26-3.3.1 xmlsec1-devel-1.2.26-3.3.1 xmlsec1-nss-devel-1.2.26-3.3.1 xmlsec1-openssl-devel-1.2.26-3.3.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-branding-upstream-6.1.3.2-3.7.3 libreoffice-icon-themes-6.1.3.2-3.7.3 libreoffice-l10n-af-6.1.3.2-3.7.3 libreoffice-l10n-ar-6.1.3.2-3.7.3 libreoffice-l10n-as-6.1.3.2-3.7.3 libreoffice-l10n-bg-6.1.3.2-3.7.3 libreoffice-l10n-bn-6.1.3.2-3.7.3 libreoffice-l10n-br-6.1.3.2-3.7.3 libreoffice-l10n-ca-6.1.3.2-3.7.3 libreoffice-l10n-cs-6.1.3.2-3.7.3 libreoffice-l10n-cy-6.1.3.2-3.7.3 libreoffice-l10n-da-6.1.3.2-3.7.3 libreoffice-l10n-de-6.1.3.2-3.7.3 libreoffice-l10n-dz-6.1.3.2-3.7.3 libreoffice-l10n-el-6.1.3.2-3.7.3 libreoffice-l10n-en-6.1.3.2-3.7.3 libreoffice-l10n-eo-6.1.3.2-3.7.3 libreoffice-l10n-es-6.1.3.2-3.7.3 libreoffice-l10n-et-6.1.3.2-3.7.3 libreoffice-l10n-eu-6.1.3.2-3.7.3 libreoffice-l10n-fa-6.1.3.2-3.7.3 libreoffice-l10n-fi-6.1.3.2-3.7.3 libreoffice-l10n-fr-6.1.3.2-3.7.3 libreoffice-l10n-ga-6.1.3.2-3.7.3 libreoffice-l10n-gl-6.1.3.2-3.7.3 libreoffice-l10n-gu-6.1.3.2-3.7.3 libreoffice-l10n-he-6.1.3.2-3.7.3 libreoffice-l10n-hi-6.1.3.2-3.7.3 libreoffice-l10n-hr-6.1.3.2-3.7.3 libreoffice-l10n-hu-6.1.3.2-3.7.3 libreoffice-l10n-it-6.1.3.2-3.7.3 libreoffice-l10n-ja-6.1.3.2-3.7.3 libreoffice-l10n-kk-6.1.3.2-3.7.3 libreoffice-l10n-kn-6.1.3.2-3.7.3 libreoffice-l10n-ko-6.1.3.2-3.7.3 libreoffice-l10n-lt-6.1.3.2-3.7.3 libreoffice-l10n-lv-6.1.3.2-3.7.3 libreoffice-l10n-mai-6.1.3.2-3.7.3 libreoffice-l10n-ml-6.1.3.2-3.7.3 libreoffice-l10n-mr-6.1.3.2-3.7.3 libreoffice-l10n-nb-6.1.3.2-3.7.3 libreoffice-l10n-nl-6.1.3.2-3.7.3 libreoffice-l10n-nn-6.1.3.2-3.7.3 libreoffice-l10n-nr-6.1.3.2-3.7.3 libreoffice-l10n-nso-6.1.3.2-3.7.3 libreoffice-l10n-or-6.1.3.2-3.7.3 libreoffice-l10n-pa-6.1.3.2-3.7.3 libreoffice-l10n-pl-6.1.3.2-3.7.3 libreoffice-l10n-pt_BR-6.1.3.2-3.7.3 libreoffice-l10n-pt_PT-6.1.3.2-3.7.3 libreoffice-l10n-ro-6.1.3.2-3.7.3 libreoffice-l10n-ru-6.1.3.2-3.7.3 libreoffice-l10n-si-6.1.3.2-3.7.3 libreoffice-l10n-sk-6.1.3.2-3.7.3 libreoffice-l10n-sl-6.1.3.2-3.7.3 libreoffice-l10n-sr-6.1.3.2-3.7.3 libreoffice-l10n-ss-6.1.3.2-3.7.3 libreoffice-l10n-st-6.1.3.2-3.7.3 libreoffice-l10n-sv-6.1.3.2-3.7.3 libreoffice-l10n-ta-6.1.3.2-3.7.3 libreoffice-l10n-te-6.1.3.2-3.7.3 libreoffice-l10n-th-6.1.3.2-3.7.3 libreoffice-l10n-tn-6.1.3.2-3.7.3 libreoffice-l10n-tr-6.1.3.2-3.7.3 libreoffice-l10n-ts-6.1.3.2-3.7.3 libreoffice-l10n-uk-6.1.3.2-3.7.3 libreoffice-l10n-ve-6.1.3.2-3.7.3 libreoffice-l10n-xh-6.1.3.2-3.7.3 libreoffice-l10n-zh_CN-6.1.3.2-3.7.3 libreoffice-l10n-zh_TW-6.1.3.2-3.7.3 libreoffice-l10n-zu-6.1.3.2-3.7.3 myspell-af_ZA-20181025-3.6.1 myspell-ar-20181025-3.6.1 myspell-bg_BG-20181025-3.6.1 myspell-bn_BD-20181025-3.6.1 myspell-br_FR-20181025-3.6.1 myspell-ca-20181025-3.6.1 myspell-cs_CZ-20181025-3.6.1 myspell-da_DK-20181025-3.6.1 myspell-el_GR-20181025-3.6.1 myspell-et_EE-20181025-3.6.1 myspell-fr_FR-20181025-3.6.1 myspell-gl-20181025-3.6.1 myspell-gu_IN-20181025-3.6.1 myspell-he_IL-20181025-3.6.1 myspell-hi_IN-20181025-3.6.1 myspell-hr_HR-20181025-3.6.1 myspell-it_IT-20181025-3.6.1 myspell-lt_LT-20181025-3.6.1 myspell-lv_LV-20181025-3.6.1 myspell-nl_NL-20181025-3.6.1 myspell-nn_NO-20181025-3.6.1 myspell-pl_PL-20181025-3.6.1 myspell-pt_PT-20181025-3.6.1 myspell-si_LK-20181025-3.6.1 myspell-sk_SK-20181025-3.6.1 myspell-sl_SI-20181025-3.6.1 myspell-sr-20181025-3.6.1 myspell-sv_SE-20181025-3.6.1 myspell-te_IN-20181025-3.6.1 myspell-th_TH-20181025-3.6.1 myspell-tr_TR-20181025-3.6.1 myspell-uk_UA-20181025-3.6.1 myspell-zu_ZA-20181025-3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): libxmlsec1-gcrypt1-1.2.26-3.3.1 libxmlsec1-gcrypt1-debuginfo-1.2.26-3.3.1 libxmlsec1-gnutls1-1.2.26-3.3.1 libxmlsec1-gnutls1-debuginfo-1.2.26-3.3.1 libxmlsec1-openssl1-1.2.26-3.3.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1 xmlsec1-debuginfo-1.2.26-3.3.1 xmlsec1-debugsource-1.2.26-3.3.1 xmlsec1-gnutls-devel-1.2.26-3.3.1 xmlsec1-openssl-devel-1.2.26-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libmwaw-debuginfo-0.3.14-4.3.1 libmwaw-debugsource-0.3.14-4.3.1 libmwaw-devel-0.3.14-4.3.1 libmwaw-tools-0.3.14-4.3.1 libmwaw-tools-debuginfo-0.3.14-4.3.1 libstaroffice-debuginfo-0.0.6-3.3.1 libstaroffice-debugsource-0.0.6-3.3.1 libstaroffice-devel-0.0.6-3.3.1 libstaroffice-tools-0.0.6-3.3.1 libstaroffice-tools-debuginfo-0.0.6-3.3.1 libwps-debuginfo-0.4.9-3.3.1 libwps-debugsource-0.4.9-3.3.1 libwps-tools-0.4.9-3.3.1 libwps-tools-debuginfo-0.4.9-3.3.1 libxmlsec1-gcrypt1-1.2.26-3.3.1 libxmlsec1-gcrypt1-debuginfo-1.2.26-3.3.1 libxmlsec1-gnutls1-1.2.26-3.3.1 libxmlsec1-gnutls1-debuginfo-1.2.26-3.3.1 libxmlsec1-openssl1-1.2.26-3.3.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1 xmlsec1-1.2.26-3.3.1 xmlsec1-debuginfo-1.2.26-3.3.1 xmlsec1-debugsource-1.2.26-3.3.1 xmlsec1-gcrypt-devel-1.2.26-3.3.1 xmlsec1-gnutls-devel-1.2.26-3.3.1 xmlsec1-openssl-devel-1.2.26-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): libepubgen-devel-doc-0.1.1-3.3.1 liblangtag-doc-0.6.2-3.3.1 libmwaw-devel-doc-0.3.14-4.3.1 libstaroffice-devel-doc-0.0.6-3.3.1 myspell-af_NA-20181025-3.6.1 myspell-an-20181025-3.6.1 myspell-an_ES-20181025-3.6.1 myspell-ar_AE-20181025-3.6.1 myspell-ar_BH-20181025-3.6.1 myspell-ar_DZ-20181025-3.6.1 myspell-ar_EG-20181025-3.6.1 myspell-ar_IQ-20181025-3.6.1 myspell-ar_JO-20181025-3.6.1 myspell-ar_KW-20181025-3.6.1 myspell-ar_LB-20181025-3.6.1 myspell-ar_LY-20181025-3.6.1 myspell-ar_MA-20181025-3.6.1 myspell-ar_OM-20181025-3.6.1 myspell-ar_QA-20181025-3.6.1 myspell-ar_SA-20181025-3.6.1 myspell-ar_SD-20181025-3.6.1 myspell-ar_SY-20181025-3.6.1 myspell-ar_TN-20181025-3.6.1 myspell-ar_YE-20181025-3.6.1 myspell-be_BY-20181025-3.6.1 myspell-bn_IN-20181025-3.6.1 myspell-bo-20181025-3.6.1 myspell-bo_CN-20181025-3.6.1 myspell-bo_IN-20181025-3.6.1 myspell-bs-20181025-3.6.1 myspell-bs_BA-20181025-3.6.1 myspell-ca_AD-20181025-3.6.1 myspell-ca_ES-20181025-3.6.1 myspell-ca_ES_valencia-20181025-3.6.1 myspell-ca_FR-20181025-3.6.1 myspell-ca_IT-20181025-3.6.1 myspell-de_AT-20181025-3.6.1 myspell-de_CH-20181025-3.6.1 myspell-en_AU-20181025-3.6.1 myspell-en_BS-20181025-3.6.1 myspell-en_BZ-20181025-3.6.1 myspell-en_CA-20181025-3.6.1 myspell-en_GB-20181025-3.6.1 myspell-en_GH-20181025-3.6.1 myspell-en_IE-20181025-3.6.1 myspell-en_IN-20181025-3.6.1 myspell-en_JM-20181025-3.6.1 myspell-en_MW-20181025-3.6.1 myspell-en_NA-20181025-3.6.1 myspell-en_NZ-20181025-3.6.1 myspell-en_PH-20181025-3.6.1 myspell-en_TT-20181025-3.6.1 myspell-en_ZA-20181025-3.6.1 myspell-en_ZW-20181025-3.6.1 myspell-es_AR-20181025-3.6.1 myspell-es_BO-20181025-3.6.1 myspell-es_CL-20181025-3.6.1 myspell-es_CO-20181025-3.6.1 myspell-es_CR-20181025-3.6.1 myspell-es_CU-20181025-3.6.1 myspell-es_DO-20181025-3.6.1 myspell-es_EC-20181025-3.6.1 myspell-es_GT-20181025-3.6.1 myspell-es_HN-20181025-3.6.1 myspell-es_MX-20181025-3.6.1 myspell-es_NI-20181025-3.6.1 myspell-es_PA-20181025-3.6.1 myspell-es_PE-20181025-3.6.1 myspell-es_PR-20181025-3.6.1 myspell-es_PY-20181025-3.6.1 myspell-es_SV-20181025-3.6.1 myspell-es_UY-20181025-3.6.1 myspell-es_VE-20181025-3.6.1 myspell-fr_BE-20181025-3.6.1 myspell-fr_CA-20181025-3.6.1 myspell-fr_CH-20181025-3.6.1 myspell-fr_LU-20181025-3.6.1 myspell-fr_MC-20181025-3.6.1 myspell-gd_GB-20181025-3.6.1 myspell-gl_ES-20181025-3.6.1 myspell-gug-20181025-3.6.1 myspell-gug_PY-20181025-3.6.1 myspell-is-20181025-3.6.1 myspell-is_IS-20181025-3.6.1 myspell-kmr_Latn-20181025-3.6.1 myspell-kmr_Latn_SY-20181025-3.6.1 myspell-kmr_Latn_TR-20181025-3.6.1 myspell-lo_LA-20181025-3.6.1 myspell-ne_NP-20181025-3.6.1 myspell-nl_BE-20181025-3.6.1 myspell-nn_NO-20181025-3.6.1 myspell-oc_FR-20181025-3.6.1 myspell-pt_AO-20181025-3.6.1 myspell-sq_AL-20181025-3.6.1 myspell-sr_CS-20181025-3.6.1 myspell-sr_Latn_CS-20181025-3.6.1 myspell-sr_Latn_RS-20181025-3.6.1 myspell-sr_RS-20181025-3.6.1 myspell-sv_FI-20181025-3.6.1 myspell-sw_TZ-20181025-3.6.1 myspell-te-20181025-3.6.1 myspell-vi-20181025-3.6.1 myspell-vi_VN-20181025-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): myspell-dictionaries-20181025-3.6.1 myspell-lightproof-en-20181025-3.6.1 myspell-lightproof-hu_HU-20181025-3.6.1 myspell-lightproof-pt_BR-20181025-3.6.1 myspell-lightproof-ru_RU-20181025-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): myspell-de-20181025-3.6.1 myspell-de_DE-20181025-3.6.1 myspell-en-20181025-3.6.1 myspell-en_US-20181025-3.6.1 myspell-es-20181025-3.6.1 myspell-es_ES-20181025-3.6.1 myspell-hu_HU-20181025-3.6.1 myspell-nb_NO-20181025-3.6.1 myspell-no-20181025-3.6.1 myspell-pt_BR-20181025-3.6.1 myspell-ro-20181025-3.6.1 myspell-ro_RO-20181025-3.6.1 myspell-ru_RU-20181025-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-10583.html https://bugzilla.suse.com/1050305 https://bugzilla.suse.com/1088263 https://bugzilla.suse.com/1091606 https://bugzilla.suse.com/1094779 https://bugzilla.suse.com/1095601 https://bugzilla.suse.com/1095639 https://bugzilla.suse.com/1096360 https://bugzilla.suse.com/1098891 https://bugzilla.suse.com/1104876 _______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2018:3683-1 moderate: libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffi

November 8, 2018
An update that solves one vulnerability and has 8 fixes is now available

Summary

This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues: LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes: The full changelog can be found on: https://wiki.documentfoundation.org/ReleaseNotes/6.1 Bugfixes: - bsc#1095639 Exporting to PPTX results in vertical labels being shown horizontally - bsc#1098891 Table in PPTX misplaced and partly blue - bsc#1088263 Labels in chart change (from white and other colors) to black when saving as PPTX - bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit - Add more translations: * Belarusian * Bodo * Dogri * Frisian * Gaelic * Paraguayan_Guaran * Upper_Sorbian * Konkani * Kashmiri * Luxembourgish * Monglolian * Manipuri * Burnese * Occitan * Kinyarwanda * Santali * Sanskrit * Sindhi * Sidamo * Tatar * Uzbek * Upper Sorbian * Venetian * Amharic * Asturian * Tibetian * Bosnian * English GB * English ZA * Indonesian * Icelandic * Georgian * Khmer * Lao * Macedonian * Nepali * Oromo * Albanian * Tajik * Uyghur * Vietnamese * Kurdish - Try to build all languages see bsc#1096360 - Make sure to install the KDE5/Qt5 UI/filepicker - Try to implement safeguarding to avoid bsc#1050305 - Disable base-drivers-mysql as it needs mysqlcppcon that is only for mysql and not mariadb, causes issues bsc#1094779 * Users can still connect using jdbc/odbc - Fix java detection on machines with too many cpus - CVE-2018-10583: An information disclosure vulnerability occured when LibreOffice automatically processed and initiated an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) libepubgen was updated to 0.1.1: - Avoid

inside

or . - Avoid writin vertical-align attribute without a value. - Fix generation of invalid XHTML when there is a link starting at the beginning of a footnote. - Handle relative width for images. - Fixed layout: write chapter names to improve navigation. - Support writing mode. - Start a new HTML file at every page span in addition to the splits induced by the chosen split method. This is to ensure that specified writing mode works correctly, as it is HTML attribute. liblangtag was updated to 0.6.2: - use standard function - fix leak in test libmwaw was updated to 0.3.14: - Support MS Multiplan 1.1 files libnumbertext was update to 1.0.5: - Various fixes in numerical calculations and issues reported on libreoffice tracker libstaroffice was updated to 0.0.6: - retrieve some StarMath's formula, - retrieve some charts as graphic, - retrieve some fields in sda/sdc/sdp text-boxes, - .sdw: retrieve more attachments. libwps was updated to 0.4.9: - QuattroPro: add parser to .wb3 files - Multiplan: add parser to DOS v1-v3 files - charts: try to retrieve charts in .wk*, .wq* files - QuattroPro: add parser to .wb[12] files myspell-dictionaries was updated to 20181025: - Turkish dictionary added - Updated French dictionary xmlsec1 was updated to 1.2.26: - Added xmlsec-mscng module based on Microsoft Cryptography API: Next Generation - Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R 34.10-2001 in xmlsec-mscrypto Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2616=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2616=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2616=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2616=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libepubgen-0_1-1-0.1.1-3.3.1 libepubgen-0_1-1-debuginfo-0.1.1-3.3.1 libepubgen-debugsource-0.1.1-3.3.1 libepubgen-devel-0.1.1-3.3.1 liblangtag-debugsource-0.6.2-3.3.1 liblangtag-devel-0.6.2-3.3.1 liblangtag1-0.6.2-3.3.1 liblangtag1-debuginfo-0.6.2-3.3.1 libmwaw-0_3-3-0.3.14-4.3.1 libmwaw-0_3-3-debuginfo-0.3.14-4.3.1 libmwaw-debuginfo-0.3.14-4.3.1 libmwaw-debugsource-0.3.14-4.3.1 libnumbertext-1_0-0-1.0.5-1.3.1 libnumbertext-data-1.0.5-1.3.1 libnumbertext-debuginfo-1.0.5-1.3.1 libnumbertext-debugsource-1.0.5-1.3.1 libreoffice-6.1.3.2-3.7.3 libreoffice-base-6.1.3.2-3.7.3 libreoffice-base-debuginfo-6.1.3.2-3.7.3 libreoffice-base-drivers-postgresql-6.1.3.2-3.7.3 libreoffice-base-drivers-postgresql-debuginfo-6.1.3.2-3.7.3 libreoffice-calc-6.1.3.2-3.7.3 libreoffice-calc-debuginfo-6.1.3.2-3.7.3 libreoffice-calc-extensions-6.1.3.2-3.7.3 libreoffice-debuginfo-6.1.3.2-3.7.3 libreoffice-debugsource-6.1.3.2-3.7.3 libreoffice-draw-6.1.3.2-3.7.3 libreoffice-draw-debuginfo-6.1.3.2-3.7.3 libreoffice-filters-optional-6.1.3.2-3.7.3 libreoffice-gnome-6.1.3.2-3.7.3 libreoffice-gnome-debuginfo-6.1.3.2-3.7.3 libreoffice-gtk3-6.1.3.2-3.7.3 libreoffice-gtk3-debuginfo-6.1.3.2-3.7.3 libreoffice-impress-6.1.3.2-3.7.3 libreoffice-impress-debuginfo-6.1.3.2-3.7.3 libreoffice-mailmerge-6.1.3.2-3.7.3 libreoffice-math-6.1.3.2-3.7.3 libreoffice-math-debuginfo-6.1.3.2-3.7.3 libreoffice-officebean-6.1.3.2-3.7.3 libreoffice-officebean-debuginfo-6.1.3.2-3.7.3 libreoffice-pyuno-6.1.3.2-3.7.3 libreoffice-pyuno-debuginfo-6.1.3.2-3.7.3 libreoffice-writer-6.1.3.2-3.7.3 libreoffice-writer-debuginfo-6.1.3.2-3.7.3 libreoffice-writer-extensions-6.1.3.2-3.7.3 libreofficekit-6.1.3.2-3.7.3 libstaroffice-0_0-0-0.0.6-3.3.1 libstaroffice-0_0-0-debuginfo-0.0.6-3.3.1 libstaroffice-debuginfo-0.0.6-3.3.1 libstaroffice-debugsource-0.0.6-3.3.1 libwps-0_4-4-0.4.9-3.3.1 libwps-0_4-4-debuginfo-0.4.9-3.3.1 libwps-debuginfo-0.4.9-3.3.1 libwps-debugsource-0.4.9-3.3.1 libwps-devel-0.4.9-3.3.1 libxmlsec1-1-1.2.26-3.3.1 libxmlsec1-1-debuginfo-1.2.26-3.3.1 libxmlsec1-nss1-1.2.26-3.3.1 libxmlsec1-nss1-debuginfo-1.2.26-3.3.1 libxmlsec1-openssl1-1.2.26-3.3.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1 xmlsec1-debuginfo-1.2.26-3.3.1 xmlsec1-debugsource-1.2.26-3.3.1 xmlsec1-devel-1.2.26-3.3.1 xmlsec1-nss-devel-1.2.26-3.3.1 xmlsec1-openssl-devel-1.2.26-3.3.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-branding-upstream-6.1.3.2-3.7.3 libreoffice-icon-themes-6.1.3.2-3.7.3 libreoffice-l10n-af-6.1.3.2-3.7.3 libreoffice-l10n-ar-6.1.3.2-3.7.3 libreoffice-l10n-as-6.1.3.2-3.7.3 libreoffice-l10n-bg-6.1.3.2-3.7.3 libreoffice-l10n-bn-6.1.3.2-3.7.3 libreoffice-l10n-br-6.1.3.2-3.7.3 libreoffice-l10n-ca-6.1.3.2-3.7.3 libreoffice-l10n-cs-6.1.3.2-3.7.3 libreoffice-l10n-cy-6.1.3.2-3.7.3 libreoffice-l10n-da-6.1.3.2-3.7.3 libreoffice-l10n-de-6.1.3.2-3.7.3 libreoffice-l10n-dz-6.1.3.2-3.7.3 libreoffice-l10n-el-6.1.3.2-3.7.3 libreoffice-l10n-en-6.1.3.2-3.7.3 libreoffice-l10n-eo-6.1.3.2-3.7.3 libreoffice-l10n-es-6.1.3.2-3.7.3 libreoffice-l10n-et-6.1.3.2-3.7.3 libreoffice-l10n-eu-6.1.3.2-3.7.3 libreoffice-l10n-fa-6.1.3.2-3.7.3 libreoffice-l10n-fi-6.1.3.2-3.7.3 libreoffice-l10n-fr-6.1.3.2-3.7.3 libreoffice-l10n-ga-6.1.3.2-3.7.3 libreoffice-l10n-gl-6.1.3.2-3.7.3 libreoffice-l10n-gu-6.1.3.2-3.7.3 libreoffice-l10n-he-6.1.3.2-3.7.3 libreoffice-l10n-hi-6.1.3.2-3.7.3 libreoffice-l10n-hr-6.1.3.2-3.7.3 libreoffice-l10n-hu-6.1.3.2-3.7.3 libreoffice-l10n-it-6.1.3.2-3.7.3 libreoffice-l10n-ja-6.1.3.2-3.7.3 libreoffice-l10n-kk-6.1.3.2-3.7.3 libreoffice-l10n-kn-6.1.3.2-3.7.3 libreoffice-l10n-ko-6.1.3.2-3.7.3 libreoffice-l10n-lt-6.1.3.2-3.7.3 libreoffice-l10n-lv-6.1.3.2-3.7.3 libreoffice-l10n-mai-6.1.3.2-3.7.3 libreoffice-l10n-ml-6.1.3.2-3.7.3 libreoffice-l10n-mr-6.1.3.2-3.7.3 libreoffice-l10n-nb-6.1.3.2-3.7.3 libreoffice-l10n-nl-6.1.3.2-3.7.3 libreoffice-l10n-nn-6.1.3.2-3.7.3 libreoffice-l10n-nr-6.1.3.2-3.7.3 libreoffice-l10n-nso-6.1.3.2-3.7.3 libreoffice-l10n-or-6.1.3.2-3.7.3 libreoffice-l10n-pa-6.1.3.2-3.7.3 libreoffice-l10n-pl-6.1.3.2-3.7.3 libreoffice-l10n-pt_BR-6.1.3.2-3.7.3 libreoffice-l10n-pt_PT-6.1.3.2-3.7.3 libreoffice-l10n-ro-6.1.3.2-3.7.3 libreoffice-l10n-ru-6.1.3.2-3.7.3 libreoffice-l10n-si-6.1.3.2-3.7.3 libreoffice-l10n-sk-6.1.3.2-3.7.3 libreoffice-l10n-sl-6.1.3.2-3.7.3 libreoffice-l10n-sr-6.1.3.2-3.7.3 libreoffice-l10n-ss-6.1.3.2-3.7.3 libreoffice-l10n-st-6.1.3.2-3.7.3 libreoffice-l10n-sv-6.1.3.2-3.7.3 libreoffice-l10n-ta-6.1.3.2-3.7.3 libreoffice-l10n-te-6.1.3.2-3.7.3 libreoffice-l10n-th-6.1.3.2-3.7.3 libreoffice-l10n-tn-6.1.3.2-3.7.3 libreoffice-l10n-tr-6.1.3.2-3.7.3 libreoffice-l10n-ts-6.1.3.2-3.7.3 libreoffice-l10n-uk-6.1.3.2-3.7.3 libreoffice-l10n-ve-6.1.3.2-3.7.3 libreoffice-l10n-xh-6.1.3.2-3.7.3 libreoffice-l10n-zh_CN-6.1.3.2-3.7.3 libreoffice-l10n-zh_TW-6.1.3.2-3.7.3 libreoffice-l10n-zu-6.1.3.2-3.7.3 myspell-af_ZA-20181025-3.6.1 myspell-ar-20181025-3.6.1 myspell-bg_BG-20181025-3.6.1 myspell-bn_BD-20181025-3.6.1 myspell-br_FR-20181025-3.6.1 myspell-ca-20181025-3.6.1 myspell-cs_CZ-20181025-3.6.1 myspell-da_DK-20181025-3.6.1 myspell-el_GR-20181025-3.6.1 myspell-et_EE-20181025-3.6.1 myspell-fr_FR-20181025-3.6.1 myspell-gl-20181025-3.6.1 myspell-gu_IN-20181025-3.6.1 myspell-he_IL-20181025-3.6.1 myspell-hi_IN-20181025-3.6.1 myspell-hr_HR-20181025-3.6.1 myspell-it_IT-20181025-3.6.1 myspell-lt_LT-20181025-3.6.1 myspell-lv_LV-20181025-3.6.1 myspell-nl_NL-20181025-3.6.1 myspell-nn_NO-20181025-3.6.1 myspell-pl_PL-20181025-3.6.1 myspell-pt_PT-20181025-3.6.1 myspell-si_LK-20181025-3.6.1 myspell-sk_SK-20181025-3.6.1 myspell-sl_SI-20181025-3.6.1 myspell-sr-20181025-3.6.1 myspell-sv_SE-20181025-3.6.1 myspell-te_IN-20181025-3.6.1 myspell-th_TH-20181025-3.6.1 myspell-tr_TR-20181025-3.6.1 myspell-uk_UA-20181025-3.6.1 myspell-zu_ZA-20181025-3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): libxmlsec1-gcrypt1-1.2.26-3.3.1 libxmlsec1-gcrypt1-debuginfo-1.2.26-3.3.1 libxmlsec1-gnutls1-1.2.26-3.3.1 libxmlsec1-gnutls1-debuginfo-1.2.26-3.3.1 libxmlsec1-openssl1-1.2.26-3.3.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1 xmlsec1-debuginfo-1.2.26-3.3.1 xmlsec1-debugsource-1.2.26-3.3.1 xmlsec1-gnutls-devel-1.2.26-3.3.1 xmlsec1-openssl-devel-1.2.26-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libmwaw-debuginfo-0.3.14-4.3.1 libmwaw-debugsource-0.3.14-4.3.1 libmwaw-devel-0.3.14-4.3.1 libmwaw-tools-0.3.14-4.3.1 libmwaw-tools-debuginfo-0.3.14-4.3.1 libstaroffice-debuginfo-0.0.6-3.3.1 libstaroffice-debugsource-0.0.6-3.3.1 libstaroffice-devel-0.0.6-3.3.1 libstaroffice-tools-0.0.6-3.3.1 libstaroffice-tools-debuginfo-0.0.6-3.3.1 libwps-debuginfo-0.4.9-3.3.1 libwps-debugsource-0.4.9-3.3.1 libwps-tools-0.4.9-3.3.1 libwps-tools-debuginfo-0.4.9-3.3.1 libxmlsec1-gcrypt1-1.2.26-3.3.1 libxmlsec1-gcrypt1-debuginfo-1.2.26-3.3.1 libxmlsec1-gnutls1-1.2.26-3.3.1 libxmlsec1-gnutls1-debuginfo-1.2.26-3.3.1 libxmlsec1-openssl1-1.2.26-3.3.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1 xmlsec1-1.2.26-3.3.1 xmlsec1-debuginfo-1.2.26-3.3.1 xmlsec1-debugsource-1.2.26-3.3.1 xmlsec1-gcrypt-devel-1.2.26-3.3.1 xmlsec1-gnutls-devel-1.2.26-3.3.1 xmlsec1-openssl-devel-1.2.26-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): libepubgen-devel-doc-0.1.1-3.3.1 liblangtag-doc-0.6.2-3.3.1 libmwaw-devel-doc-0.3.14-4.3.1 libstaroffice-devel-doc-0.0.6-3.3.1 myspell-af_NA-20181025-3.6.1 myspell-an-20181025-3.6.1 myspell-an_ES-20181025-3.6.1 myspell-ar_AE-20181025-3.6.1 myspell-ar_BH-20181025-3.6.1 myspell-ar_DZ-20181025-3.6.1 myspell-ar_EG-20181025-3.6.1 myspell-ar_IQ-20181025-3.6.1 myspell-ar_JO-20181025-3.6.1 myspell-ar_KW-20181025-3.6.1 myspell-ar_LB-20181025-3.6.1 myspell-ar_LY-20181025-3.6.1 myspell-ar_MA-20181025-3.6.1 myspell-ar_OM-20181025-3.6.1 myspell-ar_QA-20181025-3.6.1 myspell-ar_SA-20181025-3.6.1 myspell-ar_SD-20181025-3.6.1 myspell-ar_SY-20181025-3.6.1 myspell-ar_TN-20181025-3.6.1 myspell-ar_YE-20181025-3.6.1 myspell-be_BY-20181025-3.6.1 myspell-bn_IN-20181025-3.6.1 myspell-bo-20181025-3.6.1 myspell-bo_CN-20181025-3.6.1 myspell-bo_IN-20181025-3.6.1 myspell-bs-20181025-3.6.1 myspell-bs_BA-20181025-3.6.1 myspell-ca_AD-20181025-3.6.1 myspell-ca_ES-20181025-3.6.1 myspell-ca_ES_valencia-20181025-3.6.1 myspell-ca_FR-20181025-3.6.1 myspell-ca_IT-20181025-3.6.1 myspell-de_AT-20181025-3.6.1 myspell-de_CH-20181025-3.6.1 myspell-en_AU-20181025-3.6.1 myspell-en_BS-20181025-3.6.1 myspell-en_BZ-20181025-3.6.1 myspell-en_CA-20181025-3.6.1 myspell-en_GB-20181025-3.6.1 myspell-en_GH-20181025-3.6.1 myspell-en_IE-20181025-3.6.1 myspell-en_IN-20181025-3.6.1 myspell-en_JM-20181025-3.6.1 myspell-en_MW-20181025-3.6.1 myspell-en_NA-20181025-3.6.1 myspell-en_NZ-20181025-3.6.1 myspell-en_PH-20181025-3.6.1 myspell-en_TT-20181025-3.6.1 myspell-en_ZA-20181025-3.6.1 myspell-en_ZW-20181025-3.6.1 myspell-es_AR-20181025-3.6.1 myspell-es_BO-20181025-3.6.1 myspell-es_CL-20181025-3.6.1 myspell-es_CO-20181025-3.6.1 myspell-es_CR-20181025-3.6.1 myspell-es_CU-20181025-3.6.1 myspell-es_DO-20181025-3.6.1 myspell-es_EC-20181025-3.6.1 myspell-es_GT-20181025-3.6.1 myspell-es_HN-20181025-3.6.1 myspell-es_MX-20181025-3.6.1 myspell-es_NI-20181025-3.6.1 myspell-es_PA-20181025-3.6.1 myspell-es_PE-20181025-3.6.1 myspell-es_PR-20181025-3.6.1 myspell-es_PY-20181025-3.6.1 myspell-es_SV-20181025-3.6.1 myspell-es_UY-20181025-3.6.1 myspell-es_VE-20181025-3.6.1 myspell-fr_BE-20181025-3.6.1 myspell-fr_CA-20181025-3.6.1 myspell-fr_CH-20181025-3.6.1 myspell-fr_LU-20181025-3.6.1 myspell-fr_MC-20181025-3.6.1 myspell-gd_GB-20181025-3.6.1 myspell-gl_ES-20181025-3.6.1 myspell-gug-20181025-3.6.1 myspell-gug_PY-20181025-3.6.1 myspell-is-20181025-3.6.1 myspell-is_IS-20181025-3.6.1 myspell-kmr_Latn-20181025-3.6.1 myspell-kmr_Latn_SY-20181025-3.6.1 myspell-kmr_Latn_TR-20181025-3.6.1 myspell-lo_LA-20181025-3.6.1 myspell-ne_NP-20181025-3.6.1 myspell-nl_BE-20181025-3.6.1 myspell-nn_NO-20181025-3.6.1 myspell-oc_FR-20181025-3.6.1 myspell-pt_AO-20181025-3.6.1 myspell-sq_AL-20181025-3.6.1 myspell-sr_CS-20181025-3.6.1 myspell-sr_Latn_CS-20181025-3.6.1 myspell-sr_Latn_RS-20181025-3.6.1 myspell-sr_RS-20181025-3.6.1 myspell-sv_FI-20181025-3.6.1 myspell-sw_TZ-20181025-3.6.1 myspell-te-20181025-3.6.1 myspell-vi-20181025-3.6.1 myspell-vi_VN-20181025-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): myspell-dictionaries-20181025-3.6.1 myspell-lightproof-en-20181025-3.6.1 myspell-lightproof-hu_HU-20181025-3.6.1 myspell-lightproof-pt_BR-20181025-3.6.1 myspell-lightproof-ru_RU-20181025-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): myspell-de-20181025-3.6.1 myspell-de_DE-20181025-3.6.1 myspell-en-20181025-3.6.1 myspell-en_US-20181025-3.6.1 myspell-es-20181025-3.6.1 myspell-es_ES-20181025-3.6.1 myspell-hu_HU-20181025-3.6.1 myspell-nb_NO-20181025-3.6.1 myspell-no-20181025-3.6.1 myspell-pt_BR-20181025-3.6.1 myspell-ro-20181025-3.6.1 myspell-ro_RO-20181025-3.6.1 myspell-ru_RU-20181025-3.6.1

References

#1050305 #1088263 #1091606 #1094779 #1095601

#1095639 #1096360 #1098891 #1104876

Cross- CVE-2018-10583

Affected Products:

SUSE Linux Enterprise Workstation Extension 15

SUSE Linux Enterprise Module for Packagehub Subpackages 15

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-10583.html

https://bugzilla.suse.com/1050305

https://bugzilla.suse.com/1088263

https://bugzilla.suse.com/1091606

https://bugzilla.suse.com/1094779

https://bugzilla.suse.com/1095601

https://bugzilla.suse.com/1095639

https://bugzilla.suse.com/1096360

https://bugzilla.suse.com/1098891

https://bugzilla.suse.com/1104876

Severity
Announcement ID: SUSE-SU-2018:3683-1
Rating: moderate

Related News