SUSE: 2024:0075-1 important: LibreOffice
Summary
## This update for LibreOffice fixes the following issues: libreoffice: * Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785): * For the highlights of changes of version 7.5 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5 * For the highlights of changes of version 7.4 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4 * Security issues fixed: * CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242) * CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746) * Bug fixes: * Fix PPTX shadow effect for table offset (bsc#1204040) * Fix ability to set the default tab size for each text object (bsc#1198666) * Fix PPTX extra vertical space between different text formats (bsc#1200085) * Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687) * Updated bundled dependencies: * boost version update from 1_77_0 to 1_80_0 * curl version update from 7.83.1 to 8.0.1 * icu4c-data version update from 70_1 to 72_1 * icu4c version update from 70_1 to 72_1 * pdfium version update from 4699 to 5408 * poppler version update from 21.11.0 to 22.12.0 * poppler-data version update from 0.4.10 to 0.4.11 * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 * New build dependencies: * fixmath-devel * libwebp-devel * zlib-devel * dragonbox-devel * at-spi2-core-devel * libtiff-devel dragonbox: * New package at version 1.1.3 (jsc#PED-1785) * New dependency for LibreOffice 7.4 fixmath: * New package at version 2022.07.20 (jsc#PED-1785) * New dependency for LibreOffice 7.4 libmwaw: * Version update from 0.3.20 to 0.3.21 (jsc#PED-1785): * Add debug code to read some private rsrc data * Allow to read some MacWrite which does not have printer informations * Add a parser for Scoop files * Add a parser for ScriptWriter files * Add a parser for ReadySetGo 1-4 files xmlsec1: * Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550): * Retired the XMLSec mailing list "xmlsec@aleksey.com" and the XMLSec Online Signature Verifier. * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled against OpenSSL 3.0. To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will be a lot of deprecation warnings). * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of XMLSec Library. * Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic` flags on CI builds. * Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility). * Support for OpenSSL compiled with OPENSSL_NO_ERR. * Full support for LibreSSL 3.5.0 and above * Several other small fixes * Fix decrypting session key for two recipients * Added `--privkey-openssl-engine` option to enhance openssl engine support * Remove MD5 for NSS 3.59 and above * Fix PKCS12_parse return code handling * Fix OpenSSL lookup * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice * Unload error strings in OpenSSL shutdown. * Make userData available when executing preExecCallback function * Add an option to use secure memset. * Enabled XML_PARSE_HUGE for all xml parsers. * Various build and tests fixes and improvements. * Move remaining private header files away from xmlsec/include/`` folder * Other packaging changes: * Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass. * Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2024-75=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2024-75=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-75=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-75=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE OpenStack Cloud 9 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE OpenStack Cloud Crowbar 9 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xmlsec1-openssl-devel-1.2.37-8.6.21 * xmlsec1-devel-1.2.37-8.6.21 * xmlsec1-gnutls-devel-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-gcrypt-devel-1.2.37-8.6.21 * atk-devel-2.28.1-6.5.23 * xmlsec1-nss-devel-1.2.37-8.6.21 * libmwaw-0_3-3-0.3.21-7.24.14 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libmwaw-debugsource-0.3.21-7.24.14 * xmlsec1-1.2.37-8.6.21 * libmwaw-devel-0.3.21-7.24.14 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libmwaw-devel-doc-0.3.21-7.24.14 * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64) * libreoffice-sdk-debuginfo-7.5.4.1-48.44.2 * libreoffice-debugsource-7.5.4.1-48.44.2 * libreoffice-debuginfo-7.5.4.1-48.44.2 * libreoffice-sdk-7.5.4.1-48.44.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE Linux Enterprise Server 12 SP5 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libreoffice-7.5.4.1-48.44.2 * libreoffice-impress-debuginfo-7.5.4.1-48.44.2 * libreoffice-debuginfo-7.5.4.1-48.44.2 * libreoffice-calc-debuginfo-7.5.4.1-48.44.2 * libreoffice-gnome-debuginfo-7.5.4.1-48.44.2 * libreoffice-mailmerge-7.5.4.1-48.44.2 * libreoffice-writer-debuginfo-7.5.4.1-48.44.2 * libreoffice-base-debuginfo-7.5.4.1-48.44.2 * libreoffice-writer-extensions-7.5.4.1-48.44.2 * libreoffice-base-7.5.4.1-48.44.2 * libreoffice-math-debuginfo-7.5.4.1-48.44.2 * libreoffice-writer-7.5.4.1-48.44.2 * libreoffice-calc-extensions-7.5.4.1-48.44.2 * dragonbox-devel-1.1.3-8.3.48 * libreoffice-librelogo-7.5.4.1-48.44.2 * libmwaw-0_3-3-debuginfo-0.3.21-7.24.14 * libreoffice-gtk3-debuginfo-7.5.4.1-48.44.2 * libreoffice-gnome-7.5.4.1-48.44.2 * libreoffice-pyuno-7.5.4.1-48.44.2 * libreoffice-gtk3-7.5.4.1-48.44.2 * libreoffice-debugsource-7.5.4.1-48.44.2 * libreoffice-pyuno-debuginfo-7.5.4.1-48.44.2 * libreoffice-officebean-debuginfo-7.5.4.1-48.44.2 * libreoffice-filters-optional-7.5.4.1-48.44.2 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-48.44.2 * libreoffice-draw-7.5.4.1-48.44.2 * libreoffice-math-7.5.4.1-48.44.2 * libmwaw-0_3-3-0.3.21-7.24.14 * libreoffice-impress-7.5.4.1-48.44.2 * libreoffice-base-drivers-postgresql-7.5.4.1-48.44.2 * libreoffice-officebean-7.5.4.1-48.44.2 * libreoffice-draw-debuginfo-7.5.4.1-48.44.2 * fixmath-devel-2022.07.20-8.3.48 * libmwaw-debugsource-0.3.21-7.24.14 * libreoffice-calc-7.5.4.1-48.44.2 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * libreoffice-l10n-zh_CN-7.5.4.1-48.44.2 * libreoffice-l10n-lt-7.5.4.1-48.44.2 * libreoffice-l10n-de-7.5.4.1-48.44.2 * libreoffice-l10n-it-7.5.4.1-48.44.2 * libreoffice-l10n-sk-7.5.4.1-48.44.2 * libreoffice-l10n-zh_TW-7.5.4.1-48.44.2 * libreoffice-l10n-bg-7.5.4.1-48.44.2 * libreoffice-l10n-uk-7.5.4.1-48.44.2 * libreoffice-l10n-ar-7.5.4.1-48.44.2 * libreoffice-l10n-cs-7.5.4.1-48.44.2 * libreoffice-l10n-fr-7.5.4.1-48.44.2 * libreoffice-l10n-gu-7.5.4.1-48.44.2 * libreoffice-icon-themes-7.5.4.1-48.44.2 * libreoffice-l10n-ru-7.5.4.1-48.44.2 * libreoffice-l10n-hr-7.5.4.1-48.44.2 * libreoffice-l10n-xh-7.5.4.1-48.44.2 * libreoffice-l10n-ko-7.5.4.1-48.44.2 * libreoffice-l10n-pt_PT-7.5.4.1-48.44.2 * libreoffice-l10n-nb-7.5.4.1-48.44.2 * libreoffice-l10n-nl-7.5.4.1-48.44.2 * libreoffice-l10n-da-7.5.4.1-48.44.2 * libreoffice-l10n-zu-7.5.4.1-48.44.2 * libreoffice-l10n-af-7.5.4.1-48.44.2 * libreoffice-branding-upstream-7.5.4.1-48.44.2 * libreoffice-l10n-hu-7.5.4.1-48.44.2 * libreoffice-l10n-hi-7.5.4.1-48.44.2 * libreoffice-l10n-fi-7.5.4.1-48.44.2 * libreoffice-l10n-nn-7.5.4.1-48.44.2 * libreoffice-l10n-ja-7.5.4.1-48.44.2 * libreoffice-l10n-ro-7.5.4.1-48.44.2 * libreoffice-l10n-pl-7.5.4.1-48.44.2 * libreoffice-l10n-ca-7.5.4.1-48.44.2 * libreoffice-l10n-sv-7.5.4.1-48.44.2 * libreoffice-l10n-pt_BR-7.5.4.1-48.44.2 * libreoffice-l10n-es-7.5.4.1-48.44.2 * libreoffice-l10n-en-7.5.4.1-48.44.2
References
* bsc#1198666
* bsc#1200085
* bsc#1204040
* bsc#1209242
* bsc#1210687
* bsc#1211746
* jsc#PED-1785
* jsc#PED-3550
* jsc#PED-3561
Cross-
* CVE-2023-0950
* CVE-2023-2255
CVSS scores:
* CVE-2023-0950 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2023-0950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-2255 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-2255 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP4
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Software Development Kit 12 SP5
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
* SUSE OpenStack Cloud 9
* SUSE OpenStack Cloud Crowbar 9
An update that solves two vulnerabilities, contains three features and has four
security fixes can now be installed.
##
* https://www.suse.com/security/cve/CVE-2023-0950.html
* https://www.suse.com/security/cve/CVE-2023-2255.html
* https://bugzilla.suse.com/show_bug.cgi?id=1198666
* https://bugzilla.suse.com/show_bug.cgi?id=1200085
* https://bugzilla.suse.com/show_bug.cgi?id=1204040
* https://bugzilla.suse.com/show_bug.cgi?id=1209242
* https://bugzilla.suse.com/show_bug.cgi?id=1210687
* https://bugzilla.suse.com/show_bug.cgi?id=1211746
* https://jira.suse.com/login.jsp
* https://jira.suse.com/login.jsp
* https://jira.suse.com/login.jsp