# Security update for LibreOffice

Announcement ID: SUSE-SU-2024:0075-1  
Rating: important  
References:

  * bsc#1198666
  * bsc#1200085
  * bsc#1204040
  * bsc#1209242
  * bsc#1210687
  * bsc#1211746
  * jsc#PED-1785
  * jsc#PED-3550
  * jsc#PED-3561

  
Cross-References:

  * CVE-2023-0950
  * CVE-2023-2255

  
CVSS scores:

  * CVE-2023-0950 ( SUSE ):  7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
  * CVE-2023-0950 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  * CVE-2023-2255 ( SUSE ):  7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
  * CVE-2023-2255 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP4
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5
  * SUSE Linux Enterprise Software Development Kit 12 SP5
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5
  * SUSE OpenStack Cloud 9
  * SUSE OpenStack Cloud Crowbar 9

  
  
An update that solves two vulnerabilities, contains three features and has four
security fixes can now be installed.

## Description:

This update for LibreOffice fixes the following issues:

libreoffice:

  * Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550,
    jsc#PED-1785):
  * For the highlights of changes of version 7.5 please consult the official
    release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5
  * For the highlights of changes of version 7.4 please consult the official
    release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4
  * Security issues fixed:
    * CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
    * CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
  * Bug fixes:
    * Fix PPTX shadow effect for table offset (bsc#1204040)
    * Fix ability to set the default tab size for each text object (bsc#1198666)
    * Fix PPTX extra vertical space between different text formats (bsc#1200085)
    * Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
  * Updated bundled dependencies:
    * boost version update from 1_77_0 to 1_80_0
    * curl version update from 7.83.1 to 8.0.1
    * icu4c-data version update from 70_1 to 72_1
    * icu4c version update from 70_1 to 72_1
    * pdfium version update from 4699 to 5408
    * poppler version update from 21.11.0 to 22.12.0
    * poppler-data version update from 0.4.10 to 0.4.11
    * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 
  * New build dependencies:
    * fixmath-devel
    * libwebp-devel
    * zlib-devel
    * dragonbox-devel
    * at-spi2-core-devel
    * libtiff-devel

dragonbox:

  * New package at version 1.1.3 (jsc#PED-1785)
    * New dependency for LibreOffice 7.4

fixmath:

  * New package at version 2022.07.20 (jsc#PED-1785)
    * New dependency for LibreOffice 7.4

libmwaw:

  * Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
  * Add debug code to read some private rsrc data
  * Allow to read some MacWrite which does not have printer informations
  * Add a parser for Scoop files
  * Add a parser for ScriptWriter files
  * Add a parser for ReadySetGo 1-4 files

xmlsec1:

  * Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2
    (jsc#PED-3561, jsc#PED-3550):
  * Retired the XMLSec mailing list "xmlsec@aleksey.com" and the XMLSec Online
    Signature Verifier.
  * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by
    default when XMLSec library is compiled against OpenSSL 3.0. To re-enable
    OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will
    be a lot of deprecation warnings).
  * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and
    will be removed in the future versions of XMLSec Library.
  * Refactored all the integer casts to ensure cast-safety. Fixed all warnings
    and enabled `-Werror` and `-pedantic` flags on CI builds.
  * Added configure flag to use size_t for xmlSecSize (currently disabled by
    default for backward compatibility).
  * Support for OpenSSL compiled with OPENSSL_NO_ERR.
  * Full support for LibreSSL 3.5.0 and above
  * Several other small fixes
  * Fix decrypting session key for two recipients
  * Added `--privkey-openssl-engine` option to enhance openssl engine support
  * Remove MD5 for NSS 3.59 and above
  * Fix PKCS12_parse return code handling
  * Fix OpenSSL lookup
  * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix
    for LibreOffice
  * Unload error strings in OpenSSL shutdown.
  * Make userData available when executing preExecCallback function
  * Add an option to use secure memset.
  * Enabled XML_PARSE_HUGE for all xml parsers.
  * Various build and tests fixes and improvements.
  * Move remaining private header files away from xmlsec/include/`` folder
  * Other packaging changes:
  * Relax the crypto policies for the test-suite. It allows the tests using
    certificates with small key lengths to pass.
  * Pass `--disable-md5` to configure: The cryptographic strength of the MD5
    algorithm is sufficiently doubtful that its use is discouraged at this time.
    It is not listed as an algorithm in [XMLDSIG-CORE1]
    https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE OpenStack Cloud 9  
    zypper in -t patch SUSE-OpenStack-Cloud-9-2024-75=1

  * SUSE OpenStack Cloud Crowbar 9  
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2024-75=1

  * SUSE Linux Enterprise Software Development Kit 12 SP5  
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-75=1

  * SUSE Linux Enterprise High Performance Computing 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1

  * SUSE Linux Enterprise Server 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1

  * SUSE Linux Enterprise Workstation Extension 12 12-SP5  
    zypper in -t patch SUSE-SLE-WE-12-SP5-2024-75=1

## Package List:

  * SUSE OpenStack Cloud 9 (x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE OpenStack Cloud 9 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE OpenStack Cloud Crowbar 9 (x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE OpenStack Cloud Crowbar 9 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
    x86_64)
    * xmlsec1-openssl-devel-1.2.37-8.6.21
    * xmlsec1-devel-1.2.37-8.6.21
    * xmlsec1-gnutls-devel-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * xmlsec1-gcrypt-devel-1.2.37-8.6.21
    * atk-devel-2.28.1-6.5.23
    * xmlsec1-nss-devel-1.2.37-8.6.21
    * libmwaw-0_3-3-0.3.21-7.24.14
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libmwaw-debugsource-0.3.21-7.24.14
    * xmlsec1-1.2.37-8.6.21
    * libmwaw-devel-0.3.21-7.24.14
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
    * libmwaw-devel-doc-0.3.21-7.24.14
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64)
    * libreoffice-sdk-debuginfo-7.5.4.1-48.44.2
    * libreoffice-debugsource-7.5.4.1-48.44.2
    * libreoffice-debuginfo-7.5.4.1-48.44.2
    * libreoffice-sdk-7.5.4.1-48.44.2
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
  * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE Linux Enterprise Server 12 SP5 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
    * libatk-1_0-0-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21
    * typelib-1_0-Atk-1_0-2.28.1-6.5.23
    * libatk-1_0-0-debuginfo-2.28.1-6.5.23
    * libxmlsec1-1-debuginfo-1.2.37-8.6.21
    * atk-debugsource-2.28.1-6.5.23
    * libxmlsec1-gcrypt1-1.2.37-8.6.21
    * libxmlsec1-openssl1-1.2.37-8.6.21
    * libxmlsec1-1-1.2.37-8.6.21
    * libxmlsec1-gnutls1-1.2.37-8.6.21
    * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21
    * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debuginfo-1.2.37-8.6.21
    * xmlsec1-debugsource-1.2.37-8.6.21
    * libxmlsec1-nss1-1.2.37-8.6.21
    * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21
    * xmlsec1-1.2.37-8.6.21
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
    * atk-doc-2.28.1-6.5.23
    * atk-lang-2.28.1-6.5.23
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
    * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23
    * libatk-1_0-0-32bit-2.28.1-6.5.23
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
    * libreoffice-7.5.4.1-48.44.2
    * libreoffice-impress-debuginfo-7.5.4.1-48.44.2
    * libreoffice-debuginfo-7.5.4.1-48.44.2
    * libreoffice-calc-debuginfo-7.5.4.1-48.44.2
    * libreoffice-gnome-debuginfo-7.5.4.1-48.44.2
    * libreoffice-mailmerge-7.5.4.1-48.44.2
    * libreoffice-writer-debuginfo-7.5.4.1-48.44.2
    * libreoffice-base-debuginfo-7.5.4.1-48.44.2
    * libreoffice-writer-extensions-7.5.4.1-48.44.2
    * libreoffice-base-7.5.4.1-48.44.2
    * libreoffice-math-debuginfo-7.5.4.1-48.44.2
    * libreoffice-writer-7.5.4.1-48.44.2
    * libreoffice-calc-extensions-7.5.4.1-48.44.2
    * dragonbox-devel-1.1.3-8.3.48
    * libreoffice-librelogo-7.5.4.1-48.44.2
    * libmwaw-0_3-3-debuginfo-0.3.21-7.24.14
    * libreoffice-gtk3-debuginfo-7.5.4.1-48.44.2
    * libreoffice-gnome-7.5.4.1-48.44.2
    * libreoffice-pyuno-7.5.4.1-48.44.2
    * libreoffice-gtk3-7.5.4.1-48.44.2
    * libreoffice-debugsource-7.5.4.1-48.44.2
    * libreoffice-pyuno-debuginfo-7.5.4.1-48.44.2
    * libreoffice-officebean-debuginfo-7.5.4.1-48.44.2
    * libreoffice-filters-optional-7.5.4.1-48.44.2
    * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-48.44.2
    * libreoffice-draw-7.5.4.1-48.44.2
    * libreoffice-math-7.5.4.1-48.44.2
    * libmwaw-0_3-3-0.3.21-7.24.14
    * libreoffice-impress-7.5.4.1-48.44.2
    * libreoffice-base-drivers-postgresql-7.5.4.1-48.44.2
    * libreoffice-officebean-7.5.4.1-48.44.2
    * libreoffice-draw-debuginfo-7.5.4.1-48.44.2
    * fixmath-devel-2022.07.20-8.3.48
    * libmwaw-debugsource-0.3.21-7.24.14
    * libreoffice-calc-7.5.4.1-48.44.2
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch)
    * libreoffice-l10n-zh_CN-7.5.4.1-48.44.2
    * libreoffice-l10n-lt-7.5.4.1-48.44.2
    * libreoffice-l10n-de-7.5.4.1-48.44.2
    * libreoffice-l10n-it-7.5.4.1-48.44.2
    * libreoffice-l10n-sk-7.5.4.1-48.44.2
    * libreoffice-l10n-zh_TW-7.5.4.1-48.44.2
    * libreoffice-l10n-bg-7.5.4.1-48.44.2
    * libreoffice-l10n-uk-7.5.4.1-48.44.2
    * libreoffice-l10n-ar-7.5.4.1-48.44.2
    * libreoffice-l10n-cs-7.5.4.1-48.44.2
    * libreoffice-l10n-fr-7.5.4.1-48.44.2
    * libreoffice-l10n-gu-7.5.4.1-48.44.2
    * libreoffice-icon-themes-7.5.4.1-48.44.2
    * libreoffice-l10n-ru-7.5.4.1-48.44.2
    * libreoffice-l10n-hr-7.5.4.1-48.44.2
    * libreoffice-l10n-xh-7.5.4.1-48.44.2
    * libreoffice-l10n-ko-7.5.4.1-48.44.2
    * libreoffice-l10n-pt_PT-7.5.4.1-48.44.2
    * libreoffice-l10n-nb-7.5.4.1-48.44.2
    * libreoffice-l10n-nl-7.5.4.1-48.44.2
    * libreoffice-l10n-da-7.5.4.1-48.44.2
    * libreoffice-l10n-zu-7.5.4.1-48.44.2
    * libreoffice-l10n-af-7.5.4.1-48.44.2
    * libreoffice-branding-upstream-7.5.4.1-48.44.2
    * libreoffice-l10n-hu-7.5.4.1-48.44.2
    * libreoffice-l10n-hi-7.5.4.1-48.44.2
    * libreoffice-l10n-fi-7.5.4.1-48.44.2
    * libreoffice-l10n-nn-7.5.4.1-48.44.2
    * libreoffice-l10n-ja-7.5.4.1-48.44.2
    * libreoffice-l10n-ro-7.5.4.1-48.44.2
    * libreoffice-l10n-pl-7.5.4.1-48.44.2
    * libreoffice-l10n-ca-7.5.4.1-48.44.2
    * libreoffice-l10n-sv-7.5.4.1-48.44.2
    * libreoffice-l10n-pt_BR-7.5.4.1-48.44.2
    * libreoffice-l10n-es-7.5.4.1-48.44.2
    * libreoffice-l10n-en-7.5.4.1-48.44.2

## References:

  * https://www.suse.com/security/cve/CVE-2023-0950.html
  * https://www.suse.com/security/cve/CVE-2023-2255.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1198666
  * https://bugzilla.suse.com/show_bug.cgi?id=1200085
  * https://bugzilla.suse.com/show_bug.cgi?id=1204040
  * https://bugzilla.suse.com/show_bug.cgi?id=1209242
  * https://bugzilla.suse.com/show_bug.cgi?id=1210687
  * https://bugzilla.suse.com/show_bug.cgi?id=1211746
  * https://jira.suse.com/login.jsp
  * https://jira.suse.com/login.jsp
  * https://jira.suse.com/login.jsp

SUSE: 2024:0075-1 important: LibreOffice

January 10, 2024
* bsc#1198666 * bsc#1200085 * bsc#1204040 * bsc#1209242 * bsc#1210687

Summary

## This update for LibreOffice fixes the following issues: libreoffice: * Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785): * For the highlights of changes of version 7.5 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5 * For the highlights of changes of version 7.4 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4 * Security issues fixed: * CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242) * CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746) * Bug fixes: * Fix PPTX shadow effect for table offset (bsc#1204040) * Fix ability to set the default tab size for each text object (bsc#1198666) * Fix PPTX extra vertical space between different text formats (bsc#1200085) * Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687) * Updated bundled dependencies: * boost version update from 1_77_0 to 1_80_0 * curl version update from 7.83.1 to 8.0.1 * icu4c-data version update from 70_1 to 72_1 * icu4c version update from 70_1 to 72_1 * pdfium version update from 4699 to 5408 * poppler version update from 21.11.0 to 22.12.0 * poppler-data version update from 0.4.10 to 0.4.11 * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 * New build dependencies: * fixmath-devel * libwebp-devel * zlib-devel * dragonbox-devel * at-spi2-core-devel * libtiff-devel dragonbox: * New package at version 1.1.3 (jsc#PED-1785) * New dependency for LibreOffice 7.4 fixmath: * New package at version 2022.07.20 (jsc#PED-1785) * New dependency for LibreOffice 7.4 libmwaw: * Version update from 0.3.20 to 0.3.21 (jsc#PED-1785): * Add debug code to read some private rsrc data * Allow to read some MacWrite which does not have printer informations * Add a parser for Scoop files * Add a parser for ScriptWriter files * Add a parser for ReadySetGo 1-4 files xmlsec1: * Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550): * Retired the XMLSec mailing list "xmlsec@aleksey.com" and the XMLSec Online Signature Verifier. * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled against OpenSSL 3.0. To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will be a lot of deprecation warnings). * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of XMLSec Library. * Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic` flags on CI builds. * Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility). * Support for OpenSSL compiled with OPENSSL_NO_ERR. * Full support for LibreSSL 3.5.0 and above * Several other small fixes * Fix decrypting session key for two recipients * Added `--privkey-openssl-engine` option to enhance openssl engine support * Remove MD5 for NSS 3.59 and above * Fix PKCS12_parse return code handling * Fix OpenSSL lookup * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice * Unload error strings in OpenSSL shutdown. * Make userData available when executing preExecCallback function * Add an option to use secure memset. * Enabled XML_PARSE_HUGE for all xml parsers. * Various build and tests fixes and improvements. * Move remaining private header files away from xmlsec/include/`` folder * Other packaging changes: * Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass. * Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2024-75=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2024-75=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-75=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-75=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-75=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE OpenStack Cloud 9 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE OpenStack Cloud Crowbar 9 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xmlsec1-openssl-devel-1.2.37-8.6.21 * xmlsec1-devel-1.2.37-8.6.21 * xmlsec1-gnutls-devel-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * xmlsec1-gcrypt-devel-1.2.37-8.6.21 * atk-devel-2.28.1-6.5.23 * xmlsec1-nss-devel-1.2.37-8.6.21 * libmwaw-0_3-3-0.3.21-7.24.14 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libmwaw-debugsource-0.3.21-7.24.14 * xmlsec1-1.2.37-8.6.21 * libmwaw-devel-0.3.21-7.24.14 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libmwaw-devel-doc-0.3.21-7.24.14 * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64) * libreoffice-sdk-debuginfo-7.5.4.1-48.44.2 * libreoffice-debugsource-7.5.4.1-48.44.2 * libreoffice-debuginfo-7.5.4.1-48.44.2 * libreoffice-sdk-7.5.4.1-48.44.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE Linux Enterprise Server 12 SP5 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libatk-1_0-0-2.28.1-6.5.23 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.6.21 * typelib-1_0-Atk-1_0-2.28.1-6.5.23 * libatk-1_0-0-debuginfo-2.28.1-6.5.23 * libxmlsec1-1-debuginfo-1.2.37-8.6.21 * atk-debugsource-2.28.1-6.5.23 * libxmlsec1-gcrypt1-1.2.37-8.6.21 * libxmlsec1-openssl1-1.2.37-8.6.21 * libxmlsec1-1-1.2.37-8.6.21 * libxmlsec1-gnutls1-1.2.37-8.6.21 * libxmlsec1-openssl1-debuginfo-1.2.37-8.6.21 * libxmlsec1-gnutls1-debuginfo-1.2.37-8.6.21 * xmlsec1-debuginfo-1.2.37-8.6.21 * xmlsec1-debugsource-1.2.37-8.6.21 * libxmlsec1-nss1-1.2.37-8.6.21 * libxmlsec1-nss1-debuginfo-1.2.37-8.6.21 * xmlsec1-1.2.37-8.6.21 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * atk-doc-2.28.1-6.5.23 * atk-lang-2.28.1-6.5.23 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libatk-1_0-0-debuginfo-32bit-2.28.1-6.5.23 * libatk-1_0-0-32bit-2.28.1-6.5.23 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libreoffice-7.5.4.1-48.44.2 * libreoffice-impress-debuginfo-7.5.4.1-48.44.2 * libreoffice-debuginfo-7.5.4.1-48.44.2 * libreoffice-calc-debuginfo-7.5.4.1-48.44.2 * libreoffice-gnome-debuginfo-7.5.4.1-48.44.2 * libreoffice-mailmerge-7.5.4.1-48.44.2 * libreoffice-writer-debuginfo-7.5.4.1-48.44.2 * libreoffice-base-debuginfo-7.5.4.1-48.44.2 * libreoffice-writer-extensions-7.5.4.1-48.44.2 * libreoffice-base-7.5.4.1-48.44.2 * libreoffice-math-debuginfo-7.5.4.1-48.44.2 * libreoffice-writer-7.5.4.1-48.44.2 * libreoffice-calc-extensions-7.5.4.1-48.44.2 * dragonbox-devel-1.1.3-8.3.48 * libreoffice-librelogo-7.5.4.1-48.44.2 * libmwaw-0_3-3-debuginfo-0.3.21-7.24.14 * libreoffice-gtk3-debuginfo-7.5.4.1-48.44.2 * libreoffice-gnome-7.5.4.1-48.44.2 * libreoffice-pyuno-7.5.4.1-48.44.2 * libreoffice-gtk3-7.5.4.1-48.44.2 * libreoffice-debugsource-7.5.4.1-48.44.2 * libreoffice-pyuno-debuginfo-7.5.4.1-48.44.2 * libreoffice-officebean-debuginfo-7.5.4.1-48.44.2 * libreoffice-filters-optional-7.5.4.1-48.44.2 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-48.44.2 * libreoffice-draw-7.5.4.1-48.44.2 * libreoffice-math-7.5.4.1-48.44.2 * libmwaw-0_3-3-0.3.21-7.24.14 * libreoffice-impress-7.5.4.1-48.44.2 * libreoffice-base-drivers-postgresql-7.5.4.1-48.44.2 * libreoffice-officebean-7.5.4.1-48.44.2 * libreoffice-draw-debuginfo-7.5.4.1-48.44.2 * fixmath-devel-2022.07.20-8.3.48 * libmwaw-debugsource-0.3.21-7.24.14 * libreoffice-calc-7.5.4.1-48.44.2 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * libreoffice-l10n-zh_CN-7.5.4.1-48.44.2 * libreoffice-l10n-lt-7.5.4.1-48.44.2 * libreoffice-l10n-de-7.5.4.1-48.44.2 * libreoffice-l10n-it-7.5.4.1-48.44.2 * libreoffice-l10n-sk-7.5.4.1-48.44.2 * libreoffice-l10n-zh_TW-7.5.4.1-48.44.2 * libreoffice-l10n-bg-7.5.4.1-48.44.2 * libreoffice-l10n-uk-7.5.4.1-48.44.2 * libreoffice-l10n-ar-7.5.4.1-48.44.2 * libreoffice-l10n-cs-7.5.4.1-48.44.2 * libreoffice-l10n-fr-7.5.4.1-48.44.2 * libreoffice-l10n-gu-7.5.4.1-48.44.2 * libreoffice-icon-themes-7.5.4.1-48.44.2 * libreoffice-l10n-ru-7.5.4.1-48.44.2 * libreoffice-l10n-hr-7.5.4.1-48.44.2 * libreoffice-l10n-xh-7.5.4.1-48.44.2 * libreoffice-l10n-ko-7.5.4.1-48.44.2 * libreoffice-l10n-pt_PT-7.5.4.1-48.44.2 * libreoffice-l10n-nb-7.5.4.1-48.44.2 * libreoffice-l10n-nl-7.5.4.1-48.44.2 * libreoffice-l10n-da-7.5.4.1-48.44.2 * libreoffice-l10n-zu-7.5.4.1-48.44.2 * libreoffice-l10n-af-7.5.4.1-48.44.2 * libreoffice-branding-upstream-7.5.4.1-48.44.2 * libreoffice-l10n-hu-7.5.4.1-48.44.2 * libreoffice-l10n-hi-7.5.4.1-48.44.2 * libreoffice-l10n-fi-7.5.4.1-48.44.2 * libreoffice-l10n-nn-7.5.4.1-48.44.2 * libreoffice-l10n-ja-7.5.4.1-48.44.2 * libreoffice-l10n-ro-7.5.4.1-48.44.2 * libreoffice-l10n-pl-7.5.4.1-48.44.2 * libreoffice-l10n-ca-7.5.4.1-48.44.2 * libreoffice-l10n-sv-7.5.4.1-48.44.2 * libreoffice-l10n-pt_BR-7.5.4.1-48.44.2 * libreoffice-l10n-es-7.5.4.1-48.44.2 * libreoffice-l10n-en-7.5.4.1-48.44.2

References

* bsc#1198666

* bsc#1200085

* bsc#1204040

* bsc#1209242

* bsc#1210687

* bsc#1211746

* jsc#PED-1785

* jsc#PED-3550

* jsc#PED-3561

Cross-

* CVE-2023-0950

* CVE-2023-2255

CVSS scores:

* CVE-2023-0950 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

* CVE-2023-0950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-2255 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2023-2255 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP4

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

* SUSE Linux Enterprise Software Development Kit 12 SP5

* SUSE Linux Enterprise Workstation Extension 12 12-SP5

* SUSE OpenStack Cloud 9

* SUSE OpenStack Cloud Crowbar 9

An update that solves two vulnerabilities, contains three features and has four

security fixes can now be installed.

##

* https://www.suse.com/security/cve/CVE-2023-0950.html

* https://www.suse.com/security/cve/CVE-2023-2255.html

* https://bugzilla.suse.com/show_bug.cgi?id=1198666

* https://bugzilla.suse.com/show_bug.cgi?id=1200085

* https://bugzilla.suse.com/show_bug.cgi?id=1204040

* https://bugzilla.suse.com/show_bug.cgi?id=1209242

* https://bugzilla.suse.com/show_bug.cgi?id=1210687

* https://bugzilla.suse.com/show_bug.cgi?id=1211746

* https://jira.suse.com/login.jsp

* https://jira.suse.com/login.jsp

* https://jira.suse.com/login.jsp

Severity
Announcement ID: SUSE-SU-2024:0075-1
Rating: important

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo