SUSE-SU-2018:1296-1

Опубликовано: 15 мая 2018

Источник: suse-cvrf

Описание

Security update for libreoffice

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues:

Security issues fixed:

CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. (bsc#1089706)
CVE-2018-10119: sot/source/sdstor/stgstrms.cxx used an incorrect integer data type in the StgSmallStrm class, which allowed remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. (bsc#1089705)

Other issues fixed:

DOCX import: missing table background color
Bring back offline help per popular demand as lto saves space we could use with it bsc#915996

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

libreoffice-6.0.4.2-43.33.1

libreoffice-base-6.0.4.2-43.33.1

libreoffice-base-drivers-mysql-6.0.4.2-43.33.1

libreoffice-base-drivers-postgresql-6.0.4.2-43.33.1

libreoffice-branding-upstream-6.0.4.2-43.33.1

libreoffice-calc-6.0.4.2-43.33.1

libreoffice-calc-extensions-6.0.4.2-43.33.1

libreoffice-draw-6.0.4.2-43.33.1

libreoffice-filters-optional-6.0.4.2-43.33.1

libreoffice-gnome-6.0.4.2-43.33.1

libreoffice-gtk2-6.0.4.2-43.33.1

libreoffice-icon-themes-6.0.4.2-43.33.1

libreoffice-impress-6.0.4.2-43.33.1

libreoffice-l10n-af-6.0.4.2-43.33.1

libreoffice-l10n-ar-6.0.4.2-43.33.1

libreoffice-l10n-ca-6.0.4.2-43.33.1

libreoffice-l10n-cs-6.0.4.2-43.33.1

libreoffice-l10n-da-6.0.4.2-43.33.1

libreoffice-l10n-de-6.0.4.2-43.33.1

libreoffice-l10n-en-6.0.4.2-43.33.1

libreoffice-l10n-es-6.0.4.2-43.33.1

libreoffice-l10n-fi-6.0.4.2-43.33.1

libreoffice-l10n-fr-6.0.4.2-43.33.1

libreoffice-l10n-gu-6.0.4.2-43.33.1

libreoffice-l10n-hi-6.0.4.2-43.33.1

libreoffice-l10n-hu-6.0.4.2-43.33.1

libreoffice-l10n-it-6.0.4.2-43.33.1

libreoffice-l10n-ja-6.0.4.2-43.33.1

libreoffice-l10n-ko-6.0.4.2-43.33.1

libreoffice-l10n-nb-6.0.4.2-43.33.1

libreoffice-l10n-nl-6.0.4.2-43.33.1

libreoffice-l10n-nn-6.0.4.2-43.33.1

libreoffice-l10n-pl-6.0.4.2-43.33.1

libreoffice-l10n-pt_BR-6.0.4.2-43.33.1

libreoffice-l10n-pt_PT-6.0.4.2-43.33.1

libreoffice-l10n-ro-6.0.4.2-43.33.1

libreoffice-l10n-ru-6.0.4.2-43.33.1

libreoffice-l10n-sk-6.0.4.2-43.33.1

libreoffice-l10n-sv-6.0.4.2-43.33.1

libreoffice-l10n-xh-6.0.4.2-43.33.1

libreoffice-l10n-zh_CN-6.0.4.2-43.33.1

libreoffice-l10n-zh_TW-6.0.4.2-43.33.1

libreoffice-l10n-zu-6.0.4.2-43.33.1

libreoffice-mailmerge-6.0.4.2-43.33.1

libreoffice-math-6.0.4.2-43.33.1

libreoffice-officebean-6.0.4.2-43.33.1

libreoffice-pyuno-6.0.4.2-43.33.1

libreoffice-writer-6.0.4.2-43.33.1

libreoffice-writer-extensions-6.0.4.2-43.33.1

SUSE Linux Enterprise Software Development Kit 12 SP3

libreoffice-sdk-6.0.4.2-43.33.1

SUSE Linux Enterprise Workstation Extension 12 SP3

libreoffice-6.0.4.2-43.33.1

libreoffice-base-6.0.4.2-43.33.1

libreoffice-base-drivers-mysql-6.0.4.2-43.33.1

libreoffice-base-drivers-postgresql-6.0.4.2-43.33.1

libreoffice-branding-upstream-6.0.4.2-43.33.1

libreoffice-calc-6.0.4.2-43.33.1

libreoffice-calc-extensions-6.0.4.2-43.33.1

libreoffice-draw-6.0.4.2-43.33.1

libreoffice-filters-optional-6.0.4.2-43.33.1

libreoffice-gnome-6.0.4.2-43.33.1

libreoffice-gtk2-6.0.4.2-43.33.1

libreoffice-icon-themes-6.0.4.2-43.33.1

libreoffice-impress-6.0.4.2-43.33.1

libreoffice-l10n-af-6.0.4.2-43.33.1

libreoffice-l10n-ar-6.0.4.2-43.33.1

libreoffice-l10n-bg-6.0.4.2-43.33.1

libreoffice-l10n-ca-6.0.4.2-43.33.1

libreoffice-l10n-cs-6.0.4.2-43.33.1

libreoffice-l10n-da-6.0.4.2-43.33.1

libreoffice-l10n-de-6.0.4.2-43.33.1

libreoffice-l10n-en-6.0.4.2-43.33.1

libreoffice-l10n-es-6.0.4.2-43.33.1

libreoffice-l10n-fi-6.0.4.2-43.33.1

libreoffice-l10n-fr-6.0.4.2-43.33.1

libreoffice-l10n-gu-6.0.4.2-43.33.1

libreoffice-l10n-hi-6.0.4.2-43.33.1

libreoffice-l10n-hr-6.0.4.2-43.33.1

libreoffice-l10n-hu-6.0.4.2-43.33.1

libreoffice-l10n-it-6.0.4.2-43.33.1

libreoffice-l10n-ja-6.0.4.2-43.33.1

libreoffice-l10n-ko-6.0.4.2-43.33.1

libreoffice-l10n-lt-6.0.4.2-43.33.1

libreoffice-l10n-nb-6.0.4.2-43.33.1

libreoffice-l10n-nl-6.0.4.2-43.33.1

libreoffice-l10n-nn-6.0.4.2-43.33.1

libreoffice-l10n-pl-6.0.4.2-43.33.1

libreoffice-l10n-pt_BR-6.0.4.2-43.33.1

libreoffice-l10n-pt_PT-6.0.4.2-43.33.1

libreoffice-l10n-ro-6.0.4.2-43.33.1

libreoffice-l10n-ru-6.0.4.2-43.33.1

libreoffice-l10n-sk-6.0.4.2-43.33.1

libreoffice-l10n-sv-6.0.4.2-43.33.1

libreoffice-l10n-uk-6.0.4.2-43.33.1

libreoffice-l10n-xh-6.0.4.2-43.33.1

libreoffice-l10n-zh_CN-6.0.4.2-43.33.1

libreoffice-l10n-zh_TW-6.0.4.2-43.33.1

libreoffice-l10n-zu-6.0.4.2-43.33.1

libreoffice-mailmerge-6.0.4.2-43.33.1

libreoffice-math-6.0.4.2-43.33.1

libreoffice-officebean-6.0.4.2-43.33.1

libreoffice-pyuno-6.0.4.2-43.33.1

libreoffice-writer-6.0.4.2-43.33.1

libreoffice-writer-extensions-6.0.4.2-43.33.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20181296-1/
Link for SUSE-SU-2018:1296-1
https://lists.suse.com/pipermail/sle-security-updates/2018-May/004053.html
E-Mail link for SUSE-SU-2018:1296-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1089705
SUSE Bug 1089705
https://bugzilla.suse.com/1089706
SUSE Bug 1089706
https://bugzilla.suse.com/1090737
SUSE Bug 1090737
https://bugzilla.suse.com/1091772
SUSE Bug 1091772
https://bugzilla.suse.com/915996
SUSE Bug 915996
https://www.suse.com/security/cve/CVE-2018-10119/
SUSE CVE CVE-2018-10119 page
https://www.suse.com/security/cve/CVE-2018-10120/
SUSE CVE CVE-2018-10120 page

Описание

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:libreoffice-6.0.4.2-43.33.1

SUSE Linux Enterprise Desktop 12 SP3:libreoffice-base-6.0.4.2-43.33.1

SUSE Linux Enterprise Desktop 12 SP3:libreoffice-base-drivers-mysql-6.0.4.2-43.33.1

SUSE Linux Enterprise Desktop 12 SP3:libreoffice-base-drivers-postgresql-6.0.4.2-43.33.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10119.html
CVE-2018-10119
https://bugzilla.suse.com/1089705
SUSE Bug 1089705

Описание

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:libreoffice-6.0.4.2-43.33.1

SUSE Linux Enterprise Desktop 12 SP3:libreoffice-base-6.0.4.2-43.33.1

SUSE Linux Enterprise Desktop 12 SP3:libreoffice-base-drivers-mysql-6.0.4.2-43.33.1

SUSE Linux Enterprise Desktop 12 SP3:libreoffice-base-drivers-postgresql-6.0.4.2-43.33.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10120.html
CVE-2018-10120
https://bugzilla.suse.com/1089706
SUSE Bug 1089706

SUSE-SU-2018:1296-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE Linux Enterprise Workstation Extension 12 SP3

Ссылки

Уязвимость: CVE-2018-10119

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-10120

Описание

Затронутые продукты

Ссылки