SUSE-SU-2024:3576-1

Опубликовано: 10 окт. 2024

Источник: suse-cvrf

Описание

Security update for libreoffice

This update for libreoffice fixes the following issues:

libreoffice was updated to version 24.8.1.2 (jsc#PED-10362):

Release notes:
Security issues fixed:
- CVE-2024-526: Fixed TLS certificates are not properly verified when utilizing LibreOfficeKit (bsc#1226975)
Other bugs fixed:
- Use system curl instead of the bundled one on systems greater than or equal to SLE15 (bsc#1229589)
- Use the new clucene function, which makes index files reproducible (bsc#1047218)
Update bundled dependencies:
- Java-Websocket updated from 1.5.4 to 1.5.6
- boost updated from 1.82.0 to 1.85.0
- curl updated from 8.7.1 to 8.9.1
- fontconfig updated from 2.14.2 to 2.15.0
- freetype updated from 2.13.0 to 2.13.2
- harfbuzz updated from 8.2.2 to 8.5.0
- icu4c-data updated from 73.2 to 74.2
- icu4c-src updated from 73.2 to 74.2
- libassuan updated from 2.5.7 to 3.0.1
- libcmis updated from 0.6.1 to 0.6.2
- libgpg-error updated from 1.48 to 1.50
- pdfium updated from 6179 to 6425
- poppler updated from 23.09.0 to 24.08.0
- tiff updated from 4.6.0 to 4.6.0t

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

libreoffice-sdk-24.8.1.2-48.64.2

SUSE Linux Enterprise Workstation Extension 12 SP5

libreoffice-24.8.1.2-48.64.2

libreoffice-base-24.8.1.2-48.64.2

libreoffice-base-drivers-postgresql-24.8.1.2-48.64.2

libreoffice-branding-upstream-24.8.1.2-48.64.2

libreoffice-calc-24.8.1.2-48.64.2

libreoffice-calc-extensions-24.8.1.2-48.64.2

libreoffice-draw-24.8.1.2-48.64.2

libreoffice-filters-optional-24.8.1.2-48.64.2

libreoffice-gnome-24.8.1.2-48.64.2

libreoffice-gtk3-24.8.1.2-48.64.2

libreoffice-icon-themes-24.8.1.2-48.64.2

libreoffice-impress-24.8.1.2-48.64.2

libreoffice-l10n-af-24.8.1.2-48.64.2

libreoffice-l10n-ar-24.8.1.2-48.64.2

libreoffice-l10n-bg-24.8.1.2-48.64.2

libreoffice-l10n-ca-24.8.1.2-48.64.2

libreoffice-l10n-cs-24.8.1.2-48.64.2

libreoffice-l10n-da-24.8.1.2-48.64.2

libreoffice-l10n-de-24.8.1.2-48.64.2

libreoffice-l10n-en-24.8.1.2-48.64.2

libreoffice-l10n-es-24.8.1.2-48.64.2

libreoffice-l10n-fi-24.8.1.2-48.64.2

libreoffice-l10n-fr-24.8.1.2-48.64.2

libreoffice-l10n-gu-24.8.1.2-48.64.2

libreoffice-l10n-hi-24.8.1.2-48.64.2

libreoffice-l10n-hr-24.8.1.2-48.64.2

libreoffice-l10n-hu-24.8.1.2-48.64.2

libreoffice-l10n-it-24.8.1.2-48.64.2

libreoffice-l10n-ja-24.8.1.2-48.64.2

libreoffice-l10n-ko-24.8.1.2-48.64.2

libreoffice-l10n-lt-24.8.1.2-48.64.2

libreoffice-l10n-nb-24.8.1.2-48.64.2

libreoffice-l10n-nl-24.8.1.2-48.64.2

libreoffice-l10n-nn-24.8.1.2-48.64.2

libreoffice-l10n-pl-24.8.1.2-48.64.2

libreoffice-l10n-pt_BR-24.8.1.2-48.64.2

libreoffice-l10n-pt_PT-24.8.1.2-48.64.2

libreoffice-l10n-ro-24.8.1.2-48.64.2

libreoffice-l10n-ru-24.8.1.2-48.64.2

libreoffice-l10n-sk-24.8.1.2-48.64.2

libreoffice-l10n-sv-24.8.1.2-48.64.2

libreoffice-l10n-uk-24.8.1.2-48.64.2

libreoffice-l10n-xh-24.8.1.2-48.64.2

libreoffice-l10n-zh_CN-24.8.1.2-48.64.2

libreoffice-l10n-zh_TW-24.8.1.2-48.64.2

libreoffice-l10n-zu-24.8.1.2-48.64.2

libreoffice-librelogo-24.8.1.2-48.64.2

libreoffice-mailmerge-24.8.1.2-48.64.2

libreoffice-math-24.8.1.2-48.64.2

libreoffice-officebean-24.8.1.2-48.64.2

libreoffice-pyuno-24.8.1.2-48.64.2

libreoffice-writer-24.8.1.2-48.64.2

libreoffice-writer-extensions-24.8.1.2-48.64.2

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243576-1/
Link for SUSE-SU-2024:3576-1
https://lists.suse.com/pipermail/sle-updates/2024-October/037200.html
E-Mail link for SUSE-SU-2024:3576-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1047218
SUSE Bug 1047218
https://bugzilla.suse.com/1202273
SUSE Bug 1202273
https://bugzilla.suse.com/1226975
SUSE Bug 1226975
https://bugzilla.suse.com/1229589
SUSE Bug 1229589
https://www.suse.com/security/cve/CVE-2024-5261/
SUSE CVE CVE-2024-5261 page

Описание

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers. In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false) In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true. This issue affects LibreOffice before version 24.2.4.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:libreoffice-sdk-24.8.1.2-48.64.2

SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-24.8.1.2-48.64.2

SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-base-24.8.1.2-48.64.2

SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-base-drivers-postgresql-24.8.1.2-48.64.2

Ссылки

https://www.suse.com/security/cve/CVE-2024-5261.html
CVE-2024-5261
https://bugzilla.suse.com/1226975
SUSE Bug 1226975

SUSE-SU-2024:3576-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2024-5261

Описание

Затронутые продукты

Ссылки