Security update for libreoffice

Announcement ID:	SUSE-SU-2024:3576-1
Release Date:	2024-10-10T04:15:27Z
Rating:	important
References:	bsc#1047218 bsc#1202273 bsc#1226975 bsc#1229589 jsc#PED-10362
Cross-References:	CVE-2024-5261
CVSS scores:	CVE-2024-5261 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves one vulnerability, contains one feature and has three security fixes can now be installed.

Description:

This update for libreoffice fixes the following issues:

libreoffice was updated to version 24.8.1.2 (jsc#PED-10362):

• Release notes:

• https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and

• https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and

• https://wiki.documentfoundation.org/Releases/24.8.0/RC3

• Security issues fixed:

• CVE-2024-526: Fixed TLS certificates are not properly verified when utilizing LibreOfficeKit (bsc#1226975)

• Other bugs fixed:

• Use system curl instead of the bundled one on systems greater than or equal to SLE15 (bsc#1229589)

• Use the new clucene function, which makes index files reproducible (bsc#1047218)

• Update bundled dependencies:

• Java-Websocket updated from 1.5.4 to 1.5.6

• boost updated from 1.82.0 to 1.85.0
• curl updated from 8.7.1 to 8.9.1
• fontconfig updated from 2.14.2 to 2.15.0
• freetype updated from 2.13.0 to 2.13.2
• harfbuzz updated from 8.2.2 to 8.5.0
• icu4c-data updated from 73.2 to 74.2
• icu4c-src updated from 73.2 to 74.2
• libassuan updated from 2.5.7 to 3.0.1
• libcmis updated from 0.6.1 to 0.6.2
• libgpg-error updated from 1.48 to 1.50
• pdfium updated from 6179 to 6425
• poppler updated from 23.09.0 to 24.08.0
• tiff updated from 4.6.0 to 4.6.0t

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 12 SP5
  zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3576=1
• SUSE Linux Enterprise Workstation Extension 12 12-SP5
  zypper in -t patch SUSE-SLE-WE-12-SP5-2024-3576=1

Package List:

• SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64)
  • libreoffice-debugsource-24.8.1.2-48.64.2
  • libreoffice-sdk-debuginfo-24.8.1.2-48.64.2
  • libreoffice-sdk-24.8.1.2-48.64.2
  • libreoffice-debuginfo-24.8.1.2-48.64.2
• SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
  • libreoffice-filters-optional-24.8.1.2-48.64.2
  • libreoffice-debugsource-24.8.1.2-48.64.2
  • libreoffice-officebean-24.8.1.2-48.64.2
  • libreoffice-impress-debuginfo-24.8.1.2-48.64.2
  • libreoffice-debuginfo-24.8.1.2-48.64.2
  • libreoffice-writer-debuginfo-24.8.1.2-48.64.2
  • libreoffice-base-24.8.1.2-48.64.2
  • libreoffice-base-drivers-postgresql-debuginfo-24.8.1.2-48.64.2
  • libreoffice-gtk3-debuginfo-24.8.1.2-48.64.2
  • libreoffice-calc-debuginfo-24.8.1.2-48.64.2
  • libreoffice-writer-extensions-24.8.1.2-48.64.2
  • libreoffice-calc-extensions-24.8.1.2-48.64.2
  • libreoffice-writer-24.8.1.2-48.64.2
  • libreoffice-impress-24.8.1.2-48.64.2
  • libreoffice-math-24.8.1.2-48.64.2
  • libreoffice-mailmerge-24.8.1.2-48.64.2
  • libreoffice-draw-24.8.1.2-48.64.2
  • libreoffice-draw-debuginfo-24.8.1.2-48.64.2
  • libreoffice-24.8.1.2-48.64.2
  • libreoffice-gnome-debuginfo-24.8.1.2-48.64.2
  • libreoffice-pyuno-24.8.1.2-48.64.2
  • libreoffice-base-debuginfo-24.8.1.2-48.64.2
  • libreoffice-calc-24.8.1.2-48.64.2
  • libreoffice-math-debuginfo-24.8.1.2-48.64.2
  • libreoffice-pyuno-debuginfo-24.8.1.2-48.64.2
  • libreoffice-librelogo-24.8.1.2-48.64.2
  • libreoffice-officebean-debuginfo-24.8.1.2-48.64.2
  • libreoffice-gnome-24.8.1.2-48.64.2
  • libreoffice-gtk3-24.8.1.2-48.64.2
  • libreoffice-base-drivers-postgresql-24.8.1.2-48.64.2
• SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch)
  • libreoffice-l10n-ca-24.8.1.2-48.64.2
  • libreoffice-l10n-cs-24.8.1.2-48.64.2
  • libreoffice-l10n-nn-24.8.1.2-48.64.2
  • libreoffice-l10n-af-24.8.1.2-48.64.2
  • libreoffice-l10n-bg-24.8.1.2-48.64.2
  • libreoffice-l10n-sk-24.8.1.2-48.64.2
  • libreoffice-l10n-ro-24.8.1.2-48.64.2
  • libreoffice-l10n-sv-24.8.1.2-48.64.2
  • libreoffice-l10n-ko-24.8.1.2-48.64.2
  • libreoffice-l10n-xh-24.8.1.2-48.64.2
  • libreoffice-l10n-hr-24.8.1.2-48.64.2
  • libreoffice-l10n-pl-24.8.1.2-48.64.2
  • libreoffice-l10n-zh_CN-24.8.1.2-48.64.2
  • libreoffice-l10n-hi-24.8.1.2-48.64.2
  • libreoffice-l10n-ja-24.8.1.2-48.64.2
  • libreoffice-l10n-zu-24.8.1.2-48.64.2
  • libreoffice-l10n-pt_PT-24.8.1.2-48.64.2
  • libreoffice-l10n-hu-24.8.1.2-48.64.2
  • libreoffice-l10n-ar-24.8.1.2-48.64.2
  • libreoffice-branding-upstream-24.8.1.2-48.64.2
  • libreoffice-l10n-de-24.8.1.2-48.64.2
  • libreoffice-l10n-fr-24.8.1.2-48.64.2
  • libreoffice-l10n-gu-24.8.1.2-48.64.2
  • libreoffice-l10n-nb-24.8.1.2-48.64.2
  • libreoffice-l10n-fi-24.8.1.2-48.64.2
  • libreoffice-l10n-ru-24.8.1.2-48.64.2
  • libreoffice-l10n-lt-24.8.1.2-48.64.2
  • libreoffice-icon-themes-24.8.1.2-48.64.2
  • libreoffice-l10n-da-24.8.1.2-48.64.2
  • libreoffice-l10n-it-24.8.1.2-48.64.2
  • libreoffice-l10n-zh_TW-24.8.1.2-48.64.2
  • libreoffice-l10n-es-24.8.1.2-48.64.2
  • libreoffice-l10n-uk-24.8.1.2-48.64.2
  • libreoffice-l10n-nl-24.8.1.2-48.64.2
  • libreoffice-l10n-en-24.8.1.2-48.64.2
  • libreoffice-l10n-pt_BR-24.8.1.2-48.64.2

References:

• https://www.suse.com/security/cve/CVE-2024-5261.html
• https://bugzilla.suse.com/show_bug.cgi?id=1047218
• https://bugzilla.suse.com/show_bug.cgi?id=1202273
• https://bugzilla.suse.com/show_bug.cgi?id=1226975
• https://bugzilla.suse.com/show_bug.cgi?id=1229589
• https://jira.suse.com/browse/PED-10362