Security update for libreoffice

Announcement ID:	SUSE-SU-2019:2003-1
Rating:	important
References:	bsc#1110348 bsc#1112112 bsc#1112113 bsc#1112114 bsc#1116451 bsc#1117195 bsc#1117300 bsc#1121874 bsc#1123131 bsc#1123455 bsc#1124062 bsc#1124658 bsc#1124869 bsc#1127760 bsc#1127857 bsc#1128845 bsc#1135189 bsc#1135228 bsc#882383
Cross-References:	CVE-2018-16858
CVSS scores:	CVE-2018-16858 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16858 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP1

An update that solves one vulnerability and has 18 security fixes can now be installed.

Description:

This update for libreoffice fixes the following issues:

LibreOffice was updated to 6.2.5.2 (fate#327121).

Security issue fixed:

• CVE-2018-16858: LibreOffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. (bsc#1124062)

Other bugfixes:

• If there is no firebird engine we still need java to run hsqldb (bsc#1135189)
• Require firebird as default driver for base if enabled
• PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc1135228)
• Slide deck compression doesn't, hmm, compress too much (bsc#1127760)
• Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869)
• Image from PPTX shown in a square, not a circle (bsc#1121874)
• Switch to the new web based help system bsc#1116451
• Enable new approach for mariadb connector again
• PPTX: SmartArt: Basic rendering of the Organizational Chart (bsc#1112114)
• PPTX: SmartArt: Basic rendering of Accent Process and Continuous Block Process (bsc#1112113)
• Saving a new document can silently overwrite an existing document (bsc#1117300)
• Install also C++ libreofficekit headers bsc#1117195
• Chart in PPTX lacks color and is too large (bsc#882383)
• PPTX: SmartArt: Basic rendering of several list types (bsc#1112112)
• PPTX: Charts having weird/darker/ugly background versus Office 365 and strange artefacts where overlapping (bsc#1110348)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Workstation Extension 15 SP1
  zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2003=1

Package List:

• SUSE Linux Enterprise Workstation Extension 15 SP1 (x86_64)
  • libreoffice-mailmerge-6.2.5.2-8.5.1
  • libreoffice-writer-debuginfo-6.2.5.2-8.5.1
  • libreoffice-gnome-6.2.5.2-8.5.1
  • libwps-0_4-4-0.4.10-7.3.3
  • libreoffice-impress-debuginfo-6.2.5.2-8.5.1
  • libwps-debuginfo-0.4.10-7.3.3
  • libreoffice-calc-extensions-6.2.5.2-8.5.1
  • libreoffice-base-6.2.5.2-8.5.1
  • libreoffice-6.2.5.2-8.5.1
  • libreoffice-math-6.2.5.2-8.5.1
  • libreoffice-gtk3-debuginfo-6.2.5.2-8.5.1
  • libwps-0_4-4-debuginfo-0.4.10-7.3.3
  • libreoffice-draw-debuginfo-6.2.5.2-8.5.1
  • libreoffice-pyuno-debuginfo-6.2.5.2-8.5.1
  • libreoffice-filters-optional-6.2.5.2-8.5.1
  • libreoffice-officebean-debuginfo-6.2.5.2-8.5.1
  • libreofficekit-6.2.5.2-8.5.1
  • libreoffice-base-drivers-postgresql-6.2.5.2-8.5.1
  • libreoffice-writer-6.2.5.2-8.5.1
  • libreoffice-gnome-debuginfo-6.2.5.2-8.5.1
  • libwps-debugsource-0.4.10-7.3.3
  • libreoffice-math-debuginfo-6.2.5.2-8.5.1
  • libwps-devel-0.4.10-7.3.3
  • libreoffice-writer-extensions-6.2.5.2-8.5.1
  • libreoffice-calc-6.2.5.2-8.5.1
  • libreoffice-base-drivers-postgresql-debuginfo-6.2.5.2-8.5.1
  • libreoffice-debuginfo-6.2.5.2-8.5.1
  • libreoffice-impress-6.2.5.2-8.5.1
  • libreoffice-base-debuginfo-6.2.5.2-8.5.1
  • libreoffice-gtk3-6.2.5.2-8.5.1
  • libreoffice-officebean-6.2.5.2-8.5.1
  • libreoffice-calc-debuginfo-6.2.5.2-8.5.1
  • libreoffice-pyuno-6.2.5.2-8.5.1
  • libreoffice-draw-6.2.5.2-8.5.1
  • libreoffice-debugsource-6.2.5.2-8.5.1
• SUSE Linux Enterprise Workstation Extension 15 SP1 (noarch)
  • libreoffice-l10n-ro-6.2.5.2-8.5.1
  • libreoffice-icon-themes-6.2.5.2-8.5.1
  • libreoffice-l10n-nn-6.2.5.2-8.5.1
  • libreoffice-l10n-kn-6.2.5.2-8.5.1
  • libreoffice-l10n-lv-6.2.5.2-8.5.1
  • libreoffice-l10n-or-6.2.5.2-8.5.1
  • libreoffice-l10n-pt_BR-6.2.5.2-8.5.1
  • libreoffice-l10n-da-6.2.5.2-8.5.1
  • libreoffice-l10n-bg-6.2.5.2-8.5.1
  • libreoffice-l10n-cs-6.2.5.2-8.5.1
  • libreoffice-l10n-de-6.2.5.2-8.5.1
  • libreoffice-l10n-te-6.2.5.2-8.5.1
  • libreoffice-l10n-pa-6.2.5.2-8.5.1
  • libreoffice-l10n-fa-6.2.5.2-8.5.1
  • libreoffice-l10n-ts-6.2.5.2-8.5.1
  • libreoffice-l10n-lt-6.2.5.2-8.5.1
  • libreoffice-l10n-hi-6.2.5.2-8.5.1
  • libreoffice-l10n-ja-6.2.5.2-8.5.1
  • libreoffice-l10n-nb-6.2.5.2-8.5.1
  • libreoffice-l10n-si-6.2.5.2-8.5.1
  • libreoffice-l10n-nr-6.2.5.2-8.5.1
  • libreoffice-l10n-fr-6.2.5.2-8.5.1
  • libreoffice-l10n-fi-6.2.5.2-8.5.1
  • libreoffice-l10n-gl-6.2.5.2-8.5.1
  • libreoffice-l10n-ml-6.2.5.2-8.5.1
  • libreoffice-l10n-th-6.2.5.2-8.5.1
  • libreoffice-l10n-zh_CN-6.2.5.2-8.5.1
  • libreoffice-l10n-zh_TW-6.2.5.2-8.5.1
  • libreoffice-l10n-ss-6.2.5.2-8.5.1
  • libreoffice-l10n-en-6.2.5.2-8.5.1
  • libreoffice-l10n-as-6.2.5.2-8.5.1
  • libreoffice-l10n-af-6.2.5.2-8.5.1
  • libreoffice-l10n-xh-6.2.5.2-8.5.1
  • libreoffice-l10n-zu-6.2.5.2-8.5.1
  • libreoffice-l10n-eu-6.2.5.2-8.5.1
  • libreoffice-l10n-ve-6.2.5.2-8.5.1
  • libreoffice-l10n-sv-6.2.5.2-8.5.1
  • libreoffice-l10n-mai-6.2.5.2-8.5.1
  • libreoffice-l10n-pt_PT-6.2.5.2-8.5.1
  • libreoffice-l10n-nl-6.2.5.2-8.5.1
  • libreoffice-l10n-tn-6.2.5.2-8.5.1
  • libreoffice-branding-upstream-6.2.5.2-8.5.1
  • libreoffice-l10n-eo-6.2.5.2-8.5.1
  • libreoffice-l10n-br-6.2.5.2-8.5.1
  • libreoffice-l10n-el-6.2.5.2-8.5.1
  • libreoffice-l10n-bn-6.2.5.2-8.5.1
  • libreoffice-l10n-gu-6.2.5.2-8.5.1
  • libreoffice-l10n-et-6.2.5.2-8.5.1
  • libreoffice-l10n-es-6.2.5.2-8.5.1
  • libreoffice-l10n-ar-6.2.5.2-8.5.1
  • libreoffice-l10n-hu-6.2.5.2-8.5.1
  • libreoffice-l10n-uk-6.2.5.2-8.5.1
  • libreoffice-l10n-pl-6.2.5.2-8.5.1
  • libreoffice-l10n-ca-6.2.5.2-8.5.1
  • libreoffice-l10n-st-6.2.5.2-8.5.1
  • libreoffice-l10n-ta-6.2.5.2-8.5.1
  • libreoffice-l10n-nso-6.2.5.2-8.5.1
  • libreoffice-l10n-mr-6.2.5.2-8.5.1
  • libreoffice-l10n-sr-6.2.5.2-8.5.1
  • libreoffice-l10n-tr-6.2.5.2-8.5.1
  • libreoffice-l10n-sk-6.2.5.2-8.5.1
  • libreoffice-l10n-hr-6.2.5.2-8.5.1
  • libreoffice-l10n-he-6.2.5.2-8.5.1
  • libreoffice-l10n-it-6.2.5.2-8.5.1
  • libreoffice-l10n-cy-6.2.5.2-8.5.1
  • libreoffice-l10n-ko-6.2.5.2-8.5.1
  • libreoffice-l10n-ru-6.2.5.2-8.5.1
  • libreoffice-l10n-kk-6.2.5.2-8.5.1
  • libreoffice-l10n-ga-6.2.5.2-8.5.1
  • libreoffice-l10n-dz-6.2.5.2-8.5.1
  • libreoffice-l10n-sl-6.2.5.2-8.5.1

References:

• https://www.suse.com/security/cve/CVE-2018-16858.html
• https://bugzilla.suse.com/show_bug.cgi?id=1110348
• https://bugzilla.suse.com/show_bug.cgi?id=1112112
• https://bugzilla.suse.com/show_bug.cgi?id=1112113
• https://bugzilla.suse.com/show_bug.cgi?id=1112114
• https://bugzilla.suse.com/show_bug.cgi?id=1116451
• https://bugzilla.suse.com/show_bug.cgi?id=1117195
• https://bugzilla.suse.com/show_bug.cgi?id=1117300
• https://bugzilla.suse.com/show_bug.cgi?id=1121874
• https://bugzilla.suse.com/show_bug.cgi?id=1123131
• https://bugzilla.suse.com/show_bug.cgi?id=1123455
• https://bugzilla.suse.com/show_bug.cgi?id=1124062
• https://bugzilla.suse.com/show_bug.cgi?id=1124658
• https://bugzilla.suse.com/show_bug.cgi?id=1124869
• https://bugzilla.suse.com/show_bug.cgi?id=1127760
• https://bugzilla.suse.com/show_bug.cgi?id=1127857
• https://bugzilla.suse.com/show_bug.cgi?id=1128845
• https://bugzilla.suse.com/show_bug.cgi?id=1135189
• https://bugzilla.suse.com/show_bug.cgi?id=1135228
• https://bugzilla.suse.com/show_bug.cgi?id=882383