SuSE Local Security Checks : SUSE: Security Advisory for LibreOffice (SUSE-SU-2014:1116-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.851049

Categoría: SuSE Local Security Checks

Título: SUSE: Security Advisory for LibreOffice (SUSE-SU-2014:1116-1)

Resumen: The remote host is missing an update for the 'LibreOffice'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'LibreOffice'
package(s) announced via the referenced advisory.

Vulnerability Insight:
LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag
suse-4.0-26, based on upstream 4.0.3.3).

Two security issues have been fixed:

* DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578)

* Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141)

The following non-security issues have been fixed:

* chart shown flipped (bnc#834722)

* chart missing dataset (bnc#839727)

* import new line in text (bnc#828390)

* lines running off screens (bnc#819614)

* add set-all language menu (bnc#863021)

* text rotation (bnc#783433, bnc#862510)

* page border shadow testcase (bnc#817956)

* one more clickable field fix (bnc#802888)

* multilevel labels are rotated (bnc#820273)

* incorrect nested table margins (bnc#816593)

* use BitmapURL only if its valid (bnc#821567)

* import gradfill for text colors (bnc#870234)

* fix undo of paragraph attributes (bnc#828598)

* stop-gap solution to avoid crash (bnc#830205)

* import images with duotone filter (bnc#820077)

* missing drop downs for autofilter (bnc#834705)

* typos in first page style creation (bnc#820836)

* labels wrongly interpreted as dates (bnc#834720)

* RTF import of fFilled shape property (bnc#825305)

* placeholders text size is not correct (bnc#831457)

* cells value formatted with wrong output (bnc#821795)

* RTF import of freeform shape coordinates (bnc#823655)

* styles (rename & ) copy to different decks (bnc#757432)

* XLSX Chart import with internal data table (bnc#819822)

* handle M.d.yyyy date format in DOCX import (bnc#820509)

* paragraph style in empty first page header (bnc#823651)

* copying slides having same master page name (bnc#753460)

* printing handouts using the default, 'Order' (bnc#835985)

* wrap polygon was based on dest size of picture (bnc#820800)

* added common flags support for SEQ field import (bnc#825976)

* hyperlinks of illustration index in DOCX export (bnc#834035)

* allow insertion of redlines with an empty author (bnc#837302)

* handle drawinglayer rectangle inset in VML import (bnc#779642)

* don't apply complex font size to non-complex font (bnc#820819)

* issue with negative seeks in win32 shell extension (bnc#829017)

* slide appears quite garbled when imported from PPTX (bnc#593612)

* initial MCE support in writerfilter ooxml tokenizer (bnc#820503)

* MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854)

* try harder to convert floating tables to text frames (bnc#779620)

* itemstate in parent style incorrectly reported as set (bnc#819865)

* default color h ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
LibreOffice on SUSE Linux Enterprise Desktop 11 SP3

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-4156
Bugtraq: 20130726 CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability (Google Search)
http://seclists.org/bugtraq/2013/Jul/174
http://osvdb.org/95706
Common Vulnerability Exposure (CVE) ID: CVE-2014-3575
BugTraq ID: 69354
http://www.securityfocus.com/bid/69354
Bugtraq: 20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html
https://security.gentoo.org/glsa/201603-05
RedHat Security Advisories: RHSA-2015:0377
http://rhn.redhat.com/errata/RHSA-2015-0377.html
http://www.securitytracker.com/id/1030754
http://secunia.com/advisories/59600
http://secunia.com/advisories/59877
XForce ISS Database: apache-openoffice-cve20143575-info-disc(95420)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95420

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.851049
Categoría:	SuSE Local Security Checks
Título:	SUSE: Security Advisory for LibreOffice (SUSE-SU-2014:1116-1)
Resumen:	The remote host is missing an update for the 'LibreOffice'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'LibreOffice' package(s) announced via the referenced advisory. Vulnerability Insight: LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3). Two security issues have been fixed: * DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578) * Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed: * chart shown flipped (bnc#834722) * chart missing dataset (bnc#839727) * import new line in text (bnc#828390) * lines running off screens (bnc#819614) * add set-all language menu (bnc#863021) * text rotation (bnc#783433, bnc#862510) * page border shadow testcase (bnc#817956) * one more clickable field fix (bnc#802888) * multilevel labels are rotated (bnc#820273) * incorrect nested table margins (bnc#816593) * use BitmapURL only if its valid (bnc#821567) * import gradfill for text colors (bnc#870234) * fix undo of paragraph attributes (bnc#828598) * stop-gap solution to avoid crash (bnc#830205) * import images with duotone filter (bnc#820077) * missing drop downs for autofilter (bnc#834705) * typos in first page style creation (bnc#820836) * labels wrongly interpreted as dates (bnc#834720) * RTF import of fFilled shape property (bnc#825305) * placeholders text size is not correct (bnc#831457) * cells value formatted with wrong output (bnc#821795) * RTF import of freeform shape coordinates (bnc#823655) * styles (rename & ) copy to different decks (bnc#757432) * XLSX Chart import with internal data table (bnc#819822) * handle M.d.yyyy date format in DOCX import (bnc#820509) * paragraph style in empty first page header (bnc#823651) * copying slides having same master page name (bnc#753460) * printing handouts using the default, 'Order' (bnc#835985) * wrap polygon was based on dest size of picture (bnc#820800) * added common flags support for SEQ field import (bnc#825976) * hyperlinks of illustration index in DOCX export (bnc#834035) * allow insertion of redlines with an empty author (bnc#837302) * handle drawinglayer rectangle inset in VML import (bnc#779642) * don't apply complex font size to non-complex font (bnc#820819) * issue with negative seeks in win32 shell extension (bnc#829017) * slide appears quite garbled when imported from PPTX (bnc#593612) * initial MCE support in writerfilter ooxml tokenizer (bnc#820503) * MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854) * try harder to convert floating tables to text frames (bnc#779620) * itemstate in parent style incorrectly reported as set (bnc#819865) * default color h ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: LibreOffice on SUSE Linux Enterprise Desktop 11 SP3 Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4156 Bugtraq: 20130726 CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability (Google Search) http://seclists.org/bugtraq/2013/Jul/174 http://osvdb.org/95706 Common Vulnerability Exposure (CVE) ID: CVE-2014-3575 BugTraq ID: 69354 http://www.securityfocus.com/bid/69354 Bugtraq: 20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects (Google Search) http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html https://security.gentoo.org/glsa/201603-05 RedHat Security Advisories: RHSA-2015:0377 http://rhn.redhat.com/errata/RHSA-2015-0377.html http://www.securitytracker.com/id/1030754 http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 XForce ISS Database: apache-openoffice-cve20143575-info-disc(95420) https://exchange.xforce.ibmcloud.com/vulnerabilities/95420
Copyright	Copyright (C) 2015 Greenbone Networks GmbH