Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.0372.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:0372-1)
Summary:The remote host is missing an update for the 'LibreOffice' package(s) announced via the SUSE-SU-2020:0372-1 advisory.
Description:Summary:
The remote host is missing an update for the 'LibreOffice' package(s) announced via the SUSE-SU-2020:0372-1 advisory.

Vulnerability Insight:
This update libreoffice and libraries fixes the following issues:

LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes.

More information for the 6.3 release at:
[link moved to references]

Security issue fixed:
CVE-2019-9853: Fixed an issue where by executing macros, the security
settings could have been bypassed (bsc#1152684).

Other issues addressed:
Dropped disable-kde4 switch, since it is no longer known by configure

Disabled gtk2 because it will be removed in future releases

librelogo is now a standalone sub-package (bsc#1144522).

Partial fixes for an issue where Table(s) from DOCX showed wrong
position or color (bsc#1061210).

cmis-client was updated to 0.5.2:

* Removed header for Uuid's sha1 header(bsc#1105173).
* Fixed Google Drive login
* Added support for Google Drive two-factor authentication
* Fixed access to SharePoint root folder
* Limited the maximal number of redirections to 20
* Switched library implementation to C++11 (the API remains
C++98-compatible)
* Fixed encoding of OAuth2 credentials
* Dropped cppcheck run from 'make check'. A new 'make cppcheck' target
was created for it
* Added proper API symbol exporting
* Speeded up building of tests a bit
* Fixed a few issues found by coverity and cppcheck

libixion was updated to 0.15.0:

* Updated for new liborcus
* Switched to spdlog for compile-time debug log outputs
* Fixed various issues

libmwaw was updated 0.3.15:

* Fixed fuzzing issues

liborcus was updated to 0.15.3:

* Fixed various xml related bugs
* Improved performance
* Fixed multiple parser issues
* Added map and structure mode to orcus-json
* Other improvements and fixes

mdds was updated to 1.5.0:

* API changed to 1.5
* Moved the API incompatibility notes from README to the rst doc.
* Added the overview section for flat_segment_tree.

myspell-dictionaries was updated to 20191016:

* Updated Slovenian thesaurus
* Updated the da_DK dictionary
* Removed the abbreviations from Thai hunspell dictionary
* Updated the English dictionaries
* Fixed the logo management for 'ca'

spdlog was updated to 0.16.3:

* Fixed sleep issue under MSVC that happens when changing the clock
backwards
* Ensured that macros always expand to expressions
* Added global flush_on function

bluez changes:

* lib: Changed bluetooth.h to compile in strict C

gperf was updated to 3.1:

* The generated C code is now in ANSI-C by default.
* Added option --constants-prefix.
* Added declaration %define constants-prefix.

Affected Software/OS:
'LibreOffice' package(s) on SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Workstation Extension 12-SP4, SUSE Linux Enterprise Workstation Extension 12-SP5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9853
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQGBRSD73KTDZ2MPAOL7FBWO3SQVYE5B/
http://seclists.org/fulldisclosure/2020/Feb/23
http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html
https://lists.apache.org/thread.html/3a5570ca5cd14ad08e24684c71cfeff3a507f108fe3cf30ba4f58226@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/4ae0e6e52600f408d943ded079d314733ce188b04b04471464f89c4f@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/a5231ad45b030b54828c7b0b62a7e7d4b48481c7cb83ff628e07fa43@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/9dc85d9937ad7f101047c53f78c00e8ceb135eaeff7dcf4724b46f2c@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/27339e8a9a1e9bb47fbdb939b338256d0356250a1974aaf4d774f683@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/19c917f7c8a0d8f62142046fabfe3e2c7d6091ef1f92b99c6e79e24e@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/a540d1b6f9a7ebb206adba02839f654a6ee63a7b0976f559a847e49a@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/70da9481dca267405e1d79e53942264765ef3f55c9a563c3737e3926@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/306a374361891eb17c6cffc99c3d7be1d3152a99c839d4231edc1631@%3Ccommits.openoffice.apache.org%3E
https://lists.apache.org/thread.html/ca216900abd846f0220fe18b95f9f787bdbe0e87fa4eee822073cd69@%3Ccommits.openoffice.apache.org%3E
SuSE Security Announcement: openSUSE-SU-2019:2709 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00040.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.