Security update for libreoffice
This update for libreoffice fixes the following issues:
Security issues fixed:
- CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861).
- CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862).
- CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105).
- CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107).
- CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098).
Non-security issue fixed:
- SmartArt: Basic rendering of Trapezoid List (bsc#1133534)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Tomáš Chvátal (scarabeus_iv)
Fixed bugs
bnc#1146098
VUL-0: CVE-2019-9850: libreoffice: Insufficient url validation allowing LibreLogo script execution
bnc#1141861
VUL-1: CVE-2019-9849: libreoffice: remote bullet graphics retrieved in 'stealth mode'
bnc#1141862
VUL-1: CVE-2019-9848: libreoffice: LibreLogo arbitrary script execution
bnc#1133534
[PPTX] SmartArt: Basic rendering of Trapezoid List
bnc#1146107
VUL-0: CVE-2019-9852: libreoffice: Insufficient URL encoding flaw in allowed script location check
bnc#1146105
VUL-0: CVE-2019-9851: libreoffice: LibreLogo global-event script execution
