Overview

File _patchinfo of Package patchinfo.1176

<patchinfo incident="1176">
  <category>security</category>
  <rating>moderate</rating>
  <packager>msmeissn</packager>
  <summary>Recommended update for LibreOffice</summary>
  <description>
This update brings LibreOffice to version 5.0.2, a major version
update.

It brings lots of new features, bugfixes and also security fixes.

Features as seen on http://www.libreoffice.org/discover/new-features/

* LibreOffice 5.0 ships an impressive number of new features for
  its spreadsheet module, Calc: complex formulae image cropping, new
  functions, more powerful conditional formatting, table addressing
  and much more. Calc's blend of performance and features makes it
  an enterprise-ready, heavy duty spreadsheet application capable of
  handling all kinds of workload for an impressive range of use cases
* New icons, major improvements to menus and sidebar : no other
  LibreOffice version has looked that good and helped you be creative and
  get things done the right way. In addition, style management is now more
  intuitive thanks to the visualization of styles right in the interface.
* LibreOffice 5 ships with numerous improvements to document import and
  export filters for MS Office, PDF, RTF, and more. You can now timestamp
  PDF documents generated with LibreOffice and enjoy enhanced document
  conversion fidelity all around.

The Pentaho Flow Reporting Engine is now added and used.

Security issues fixed:

* CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c
  in the Unicode Bidirectional Algorithm implementation in ICU4C in
  International Components for Unicode (ICU) before 55.1 did not properly
  track directionally isolated pieces of text, which allowed remote
  attackers to cause a denial of service (heap-based buffer overflow)
  or possibly execute arbitrary code via crafted text.
* CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c
  in the Unicode Bidirectional Algorithm implementation in ICU4C in
  International Components for Unicode (ICU) before 55.1 used an integer
  data type that is inconsistent with a header file, which allowed remote
  attackers to cause a denial of service (incorrect malloc followed by
  invalid free) or possibly execute arbitrary code via crafted text.
* CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice
  and Openoffice Calc and Writer was fixed.
* CVE-2015-1774: The HWP filter in LibreOffice allowed remote attackers
  to cause a denial of service (crash) or possibly execute arbitrary code
  via a crafted HWP document, which triggered an out-of-bounds write.
* CVE-2015-5212: A LibreOffice "PrinterSetup Length" integer underflow
  vulnerability could be used by attackers supplying documents to execute
  code as the user opening the document.
* CVE-2015-5213: A LibreOffice "Piece Table Counter" invalid check design
  error vulnerability allowed attackers supplying documents to execute
  code as the user opening the document.
* CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory
  Corruption Vulnerability allowed attackers supplying documents to execute
  code as the user opening the document.
  </description>
  <issue tracker="bnc" id="470073"/>
  <issue tracker="bnc" id="806250"/>
  <issue tracker="bnc" id="829430"/>
  <issue tracker="bnc" id="890735"/>
  <issue tracker="bnc" id="900186"/>
  <issue tracker="bnc" id="900877"/>
  <issue tracker="bnc" id="907966"/>
  <issue tracker="bnc" id="910805"/>
  <issue tracker="bnc" id="910806"/>
  <issue tracker="bnc" id="913042"/>
  <issue tracker="bnc" id="914911"/>
  <issue tracker="bnc" id="915996"/>
  <issue tracker="bnc" id="916181"/>
  <issue tracker="bnc" id="918852"/>
  <issue tracker="bnc" id="919409"/>
  <issue tracker="bnc" id="926375"/>
  <issue tracker="bnc" id="929793"/>
  <issue tracker="bnc" id="934423"/>
  <issue tracker="bnc" id="936188"/>
  <issue tracker="bnc" id="936190"/>
  <issue tracker="bnc" id="940838"/>
  <issue tracker="bnc" id="943075"/>
  <issue tracker="bnc" id="945692"/>
  <issue tracker="cve" id="CVE-2014-8146"/>
  <issue tracker="cve" id="CVE-2014-8147"/>
  <issue tracker="cve" id="CVE-2015-1774"/>
  <issue tracker="cve" id="CVE-2015-4551"/>
  <issue tracker="cve" id="CVE-2015-5212"/>
  <issue tracker="cve" id="CVE-2015-5213"/>
  <issue tracker="cve" id="CVE-2015-5214"/>
  <issue tracker="fate" id="318856"/>
  <issue tracker="fate" id="319071"/>
  <issue tracker="fdo" id="86241"/>
  <issue tracker="fdo" id="87222"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places