[SECURITY] Fedora 16 Update: libreoffice-3.4.5.2-18.fc16

updates at fedoraproject.org updates at fedoraproject.org
Fri Aug 10 22:37:08 UTC 2012


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11402
2012-08-02 10:50:55
--------------------------------------------------------------------------------

Name        : libreoffice
Product     : Fedora 16
Version     : 3.4.5.2
Release     : 18.fc16
URL         : http://www.documentfoundation.org/develop
Summary     : Free Software Productivity Suite
Description :
LibreOffice is an Open Source, community-developed, office productivity suite.
It includes the key desktop applications, such as a word processor,
spreadsheet, presentation manager, formula editor and drawing program, with a
user interface and feature set similar to other office suites.  Sophisticated
and flexible, LibreOffice also works transparently with a variety of file
formats, including Microsoft Office File Formats.

--------------------------------------------------------------------------------
Update Information:

Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially-crafted file in the Open Document Format for Office Applications (ODF) format which when opened could cause arbitrary code execution.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  1 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-18
- Resolves: CVE-2012-2665
* Fri Jun  8 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-17
- Resolves: rhbz#826609, rhbz#820554 fix smoketest on ppc[64], s390[x]
* Thu May 24 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-16
- Resolves: CVE-2012-2334
* Thu May 17 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-15
- Resolves: rhbz#822216 CVE-2012-1149
* Mon Apr 23 2012 David Tardon <dtardon at redhat.com> - 3.4.5.2-14
- Resolves: rhbz#815216 Unlocalized strings in print dialog of Calc
- Resolves: rhbz#819118 copying a certain sheet lets LibreOffice crash
* Wed Apr 18 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-13
- Resolves: rhbz#809466 libreoffice-core (unintentionally) provides
  libraptor.so.1()() and librdf.so.0()()
- Resolves: rhbz#813280 sheets cannot be moved in Calc
* Thu Apr 12 2012 Stephan Bergmann <sbergman at redhat.com> - 3.4.5.2-12
- Fix URIS_ONLY flag issue
- Resolves: fdo#38088 rhbz#810267 better CSV import default separators
* Mon Apr  2 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-11
- Resolves: rhbz#708041 focus problems and tearable menus
* Thu Mar 29 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-10
- Resolves: rhbz#789022 SwNodes: fix inconsistent outline check
- Resolves: rhbz#806663 SlideshowImpl can outlive SdModule
- Resolves: rhbz#807243 require correct version of hsqldb
- Resolves: rhbz#807316 don't complain that --nocrashreport is unknown
* Tue Mar  6 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-8
- Resolves: fdo#31966 do not create an empty slide when printing handouts
- fixes nsplugin
- Resolves: fdo#44816 crash using instances dialog of dataform navigator
- Resolves: rhbz#798983 Kannada langpack missing
- Resolves: rhbz#798926 fix endianess assumptions of lotuswordpro filter
- Resolves: fdo#39694 SwTxtFld: expand new fields to fix race condition
- Resolves: fdo#42073 sw: expand all text fields when setting properties
- Resolves: rhbz#799628 crash with chewing IM with g3g
- Resolves: rhbz#799525 put flat odf mimetypes in xsltfilter.desktop
- Resolves: rhbz#784198 show splash screen correctly on multi-head system
- Resolves: rhbz#800272 complain about unknown commandline options
* Wed Feb 29 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-7
- Resolves: rhbz#788045 swriter --help wouldn't display help
* Thu Feb 23 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-6
- ensure non broken xml help.tree files
- ensure gdb .py files have the same timstamps so that multilib
  .pyc's and .pyo's have the same content (timestamp in binary cache)
- Resolves: fdo#36109 in INDIRECT() make a non-existing sheet produce an error again
- Resolves: fdo#41712 sw: fix crash in layout frame linked lists
- Resolves: fdo#42771 Fix crash when loading an invalid .fodt
- Resolves: fdo#44813 make the refresh query filter NULL-safe
- Resolves: fdo#43399 hidden radio button should also gets unset
- Resolves: fdo#40261 Fix crash in XML Form Document
- Resolves: fdo#45992 fix support for embedded images for basic Dialogs
- Resolves: fdo#39510 fix yet more layout crashes in ~SwRootFrm
- Resolves: fdo#39657 fix crash when parsing XML signatures
- Resolves: rhbz#794679 use proper Indian Rupee currency symbol U+20B9
* Thu Feb  9 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-5
- Resolves: fdo#38595 border width lost in ODF import
- Resolves: fdo#40378 compile defined names that had unresolveds during load
- Resolves: fdo#40590 stop abusing regular string token for XML import
* Tue Feb  7 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-4
- Resolves: rhbz#701152 scrolling does not work as expected while
  viewing specific .doc file
- Resolves: fdo#45446 turn off SaveBackwardCompatibleODF
* Tue Feb  7 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-3
- Resolves: fdo#39117
- Resolves: fdo#45450 Only write "style:vertical-justify" and
  "css3t:text-justify" in ODF extended mode
- Resolves: fdo#45449 ODF export: frames: invalid "min-width"
- Resolves: fdo#45534 ODF export: fix draw:fit-to-size
- Resolves: fdo#38745 fix hilariously stupid stack guards
- Resolves: fdo#37024 SwView::SwView: fix BROWSE_MODE setting
- Resolves: fdo#35661
- Resolves: i#117545
- Resolves: fdo#45115 SwXTextTable, sc: fix setting borders
* Tue Feb  7 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-2
- Resolves: fdo#44040 VIEWING: Crash when page preview after <f4>
- Resolves: fdo#39118 Fixed chart listener registration during ODS import
- Resolves: fdo#43725 crash on saving a file
- Resolves: fdo#45032 Calc export to HTML with graphics failed
- Resolves: rhbz#783556 crash in ScMatrix::GetDimensons()
- Resolves: fdo#44178 Align dictionary address with DICT_REPO_URL in
  instsetoo_native/util/openoffice.lst
- Resolves: fdo#43193 fix rotation of shapes in imported MS documents
- Resolves: fdo#44065
- Resolves: fdo#44385 restore special DATE handling code for SbxValue::Compute
- Resolves: fdo#43479 fix crash on DISTINCT
- Resolves: fdo#44208 country code 'IN' is not in use for these locales
- Resolves: fdo#45107
- Resolves: fdo#38542 "double" border line ODF import
- Resolves: fdo#38515 crasher in dialog destructor
- Resolves: fdo#40438 force calculating layout before Activate to
  avoid crashes and loops
- Resolves: rhbz#746174 also export list restart for non root list
- Resolves: fdo#42784 BorderLine with only InnerWidth set does not work
- Resolves: fdo#45255 edge-case .doc comment import
- Resolves: rhbz#788045 fix soffice --help with instance already running
- Resolves: rhbz#788042 skip splashscreen with quickstarter
* Tue Jan 17 2012 David Tardon <dtardon at redhat.com> - 3.4.5.2-1
- new upstream version 3.4.5
- drop integrated 001-add-Oracle-Java-1.7.0-recognition.patch
- drop integrated 001-fix-horizontal-scrollbars-with-KDE-oxygen-style-bnc-.patch
- drop integrated 001-fdo-43308-Set-the-logic-straight-for-center-across-s.patch
- drop integrated 001-Resolves-rhbz-754051-Libreoffice-calc-crashes-when-r.patch
- drop integrated 001-sw-fdo-39159-fdo-40482-temp-selection-print-doc.patch
- Resolves: rhbz#771108 English menu in writer despite installation of
  libreoffice-langpack-de
- Resolves: rhbz#661738 Very slow java database operations:
  Attach/DetachCurrentThread
- Resolves: fdo#44078 fix font alias name problems
* Fri Jan  6 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.4.2-7
- Resolves: fdo#40482 Writer view options destroyed by printing
- Resolves: rhbz#533318 smath does not handle accents in MathML
* Thu Dec 15 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.4.2-6
- Resolves: rhbz#761009 IFSD_Equal is asymmetrical
- Resolves: rhbz#754051 Libreoffice calc crashes when re-opening a xlxs file
- Resolves: rhbz#767708 write to mmap'ed file w/o disk space: SIGBUS
* Fri Dec  9 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.4.2-5
- Resolves: rhbz#759647 dispose clears mpPresTimer
- Resolves: rhbz#761558 center-across-selection fix
* Wed Nov 30 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.4.2-4
- Resolves: rhbz#757653 fix headless crash with cairo canvas
- Resolves: rhbz#758338 KDE build problems
* Wed Nov 23 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.4.2-3
- Resolves: rhbz#751290 kde black on dark-grey tooltip-texts
* Fri Nov 11 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.4.2-2
- Resolves: fdo#42749 KDE oxygen theme and scrollbars
* Fri Nov 11 2011 David Tardon <dtardon at redhat.com> - 3.4.4.2-1
- new upstream version 3.4.4
* Thu Nov 10 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.3.2-16
- Resolves: rhbz#751982 shadowed m_aXineramaScreenIndexMap crash
* Thu Oct 27 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.3.2-15
- Related: rhbz#748585 throw the additional requires away, because it
  does not help
- add possible fix for detection of java 7
* Tue Oct 25 2011 David Tardon <dtardon at redhat.com> - 3.4.3.2-14
- Resolves: rhbz#748585 libreoffice installs Java 7
* Fri Oct 21 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.3.2-13
- Resolves: rhbz#747356 let Qt call XInitThreads
- fix .sdw import
* Wed Oct 19 2011 Caolán McNamara <caolanm at redhat.com> - 3.4.3.2-12
- Related: rhbz#743750 addXineramaScreenUnique issue
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #826077 - CVE-2012-2665 openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code
        https://bugzilla.redhat.com/show_bug.cgi?id=826077
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libreoffice' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list