Lucene search

K
suseSuseOPENSUSE-SU-2018:1311-1
HistoryMay 17, 2018 - 12:07 a.m.

Security update for libreoffice (moderate)

2018-05-1700:07:31
lists.opensuse.org
52

0.016 Low

EPSS

Percentile

87.6%

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the
following issues:

Security issues fixed:

  • CVE-2018-10120: The SwCTBWrapper::Read function in
    sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations
    index, which allowed remote attackers to cause a denial of service
    (heap-based buffer overflow with write access) or possibly have
    unspecified other impact via a crafted document that contains a certain
    Microsoft Word record. (bsc#1089706)
  • CVE-2018-10119: sot/source/sdstor/stgstrms.cxx used an incorrect integer
    data type in the StgSmallStrm class, which allowed remote attackers to
    cause a denial of service (use-after-free with write access) or possibly
    have unspecified other impact via a crafted document that uses the
    structured storage ole2 wrapper file format. (bsc#1089705)

Other issues fixed:

  • DOCX import: missing table background color
  • Bring back offline help per popular demand as lto saves space we could
    use with it bsc#915996

This update was imported from the SUSE:SLE-12-SP3:Update update project.