-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-e87eb1ae68 2018-04-29 21:22:26.242926 --------------------------------------------------------------------------------
Name : libreoffice Product : Fedora 26 Version : 5.3.7.2 Release : 9.fc26 URL : http://www.libreoffice.org/ Summary : Free Software Productivity Suite Description : LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, LibreOffice also works transparently with a variety of file formats, including Microsoft Office File Formats.
-------------------------------------------------------------------------------- Update Information:
- CVE-2018-10119 Use after free in sdstor/stgstrms.cxx - CVE-2018-10120 Out of bounds write in filter/ww8/ww8toolbar.cxx -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 20 2018 Caol��n McNamara caolanm@redhat.com - 1:5.3.7.2-9 - CVE-2018-10119 Use After Free in Structured Storage parser - CVE-2018-10120 Heap Buffer Overflow in MSWord Customizations parsing * Fri Feb 9 2018 Caol��n McNamara caolanm@redhat.com - 1:5.3.7.2-8 - CVE-2018-1055 WEBSERVICE formula woes * Tue Feb 6 2018 Stephan Bergmann sbergman@redhat.com - 1:5.3.7.2-7 - Resolves: rhbz#1541486 Base table dialog title shown in wrong language * Tue Dec 12 2017 Eike Rathke erack@redhat.com - 1:5.3.7.2-6 - Resolves: tdf#114406 treat % as the operator that it is * Wed Dec 6 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.7.2-5 - tdf#105998 missing hairlines in cut and paste of shapes from draw to writer as bitmaps * Tue Nov 21 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.7.2-4 - Compensate for loss of Type1 Standard Symbols L * Wed Nov 15 2017 Eike Rathke erack@redhat.com - 1:5.3.7.2-3 - Resolves: tdf#111428 swap ScColumn::mnBlkCountFormula - impress constantly trying to create an internal Sidebar * Tue Nov 7 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.7.2-2 - fix RTL popover placement under gtk3 - Resolves: rhbz#1505379 gtk3 + X open comboboxes block session * Thu Oct 26 2017 David Tardon dtardon@redhat.com - 1:5.3.7.2-1 - update to 5.3.7 rc2 * Mon Oct 9 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.7.1-2 - Resolves: rhbz#1471983 fatal exception on older config without slide background panel * Thu Oct 5 2017 David Tardon dtardon@redhat.com - 1:5.3.7.1-1 - update to 5.3.7 rc1 * Thu Sep 28 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.6.1-7 - Resolves: tdf#42873 videos in presenter console misplaced * Mon Sep 25 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.6.1-6 - Resolves: tdf#112408 crash with nan from bad ascent in presenter console help - Improve resizing chevrons * Mon Sep 11 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.6.1-5 - gtk3 flicker-free opengl transitions - Resolves: tdf#111891 vertical alignment lost in frame style * Thu Sep 7 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.6.1-4 - Resolves: tdf#110737 animations starved of redraw events - fix mismerge of pdf export of highlight color fix * Fri Sep 1 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.6.1-3 - Resolves: tdf#112145 broken pdf export of editengine highlight color * Thu Aug 31 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.6.1-2 - Resolves: rhbz#1400287 resizing properties dialog hides widgets - Resolves: tdf#95960 improve custom properties page * Sat Aug 26 2017 David Tardon dtardon@redhat.com - 1:5.3.6.1-1 - update to 5.3.6 rc1 * Fri Aug 18 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.5.2-3 - fix presenting with hidpi internal console and non-hidpi external * Fri Aug 11 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.5.2-2 - enable highlight color to be edited for graphics styles * Fri Aug 4 2017 David Tardon dtardon@redhat.com - 1:5.3.5.2-1 - update to 5.3.5 * Mon Jul 24 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.4.2-6 - fix slide sorter panel jumping to old position on right click context menu * Mon Jul 24 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.4.2-5 - fix clipping box for animated text effects in slideshows * Wed Jul 19 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.4.2-4 - fix video playback size under gtk3 * Tue Jul 11 2017 David Tardon dtardon@redhat.com - 1:5.3.4.2-3 - Resolves: rhbz#1463839 libanimcore is needed by Draw too * Fri Jul 7 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.4.2-2 - Resolves: rhbz#1467512 mask not created as 1 bit depth * Sun Jul 2 2017 David Tardon dtardon@redhat.com - 1:5.3.4.2-1 - update to 5.3.4 rc2 * Mon Jun 19 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.4.1-3 - consider field marks as text for auto quotes * Mon Jun 12 2017 Caol��n McNamara caolanm@redhat.com - 1:5.3.4.1-2 - make opengl transitions flicker free under X -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1569841 - CVE-2018-10120 libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1569841 [ 2 ] Bug #1569837 - CVE-2018-10119 libreoffice: Use after free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document [fedora-26] https://bugzilla.redhat.com/show_bug.cgi?id=1569837 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-e87eb1ae68' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------