-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-8d3f4d7b28 2018-05-11 21:12:37.978812 -------------------------------------------------------------------------------- Name : libreoffice Product : Fedora 28 Version : 6.0.3.2 Release : 9.fc28 URL : http://www.libreoffice.org/ Summary : Free Software Productivity Suite Description : LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, LibreOffice also works transparently with a variety of file formats, including Microsoft Office File Formats. -------------------------------------------------------------------------------- Update Information: - CVE-2018-10583 A LibreOffice document with a linked image, which is on a samba share, will cause LibreOffice to automatically initiate a samba connection to retrieve the image. This is by design. If end users or administrators wish to disable this functionality this can now be disabled via tools->options->security->options->block any links from documents not among the trusted locations. -------------------------------------------------------------------------------- ChangeLog: * Sat May 5 2018 Caol��n McNamara <caolanm(a)redhat.com&gt; - 1:6.0.3.2-9 - tdf#117413 char doubling in calc under X * Fri May 4 2018 Caol��n McNamara <caolanm(a)redhat.com&gt; - 1:6.0.3.2-8 - rhbz#1575000 CVE-2018-10583 allow embedded links to smb resources to be blocked * Thu May 3 2018 Caol��n McNamara <caolanm(a)redhat.com&gt; - 1:6.0.3.2-7 - rhbz#1573845 won't start without at least Langpack-en-US.xcd * Mon Apr 30 2018 Pete Walter <pwalter(a)fedoraproject.org&gt; - 1:6.0.3.2-6 - Rebuild for ICU 61.1 * Tue Apr 24 2018 Caol��n McNamara <caolanm(a)redhat.com&gt; - 1:6.0.3.2-5 - Resolves: tdf#116951 rhbz#1569331 start is G_MAXINT * Thu Apr 19 2018 Stephan Bergmann <sbergman(a)redhat.com&gt; - 1:6.0.3.2-4 - Resolves: rhbz#1568579 LibreOffice --headless zombie process - Related: rhbz#1569331 end should be in terms of unicode chars, not bytes * Tue Apr 17 2018 Caol��n McNamara <caolanm(a)redhat.com&gt; - 1:6.0.3.2-3 - Related: rhbz#1396729 use cairo_surface_create_similar * Tue Apr 10 2018 Caol��n McNamara <caolanm(a)redhat.com&gt; - 1:6.0.3.2-2 - finally drop bundled xmlsec1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1575000 - CVE-2018-10583 libreoffice: Information disclosure via SMB connection embedded in malicious file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1575000 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-8d3f4d7b28' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------