ESB-2018.3518 - [SUSE] LibreOffice and libraries: Access confidential data - Remote with user interaction 2018-11-09

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3518
SUSE Security Update: Security update for libepubgen, liblangtag, libmwaw,
            libnumbertext, libreoffice, libstaroffice, libwps,
                       myspell-dictionaries, xmlsec1
                              9 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           LibreOffice
                   libepubgen
                   liblangtag
                   libmwaw
                   libnumbertext
                   libstaroffice
                   libwps
                   myspell-dictionaries
                   xmlsec1
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Access Confidential Data -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-10583  

Reference:         ESB-2018.3378
                   ESB-2018.2511.2

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20183683-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3683-1
Rating:             moderate
References:         #1050305 #1088263 #1091606 #1094779 #1095601 
                    #1095639 #1096360 #1098891 #1104876 
Cross-References:   CVE-2018-10583
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
                    SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________

   An update that solves one vulnerability and has 8 fixes is
   now available.

Description:



   This update for LibreOffice, libepubgen, liblangtag, libmwaw,
   libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes
   the following issues:

   LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features
   and lots of bugfixes:

   The full changelog can be found on:

           https://wiki.documentfoundation.org/ReleaseNotes/6.1

   Bugfixes:

   - bsc#1095639 Exporting to PPTX results in vertical labels being shown
     horizontally
   - bsc#1098891 Table in PPTX misplaced and partly blue
   - bsc#1088263 Labels in chart change (from white and other colors) to
     black when saving as PPTX
   - bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit

   - Add more translations:
     * Belarusian
     * Bodo
     * Dogri
     * Frisian
     * Gaelic
     * Paraguayan_Guaran
     * Upper_Sorbian
     * Konkani
     * Kashmiri
     * Luxembourgish
     * Monglolian
     * Manipuri
     * Burnese
     * Occitan
     * Kinyarwanda
     * Santali
     * Sanskrit
     * Sindhi
     * Sidamo
     * Tatar
     * Uzbek
     * Upper Sorbian
     * Venetian
     * Amharic
     * Asturian
     * Tibetian
     * Bosnian
     * English GB
     * English ZA
     * Indonesian
     * Icelandic
     * Georgian
     * Khmer
     * Lao
     * Macedonian
     * Nepali
     * Oromo
     * Albanian
     * Tajik
     * Uyghur
     * Vietnamese
     * Kurdish

   - Try to build all languages see bsc#1096360
   - Make sure to install the KDE5/Qt5 UI/filepicker
   - Try to implement safeguarding to avoid bsc#1050305
   - Disable base-drivers-mysql as it needs mysqlcppcon that is only for
     mysql and not mariadb, causes issues bsc#1094779
     * Users can still connect using jdbc/odbc
   - Fix java detection on machines with too many cpus

   - CVE-2018-10583: An information disclosure vulnerability occured when
     LibreOffice automatically processed and initiated an SMB connection
     embedded in a malicious file, as demonstrated by
     xlink:href=file://192.168.0.2/test.jpg within an office:document-content
     element in a .odt XML document. (bsc#1091606)

   libepubgen was updated to 0.1.1:

   - Avoid <div> inside <p> or <span>.
   - Avoid writin vertical-align attribute without a value.
   - Fix generation of invalid XHTML when there is a link starting at the
     beginning of a footnote.
   - Handle relative width for images.
   - Fixed layout: write chapter names to improve navigation.
   - Support writing mode.
   - Start a new HTML file at every page span in addition to the splits
     induced by the chosen split method. This is to ensure that specified
     writing mode works correctly, as it is HTML <body> attribute.

   liblangtag was updated to 0.6.2:

   - use standard function
   - fix leak in test

   libmwaw was updated to 0.3.14:

   - Support MS Multiplan 1.1 files

   libnumbertext was update to 1.0.5:

   - Various fixes in numerical calculations and issues reported on
     libreoffice tracker

   libstaroffice was updated to 0.0.6:

   - retrieve some StarMath's formula,
   - retrieve some charts as graphic,
   - retrieve some fields in sda/sdc/sdp text-boxes,
   - .sdw: retrieve more attachments.

   libwps was updated to 0.4.9:

   - QuattroPro: add parser to .wb3 files
   - Multiplan: add parser to DOS v1-v3 files
   - charts: try to retrieve charts in .wk*, .wq* files
   - QuattroPro: add parser to .wb[12] files

   myspell-dictionaries was updated to 20181025:

   - Turkish dictionary added
   - Updated French dictionary

   xmlsec1 was updated to 1.2.26:

   - Added xmlsec-mscng module based on Microsoft Cryptography API: Next
     Generation
   - Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R
     34.10-2001 in xmlsec-mscrypto


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15:

      zypper in -t patch SUSE-SLE-Product-WE-15-2018-2616=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2616=1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2616=1

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2616=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15 (x86_64):

      libepubgen-0_1-1-0.1.1-3.3.1
      libepubgen-0_1-1-debuginfo-0.1.1-3.3.1
      libepubgen-debugsource-0.1.1-3.3.1
      libepubgen-devel-0.1.1-3.3.1
      liblangtag-debugsource-0.6.2-3.3.1
      liblangtag-devel-0.6.2-3.3.1
      liblangtag1-0.6.2-3.3.1
      liblangtag1-debuginfo-0.6.2-3.3.1
      libmwaw-0_3-3-0.3.14-4.3.1
      libmwaw-0_3-3-debuginfo-0.3.14-4.3.1
      libmwaw-debuginfo-0.3.14-4.3.1
      libmwaw-debugsource-0.3.14-4.3.1
      libnumbertext-1_0-0-1.0.5-1.3.1
      libnumbertext-data-1.0.5-1.3.1
      libnumbertext-debuginfo-1.0.5-1.3.1
      libnumbertext-debugsource-1.0.5-1.3.1
      libreoffice-6.1.3.2-3.7.3
      libreoffice-base-6.1.3.2-3.7.3
      libreoffice-base-debuginfo-6.1.3.2-3.7.3
      libreoffice-base-drivers-postgresql-6.1.3.2-3.7.3
      libreoffice-base-drivers-postgresql-debuginfo-6.1.3.2-3.7.3
      libreoffice-calc-6.1.3.2-3.7.3
      libreoffice-calc-debuginfo-6.1.3.2-3.7.3
      libreoffice-calc-extensions-6.1.3.2-3.7.3
      libreoffice-debuginfo-6.1.3.2-3.7.3
      libreoffice-debugsource-6.1.3.2-3.7.3
      libreoffice-draw-6.1.3.2-3.7.3
      libreoffice-draw-debuginfo-6.1.3.2-3.7.3
      libreoffice-filters-optional-6.1.3.2-3.7.3
      libreoffice-gnome-6.1.3.2-3.7.3
      libreoffice-gnome-debuginfo-6.1.3.2-3.7.3
      libreoffice-gtk3-6.1.3.2-3.7.3
      libreoffice-gtk3-debuginfo-6.1.3.2-3.7.3
      libreoffice-impress-6.1.3.2-3.7.3
      libreoffice-impress-debuginfo-6.1.3.2-3.7.3
      libreoffice-mailmerge-6.1.3.2-3.7.3
      libreoffice-math-6.1.3.2-3.7.3
      libreoffice-math-debuginfo-6.1.3.2-3.7.3
      libreoffice-officebean-6.1.3.2-3.7.3
      libreoffice-officebean-debuginfo-6.1.3.2-3.7.3
      libreoffice-pyuno-6.1.3.2-3.7.3
      libreoffice-pyuno-debuginfo-6.1.3.2-3.7.3
      libreoffice-writer-6.1.3.2-3.7.3
      libreoffice-writer-debuginfo-6.1.3.2-3.7.3
      libreoffice-writer-extensions-6.1.3.2-3.7.3
      libreofficekit-6.1.3.2-3.7.3
      libstaroffice-0_0-0-0.0.6-3.3.1
      libstaroffice-0_0-0-debuginfo-0.0.6-3.3.1
      libstaroffice-debuginfo-0.0.6-3.3.1
      libstaroffice-debugsource-0.0.6-3.3.1
      libwps-0_4-4-0.4.9-3.3.1
      libwps-0_4-4-debuginfo-0.4.9-3.3.1
      libwps-debuginfo-0.4.9-3.3.1
      libwps-debugsource-0.4.9-3.3.1
      libwps-devel-0.4.9-3.3.1
      libxmlsec1-1-1.2.26-3.3.1
      libxmlsec1-1-debuginfo-1.2.26-3.3.1
      libxmlsec1-nss1-1.2.26-3.3.1
      libxmlsec1-nss1-debuginfo-1.2.26-3.3.1
      libxmlsec1-openssl1-1.2.26-3.3.1
      libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1
      xmlsec1-debuginfo-1.2.26-3.3.1
      xmlsec1-debugsource-1.2.26-3.3.1
      xmlsec1-devel-1.2.26-3.3.1
      xmlsec1-nss-devel-1.2.26-3.3.1
      xmlsec1-openssl-devel-1.2.26-3.3.1

   - SUSE Linux Enterprise Workstation Extension 15 (noarch):

      libreoffice-branding-upstream-6.1.3.2-3.7.3
      libreoffice-icon-themes-6.1.3.2-3.7.3
      libreoffice-l10n-af-6.1.3.2-3.7.3
      libreoffice-l10n-ar-6.1.3.2-3.7.3
      libreoffice-l10n-as-6.1.3.2-3.7.3
      libreoffice-l10n-bg-6.1.3.2-3.7.3
      libreoffice-l10n-bn-6.1.3.2-3.7.3
      libreoffice-l10n-br-6.1.3.2-3.7.3
      libreoffice-l10n-ca-6.1.3.2-3.7.3
      libreoffice-l10n-cs-6.1.3.2-3.7.3
      libreoffice-l10n-cy-6.1.3.2-3.7.3
      libreoffice-l10n-da-6.1.3.2-3.7.3
      libreoffice-l10n-de-6.1.3.2-3.7.3
      libreoffice-l10n-dz-6.1.3.2-3.7.3
      libreoffice-l10n-el-6.1.3.2-3.7.3
      libreoffice-l10n-en-6.1.3.2-3.7.3
      libreoffice-l10n-eo-6.1.3.2-3.7.3
      libreoffice-l10n-es-6.1.3.2-3.7.3
      libreoffice-l10n-et-6.1.3.2-3.7.3
      libreoffice-l10n-eu-6.1.3.2-3.7.3
      libreoffice-l10n-fa-6.1.3.2-3.7.3
      libreoffice-l10n-fi-6.1.3.2-3.7.3
      libreoffice-l10n-fr-6.1.3.2-3.7.3
      libreoffice-l10n-ga-6.1.3.2-3.7.3
      libreoffice-l10n-gl-6.1.3.2-3.7.3
      libreoffice-l10n-gu-6.1.3.2-3.7.3
      libreoffice-l10n-he-6.1.3.2-3.7.3
      libreoffice-l10n-hi-6.1.3.2-3.7.3
      libreoffice-l10n-hr-6.1.3.2-3.7.3
      libreoffice-l10n-hu-6.1.3.2-3.7.3
      libreoffice-l10n-it-6.1.3.2-3.7.3
      libreoffice-l10n-ja-6.1.3.2-3.7.3
      libreoffice-l10n-kk-6.1.3.2-3.7.3
      libreoffice-l10n-kn-6.1.3.2-3.7.3
      libreoffice-l10n-ko-6.1.3.2-3.7.3
      libreoffice-l10n-lt-6.1.3.2-3.7.3
      libreoffice-l10n-lv-6.1.3.2-3.7.3
      libreoffice-l10n-mai-6.1.3.2-3.7.3
      libreoffice-l10n-ml-6.1.3.2-3.7.3
      libreoffice-l10n-mr-6.1.3.2-3.7.3
      libreoffice-l10n-nb-6.1.3.2-3.7.3
      libreoffice-l10n-nl-6.1.3.2-3.7.3
      libreoffice-l10n-nn-6.1.3.2-3.7.3
      libreoffice-l10n-nr-6.1.3.2-3.7.3
      libreoffice-l10n-nso-6.1.3.2-3.7.3
      libreoffice-l10n-or-6.1.3.2-3.7.3
      libreoffice-l10n-pa-6.1.3.2-3.7.3
      libreoffice-l10n-pl-6.1.3.2-3.7.3
      libreoffice-l10n-pt_BR-6.1.3.2-3.7.3
      libreoffice-l10n-pt_PT-6.1.3.2-3.7.3
      libreoffice-l10n-ro-6.1.3.2-3.7.3
      libreoffice-l10n-ru-6.1.3.2-3.7.3
      libreoffice-l10n-si-6.1.3.2-3.7.3
      libreoffice-l10n-sk-6.1.3.2-3.7.3
      libreoffice-l10n-sl-6.1.3.2-3.7.3
      libreoffice-l10n-sr-6.1.3.2-3.7.3
      libreoffice-l10n-ss-6.1.3.2-3.7.3
      libreoffice-l10n-st-6.1.3.2-3.7.3
      libreoffice-l10n-sv-6.1.3.2-3.7.3
      libreoffice-l10n-ta-6.1.3.2-3.7.3
      libreoffice-l10n-te-6.1.3.2-3.7.3
      libreoffice-l10n-th-6.1.3.2-3.7.3
      libreoffice-l10n-tn-6.1.3.2-3.7.3
      libreoffice-l10n-tr-6.1.3.2-3.7.3
      libreoffice-l10n-ts-6.1.3.2-3.7.3
      libreoffice-l10n-uk-6.1.3.2-3.7.3
      libreoffice-l10n-ve-6.1.3.2-3.7.3
      libreoffice-l10n-xh-6.1.3.2-3.7.3
      libreoffice-l10n-zh_CN-6.1.3.2-3.7.3
      libreoffice-l10n-zh_TW-6.1.3.2-3.7.3
      libreoffice-l10n-zu-6.1.3.2-3.7.3
      myspell-af_ZA-20181025-3.6.1
      myspell-ar-20181025-3.6.1
      myspell-bg_BG-20181025-3.6.1
      myspell-bn_BD-20181025-3.6.1
      myspell-br_FR-20181025-3.6.1
      myspell-ca-20181025-3.6.1
      myspell-cs_CZ-20181025-3.6.1
      myspell-da_DK-20181025-3.6.1
      myspell-el_GR-20181025-3.6.1
      myspell-et_EE-20181025-3.6.1
      myspell-fr_FR-20181025-3.6.1
      myspell-gl-20181025-3.6.1
      myspell-gu_IN-20181025-3.6.1
      myspell-he_IL-20181025-3.6.1
      myspell-hi_IN-20181025-3.6.1
      myspell-hr_HR-20181025-3.6.1
      myspell-it_IT-20181025-3.6.1
      myspell-lt_LT-20181025-3.6.1
      myspell-lv_LV-20181025-3.6.1
      myspell-nl_NL-20181025-3.6.1
      myspell-nn_NO-20181025-3.6.1
      myspell-pl_PL-20181025-3.6.1
      myspell-pt_PT-20181025-3.6.1
      myspell-si_LK-20181025-3.6.1
      myspell-sk_SK-20181025-3.6.1
      myspell-sl_SI-20181025-3.6.1
      myspell-sr-20181025-3.6.1
      myspell-sv_SE-20181025-3.6.1
      myspell-te_IN-20181025-3.6.1
      myspell-th_TH-20181025-3.6.1
      myspell-tr_TR-20181025-3.6.1
      myspell-uk_UA-20181025-3.6.1
      myspell-zu_ZA-20181025-3.6.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64):

      libxmlsec1-gcrypt1-1.2.26-3.3.1
      libxmlsec1-gcrypt1-debuginfo-1.2.26-3.3.1
      libxmlsec1-gnutls1-1.2.26-3.3.1
      libxmlsec1-gnutls1-debuginfo-1.2.26-3.3.1
      libxmlsec1-openssl1-1.2.26-3.3.1
      libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1
      xmlsec1-debuginfo-1.2.26-3.3.1
      xmlsec1-debugsource-1.2.26-3.3.1
      xmlsec1-gnutls-devel-1.2.26-3.3.1
      xmlsec1-openssl-devel-1.2.26-3.3.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64):

      libmwaw-debuginfo-0.3.14-4.3.1
      libmwaw-debugsource-0.3.14-4.3.1
      libmwaw-devel-0.3.14-4.3.1
      libmwaw-tools-0.3.14-4.3.1
      libmwaw-tools-debuginfo-0.3.14-4.3.1
      libstaroffice-debuginfo-0.0.6-3.3.1
      libstaroffice-debugsource-0.0.6-3.3.1
      libstaroffice-devel-0.0.6-3.3.1
      libstaroffice-tools-0.0.6-3.3.1
      libstaroffice-tools-debuginfo-0.0.6-3.3.1
      libwps-debuginfo-0.4.9-3.3.1
      libwps-debugsource-0.4.9-3.3.1
      libwps-tools-0.4.9-3.3.1
      libwps-tools-debuginfo-0.4.9-3.3.1
      libxmlsec1-gcrypt1-1.2.26-3.3.1
      libxmlsec1-gcrypt1-debuginfo-1.2.26-3.3.1
      libxmlsec1-gnutls1-1.2.26-3.3.1
      libxmlsec1-gnutls1-debuginfo-1.2.26-3.3.1
      libxmlsec1-openssl1-1.2.26-3.3.1
      libxmlsec1-openssl1-debuginfo-1.2.26-3.3.1
      xmlsec1-1.2.26-3.3.1
      xmlsec1-debuginfo-1.2.26-3.3.1
      xmlsec1-debugsource-1.2.26-3.3.1
      xmlsec1-gcrypt-devel-1.2.26-3.3.1
      xmlsec1-gnutls-devel-1.2.26-3.3.1
      xmlsec1-openssl-devel-1.2.26-3.3.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):

      libepubgen-devel-doc-0.1.1-3.3.1
      liblangtag-doc-0.6.2-3.3.1
      libmwaw-devel-doc-0.3.14-4.3.1
      libstaroffice-devel-doc-0.0.6-3.3.1
      myspell-af_NA-20181025-3.6.1
      myspell-an-20181025-3.6.1
      myspell-an_ES-20181025-3.6.1
      myspell-ar_AE-20181025-3.6.1
      myspell-ar_BH-20181025-3.6.1
      myspell-ar_DZ-20181025-3.6.1
      myspell-ar_EG-20181025-3.6.1
      myspell-ar_IQ-20181025-3.6.1
      myspell-ar_JO-20181025-3.6.1
      myspell-ar_KW-20181025-3.6.1
      myspell-ar_LB-20181025-3.6.1
      myspell-ar_LY-20181025-3.6.1
      myspell-ar_MA-20181025-3.6.1
      myspell-ar_OM-20181025-3.6.1
      myspell-ar_QA-20181025-3.6.1
      myspell-ar_SA-20181025-3.6.1
      myspell-ar_SD-20181025-3.6.1
      myspell-ar_SY-20181025-3.6.1
      myspell-ar_TN-20181025-3.6.1
      myspell-ar_YE-20181025-3.6.1
      myspell-be_BY-20181025-3.6.1
      myspell-bn_IN-20181025-3.6.1
      myspell-bo-20181025-3.6.1
      myspell-bo_CN-20181025-3.6.1
      myspell-bo_IN-20181025-3.6.1
      myspell-bs-20181025-3.6.1
      myspell-bs_BA-20181025-3.6.1
      myspell-ca_AD-20181025-3.6.1
      myspell-ca_ES-20181025-3.6.1
      myspell-ca_ES_valencia-20181025-3.6.1
      myspell-ca_FR-20181025-3.6.1
      myspell-ca_IT-20181025-3.6.1
      myspell-de_AT-20181025-3.6.1
      myspell-de_CH-20181025-3.6.1
      myspell-en_AU-20181025-3.6.1
      myspell-en_BS-20181025-3.6.1
      myspell-en_BZ-20181025-3.6.1
      myspell-en_CA-20181025-3.6.1
      myspell-en_GB-20181025-3.6.1
      myspell-en_GH-20181025-3.6.1
      myspell-en_IE-20181025-3.6.1
      myspell-en_IN-20181025-3.6.1
      myspell-en_JM-20181025-3.6.1
      myspell-en_MW-20181025-3.6.1
      myspell-en_NA-20181025-3.6.1
      myspell-en_NZ-20181025-3.6.1
      myspell-en_PH-20181025-3.6.1
      myspell-en_TT-20181025-3.6.1
      myspell-en_ZA-20181025-3.6.1
      myspell-en_ZW-20181025-3.6.1
      myspell-es_AR-20181025-3.6.1
      myspell-es_BO-20181025-3.6.1
      myspell-es_CL-20181025-3.6.1
      myspell-es_CO-20181025-3.6.1
      myspell-es_CR-20181025-3.6.1
      myspell-es_CU-20181025-3.6.1
      myspell-es_DO-20181025-3.6.1
      myspell-es_EC-20181025-3.6.1
      myspell-es_GT-20181025-3.6.1
      myspell-es_HN-20181025-3.6.1
      myspell-es_MX-20181025-3.6.1
      myspell-es_NI-20181025-3.6.1
      myspell-es_PA-20181025-3.6.1
      myspell-es_PE-20181025-3.6.1
      myspell-es_PR-20181025-3.6.1
      myspell-es_PY-20181025-3.6.1
      myspell-es_SV-20181025-3.6.1
      myspell-es_UY-20181025-3.6.1
      myspell-es_VE-20181025-3.6.1
      myspell-fr_BE-20181025-3.6.1
      myspell-fr_CA-20181025-3.6.1
      myspell-fr_CH-20181025-3.6.1
      myspell-fr_LU-20181025-3.6.1
      myspell-fr_MC-20181025-3.6.1
      myspell-gd_GB-20181025-3.6.1
      myspell-gl_ES-20181025-3.6.1
      myspell-gug-20181025-3.6.1
      myspell-gug_PY-20181025-3.6.1
      myspell-is-20181025-3.6.1
      myspell-is_IS-20181025-3.6.1
      myspell-kmr_Latn-20181025-3.6.1
      myspell-kmr_Latn_SY-20181025-3.6.1
      myspell-kmr_Latn_TR-20181025-3.6.1
      myspell-lo_LA-20181025-3.6.1
      myspell-ne_NP-20181025-3.6.1
      myspell-nl_BE-20181025-3.6.1
      myspell-nn_NO-20181025-3.6.1
      myspell-oc_FR-20181025-3.6.1
      myspell-pt_AO-20181025-3.6.1
      myspell-sq_AL-20181025-3.6.1
      myspell-sr_CS-20181025-3.6.1
      myspell-sr_Latn_CS-20181025-3.6.1
      myspell-sr_Latn_RS-20181025-3.6.1
      myspell-sr_RS-20181025-3.6.1
      myspell-sv_FI-20181025-3.6.1
      myspell-sw_TZ-20181025-3.6.1
      myspell-te-20181025-3.6.1
      myspell-vi-20181025-3.6.1
      myspell-vi_VN-20181025-3.6.1

   - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):

      myspell-dictionaries-20181025-3.6.1
      myspell-lightproof-en-20181025-3.6.1
      myspell-lightproof-hu_HU-20181025-3.6.1
      myspell-lightproof-pt_BR-20181025-3.6.1
      myspell-lightproof-ru_RU-20181025-3.6.1

   - SUSE Linux Enterprise Module for Basesystem 15 (noarch):

      myspell-de-20181025-3.6.1
      myspell-de_DE-20181025-3.6.1
      myspell-en-20181025-3.6.1
      myspell-en_US-20181025-3.6.1
      myspell-es-20181025-3.6.1
      myspell-es_ES-20181025-3.6.1
      myspell-hu_HU-20181025-3.6.1
      myspell-nb_NO-20181025-3.6.1
      myspell-no-20181025-3.6.1
      myspell-pt_BR-20181025-3.6.1
      myspell-ro-20181025-3.6.1
      myspell-ro_RO-20181025-3.6.1
      myspell-ru_RU-20181025-3.6.1


References:

   https://www.suse.com/security/cve/CVE-2018-10583.html
   https://bugzilla.suse.com/1050305
   https://bugzilla.suse.com/1088263
   https://bugzilla.suse.com/1091606
   https://bugzilla.suse.com/1094779
   https://bugzilla.suse.com/1095601
   https://bugzilla.suse.com/1095639
   https://bugzilla.suse.com/1096360
   https://bugzilla.suse.com/1098891
   https://bugzilla.suse.com/1104876

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW+TJTWaOgq3Tt24GAQiU6Q/+Nd70cJTr63erhH2HiZaUxgPboqiAboRT
xqKqYSv5gaX9xE0xaAwpDqd9qkKCBZJ6+qnQzafU7F7ds9UGHTunkwQ0FOVDRS0M
eAY0jU4aWWbjDl3RUf/Tox6K2PLqTFy6seXGTcmVpPEcARlS5Sv5y2s9tN3q8YmN
T7BJgbXwEXJ+Iu+ZGKp9bAqWf+D7YSMUEDFhHMhJOXHy5VJqS/noFrcySq/Q838K
Xy52pXMZCKhOMspLon1GiJfnkgWNsicY043zcPti8PDqlpxbZpBZmPlTfRoWV+rZ
BD87yvFToRizjs3/JNAKIaz9n1Kl8HOwNbTCZnie7BMcYFYsqKZOflcYe5Y3jzEX
cqLnT17gWRn9vj615c97Ifr+TGLSUC1ZHBDN6kyhkqGtA9+zjgEt7Ba1iFCbyZGr
JGqfqFoOM66WECBEpTs+AFh3/cTYDoIZKin5kwB6IzyiX9qx9HmS0kMym6XhYpYR
ZTACR7Of0miwaGtltujAqK5pAM5E7oEJMunqCMJmLT9I9UY8utW1MHTtJg7ZbyRG
8RdrkYcs0XfXTGVO8xEI4Q/4/AtNAVc1cis/NR55etp9xKIoJ5TBLRd2w7vUIU8i
tPKizxZ124bG6LH/a+wj1RLT1JHtUhMrblIaD81+ZvlOlZgcGoC7ZoPw7bDF7RsU
Tv5nVavsKQY=
=C3AQ
-----END PGP SIGNATURE-----

« Back to bulletins