Bayan watanni uku na haɓakawa da shekaru bakwai tun bayan fitowar ta ƙarshe, an kafa gyara gyara na ofishin Apache OpenOffice 4.1.10, wanda ya ba da shawarar gyara 2. An shirya fakitin da aka shirya don Linux, Windows da macOS.
Sakin yana gyara rauni (CVE-2021-30245) wanda ke ba da damar aiwatar da lambar sabani a cikin tsarin lokacin danna hanyar haɗin da aka ƙera ta musamman a cikin takaddar. Lalacewar ta samo asali ne saboda kuskure wajen sarrafa hanyoyin haɗin yanar gizo masu amfani da ka'idoji banda "http://" da "https://", kamar "smb://" da "dav://".
Misali, maharin na iya sanya fayil mai aiwatarwa akan uwar garken SMB ɗinsu kuma ya saka hanyar haɗi zuwa gare shi a cikin takarda. Lokacin da mai amfani ya danna wannan hanyar haɗin yanar gizon, takamaiman fayil ɗin da za a iya aiwatarwa za a aiwatar da shi ba tare da faɗakarwa ba. An nuna harin akan Windows da Xubuntu. Don tsaro, OpenOffice 4.1.10 ya ƙara ƙarin maganganun da ke buƙatar mai amfani ya tabbatar da aiki lokacin bin hanyar haɗi a cikin takarda.
Masu binciken da suka gano matsalar sun lura cewa ba kawai Apache OpenOffice ba, har ma da LibreOffice matsalar ta shafa (CVE-2021-25631). Don LibreOffice, gyaran yana samuwa a halin yanzu a cikin nau'i na facin da aka haɗa a cikin fitowar LibreOffice 7.0.5 da 7.1.2, amma yana gyara matsalar kawai akan dandamali na Windows (an sabunta jerin abubuwan haɓaka fayil ɗin da aka haramta. ). Masu haɓakawa na LibreOffice sun ƙi haɗa da gyara don Linux, suna yin la'akari da cewa matsalar ba ta cikin yankin alhakinsu kuma yakamata a warware ta ta gefen rarrabawa / mahallin mai amfani. Baya ga suites na OpenOffice da LibreOffice, an kuma gano irin wannan matsala a cikin Telegram, Nextcloud, VLC, Bitcoin/Dogecoin Wallet, Wireshark da Mumble.
source: budenet.ru