Bayan watanni biyar na ci gaba da shekaru bakwai da rabi tun bayan fitowar da ta gabata, an kafa wani gyara na ofishin suite Apache OpenOffice 4.1.11, wanda ya ba da shawarar gyara 12. An shirya fakitin da aka shirya don Linux, Windows da macOS.
Sabuwar sakin tana gyara lahani guda uku:
- CVE-2021-33035 - Yana ba da damar aiwatar da lamba lokacin buɗe fayil ɗin DBF da aka kera na musamman. Matsalar ta samo asali ne ta hanyar OpenOffice dogara ga filin Tsawon da filin Nau'in dabi'u a cikin taken fayilolin DBF don rarraba ƙwaƙwalwar ajiya, ba tare da duba cewa ainihin nau'in bayanan da ke cikin filayen ya dace ba. Don kai hari, zaku iya saka nau'in INTEGER a filin darajarNau'in, amma sanya manyan bayanai kuma saka ƙimar filin Tsawon da bai dace da girman bayanan da nau'in INTEGER ba, wanda zai kai ga wutsiyar bayanan. daga filin da ake rubuta fiye da abin da aka keɓe. Sakamakon madaidaicin buffer mai sarrafawa, zaku iya sake fasalta mai nunin dawowa daga aikin kuma, ta amfani da dabarun shirye-shiryen da suka dace da dawowa (ROP - Shirye-shiryen Mai Dawowa), cimma nasarar aiwatar da lambar ku.
- CVE-2021-40439 shine "Biliyan dariya" harin DoS (bam na XML), wanda ke haifar da gajiyar albarkatun tsarin da ake da su lokacin sarrafa takaddun da aka tsara na musamman.
- CVE-2021-28129 - Abubuwan da ke cikin kunshin DEB an shigar dasu akan tsarin azaman mai amfani mara tushe.
Canje-canje marasa tsaro:
- An ƙara girman font a cikin rubutun sashin taimako.
- An ƙara wani abu zuwa menu Saka don sarrafa tasirin rubutun Fontwork.
- Ƙara gunkin da ya ɓace zuwa menu na Fayil don aikin fitarwa na PDF.
- Matsalar hasarar zane-zane lokacin yin ajiya a tsarin ODS an warware shi.
- An warware matsala tare da wasu ayyuka masu amfani da aka toshe ta hanyar maganganun tabbatar da aiki da aka ƙara a cikin sakin da ya gabata (misali, an nuna maganganun lokacin da ake magana akan sashe a cikin wannan takarda).
source: budenet.ru