Bayan watanni biyar na haɓakawa da shekaru bakwai da rabi tun bayan fitowar ƙarshe ta ƙarshe, an sake fitar da Apache OpenOffice 4.1.11 a matsayin sakin gyara, yana ba da gyare-gyare 12. Kunshin ƙarshe a shirye yake don Linux, Windows и macOS.
Sabuwar sakin tana gyara lahani guda uku:
- CVE-2021-33035 - Rashin lahani yana ba da damar yin amfani da lambar lokacin buɗe fayil ɗin DBF na musamman. Matsalar ta samo asali ne ta hanyar OpenOffice dogara ga filin Tsawon tsayi da filin Nau'in dabi'u a cikin taken fayil na DBF lokacin rarraba ƙwaƙwalwar ajiya, ba tare da bincika ainihin nau'in bayanan filayen ba. Don aiwatar da hari, mutum na iya ƙididdige ƙimar nau'in filin INTEGER amma ya ware manyan bayanai kuma ya ƙayyade ƙimar tsayin filin da bai dace da girman bayanan INTEGER ba. Wannan zai haifar da rubuta wutsiyar filin fiye da ƙarshen abin da aka keɓe. Za a iya yin amfani da ambaliya mai sarrafawa don ƙetare mai nuna dawowa a cikin aiki kuma, ta yin amfani da shirye-shiryen da ke kan dawowa (ROP), cimma aiwatar da lambar.
- CVE-2021-40439 - Biliyan dariya (XML bam) harin DoS wanda ke haifar da gajiyar albarkatun tsarin da ake da su yayin sarrafa takaddar da aka kera ta musamman.
- CVE-2021-28129 - An shigar da abubuwan da ke cikin kunshin DEB akan tsarin ƙarƙashin mai amfani da ba tushen tushe ba.
Canje-canje marasa tsaro:
- An ƙara girman font a cikin rubutun sashin taimako.
- An ƙara wani abu don sarrafa tasirin rubutun Fontwork zuwa menu na Sakawa.
- An ƙara gunkin da ya ɓace don aikin fitarwa na PDF zuwa menu na Fayil.
- Batun hasarar zane-zane lokacin adanawa zuwa tsarin ODS an warware shi.
- Wani batu inda zancen tabbatarwa da aka ƙara a cikin sakin da ya gabata yana toshe wasu ayyuka masu amfani (misali, maganganun an nuna lokacin da ake magana da wani sashe a cikin wannan takarda) an warware shi.
source: budenet.ru
