Ulwazi ludizwe malunga nobuthathaka obubini kwiofisi yasimahla ye-LibreOffice, eyona iyingozi kakhulu enokuthi ivumele ikhowudi ukuba yenziwe xa kuvulwa uxwebhu oluyilwe ngokukodwa. Ubuthathaka bokuqala bulungiswe ngokuthula ngoMatshi ukukhutshwa kwe-7.4.6 kunye ne-7.5.1, kwaye okwesibini kuhlaziyo lukaMeyi lwe-LibreOffice 7.4.7 kunye ne-7.5.3.
Umngcipheko wokuqala (CVE-2023-0950) unokuvumela ukuba ikhowudi iqhutywe kwisistim xa uvula i-spreadsheet equka iifomyula eziguqulwe ngokukodwa, ezifana ne-AGGREGATE, apho iiparameters ezimbalwa zigqithiswa kunokuba zilindelwe. Ingxaki ibangelwa kukuphuphuma kwesalathiso soluhlu kwifomula yokwahlulahlula ikhowudi (ScInterpreter) esetyenziswa xa kusetyenzwa i-spreadsheets.
Ubuthathaka besibini (i-CVE-2023-2255) ivumela umhlaseli ukuba alungiselele uxwebhu oluyilwe ngokukodwa, oluya kuthi, xa luvuliwe, lulayishe amakhonkco angaphandle ngaphandle kokubonisa ukukhawuleza okanye isilumkiso, esingahambelani nokuziphatha okuxeliweyo kwe-LibreOffice, oku kuthetha ukubonisa. isilumkiso xa kulayishwa umxholo onxulumeneyo. Ingxaki ibangelwa sisiphene kwikhowudi yesicelo semvume xa usebenzisa "izakhelo ezidadayo" indlela, efana neeframes kwiHTML kwaye ivumela umxholo weefayile zangaphandle ukuba zibandakanywe ngamandla kuxwebhu.
umthombo: opennet.ru
