Emva kweenyanga ezintlanu zophuhliso kunye neminyaka esixhenxe enesiqingatha ukususela ekukhululweni okubalulekileyo kokugqibela, ukukhutshwa kolungiso lweofisi ye-Apache OpenOffice 4.1.11 iye yasekwa, ecebise ukulungiswa kwe-12. Iiphakheji esele zenziwe zilungiselelwe iLinux, Windows kunye neMacOS.
Ukukhutshwa okutsha kulungisa ubuthathaka obuthathu:
- I-CVE-2021-33035 - Ivumela ukuphunyezwa kwekhowudi xa uvula ifayile yeDBF eyenziwe ngokukodwa. Ingxaki ibangelwa yi-OpenOffice exhomekeke kwindawo Ubude kunye ne-fieldType amaxabiso kwi-header yeefayile ze-DBF ukunika imemori, ngaphandle kokukhangela ukuba uhlobo lwedatha oluyinyani kwimihlaba luyahambelana. Ukwenza uhlaselo, ungakhankanya uhlobo lwe-INTEGER kwintsimiUhlobo lwexabiso, kodwa beka idatha enkulu kwaye uchaze intsimiUbude bexabiso elingahambelani nobungakanani bedatha enohlobo lwe-INTEGER, oluya kukhokelela kumsila wedatha. ukusuka kumhlaba ubhalwa ngaphaya kwesithinteli esinikiweyo. Njengomphumo wokuphuphuma kwe-buffer elawulwayo, unokuphinda uchaze isalathisi sokubuyisela ukusuka kumsebenzi kwaye, usebenzisa iindlela zokucwangcisa ezijoliswe ekubuyiseleni (i-ROP - iNkqubo yokuBuyiselwa kokuBuyisa), fezekisa ukuphunyezwa kwekhowudi yakho.
- I-CVE-2021-40439 "iBhiliyoni ehlekayo" i-DoS ihlaselo (ibhomu ye-XML), ekhokelela ekuphelelweni kwezixhobo ezikhoyo zenkqubo xa kusenziwa uxwebhu olulungiselelwe ngokukodwa.
- I-CVE-2021-28129 - Imixholo yephakheji ye-DEB ifakwe kwisistim njengomsebenzisi ongenangcambu.
Utshintsho olungakhuselekanga:
- Ubungakanani befonti kwizicatshulwa zecandelo loncedo bondisiwe.
- Into yongezwe kwiFaka imenyu ukulawula iziphumo zeefonti zeFontwork.
- Yongeza i icon elahlekileyo kwimenyu yeFayile yomsebenzi wokukhuphela ngaphandle kwePDF.
- Ingxaki ngokulahleka kwemizobo xa ukugcinwa kwifomathi ye-ODS kusonjululwe.
- Umba onomsebenzi othile oluncedo ovalwe yincoko yababini yoqinisekiso lomsebenzi eyongezwe kukhupho lwangaphambili uye wasonjululwa (umzekelo, incoko yababini ibonisiwe xa kubhekiswa kwicandelo elikuxwebhu olufanayo).
umthombo: opennet.ru