Ukuba sengozini (CVE-2022-3140) kukhonjwe ehhovisi lamahhala le-LibreOffice suite, elivumela ukuhlela ukwenziwa kwemibhalo engaqondakali lapho uchofoza isixhumanisi esilungiselelwe ngokukhethekile kudokhumenti noma lapho umcimbi othile uqaliswa ngenkathi usebenza nedokhumenti. Inkinga isilungisiwe kuzibuyekezo ze-LibreOffice 7.3.6 kanye ne-7.4.1.
Ukuba sengozini kubangelwa ukwengezwa kosekelo lwesikimu sokushaya esikhulu esingeziwe esithi 'vnd.libreoffice.command' esiqondiswe ku-LibreOffice. Lolu hlelo lungasetshenziswa futhi kuma-URI asetshenziselwa ukuhlanganisa i-LibreOffice neseva ye-MS SharePoint. Umhlaseli angasebenzisa ama-URI anjalo ukuze akhe izixhumanisi ezibiza noma yimaphi ama-macros angaphakathi ngezimpikiswano ezingafanele. Uma ichofozwa noma icushwa umcimbi kudokhumenti, izixhumanisi ezinjalo zingasetshenziswa ukuqalisa imibhalo ngaphandle kokubonisa isixwayiso kumsebenzisi.
Source: opennet.ru