Ngemva kwezinyanga ezintathu zokuthuthukiswa kanye neminyaka eyisikhombisa kusukela ekukhululweni okubalulekile kokugcina, ukukhululwa kokulungisa kwe-office suite i-Apache OpenOffice 4.1.10 kwakhiwa, okuhlongoze ukulungiswa oku-2. Amaphakheji enziwe ngomumo alungiselelwa i-Linux, iWindows ne-macOS.
Ukukhishwa kulungisa ukuba sengozini (CVE-2021-30245) okuvumela ikhodi engafanele ukuthi isetshenziswe kusistimu lapho uchofozwa isixhumanisi esiklanywe ngokukhethekile kudokhumenti. Ukuba sengozini kungenxa yephutha ekucubungulweni kwezixhumanisi ze-hypertext ezisebenzisa izivumelwano ngaphandle kuka-"http://" kanye no-"https://", njengokuthi "smb://" kanye ne-"dav://".
Isibonelo, umhlaseli angabeka ifayela elisebenzisekayo kuseva yakhe ye-SMB futhi afake isixhumanisi kulo kudokhumenti. Uma umsebenzisi achofoza lesi sixhumanisi, ifayela elishiwo elisebenzisekayo lizosetshenziswa ngaphandle kwesixwayiso. Ukuhlasela kuboniswe ku-Windows naku-Xubuntu. Ukuze uthole ukuphepha, i-OpenOffice 4.1.10 yengeze ingxoxo eyengeziwe edinga ukuthi umsebenzisi aqinisekise ukusebenza lapho elandela isixhumanisi kudokhumenti.
Abacwaningi abahlonze inkinga baphawule ukuthi akuyona i-Apache OpenOffice kuphela, kodwa futhi i-LibreOffice ithintwa inkinga (CVE-2021-25631). Ku-LibreOffice, ukulungiswa okwamanje kutholakala ngesimo sesiqephu esifakwe ekukhishweni kwe-LibreOffice 7.0.5 kanye ne-7.1.2, kodwa kulungisa inkinga kuphela ku-Windows platform (uhlu lwezandiso zefayela ezinqatshelwe lubuyekeziwe. ). Abathuthukisi be-LibreOffice benqabile ukufaka ukulungiswa kwe-Linux, bebeka iqiniso lokuthi inkinga ibingekho endaweni yabo yesibopho futhi kufanele ixazululwe ngasohlangothini lwezindawo zokusabalalisa/umsebenzisi. Ngokungeziwe kumahhovisi ehhovisi le-OpenOffice kanye ne-LibreOffice, inkinga efanayo iphinde yatholwa ku-Telegram, Nextcloud, VLC, Bitcoin/Dogecoin Wallet, Wireshark kanye ne-Mumble.
Source: opennet.ru