Kunetsekana kwakaonekwa kwakabata Libreoffice uye OpenOffice

Vulnerakuva libreoffice

Munguva pfupi yapfuura ruzivo nezvekushushikana rwakaburitswa (CVE-2018-16858) izvo yakanganisa LibreOffice uye Apache OpenOffice suites hofisi mairi inoshandiswa kuti eIzvi zvinobvumidza kuita kodhi musisitimu kana uchivhura gwaro rakanyanya kuburitswa muODD fomati

Kuwanikwa sYakaitwa paWindows, kunyangwe iko kushungurudzwa uku kuchikanganisa Linux, Iye munhu akataura nezvekukuvara uku akaona kuti masutu aya anowirirana nechinyorwa uye Basic, BeanShell, Java, JavaScript nePython zvinoenderana.

Chii chinonzi kunetseka kunobva?

Izvo zvakakosha kuti utaure kuti kunyangwe iri dambudziko rakaonekwa kubva gore rapfuura, pamwe nemhinduro yakaitwa mumasvondo maviri chete.

Nezvikonzero zvehunhu kumunhu akaona izvi (unogona kutarisa kuburitswa kwayo pano) akarairwa kuita chirevo kusvika nguva pfupi yadarika.

Dambudziko rakakonzerwa nekushaikwa kwemacheke anodiwa mune macro yekugadzirisa kodhi yakadzika mune iro gwaro, iyo inogona kukonzerwa nezviitiko zvakasiyana, senge mbeva inonongedzera kuchinhu.

Paunenge uchishandisa mavara "../" munzira yekumudzori, anorwisa anogona kupfuura madhairekitori ezasi nema script .

Anorwisa anotora mukana weizvi uye kuita kodhi yako inoshandisa iyo pydoc.py script basa iripo mune akawanda ekuparadzira (zvakare akaisirwa muLibreOffice yeWindows package - python-core-3.5.5 \ lib \ pydoc.py).

Izvi zvinotsanangura basa tempfilepager() iyo inotarisira kuita chero faira rinoburitswa nenharo dzekupokana nekudana basa os.system().

Semuenzaniso, kumhanyisa karukureta paunenge uchipeta chinongedzo kune imwe nzvimbo mugwaro, ingobatanidza script vnd.sun.star.script:../../lib/python3.5/pydoc.py$ kune anobata chiitiko "dom: mouseover" ingobatanidza script ku "vnd.sun.star.script:../../lib/python3.5/pydoc.py$tempfilepager(1, gnome-calculator )?language=Python&location=share".

Tinogona kuona izvi muvhidhiyo inotevera:

Kushushikana kwakaonekwa uye kwakataurwa gore rapfuura uye kwakabviswa muRibreOffice vhezheni 6.0.7 uye 6.1.3.

Nguva mune yazvino vhezheni yeApache OpenOffice 4.1.6, iro dambudzikozvinoramba zviripo Zvisina kukodzera.

Iko kutove nemhinduro

Semhinduro yekudzivirira kusagadzikana muOpenOffice, zvinokurudzirwa kuti ubvise iyo Pythonscript.py faira ye dhairekitori rekunyorera kuti izvi zvinogona kuwanikwa munzira inotevera "/opt/openoffice4/program/pythonscript.py".

Pamusoro pazvo dambudziko harina kugadziriswa parizvino paDebian Jessie, Ubuntu 16.04, SUSE uye openSUSE.

Kune rimwe divi RHEL, CentOS pamwe neUbuntu 18.04 uye Ubuntu 18.10 haina kukanganiswa nedambudziko iri.

MuOpenOffice uye LibreOffice kusvika uye kusanganisira vhezheni 6.0, kushandiswa kwekusagadzikana kunogumira mukuitwa kwenzvimbo dzePython zvinyorwa. zviripo nekuda kwekushaikwa kwerutsigiro rwekupfuudza nharo kumabasa akadaidzwa kubva kumacros.

Kurwisa OpenOffice uye shanduro dzekare dzeLibreOffice, anorwisa anofanirwa kuchengetedza nzvimbo yeyako Python script, semuenzaniso nekuiparadzira muZIP faira pamwe negwaro reODT

Kana LibreOffice 6.1.x ichirwisa, unogona kushandisa pydoc.py system script kuita zvinopesana mafaira nechero paramende.

Uyewo, inogona kuitika yekurwisa vector inotaurwa kuburikidza neiyo ImageMagick package, iyo LibreOffice inoshandisa kushandura mamwe marudzi emafaira.

Uku kurwisa kunowanikwa kuburikidza nevabati vemifananidzo zvichibva pa ImageMagick zvine njodzi nekuti gwaro rekushupika inogona kutumirwa seJPEG kana PNG faira ine faira yeODT pachinzvimbo chemufananidzo (faira rakadai rinogadziriswa nekuti mhando yeMIME inozivikanwa nezviri mukati mayo, pane kuvimba).

Mune dzidziso, dambudziko rinogona zvakare kukanganisa otomatiki vagadziri ve desktop uye mafaera indexers kana vakashandisa LibreOffice kuongorora magwaro.

Mune ino kesi, yekurwisa zvinogona kukwana kungoisa gwaro nekushandisa kana kufamba dhairekitori naro muNautilus.

Izvo zvakakoshawo kuti vaone kuti vachiri kutsvaga nzira yekuwana kushomeka kuburikidza nekushandisa kwakasiyana kweiyo ImageMagick.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako