Munguva pfupi yapfuura ruzivo nezvekushushikana rwakaburitswa (CVE-2018-16858) izvo yakanganisa LibreOffice uye Apache OpenOffice suites hofisi mairi inoshandiswa kuti eIzvi zvinobvumidza kuita kodhi musisitimu kana uchivhura gwaro rakanyanya kuburitswa muODD fomati
Kuwanikwa sYakaitwa paWindows, kunyangwe iko kushungurudzwa uku kuchikanganisa Linux, Iye munhu akataura nezvekukuvara uku akaona kuti masutu aya anowirirana nechinyorwa uye Basic, BeanShell, Java, JavaScript nePython zvinoenderana.
Chii chinonzi kunetseka kunobva?
Izvo zvakakosha kuti utaure kuti kunyangwe iri dambudziko rakaonekwa kubva gore rapfuura, pamwe nemhinduro yakaitwa mumasvondo maviri chete.
Nezvikonzero zvehunhu kumunhu akaona izvi (unogona kutarisa kuburitswa kwayo pano) akarairwa kuita chirevo kusvika nguva pfupi yadarika.
Dambudziko rakakonzerwa nekushaikwa kwemacheke anodiwa mune macro yekugadzirisa kodhi yakadzika mune iro gwaro, iyo inogona kukonzerwa nezviitiko zvakasiyana, senge mbeva inonongedzera kuchinhu.
Paunenge uchishandisa mavara "../" munzira yekumudzori, anorwisa anogona kupfuura madhairekitori ezasi nema script .
Anorwisa anotora mukana weizvi uye kuita kodhi yako inoshandisa iyo pydoc.py script basa iripo mune akawanda ekuparadzira (zvakare akaisirwa muLibreOffice yeWindows package - python-core-3.5.5 \ lib \ pydoc.py).
Izvi zvinotsanangura basa tempfilepager() iyo inotarisira kuita chero faira rinoburitswa nenharo dzekupokana nekudana basa os.system().
Semuenzaniso, kumhanyisa karukureta paunenge uchipeta chinongedzo kune imwe nzvimbo mugwaro, ingobatanidza script vnd.sun.star.script:../../lib/python3.5/pydoc.py$ kune anobata chiitiko "dom: mouseover" ingobatanidza script ku "vnd.sun.star.script:../../lib/python3.5/pydoc.py$tempfilepager(1, gnome-calculator )?language=Python&location=share".
Tinogona kuona izvi muvhidhiyo inotevera:
Kushushikana kwakaonekwa uye kwakataurwa gore rapfuura uye kwakabviswa muRibreOffice vhezheni 6.0.7 uye 6.1.3.
Nguva mune yazvino vhezheni yeApache OpenOffice 4.1.6, iro dambudzikoa zvinoramba zviripo Zvisina kukodzera.
Iko kutove nemhinduro
Semhinduro yekudzivirira kusagadzikana muOpenOffice, zvinokurudzirwa kuti ubvise iyo Pythonscript.py faira ye dhairekitori rekunyorera kuti izvi zvinogona kuwanikwa munzira inotevera "/opt/openoffice4/program/pythonscript.py".
Pamusoro pazvo dambudziko harina kugadziriswa parizvino paDebian Jessie, Ubuntu 16.04, SUSE uye openSUSE.
Kune rimwe divi RHEL, CentOS pamwe neUbuntu 18.04 uye Ubuntu 18.10 haina kukanganiswa nedambudziko iri.
MuOpenOffice uye LibreOffice kusvika uye kusanganisira vhezheni 6.0, kushandiswa kwekusagadzikana kunogumira mukuitwa kwenzvimbo dzePython zvinyorwa. zviripo nekuda kwekushaikwa kwerutsigiro rwekupfuudza nharo kumabasa akadaidzwa kubva kumacros.
Kurwisa OpenOffice uye shanduro dzekare dzeLibreOffice, anorwisa anofanirwa kuchengetedza nzvimbo yeyako Python script, semuenzaniso nekuiparadzira muZIP faira pamwe negwaro reODT
Kana LibreOffice 6.1.x ichirwisa, unogona kushandisa pydoc.py system script kuita zvinopesana mafaira nechero paramende.
Uyewo, inogona kuitika yekurwisa vector inotaurwa kuburikidza neiyo ImageMagick package, iyo LibreOffice inoshandisa kushandura mamwe marudzi emafaira.
Uku kurwisa kunowanikwa kuburikidza nevabati vemifananidzo zvichibva pa ImageMagick zvine njodzi nekuti gwaro rekushupika inogona kutumirwa seJPEG kana PNG faira ine faira yeODT pachinzvimbo chemufananidzo (faira rakadai rinogadziriswa nekuti mhando yeMIME inozivikanwa nezviri mukati mayo, pane kuvimba).
Mune dzidziso, dambudziko rinogona zvakare kukanganisa otomatiki vagadziri ve desktop uye mafaera indexers kana vakashandisa LibreOffice kuongorora magwaro.
Mune ino kesi, yekurwisa zvinogona kukwana kungoisa gwaro nekushandisa kana kufamba dhairekitori naro muNautilus.
Izvo zvakakoshawo kuti vaone kuti vachiri kutsvaga nzira yekuwana kushomeka kuburikidza nekushandisa kwakasiyana kweiyo ImageMagick.