Kungekudala Ulwazi malunga nokuba sesichengeni lwakhutshwa (I-CVE-2018-16858) yeyiphi ichaphazele iOfreOffice kunye neapache OpenOffice suites zeofisi apho kusetyenziswa khona ukuba eOku kuvumela ukwenza ikhowudi kwinkqubo xa uvula uxwebhu olukhutshwe ngokukodwa kwifomathi ye-ODT.
Ukufunyanwa sYenziwe kwiWindows, nangona oku kuxhaphaza kuchaphazela neLinux, umntu oxele le meko yokuba sesichengeni uqaphele ukuba ezi suites ziyahambelana neskripthi kunye nesiSeko, iBeanShell, iJava, iJavaScript kunye nePython ziyahambelana.
Buyintoni obu buthathaka?
Kubalulekile ukukhankanya ukuba nangona kuyingxaki ebikhe yafunyanwa ukusukela kunyaka ophelileyo, kunye nesisombululo esenziwe kwiiveki nje ezimbini.
Ngezizathu zenkqubo kumntu ofumene oku (ungakujonga ukupapashwa kwayo AphaWayalelwa ukuba enze ingxelo de kube kutshanje.
Ingxaki kungenxa yokunqongophala kweetsheki eziyimfuneko kwikhowudi yokuqhubekeka kwe-macro efakwe kuxwebhu, ezinokubangelwa yiminyhadala eyahlukeneyo, enje ngemouse ekhomba kwinto ethile.
Xa usebenzisa oonobumba "../" kwindlela eya kumlawuli, umhlaseli unokugqitha kwizikhombisi ezisisiseko kunye nezikripthi .
Umhlaseli usebenzisa ithuba loku kwaye ukwenza ikhowudi yakho isebenzisa i-pydoc.py script function ikhona kunikezelo oluninzi (ikwabandakanyiwe kwiLibreOffice yeWindows package - python-core-3.5.5 \ lib \ pydoc.py).
Oku kuchaza umsebenzi tempfilepager() ejonga ukwenza nayiphi na ifayile enokufezekiswa eneempikiswano ezibambeneyo ngokubiza umsebenzi os.system().
Umzekelo, ukusebenzisa ikhalityhuleyitha xa uskrolela ikhonkco kwindawo ethile kuxwebhu, qhagamshela iskripthi vnd.sun.star.script:../../lib/python3.5/pydoc.py$ kumphathi womsitho "dom: mouseover" qhagamshela iskripthi ku "vnd.sun.star.script:../../lib/python3.5/pydoc.py$tempfilepager(1, gnome-calculator )?language=Python&location=share".
Oku sinokukubona kule vidiyo ilandelayo:
Ubungozi bufunyenwe kwaye kwaxelwa kunyaka ophelileyo kwaye yasuswa kwiinguqulelo zeLibreOffice 6.0.7 kunye no-6.1.3.
Ngexesha Kwinguqulelo yangoku ye-Apache OpenOffice 4.1.6, ingxakia ihleli Ayilunganga.
Sele sisikhona isisombululo
Njengesisombululo sokuthintela ubungozi kwi-OpenOffice, Kuyacetyiswa ukuba ucime ifayile yePythonscript.py yolawulo lwesicelo apho oku kungafunyanwa kule ndlela ilandelayo "/opt/openoffice4/program/pythonscript.py".
Ukongeza kuyo Ingxaki ayimiselwanga okwangoku kwi-Debian Jessie, Ubuntu 16.04, SUSE kunye ne-OpenSUSE.
Kwelinye icala i-RHEL, i-CentOS kunye no-Ubuntu 18.04 kunye no-Ubuntu 18.10 abachatshazelwa yile ngxaki.
KwiOpenOffice kunye neLibreOffice ukuya kuthi ga kwaye kubandakanya inguqulelo 6.0, ukuxhaphazwa komngcipheko kunqunyelwe ekusebenzeni kweempendulo zePython zalapha. ekhoyo ngenxa yokunqongophala kwenkxaso yokugqithisa iimpikiswano kwimisebenzi ebizwa kwii-macros.
Ukuhlasela iOpenOffice kunye neenguqulelo zangaphambili zeLibreOffice, umhlaseli kufuneka akhusele indawo yeskripthi sakho sePython, umzekelo ngokusasaza kwifayile ye-ZIP kunye noxwebhu lwe-ODT.
Xa i-LibreOffice 6.1.x ihlasela, ungasebenzisa iskripthi senkqubo ye-pydoc.py ukwenza iifayile ezingahambelaniyo nayo nayiphi na iparameter.
Kwakhona, I-vector ehlaselayo enokwenzeka ikhankanyiwe kwiphakheji ye-ImageMagick, esetyenziswa yiLibreOffice ukuguqula iintlobo ezithile zeefayile.
Olu hlaselo lwenziwa ngokuphatha imifanekiso esekwe kwi-ImageMagick iyingozi kuba uxwebhu lokuba sesichengeni ingathunyelwa njengefayile yeJPEG okanye ye-PNG enefayile ye-ODT endaweni yomfanekiso (Ifayile enjalo iya kuqhutywa kuba uhlobo lwe-MIME lwamkelwa ngumxholo, endaweni yokuthemba).
Kwithiyori, ingxaki inokuchaphazela ngokuzenzekelayo abenzi bezithonjana ezizenzekelayo zekhompyuter kunye nezalathiso zeefayile ukuba basebenzisa iLibreOffice ukuhlalutya amaxwebhu.
Kule meko, kuhlaselo kunokwanela ukulayisha uxwebhu ngokuxhaphaza okanye ukukhangela umkhombandlela kunye nawo eNautilus.
Kukwabalulekile ukuba babone ukuba basafumana indlela yokufumana ubungozi ngokusetyenziswa okungafaniyo kwe-ImageMagick.