An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
Created libreoffice tracking bugs for this issue:
Affects: fedora-all [bug 1575000]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3054 https://access.redhat.com/errata/RHSA-2018:3054