OESA-2025-1535

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1535

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1535.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1535

Upstream

CVE-2025-3155

Published

2025-05-23T13:59:42Z

Modified

2025-08-12T05:50:20.813382Z

Summary

yelp security update

Details

Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification.

Security Fix(es):

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.(CVE-2025-3155)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:24.03-LTS-SP1 / yelp

Package

Name: yelp
Purl: pkg:rpm/openEuler/yelp&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

42.2-3.oe2403sp1

Ecosystem specific

{
    "src": [
        "yelp-42.2-3.oe2403sp1.src.rpm"
    ],
    "x86_64": [
        "yelp-42.2-3.oe2403sp1.x86_64.rpm",
        "yelp-debuginfo-42.2-3.oe2403sp1.x86_64.rpm",
        "yelp-debugsource-42.2-3.oe2403sp1.x86_64.rpm",
        "yelp-devel-42.2-3.oe2403sp1.x86_64.rpm"
    ],
    "aarch64": [
        "yelp-42.2-3.oe2403sp1.aarch64.rpm",
        "yelp-debuginfo-42.2-3.oe2403sp1.aarch64.rpm",
        "yelp-debugsource-42.2-3.oe2403sp1.aarch64.rpm",
        "yelp-devel-42.2-3.oe2403sp1.aarch64.rpm"
    ]
}