OESA-2025-1607
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1607
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-1607.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-1607
- Upstream
- Published
- 2025-06-06T14:04:19Z
- Modified
- 2025-08-12T05:50:22.299891Z
- Summary
- yelp security update
- Details
-
Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification.
Security Fix(es):
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.(CVE-2025-3155)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS / yelp
Package
- Name
- yelp
- Purl
- pkg:rpm/openEuler/yelp&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed42.2-3.oe2403
Ecosystem specific
{
"src": [
"yelp-42.2-3.oe2403.src.rpm"
],
"x86_64": [
"yelp-42.2-3.oe2403.x86_64.rpm",
"yelp-debuginfo-42.2-3.oe2403.x86_64.rpm",
"yelp-debugsource-42.2-3.oe2403.x86_64.rpm",
"yelp-devel-42.2-3.oe2403.x86_64.rpm"
],
"aarch64": [
"yelp-42.2-3.oe2403.aarch64.rpm",
"yelp-debuginfo-42.2-3.oe2403.aarch64.rpm",
"yelp-debugsource-42.2-3.oe2403.aarch64.rpm",
"yelp-devel-42.2-3.oe2403.aarch64.rpm"
]
}