OESA-2025-1609

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1609

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1609.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1609

Upstream

CVE-2025-3155

Published

2025-06-06T14:04:22Z

Modified

2025-08-12T05:50:23.305548Z

Summary

yelp security update

Details

Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification.

Security Fix(es):

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.(CVE-2025-3155)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / yelp

Package

Name: yelp
Purl: pkg:rpm/openEuler/yelp&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.38.3-2.oe2203sp3

Ecosystem specific

{
    "src": [
        "yelp-3.38.3-2.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "yelp-3.38.3-2.oe2203sp3.x86_64.rpm",
        "yelp-debuginfo-3.38.3-2.oe2203sp3.x86_64.rpm",
        "yelp-debugsource-3.38.3-2.oe2203sp3.x86_64.rpm",
        "yelp-devel-3.38.3-2.oe2203sp3.x86_64.rpm"
    ],
    "noarch": [
        "yelp-help-3.38.3-2.oe2203sp3.noarch.rpm"
    ],
    "aarch64": [
        "yelp-3.38.3-2.oe2203sp3.aarch64.rpm",
        "yelp-debuginfo-3.38.3-2.oe2203sp3.aarch64.rpm",
        "yelp-debugsource-3.38.3-2.oe2203sp3.aarch64.rpm",
        "yelp-devel-3.38.3-2.oe2203sp3.aarch64.rpm"
    ]
}