Описание
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| yelp | fixed | 42.2-3 | package | |
| yelp-xsl | fixed | 42.1-4 | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2357091
https://www.openwall.com/lists/oss-security/2025/04/04/1
https://gitlab.gnome.org/GNOME/yelp/-/issues/221
https://blogs.gnome.org/mcatanzaro/2025/04/15/dangerous-arbitrary-file-read-vulnerability-in-yelp-cve-2025-3155/
https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2
Связанные уязвимости
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
ELSA-2025-7569: yelp and yelp-xsl security update (IMPORTANT)