SUSE-SU-2025:02153-1

Опубликовано: 27 июн. 2025

Источник: suse-cvrf

Описание

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues:

CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs (bsc#1240688).

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

yelp-xsl-3.20.1-6.3.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202502153-1/
Link for SUSE-SU-2025:02153-1
https://lists.suse.com/pipermail/sle-updates/2025-June/040522.html
E-Mail link for SUSE-SU-2025:02153-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1240688
SUSE Bug 1240688
https://www.suse.com/security/cve/CVE-2025-3155/
SUSE CVE CVE-2025-3155 page

Описание

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Затронутые продукты

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:yelp-xsl-3.20.1-6.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-3155.html
CVE-2025-3155
https://bugzilla.suse.com/1240688
SUSE Bug 1240688

SUSE-SU-2025:02153-1

Описание

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2025-3155

Описание

Затронутые продукты

Ссылки