Описание
Security update for yelp
This update for yelp fixes the following issues:
- CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs (bsc#1240688).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
libyelp0-42.2-150600.3.3.1
yelp-42.2-150600.3.3.1
yelp-devel-42.2-150600.3.3.1
yelp-lang-42.2-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
libyelp0-42.2-150600.3.3.1
yelp-42.2-150600.3.3.1
yelp-devel-42.2-150600.3.3.1
yelp-lang-42.2-150600.3.3.1
openSUSE Leap 15.6
libyelp0-42.2-150600.3.3.1
yelp-42.2-150600.3.3.1
yelp-devel-42.2-150600.3.3.1
yelp-lang-42.2-150600.3.3.1
Ссылки
- Link for SUSE-SU-2025:02170-1
- E-Mail link for SUSE-SU-2025:02170-1
- SUSE Security Ratings
- SUSE Bug 1240688
- SUSE CVE CVE-2025-3155 page
Описание
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libyelp0-42.2-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:yelp-42.2-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:yelp-devel-42.2-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:yelp-lang-42.2-150600.3.3.1
Ссылки
- CVE-2025-3155
- SUSE Bug 1240688