Updated yelp & yelp-xsl packages fix security vulnerability
Publication date: 15 Nov 2025Modification date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3155
Description
The Gnome user help application allows the help document to execute
arbitrary scripts. This vulnerability allows malicious users to input
help documents, which may exfiltrate user files to an external
environment. (CVE-2025-3155)
References
- https://bugs.mageia.org/show_bug.cgi?id=34173
- https://www.openwall.com/lists/oss-security/2025/04/04/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27Z5WA2SKQGJ4UVVHUNWY73Y4PNKT3AA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNBXVCRWOMV4OCPACFVW6R4I6T4PSAEM/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/T4HL3S3XNP5C4Q7YW3W22GDBDEEXQDW2/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3155
SRPMS
9/core
- yelp-42.2-1.1.mga9
- yelp-xsl-42.1-1.1.mga9