Security update for yelp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02170-1 Final 1 1 2025-06-30T07:15:30Z current 2025-06-30T07:15:30Z 2025-06-30T07:15:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for yelp This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs (bsc#1240688). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2170,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-2170,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-2170,openSUSE-SLE-15.6-2025-2170 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502170-1/ Link for SUSE-SU-2025:02170-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040540.html E-Mail link for SUSE-SU-2025:02170-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1240688 SUSE Bug 1240688 https://www.suse.com/security/cve/CVE-2025-3155/ SUSE CVE CVE-2025-3155 page SUSE Linux Enterprise Module for Desktop Applications 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 openSUSE Leap 15.6 libyelp0-42.2-150600.3.3.1 yelp-42.2-150600.3.3.1 yelp-devel-42.2-150600.3.3.1 yelp-lang-42.2-150600.3.3.1 libyelp0-42.2-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 yelp-42.2-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 yelp-devel-42.2-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 yelp-lang-42.2-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 libyelp0-42.2-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 yelp-42.2-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 yelp-devel-42.2-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 yelp-lang-42.2-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libyelp0-42.2-150600.3.3.1 as a component of openSUSE Leap 15.6 yelp-42.2-150600.3.3.1 as a component of openSUSE Leap 15.6 yelp-devel-42.2-150600.3.3.1 as a component of openSUSE Leap 15.6 yelp-lang-42.2-150600.3.3.1 as a component of openSUSE Leap 15.6 A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libyelp0-42.2-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:yelp-42.2-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:yelp-devel-42.2-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:yelp-lang-42.2-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libyelp0-42.2-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:yelp-42.2-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:yelp-devel-42.2-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:yelp-lang-42.2-150600.3.3.1 openSUSE Leap 15.6:libyelp0-42.2-150600.3.3.1 openSUSE Leap 15.6:yelp-42.2-150600.3.3.1 openSUSE Leap 15.6:yelp-devel-42.2-150600.3.3.1 openSUSE Leap 15.6:yelp-lang-42.2-150600.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502170-1/ https://www.suse.com/security/cve/CVE-2025-3155.html CVE-2025-3155 https://bugzilla.suse.com/1240688 SUSE Bug 1240688