{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"yelp security update", "category":"general", "title":"Synopsis" }, { "text":"An update for yelp is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification.\n\nSecurity Fix(es):\n\nA flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.(CVE-2025-3155)", "category":"general", "title":"Description" }, { "text":"An update for yelp is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"yelp", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1535", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1535" }, { "summary":"CVE-2025-3155", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-3155&packageName=yelp" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3155" }, { "summary":"openEuler-SA-2025-1535 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1535.json" } ], "title":"An update for yelp is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-05-23T22:01:35+08:00", "revision_history":[ { "date":"2025-05-23T22:01:35+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-05-23T22:01:35+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-05-23T22:01:35+08:00", "id":"openEuler-SA-2025-1535", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-42.2-3.oe2403sp1.x86_64.rpm", "name":"yelp-42.2-3.oe2403sp1.x86_64.rpm" }, "name":"yelp-42.2-3.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-debuginfo-42.2-3.oe2403sp1.x86_64.rpm", "name":"yelp-debuginfo-42.2-3.oe2403sp1.x86_64.rpm" }, "name":"yelp-debuginfo-42.2-3.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-debugsource-42.2-3.oe2403sp1.x86_64.rpm", "name":"yelp-debugsource-42.2-3.oe2403sp1.x86_64.rpm" }, "name":"yelp-debugsource-42.2-3.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-devel-42.2-3.oe2403sp1.x86_64.rpm", "name":"yelp-devel-42.2-3.oe2403sp1.x86_64.rpm" }, "name":"yelp-devel-42.2-3.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-42.2-3.oe2403sp1.aarch64.rpm", "name":"yelp-42.2-3.oe2403sp1.aarch64.rpm" }, "name":"yelp-42.2-3.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-debuginfo-42.2-3.oe2403sp1.aarch64.rpm", "name":"yelp-debuginfo-42.2-3.oe2403sp1.aarch64.rpm" }, "name":"yelp-debuginfo-42.2-3.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-debugsource-42.2-3.oe2403sp1.aarch64.rpm", "name":"yelp-debugsource-42.2-3.oe2403sp1.aarch64.rpm" }, "name":"yelp-debugsource-42.2-3.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-devel-42.2-3.oe2403sp1.aarch64.rpm", "name":"yelp-devel-42.2-3.oe2403sp1.aarch64.rpm" }, "name":"yelp-devel-42.2-3.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"yelp-42.2-3.oe2403sp1.src.rpm", "name":"yelp-42.2-3.oe2403sp1.src.rpm" }, "name":"yelp-42.2-3.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-42.2-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.x86_64", "name":"yelp-42.2-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-debuginfo-42.2-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-debuginfo-42.2-3.oe2403sp1.x86_64", "name":"yelp-debuginfo-42.2-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-debugsource-42.2-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-debugsource-42.2-3.oe2403sp1.x86_64", "name":"yelp-debugsource-42.2-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-devel-42.2-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-devel-42.2-3.oe2403sp1.x86_64", "name":"yelp-devel-42.2-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-42.2-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.aarch64", "name":"yelp-42.2-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-debuginfo-42.2-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-debuginfo-42.2-3.oe2403sp1.aarch64", "name":"yelp-debuginfo-42.2-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-debugsource-42.2-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-debugsource-42.2-3.oe2403sp1.aarch64", "name":"yelp-debugsource-42.2-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-devel-42.2-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-devel-42.2-3.oe2403sp1.aarch64", "name":"yelp-devel-42.2-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"yelp-42.2-3.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.src", "name":"yelp-42.2-3.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-3155", "notes":[ { "text":"A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-debuginfo-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-debugsource-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-devel-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-debuginfo-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-debugsource-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-devel-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-debuginfo-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-debugsource-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-devel-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-debuginfo-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-debugsource-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-devel-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.src" ], "details":"yelp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1535" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-debuginfo-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-debugsource-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-devel-42.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-debuginfo-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-debugsource-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-devel-42.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:yelp-42.2-3.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-3155" } ] }