An update for yelp is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1535 Final 1.0 1.0 2025-05-23 Initial 2025-05-23 2025-05-23 openEuler SA Tool V1.0 2025-05-23 yelp security update An update for yelp is now available for openEuler-24.03-LTS-SP1 Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification. Security Fix(es): A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.(CVE-2025-3155) An update for yelp is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High yelp https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1535 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-3155 https://nvd.nist.gov/vuln/detail/CVE-2025-3155 openEuler-24.03-LTS-SP1 yelp-42.2-3.oe2403sp1.x86_64.rpm yelp-debuginfo-42.2-3.oe2403sp1.x86_64.rpm yelp-debugsource-42.2-3.oe2403sp1.x86_64.rpm yelp-devel-42.2-3.oe2403sp1.x86_64.rpm yelp-42.2-3.oe2403sp1.aarch64.rpm yelp-debuginfo-42.2-3.oe2403sp1.aarch64.rpm yelp-debugsource-42.2-3.oe2403sp1.aarch64.rpm yelp-devel-42.2-3.oe2403sp1.aarch64.rpm yelp-42.2-3.oe2403sp1.src.rpm A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. 2025-05-23 CVE-2025-3155 openEuler-24.03-LTS-SP1 High 7.4 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N yelp security update 2025-05-23 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1535