Yelp could be made to expose sensitive information over the network.
Software Description:
- yelp: Help browser for GNOME
- yelp-xsl: XSL stylesheets for the yelp help browser
Details:
It was discovered that Yelp incorrectly handled paths in ghelp URLs. A
remote attacker could use this issue to trick users into opening malicious
downloaded help files and exfiltrate sensitive information.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 yelp 42.2-2ubuntu0.1 yelp-xsl 42.1-3ubuntu0.1 Ubuntu 24.10 yelp 42.2-1ubuntu0.24.10.1 yelp-xsl 42.1-2ubuntu0.24.10.1 Ubuntu 24.04 LTS yelp 42.2-1ubuntu0.24.04.1 yelp-xsl 42.1-2ubuntu0.24.04.1 Ubuntu 22.04 LTS yelp 42.1-1ubuntu0.1 yelp-xsl 42.0-1ubuntu0.1 Ubuntu 20.04 LTS yelp 3.36.2-0ubuntu1.1 yelp-xsl 3.36.0-1ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7447-1
CVE-2025-3155
Get the latest Linux and open source security news straight to your inbox.