Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 44 Yelp 49.1 Critical CSP Exfiltration Advisory 2026-ed4f450fa9

Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to yelp's CSP being too permissive. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ed4f450fa9 2026-05-17 01:26:47.130151+00:00 -------------------------------------------------------------------------------- Name : yelp Product : Fedora 44 Version : 49.1 Release : 1.fc44 URL : https://wiki.gnome.org/Apps/Yelp Summary : Help browser for the GNOME desktop Description : Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook. -------------------------------------------------------------------------------- Update Information: Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to yelp's CSP being too permissive -------------------------------------------------------------------------------- ChangeLog: * Wed May 6 2026 Packit - 2:49.1-1 - Update to 49.1 upstream release * Mon Mar 2 2026 Jan Grulich - 2:49.0-5 - Packit: drop upstream_project_url and rely on release-monitoring only * Wed Feb 25 2026 Jan Grulich - 2:49.0-4 - Packit: drop fast_forward_merge_into as current stable branches diverge * Tue Feb 24 2026 Jan Grulich - 2:49.0-3 - Onboard to Packit for stable Fedora branches -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ed4f450fa9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Yelp 49.1 update addresses CSP issues allowing Flatpak apps to exfiltrate host files, enhancing security on Fedora 44.. Fedora 44, Yelp application, security update, Flatpak issues, critical advisory. . Severity: Critical. LinuxSecurity.com Team

May 17, 2026 •Critical Fedora