yelp: User-assisted execution of arbitrary code

2008-09-04T00:00:00
ID GLSA-200809-01
Type gentoo
Reporter Gentoo Foundation
Modified 2008-09-04T00:00:00

Description

Background

yelp is the default help browser for GNOME.

Description

Aaron Grattafiori reported a format string vulnerability in the window_error() function in yelp-window.c.

Impact

A remote attacker can entice a user to open specially crafted "man:" or "ghelp:" URIs in yelp, or an application using yelp such as Firefox or Evolution, and execute arbitrary code with the privileges of that user.

Workaround

There is no known workaround at this time.

Resolution

All yelp users running GNOME 2.22 should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.22.1-r2"

All yelp users running GNOME 2.20 should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.20.0-r1"