Lucene search
Gentoo FoundationGLSA-200809-01HistorySep 04, 2008 - 12:00 a.m.
yelp: User-assisted execution of arbitrary code
2008-09-0400:00:00
Gentoo Foundation
security.gentoo.org
16
0.078 Low
EPSS
Percentile
94.2%
Background
yelp is the default help browser for GNOME.
Description
Aaron Grattafiori reported a format string vulnerability in the window_error() function in yelp-window.c.
Impact
A remote attacker can entice a user to open specially crafted “man:” or “ghelp:” URIs in yelp, or an application using yelp such as Firefox or Evolution, and execute arbitrary code with the privileges of that user.
Workaround
There is no known workaround at this time.
Resolution
All yelp users running GNOME 2.22 should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.22.1-r2"
All yelp users running GNOME 2.20 should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.20.0-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | gnome-extra/yelp | < 2.22.1-r2 | UNKNOWN |
Related
nessus
nessus
openSUSE Security Update : yelp (yelp-271)
2009-07-21 00:00:00
Fedora 8 : yelp-2.20.0-12.fc8 (2008-7293)
2008-09-10 00:00:00
Ubuntu 7.10 / 8.04 LTS : yelp vulnerability (USN-638-1)
2008-08-28 00:00:00
securityvulns
securityvulns
yelp format string vulnerability
2008-08-21 00:00:00
[ MDVSA-2008:175 ] yelp
2008-08-21 00:00:00
openvas
openvas
Ubuntu Update for yelp vulnerability USN-638-1
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200809-01 (yelp)
2008-09-24 00:00:00
Mandriva Update for yelp MDVSA-2008:175 (yelp)
2009-04-09 00:00:00
ubuntucve
ubuntucve
CVE-2008-3533
2008-08-18 00:00:00
cve
cve
CVE-2008-3533
2008-08-18 17:41:00
ubuntu
ubuntu
Yelp vulnerability
2008-08-27 00:00:00
debiancve
debiancve
CVE-2008-3533
2008-08-18 17:41:00
fedora
fedora
[SECURITY] Fedora 8 Update: yelp-2.20.0-12.fc8
2008-09-10 06:50:31
prion
prion
Format string
2008-08-18 17:41:00