MDVSA-2008:175

Package name

yelp

Date

2008-08-20

Advisory ID

MDVSA-2008:175

Affected versions

2008.1 i586 , 2008.1 x86_64 , 2008.0 i586 , 2008.0 x86_64

Problem description

A format string vulnerability was discovered in yelp after version
2.19.90 and before 2.24 that could allow remote attackers to execute
arbitrary code via format string specifiers in an invalid URI on the
command-line or via URI helpers in Firefox, Evolution, or possibly
other programs (CVE-2008-3533).

The updated packages have been patched to correct this issue.

Updated packages

2008.1 i586

 6f58eb4d621798e98aec55cda0900990  2008.1/i586/yelp-2.22.0-2.4mdv2008.1.i586.rpm 
 10880d9090a2cb089674fca828560fe5  2008.1/SRPMS/yelp-2.22.0-2.4mdv2008.1.src.rpm

2008.1 x86_64

 bd939bf4ff92cf5171e59ffac790a9f4  2008.1/x86_64/yelp-2.22.0-2.4mdv2008.1.x86_64.rpm 
 10880d9090a2cb089674fca828560fe5  2008.1/SRPMS/yelp-2.22.0-2.4mdv2008.1.src.rpm

2008.0 i586

 a719b8c3aea21146f01af266c3b45fc7  2008.0/i586/yelp-2.20.0-3.7mdv2008.0.i586.rpm 
 0d2ef45c8b12d4f07161b92be7601a2f  2008.0/SRPMS/yelp-2.20.0-3.7mdv2008.0.src.rpm

2008.0 x86_64

 5412717db7dd8419ce9b28c4de7307ab  2008.0/x86_64/yelp-2.20.0-3.7mdv2008.0.x86_64.rpm 
 0d2ef45c8b12d4f07161b92be7601a2f  2008.0/SRPMS/yelp-2.20.0-3.7mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3533