Techly NewsGet the app

Get the latest tech news

GNOME's Help Browser Affected By A Serious Security Issue For Arbitrary File Reads


The GNOME Help Browser 'Yelp' for viewing HTML / man page / DocBook and other documentation formats from the GNOME desktop is subject to a yet-to-be-patched-upstream security vulnerability that is now public and can allow for arbitrary file reads and could be funneled through your web browser.

Michael Catanzaro of the GNOME Release Team and desktop engineer at Red Hat is raising the alarm bells today over this security issue. In a post earlier this month, "parrot409" who initially reported this issue demonstrated reading~/.ssh/id_rsa in the Chrome web browser. What's worse is there have been proposed patches for addressing this issue within the GNOME help viewer since last month but not yet reviewed and merged even with this vulnerability now public.

Get the Android app

Or read this on Phoronix

Read more on:

Photo of GNOME

GNOME

Photo of security issue

security issue

Photo of arbitrary file reads

arbitrary file reads

Related news:

News photo

Manjaro 25.0 Released With Upgrades To Linux 6.12 Plus GNOME 48 & KDE Plasma 6.3

News photo

GNOME Now Has A Second Core App Written In TypeScript

News photo

Resources 1.8 Released As A Great System Resource Monitor For GNOME

« Trump derails Chinese H20 GPU sales, forcing Nvidia to eat $5.5B this quarter
ISPs and robocallers love the FCC plan to “delete” as many rules as possible »