SUSE-SU-2022:3666-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223666-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3666-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3666-1
Related
Published
2022-10-19T18:45:15Z
Modified
2022-10-19T18:45:15Z
Summary
Security update for helm
Details

This update for helm fixes the following issues:

helm was updated to version 3.9.4:

  • CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054).
  • Updating the certificates used for testing
  • Updating index handling

helm was updated to version 3.9.3:

  • CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528).
  • Fix missing array length check on release

helm was updated to version 3.9.2:

  • Update of the circleci image

helm was updated to version 3.9.1:

  • Update to support Kubernetes 1.24.2
  • Improve logging and safety of statefulSetReady
  • Make token caching an opt-in feature
  • Bump github.com/lib/pq from 1.10.5 to 1.10.6
  • Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3

helm was updated to version 3.9.0:

  • Added a --quiet flag to helm lint
  • Added a --post-renderer-args flag to support arguments being passed to the post renderer
  • Added more checks during the signing process
  • Updated to add Kubernetes 1.24 support

helm was updated to version 3.8.2:

  • Bump oras.land/oras-go from 1.1.0 to 1.1.1
  • Fixing downloader plugin error handling
  • Simplify testdata charts
  • Simplify testdata charts
  • Add tests for multi-level dependencies.
  • Fix value precedence
  • Bumping Kubernetes package versions
  • Updating vcs to latest version
  • Dont modify provided transport
  • Pass http getter as pointer in tests
  • Add docs block
  • Add transport option and tests
  • Reuse http transport
  • Updating Kubernetes libs to 0.23.4 (latest)
  • fix: remove deadcode
  • fix: helm package tests
  • fix: helm package with dependency update for charts with OCI dependencies
  • Fix typo Unset the env var before func return in Unit Test
  • add legal name check
  • maint: fix syntax error in deploy.sh
  • linting issue fixed
  • only apply overwrite if version is canary
  • overwrite flag added to az storage blob upload-batch
  • Avoid querying for OCI tags can explicit version provided in chart dependencies
  • Management of bearer tokens for tag listing
  • Updating Kubernetes packages to 1.23.3
  • refactor: use os.ReadDir for lightweight directory reading
  • Add IngressClass to manifests to be (un)installed
  • feat(comp): Shell completion for OCI
  • Fix install memory/goroutine leak
References

Affected packages

SUSE:Linux Enterprise Module for Containers 15 SP3 / helm

Package

Name
helm
Purl
purl:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.4-150000.1.10.3

Ecosystem specific

{
    "binaries": [
        {
            "helm": "3.9.4-150000.1.10.3",
            "helm-bash-completion": "3.9.4-150000.1.10.3",
            "helm-zsh-completion": "3.9.4-150000.1.10.3"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 15 SP4 / helm

Package

Name
helm
Purl
purl:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.4-150000.1.10.3

Ecosystem specific

{
    "binaries": [
        {
            "helm": "3.9.4-150000.1.10.3",
            "helm-bash-completion": "3.9.4-150000.1.10.3",
            "helm-zsh-completion": "3.9.4-150000.1.10.3"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP3 / helm

Package

Name
helm
Purl
purl:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.4-150000.1.10.3

Ecosystem specific

{
    "binaries": [
        {
            "helm-fish-completion": "3.9.4-150000.1.10.3"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP4 / helm

Package

Name
helm
Purl
purl:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.4-150000.1.10.3

Ecosystem specific

{
    "binaries": [
        {
            "helm-fish-completion": "3.9.4-150000.1.10.3"
        }
    ]
}

openSUSE:Leap 15.3 / helm

Package

Name
helm
Purl
purl:rpm/suse/helm&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.4-150000.1.10.3

Ecosystem specific

{
    "binaries": [
        {
            "helm": "3.9.4-150000.1.10.3",
            "helm-bash-completion": "3.9.4-150000.1.10.3",
            "helm-zsh-completion": "3.9.4-150000.1.10.3",
            "helm-fish-completion": "3.9.4-150000.1.10.3"
        }
    ]
}

openSUSE:Leap 15.4 / helm

Package

Name
helm
Purl
purl:rpm/suse/helm&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.4-150000.1.10.3

Ecosystem specific

{
    "binaries": [
        {
            "helm": "3.9.4-150000.1.10.3",
            "helm-bash-completion": "3.9.4-150000.1.10.3",
            "helm-zsh-completion": "3.9.4-150000.1.10.3",
            "helm-fish-completion": "3.9.4-150000.1.10.3"
        }
    ]
}