SUSE-SU-2022:3666-1
- Source
- https://www.suse.com/support/update/announcement/2022/suse-su-20223666-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3666-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2022:3666-1
- Upstream
- Related
- Published
- 2022-10-19T18:45:15Z
- Modified
- 2026-03-11T07:21:15.285313Z
- Summary
- Security update for helm
- Details
-
This update for helm fixes the following issues:
helm was updated to version 3.9.4:
- CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054).
- Updating the certificates used for testing
- Updating index handling
helm was updated to version 3.9.3:
- CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528).
- Fix missing array length check on release
helm was updated to version 3.9.2:
- Update of the circleci image
helm was updated to version 3.9.1:
- Update to support Kubernetes 1.24.2
- Improve logging and safety of statefulSetReady
- Make token caching an opt-in feature
- Bump github.com/lib/pq from 1.10.5 to 1.10.6
- Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3
helm was updated to version 3.9.0:
- Added a --quiet flag to helm lint
- Added a --post-renderer-args flag to support arguments being passed to the post renderer
- Added more checks during the signing process
- Updated to add Kubernetes 1.24 support
helm was updated to version 3.8.2:
- Bump oras.land/oras-go from 1.1.0 to 1.1.1
- Fixing downloader plugin error handling
- Simplify testdata charts
- Simplify testdata charts
- Add tests for multi-level dependencies.
- Fix value precedence
- Bumping Kubernetes package versions
- Updating vcs to latest version
- Dont modify provided transport
- Pass http getter as pointer in tests
- Add docs block
- Add transport option and tests
- Reuse http transport
- Updating Kubernetes libs to 0.23.4 (latest)
- fix: remove deadcode
- fix: helm package tests
- fix: helm package with dependency update for charts with OCI dependencies
- Fix typo Unset the env var before func return in Unit Test
- add legal name check
- maint: fix syntax error in deploy.sh
- linting issue fixed
- only apply overwrite if version is canary
- overwrite flag added to az storage blob upload-batch
- Avoid querying for OCI tags can explicit version provided in chart dependencies
- Management of bearer tokens for tag listing
- Updating Kubernetes packages to 1.23.3
- refactor: use
os.ReadDirfor lightweight directory reading - Add IngressClass to manifests to be (un)installed
- feat(comp): Shell completion for OCI
- Fix install memory/goroutine leak
- References
Affected packages
openSUSE:Leap 15.3
helm
Package
- Name
- helm
- Purl
- pkg:rpm/opensuse/helm&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.9.4-150000.1.10.3
openSUSE:Leap 15.4
helm
Package
- Name
- helm
- Purl
- pkg:rpm/opensuse/helm&distro=openSUSE%20Leap%2015.4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.9.4-150000.1.10.3
SUSE:Linux Enterprise Module for Containers 15 SP3
helm
Package
- Name
- helm
- Purl
- pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.9.4-150000.1.10.3
SUSE:Linux Enterprise Module for Containers 15 SP4
helm
Package
- Name
- helm
- Purl
- pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.9.4-150000.1.10.3