SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3666

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3666

Security update for helm

Type: security

Severity: important

Issued: 2022-10-19

Description:

This update for helm fixes the following issues:

helm was updated to version 3.9.4:

* CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054).
* Updating the certificates used for testing
* Updating index handling

helm was updated to version 3.9.3:

- CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528).
* Fix missing array length check on release

helm was updated to version 3.9.2:

* Update of the circleci image

helm was updated  to version 3.9.1:

* Update to support Kubernetes 1.24.2
* Improve logging and safety of statefulSetReady
* Make token caching an opt-in feature
* Bump github.com/lib/pq from 1.10.5 to 1.10.6
* Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3

helm was updated to version 3.9.0:

* Added a --quiet flag to helm lint
* Added a --post-renderer-args flag to support arguments being passed to the post renderer
* Added more checks during the signing process
* Updated to add Kubernetes 1.24 support

helm was updated to version 3.8.2:

* Bump oras.land/oras-go from 1.1.0 to 1.1.1
* Fixing downloader plugin error handling
* Simplify testdata charts
* Simplify testdata charts
* Add tests for multi-level dependencies.
* Fix value precedence
* Bumping Kubernetes package versions
* Updating vcs to latest version
* Dont modify provided transport
* Pass http getter as pointer in tests
* Add docs block
* Add transport option and tests
* Reuse http transport
* Updating Kubernetes libs to 0.23.4 (latest)
* fix: remove deadcode
* fix: helm package tests
* fix: helm package with dependency update for charts with OCI dependencies
* Fix typo Unset the env var before func return in Unit Test
* add legal name check
* maint: fix syntax error in deploy.sh
* linting issue fixed
* only apply overwrite if version is canary
* overwrite flag added to az storage blob upload-batch
* Avoid querying for OCI tags can explicit version provided in chart dependencies
* Management of bearer tokens for tag listing
* Updating Kubernetes packages to 1.23.3
* refactor: use `os.ReadDir` for lightweight directory reading
* Add IngressClass to manifests to be (un)installed
* feat(comp): Shell completion for OCI
* Fix install memory/goroutine leak

References

CVE: CVE-2022-36055
CVE: CVE-2022-1996
Bugzilla: 1203054 VUL-0: CVE-2022-36055: helm3,helm: denial of service through string value parsing
Bugzilla: 1200528 VUL-0: CVE-2022-1996: go-restful: CORS bypass

Packages

helm-3.9.4-150000.1.10.3