SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4606

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4606

Security update for helm

Type: security

Severity: moderate

Issued: 2022-12-22

Description:

This update for helm fixes the following issues:

Update to version 3.10.3:

- CVE-2022-23524: Fixed a denial of service in the string value parsing (bsc#1206467).
- CVE-2022-23525: Fixed a denial of service with the repository index file (bsc#1206469).
- CVE-2022-23526: Fixed a denial of service in the schema file handling (bsc#1206471).

References

CVE: CVE-2022-23526
CVE: CVE-2022-23525
CVE: CVE-2022-23524
CVE: CVE-2022-1996
CVE: CVE-2021-21272
Bugzilla: 1206471 VUL-0: CVE-2022-23526: helm,helm3: Denial of service through schema file
Bugzilla: 1206469 VUL-0: CVE-2022-23525: helm,helm3: Denial of service through through repository index file
Bugzilla: 1206467 VUL-0: CVE-2022-23524: helm3,helm: Denial of service through string value parsing
Bugzilla: 1181419 VUL-0: CVE-2021-21272: oras: zip-slip vulnerability

Packages

helm-3.10.3-150000.1.13.1