SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1571

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1571

Security update for helm

Type: security

Severity: moderate

Issued: 2023-03-24

Description:

This update for helm fixes the following issues:

Update to version 3.11.1 (bsc#1208084):

- CVE-2023-25165: Fixed a information disclosure problem via getHostByName injection inside a chart to get values to a malicious DNS server.

References

CVE: CVE-2023-25165
Bugzilla: 1208084 VUL-0: CVE-2023-25165: helm: getHostByName Function Information Disclosure

Packages

helm-3.11.1-150000.1.16.1