SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2049

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2049

Security update for helm

Type: security

Severity: important

Issued: 2026-05-25

Description:

This update for helm fixes the following issues

Security issues:

- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
  (bsc#1265758).
- CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled
  configuration (bsc#1265428).

Non security issue:

- Fix packages for %suse_version bump (jsc#PED-15794).
- Update to version 3.21.0

References

jira: PED-15794 https://jira.suse.com/browse/PED-15794
CVE: CVE-2026-41888
CVE: CVE-2026-33814
Bugzilla: 1265758 VUL-0: CVE-2026-33814: helm: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
Bugzilla: 1265428 VUL-0: CVE-2026-41888: helm: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration

Packages

helm-3.21.0-150000.1.75.1