SUSE Package Hub - openSUSE-2019-1703

Update Info

openSUSE-2019-1703

Security update for helm

Type: security

Severity: moderate

Issued: 2019-07-14

Description:

This update for helm to version 2.13.1 fixes the following issues:

- set correct git_commit value so that 'helm version' reports correctly
- added service file for helm-serve
- Require golang 1.10.6  or newer
- Tiller should only enforce what we expect from Helm
- Keepalive config should be independent of TLS
- Bump client side grpc max msg size
- Update deprecated grpc dial timeout
- Includes fixes which allow Helm to correctly recognize
  resources created using the K8S 1.8/1.9 API namespaces

References

CVE: CVE-2018-16875
CVE: CVE-2018-16874
CVE: CVE-2018-16873
Bugzilla: 1118899 VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service
Bugzilla: 1118898 VUL-0: CVE-2018-16874: go: cmd/go: directory traversal
Bugzilla: 1118897 VUL-0: CVE-2018-16873: go: cmd/go: remote command execution

Packages

helm-2.13.1-5.1