Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-26147 (GCVE-0-2024-26147)
Vulnerability from cvelistv5 – Published: 2024-02-21 22:21 – Updated: 2024-08-14 19:55
VLAI
EPSS
Title
Helm's Missing YAML Content Leads To Panic
Summary
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.
Severity
7.5 (High)
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/helm/helm/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/helm/helm/commit/bb4cc9125503a… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"
},
{
"name": "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helm",
"vendor": "helm",
"versions": [
{
"lessThan": "3.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:54:40.217354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:55:28.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "helm",
"vendor": "helm",
"versions": [
{
"status": "affected",
"version": "\u003c 3.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T22:21:42.658Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"
},
{
"name": "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af"
}
],
"source": {
"advisory": "GHSA-r53h-jv2g-vpx6",
"discovery": "UNKNOWN"
},
"title": "Helm\u0027s Missing YAML Content Leads To Panic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-26147",
"datePublished": "2024-02-21T22:21:42.658Z",
"dateReserved": "2024-02-14T17:40:03.689Z",
"dateUpdated": "2024-08-14T19:55:28.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-26147",
"date": "2026-05-31",
"epss": "0.00294",
"percentile": "0.52921"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-26147\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-02-21T23:15:08.763\",\"lastModified\":\"2025-01-09T14:40:25.983\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.\"},{\"lang\":\"es\",\"value\":\"Helm es un administrador de paquetes para Charts para Kubernetes. Las versiones anteriores a la 3.14.2 contienen una vulnerabilidad variable no inicializada cuando Helm analiza archivos yaml de \u00edndice y complemento que carecen del contenido esperado. Cuando a un archivo `index.yaml` o a un archivo de complementos `plugin.yaml` le faltaban todos los metadatos, se produc\u00eda un p\u00e1nico en Helm. En el SDK de Helm, esto se encuentra cuando se utilizan las funciones `LoadIndexFile` o `DownloadIndexFile` en el paquete `repo` o la funci\u00f3n `LoadDir` en el paquete `plugin`. Para el cliente Helm, esto afecta las funciones relacionadas con la adici\u00f3n de un repositorio y todas las funciones de Helm si se agrega un complemento malicioso, ya que Helm inspecciona todos los complementos conocidos en cada invocaci\u00f3n. Este problema se resolvi\u00f3 en Helm v3.14.2. Si se agreg\u00f3 un complemento malicioso que provoca que todos los comandos del cliente Helm entren en p\u00e1nico, el complemento malicioso se puede eliminar manualmente del sistema de archivos. Si usa versiones de Helm SDK anteriores a la 3.14.2, las llamadas a las funciones afectadas pueden usar \\\"recover\\\" para detectar el p\u00e1nico.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-457\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.14.2\",\"matchCriteriaId\":\"8CA6134B-AB39-4304-A35A-BC3E4F3BA2A7\"}]}]}],\"references\":[{\"url\":\"https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6\", \"name\": \"https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af\", \"name\": \"https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:59:32.585Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26147\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-14T19:54:40.217354Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*\"], \"vendor\": \"helm\", \"product\": \"helm\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.14.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-14T19:55:23.374Z\"}}], \"cna\": {\"title\": \"Helm\u0027s Missing YAML Content Leads To Panic\", \"source\": {\"advisory\": \"GHSA-r53h-jv2g-vpx6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"helm\", \"product\": \"helm\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.14.2\"}]}], \"references\": [{\"url\": \"https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6\", \"name\": \"https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af\", \"name\": \"https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-457\", \"description\": \"CWE-457: Use of Uninitialized Variable\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-02-21T22:21:42.658Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-26147\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-14T19:55:28.698Z\", \"dateReserved\": \"2024-02-14T17:40:03.689Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-02-21T22:21:42.658Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-RU-2024:4213-1
Vulnerability from csaf_suse - Published: 2024-12-05 16:05 - Updated: 2024-12-05 16:05Summary
Recommended update for helm
Severity
Moderate
Notes
Title of the patch: Recommended update for helm
Description of the patch:
helm was updated to fix the following issues:
Update to version 3.16.3:
* fix: fix label name
* Fix typo in pkg/lint/rules/chartfile_test.go
* Increasing the size of the runner used for releases.
* fix(hooks): correct hooks delete order
* Bump github.com/containerd/containerd from 1.7.12 to 1.7.23
Update to version 3.16.2:
* Revering change unrelated to issue #13176
* adds tests for handling of Helm index with broken chart
versions #13176
* improves handling of Helm index with broken helm chart versions
#13176
* Bump the k8s-io group with 7 updates
* adding check-latest:true
* Grammar fixes
* Fix typos
Update to version 3.16.1:
* bumping version to 1.22.7
* Merge pull request #13327 from mattfarina/revert-11726
Update to version 3.16.0:
Helm v3.16.0 is a feature release. Users are encouraged to
upgrade for the best experience.
* Notable Changes
- added sha512sum template function
- added ActiveHelp for cmds that don't take any more args
- drops very old Kubernetes versions support in helm create
- add --skip-schema-validation flag to helm 'install',
'upgrade' and 'lint'
- fixed bug to now use burst limit setting for discovery
- Added windows arm64 support
* Full changelog see
https://github.com/helm/helm/releases/tag/v3.16.0
Update to version 3.15.4:
* Bump the k8s-io group across 1 directory with 7 updates
* Bump github.com/docker/docker
-------------------------------------------------------------------
Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 3.15.3:
* fix(helm): Use burst limit setting for discovery
* fixed dependency_update_test.go
* fix(dependencyBuild): prevent race condition in concurrent helm
dependency
* fix: respect proxy envvars on helm install/upgrade
* Merge pull request #13085 from
alex-kattathra-johnson/issue-12961
Update to version 3.15.2:
* fix: wrong cli description
* fix typo in load_plugins.go
* fix docs of DeployedAll
* Bump github.com/docker/docker
* bump oras minor version
* feat(load.go): add warning on requirements.lock
Update to version 3.15.1:
* Fixing build issue where wrong version is used
Update to version 3.15.0:
Helm v3.15.0 is a feature release. Users are encouraged to
upgrade for the best experience.
* Updating to k8s 1.30 c4e37b3 (Matt Farina)
* bump version to v3.15.0 d7afa3b (Matt Farina)
* bump version to 7743467 (Matt Farina)
* Fix namespace on kubeconfig error 214fb6e (Calvin Krist)
* Update testdata PKI with keys that have validity until 3393
(Fixes #12880) 1b75d48 (Dirk Mller)
* Modified how created annotation is populated based on package
creation time 0a69a0d (Andrew Block)
* Enabling hide secrets on install and upgrade dry run 25c4738
(Matt Farina)
* Fixing all the linting errors d58d7b3 (Robert Sirchia)
* Add a note about --dry-run displaying secrets a23dd9e (Matt
Farina)
* Updating .gitignore 8b424ba (Robert Sirchia)
* add error messages 8d19bcb (George Jenkins)
* Fix: Ignore alias validation error for index load 68294fd
(George Jenkins)
* validation fix 8e6a514 (Matt Farina)
* bug: add proxy support for oci getter 94c1dea (Ricardo
Maraschini)
* Update architecture detection method 57a1bb8 (weidongkl)
* Improve release action 4790bb9 (George Jenkins)
* Fix grammatical error c25736c (Matt Carr)
* Updated for review comments d2cf8c6 (MichaelMorris)
* Add robustness to wait status checks fc74964 (MichaelMorris)
* refactor: create a helper for checking if a release is
uninstalled f908379 (Alex Petrov)
* fix: reinstall previously uninstalled chart with --keep-history
9e198fa (Alex Petrov)
Update to version 3.14.4:
Helm v3.14.4 is a patch release. Users are encouraged to upgrade
for the best experience. Users are encouraged to upgrade for the
best experience.
* refactor: create a helper for checking if a release is
uninstalled 81c902a (Alex Petrov)
* fix: reinstall previously uninstalled chart with --keep-history
5a11c76 (Alex Petrov)
* bug: add proxy support for oci getter aa7d953 (Ricardo
Maraschini)
Update to version 3.14.3:
* Add a note about --dry-run displaying secrets
* add error messages
* Fix: Ignore alias validation error for index load
* Update architecture detection method
Update to version 3.14.2 (bsc#1220207, CVE-2024-26147):
* Fix for uninitialized variable in yaml parsing
Update to version 3.14.1 (bsc#1219969, CVE-2024-25620):
* validation fix
Update to version 3.14.0:
* Notable Changes
- New helm search flag of --fail-on-no-result
- Allow a nested tpl invocation access to defines
- Speed up the tpl function
- Added qps/HELM_QPS parameter that tells Kubernetes packages
how to operate
- Added --kube-version to lint command
- The ignore pkg is now public
* Changelog
- Improve release action
- Fix issues when verify generation readiness was merged
- fix test to use the default code's k8sVersionMinor
- lint: Add --kube-version flag to set capabilities and
deprecation rules
- Removing Asset Transparency
- tests(pkg/engine): test RenderWithClientProvider
- Make the `ignore` pkg public again
- feature(pkg/engine): introduce RenderWithClientProvider
- Updating Helm libraries for k8s 1.28.4
- Remove excessive logging
- Update CONTRIBUTING.md
- Fixing release labelling in rollback
- feat: move livenessProbe and readinessProbe values to default
values file
- Revert 'fix(main): fix basic auth for helm pull or push'
- Revert 'fix(registry): address anonymous pull issue'
- Update get-helm-3
- Drop filterSystemLabels usage from Query method
- Apply review suggestions
- Update get-helm-3 to get version through get.helm.sh
- feat: print failed hook name
- Fixing precedence issue with the import of values.
- chore(create): indent to spaces
- Allow using label selectors for system labels for sql
backend.
- Allow using label selectors for system labels for secrets and
configmap backends.
- remove useless print during prepareUpgrade
- Add missing with clause to release gh action
- FIX Default ServiceAccount yaml
- fix(registry): address anonymous pull issue
- fix(registry): unswallow error
- Fix missing run statement on release action
- Add qps/HELM_QPS parameter
- Write latest version to get.helm.sh bucket
- Increased release information key name max length.
- Pin gox to specific commit
- Remove `GoFish` from package managers for installing the
binary
- Test update for 'Allow a nested `tpl` invocation access to
`defines` in a containing one'
- Test update for 'Speed up `tpl`'
- Add support for RISC-V
- lint and validate dependency metadata to reference
dependencies with a unique key (name or alias)
- Work around template.Clone omitting options
- fix: pass 'passCredentialsAll' as env-var to getter
- feat: pass basic auth to env-vars when running download
plugins
- helm search: New CLI Flag --fail-on-no-result
- Update pkg/kube/ready.go
- fix post install hook deletion due to before-hook-creation
policy
- Allow a nested `tpl` invocation access to `defines` in a
containing one
- Remove the 'reference templates' concept
- Speed up `tpl`
- ready checker- comment update
- ready checker- remove duplicate statefulset generational
check
- Verify generation in readiness checks
- feat(helm): add --reset-then-reuse-values flag to 'helm
upgrade'
Patchnames: SUSE-2024-4213,SUSE-SLE-Micro-5.5-2024-4213,SUSE-SLE-Module-Containers-15-SP5-2024-4213,SUSE-SLE-Module-Containers-15-SP6-2024-4213,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4213,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4213,openSUSE-Leap-Micro-5.5-2024-4213,openSUSE-SLE-15.5-2024-4213,openSUSE-SLE-15.6-2024-4213
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.4 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for helm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nhelm was updated to fix the following issues:\n\nUpdate to version 3.16.3:\n\n * fix: fix label name\n * Fix typo in pkg/lint/rules/chartfile_test.go\n * Increasing the size of the runner used for releases.\n * fix(hooks): correct hooks delete order\n * Bump github.com/containerd/containerd from 1.7.12 to 1.7.23\n\nUpdate to version 3.16.2:\n\n * Revering change unrelated to issue #13176\n * adds tests for handling of Helm index with broken chart\n versions #13176\n * improves handling of Helm index with broken helm chart versions\n #13176\n * Bump the k8s-io group with 7 updates\n * adding check-latest:true\n * Grammar fixes\n * Fix typos\n\nUpdate to version 3.16.1:\n\n * bumping version to 1.22.7\n * Merge pull request #13327 from mattfarina/revert-11726\n\nUpdate to version 3.16.0:\n\n Helm v3.16.0 is a feature release. Users are encouraged to\n upgrade for the best experience.\n * Notable Changes\n - added sha512sum template function\n - added ActiveHelp for cmds that don\u0027t take any more args\n - drops very old Kubernetes versions support in helm create\n - add --skip-schema-validation flag to helm \u0027install\u0027,\n \u0027upgrade\u0027 and \u0027lint\u0027\n - fixed bug to now use burst limit setting for discovery\n - Added windows arm64 support\n * Full changelog see\n https://github.com/helm/helm/releases/tag/v3.16.0\n\nUpdate to version 3.15.4:\n\n * Bump the k8s-io group across 1 directory with 7 updates\n * Bump github.com/docker/docker\n\n-------------------------------------------------------------------\nThu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de\n\n- Update to version 3.15.3:\n * fix(helm): Use burst limit setting for discovery\n * fixed dependency_update_test.go\n * fix(dependencyBuild): prevent race condition in concurrent helm\n dependency\n * fix: respect proxy envvars on helm install/upgrade\n * Merge pull request #13085 from\n alex-kattathra-johnson/issue-12961\n\nUpdate to version 3.15.2:\n\n * fix: wrong cli description\n * fix typo in load_plugins.go\n * fix docs of DeployedAll\n * Bump github.com/docker/docker\n * bump oras minor version\n * feat(load.go): add warning on requirements.lock\n\nUpdate to version 3.15.1:\n\n * Fixing build issue where wrong version is used\n\nUpdate to version 3.15.0:\n\n Helm v3.15.0 is a feature release. Users are encouraged to\n upgrade for the best experience.\n\n * Updating to k8s 1.30 c4e37b3 (Matt Farina)\n * bump version to v3.15.0 d7afa3b (Matt Farina)\n * bump version to 7743467 (Matt Farina)\n * Fix namespace on kubeconfig error 214fb6e (Calvin Krist)\n * Update testdata PKI with keys that have validity until 3393\n (Fixes #12880) 1b75d48 (Dirk Mller)\n * Modified how created annotation is populated based on package\n creation time 0a69a0d (Andrew Block)\n * Enabling hide secrets on install and upgrade dry run 25c4738\n (Matt Farina)\n * Fixing all the linting errors d58d7b3 (Robert Sirchia)\n * Add a note about --dry-run displaying secrets a23dd9e (Matt\n Farina)\n * Updating .gitignore 8b424ba (Robert Sirchia)\n * add error messages 8d19bcb (George Jenkins)\n * Fix: Ignore alias validation error for index load 68294fd\n (George Jenkins)\n * validation fix 8e6a514 (Matt Farina)\n * bug: add proxy support for oci getter 94c1dea (Ricardo\n Maraschini)\n * Update architecture detection method 57a1bb8 (weidongkl)\n * Improve release action 4790bb9 (George Jenkins)\n * Fix grammatical error c25736c (Matt Carr)\n * Updated for review comments d2cf8c6 (MichaelMorris)\n * Add robustness to wait status checks fc74964 (MichaelMorris)\n * refactor: create a helper for checking if a release is\n uninstalled f908379 (Alex Petrov)\n * fix: reinstall previously uninstalled chart with --keep-history\n 9e198fa (Alex Petrov)\n\nUpdate to version 3.14.4:\n\n Helm v3.14.4 is a patch release. Users are encouraged to upgrade\n for the best experience. Users are encouraged to upgrade for the\n best experience.\n\n * refactor: create a helper for checking if a release is\n uninstalled 81c902a (Alex Petrov)\n * fix: reinstall previously uninstalled chart with --keep-history\n 5a11c76 (Alex Petrov)\n * bug: add proxy support for oci getter aa7d953 (Ricardo\n Maraschini)\n\nUpdate to version 3.14.3:\n\n * Add a note about --dry-run displaying secrets\n * add error messages\n * Fix: Ignore alias validation error for index load\n * Update architecture detection method\n\nUpdate to version 3.14.2 (bsc#1220207, CVE-2024-26147):\n\n * Fix for uninitialized variable in yaml parsing\n \nUpdate to version 3.14.1 (bsc#1219969, CVE-2024-25620):\n\n * validation fix\n\nUpdate to version 3.14.0:\n\n * Notable Changes\n - New helm search flag of --fail-on-no-result\n - Allow a nested tpl invocation access to defines\n - Speed up the tpl function\n - Added qps/HELM_QPS parameter that tells Kubernetes packages\n how to operate\n - Added --kube-version to lint command\n - The ignore pkg is now public\n * Changelog\n - Improve release action\n - Fix issues when verify generation readiness was merged\n - fix test to use the default code\u0027s k8sVersionMinor\n - lint: Add --kube-version flag to set capabilities and\n deprecation rules\n - Removing Asset Transparency\n - tests(pkg/engine): test RenderWithClientProvider\n - Make the `ignore` pkg public again\n - feature(pkg/engine): introduce RenderWithClientProvider\n - Updating Helm libraries for k8s 1.28.4\n - Remove excessive logging\n - Update CONTRIBUTING.md\n - Fixing release labelling in rollback\n - feat: move livenessProbe and readinessProbe values to default\n values file\n - Revert \u0027fix(main): fix basic auth for helm pull or push\u0027\n - Revert \u0027fix(registry): address anonymous pull issue\u0027\n - Update get-helm-3\n - Drop filterSystemLabels usage from Query method\n - Apply review suggestions\n - Update get-helm-3 to get version through get.helm.sh\n - feat: print failed hook name\n - Fixing precedence issue with the import of values.\n - chore(create): indent to spaces\n - Allow using label selectors for system labels for sql\n backend.\n - Allow using label selectors for system labels for secrets and\n configmap backends.\n - remove useless print during prepareUpgrade\n - Add missing with clause to release gh action\n - FIX Default ServiceAccount yaml\n - fix(registry): address anonymous pull issue\n - fix(registry): unswallow error\n - Fix missing run statement on release action\n - Add qps/HELM_QPS parameter\n - Write latest version to get.helm.sh bucket\n - Increased release information key name max length.\n - Pin gox to specific commit\n - Remove `GoFish` from package managers for installing the\n binary\n - Test update for \u0027Allow a nested `tpl` invocation access to\n `defines` in a containing one\u0027\n - Test update for \u0027Speed up `tpl`\u0027\n - Add support for RISC-V\n - lint and validate dependency metadata to reference\n dependencies with a unique key (name or alias)\n - Work around template.Clone omitting options\n - fix: pass \u0027passCredentialsAll\u0027 as env-var to getter\n - feat: pass basic auth to env-vars when running download\n plugins\n - helm search: New CLI Flag --fail-on-no-result\n - Update pkg/kube/ready.go\n - fix post install hook deletion due to before-hook-creation\n policy\n - Allow a nested `tpl` invocation access to `defines` in a\n containing one\n - Remove the \u0027reference templates\u0027 concept\n - Speed up `tpl`\n - ready checker- comment update\n - ready checker- remove duplicate statefulset generational\n check\n - Verify generation in readiness checks\n - feat(helm): add --reset-then-reuse-values flag to \u0027helm\n upgrade\u0027\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4213,SUSE-SLE-Micro-5.5-2024-4213,SUSE-SLE-Module-Containers-15-SP5-2024-4213,SUSE-SLE-Module-Containers-15-SP6-2024-4213,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4213,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4213,openSUSE-Leap-Micro-5.5-2024-4213,openSUSE-SLE-15.5-2024-4213,openSUSE-SLE-15.6-2024-4213",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2024_4213-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2024:4213-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20244213-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2024:4213-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-December/037756.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219969",
"url": "https://bugzilla.suse.com/1219969"
},
{
"category": "self",
"summary": "SUSE Bug 1220207",
"url": "https://bugzilla.suse.com/1220207"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25620 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26147/"
}
],
"title": "Recommended update for helm",
"tracking": {
"current_release_date": "2024-12-05T16:05:58Z",
"generator": {
"date": "2024-12-05T16:05:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2024:4213-1",
"initial_release_date": "2024-12-05T16:05:58Z",
"revision_history": [
{
"date": "2024-12-05T16:05:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-3.16.3-150000.1.38.1.aarch64",
"product": {
"name": "helm-3.16.3-150000.1.38.1.aarch64",
"product_id": "helm-3.16.3-150000.1.38.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"product": {
"name": "helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"product_id": "helm-bash-completion-3.16.3-150000.1.38.1.noarch"
}
},
{
"category": "product_version",
"name": "helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"product": {
"name": "helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"product_id": "helm-fish-completion-3.16.3-150000.1.38.1.noarch"
}
},
{
"category": "product_version",
"name": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"product": {
"name": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"product_id": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.16.3-150000.1.38.1.ppc64le",
"product": {
"name": "helm-3.16.3-150000.1.38.1.ppc64le",
"product_id": "helm-3.16.3-150000.1.38.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.16.3-150000.1.38.1.s390x",
"product": {
"name": "helm-3.16.3-150000.1.38.1.s390x",
"product_id": "helm-3.16.3-150000.1.38.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.16.3-150000.1.38.1.x86_64",
"product": {
"name": "helm-3.16.3-150000.1.38.1.x86_64",
"product_id": "helm-3.16.3-150000.1.38.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.5",
"product": {
"name": "openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le"
},
"product_reference": "helm-3.16.3-150000.1.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x"
},
"product_reference": "helm-3.16.3-150000.1.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.16.3-150000.1.38.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le"
},
"product_reference": "helm-3.16.3-150000.1.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x"
},
"product_reference": "helm-3.16.3-150000.1.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.16.3-150000.1.38.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le"
},
"product_reference": "helm-3.16.3-150000.1.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x"
},
"product_reference": "helm-3.16.3-150000.1.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.16.3-150000.1.38.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.16.3-150000.1.38.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.16.3-150000.1.38.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.aarch64 as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.ppc64le as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le"
},
"product_reference": "helm-3.16.3-150000.1.38.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.s390x as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x"
},
"product_reference": "helm-3.16.3-150000.1.38.1.s390x",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.x86_64 as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le"
},
"product_reference": "helm-3.16.3-150000.1.38.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x"
},
"product_reference": "helm-3.16.3-150000.1.38.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le"
},
"product_reference": "helm-3.16.3-150000.1.38.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x"
},
"product_reference": "helm-3.16.3-150000.1.38.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.16.3-150000.1.38.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64"
},
"product_reference": "helm-3.16.3-150000.1.38.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
},
"product_reference": "helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25620"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25620",
"url": "https://www.suse.com/security/cve/CVE-2024-25620"
},
{
"category": "external",
"summary": "SUSE Bug 1219969 for CVE-2024-25620",
"url": "https://bugzilla.suse.com/1219969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T16:05:58Z",
"details": "moderate"
}
],
"title": "CVE-2024-25620"
},
{
"cve": "CVE-2024-26147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26147"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26147",
"url": "https://www.suse.com/security/cve/CVE-2024-26147"
},
{
"category": "external",
"summary": "SUSE Bug 1220207 for CVE-2024-26147",
"url": "https://bugzilla.suse.com/1220207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.16.3-150000.1.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap 15.6:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.aarch64",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.ppc64le",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.s390x",
"openSUSE Leap Micro 5.5:helm-3.16.3-150000.1.38.1.x86_64",
"openSUSE Leap Micro 5.5:helm-bash-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-fish-completion-3.16.3-150000.1.38.1.noarch",
"openSUSE Leap Micro 5.5:helm-zsh-completion-3.16.3-150000.1.38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T16:05:58Z",
"details": "moderate"
}
],
"title": "CVE-2024-26147"
}
]
}
SUSE-SU-2024:1137-1
Vulnerability from csaf_suse - Published: 2024-04-08 09:30 - Updated: 2024-04-08 09:30Summary
Security update for helm
Severity
Moderate
Notes
Title of the patch: Security update for helm
Description of the patch: This update for helm fixes the following issues:
- CVE-2024-25620: Fixed with dependency management path traversal (bsc#1219969).
- CVE-2024-26147: Fixed uninitialized variable in yaml parsing (bsc#1220207).
Patchnames: SUSE-2024-1137,SUSE-SLE-Module-Containers-15-SP5-2024-1137,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1137,openSUSE-SLE-15.5-2024-1137
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.4 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for helm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for helm fixes the following issues:\n\n- CVE-2024-25620: Fixed with dependency management path traversal (bsc#1219969).\n- CVE-2024-26147: Fixed uninitialized variable in yaml parsing (bsc#1220207).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1137,SUSE-SLE-Module-Containers-15-SP5-2024-1137,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1137,openSUSE-SLE-15.5-2024-1137",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1137-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1137-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241137-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1137-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034885.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219969",
"url": "https://bugzilla.suse.com/1219969"
},
{
"category": "self",
"summary": "SUSE Bug 1220207",
"url": "https://bugzilla.suse.com/1220207"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25620 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26147/"
}
],
"title": "Security update for helm",
"tracking": {
"current_release_date": "2024-04-08T09:30:50Z",
"generator": {
"date": "2024-04-08T09:30:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1137-1",
"initial_release_date": "2024-04-08T09:30:50Z",
"revision_history": [
{
"date": "2024-04-08T09:30:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-3.13.3-150000.1.32.1.aarch64",
"product": {
"name": "helm-3.13.3-150000.1.32.1.aarch64",
"product_id": "helm-3.13.3-150000.1.32.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.13.3-150000.1.32.1.i586",
"product": {
"name": "helm-3.13.3-150000.1.32.1.i586",
"product_id": "helm-3.13.3-150000.1.32.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"product": {
"name": "helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"product_id": "helm-bash-completion-3.13.3-150000.1.32.1.noarch"
}
},
{
"category": "product_version",
"name": "helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"product": {
"name": "helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"product_id": "helm-fish-completion-3.13.3-150000.1.32.1.noarch"
}
},
{
"category": "product_version",
"name": "helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"product": {
"name": "helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"product_id": "helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.13.3-150000.1.32.1.ppc64le",
"product": {
"name": "helm-3.13.3-150000.1.32.1.ppc64le",
"product_id": "helm-3.13.3-150000.1.32.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.13.3-150000.1.32.1.s390x",
"product": {
"name": "helm-3.13.3-150000.1.32.1.s390x",
"product_id": "helm-3.13.3-150000.1.32.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.13.3-150000.1.32.1.x86_64",
"product": {
"name": "helm-3.13.3-150000.1.32.1.x86_64",
"product_id": "helm-3.13.3-150000.1.32.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.13.3-150000.1.32.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64"
},
"product_reference": "helm-3.13.3-150000.1.32.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.13.3-150000.1.32.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le"
},
"product_reference": "helm-3.13.3-150000.1.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.13.3-150000.1.32.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x"
},
"product_reference": "helm-3.13.3-150000.1.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.13.3-150000.1.32.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64"
},
"product_reference": "helm-3.13.3-150000.1.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.13.3-150000.1.32.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch"
},
"product_reference": "helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.13.3-150000.1.32.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
},
"product_reference": "helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.13.3-150000.1.32.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch"
},
"product_reference": "helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.13.3-150000.1.32.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64"
},
"product_reference": "helm-3.13.3-150000.1.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.13.3-150000.1.32.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le"
},
"product_reference": "helm-3.13.3-150000.1.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.13.3-150000.1.32.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x"
},
"product_reference": "helm-3.13.3-150000.1.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.13.3-150000.1.32.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64"
},
"product_reference": "helm-3.13.3-150000.1.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.13.3-150000.1.32.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch"
},
"product_reference": "helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.13.3-150000.1.32.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch"
},
"product_reference": "helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.13.3-150000.1.32.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
},
"product_reference": "helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25620"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25620",
"url": "https://www.suse.com/security/cve/CVE-2024-25620"
},
{
"category": "external",
"summary": "SUSE Bug 1219969 for CVE-2024-25620",
"url": "https://bugzilla.suse.com/1219969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-08T09:30:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-25620"
},
{
"cve": "CVE-2024-26147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26147"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26147",
"url": "https://www.suse.com/security/cve/CVE-2024-26147"
},
{
"category": "external",
"summary": "SUSE Bug 1220207 for CVE-2024-26147",
"url": "https://bugzilla.suse.com/1220207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-3.13.3-150000.1.32.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.aarch64",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.ppc64le",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.s390x",
"openSUSE Leap 15.5:helm-3.13.3-150000.1.32.1.x86_64",
"openSUSE Leap 15.5:helm-bash-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-fish-completion-3.13.3-150000.1.32.1.noarch",
"openSUSE Leap 15.5:helm-zsh-completion-3.13.3-150000.1.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-08T09:30:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-26147"
}
]
}
SUSE-SU-2025:20196-1
Vulnerability from csaf_suse - Published: 2025-04-22 14:08 - Updated: 2025-04-22 14:08Summary
Security update for helm
Severity
Important
Notes
Title of the patch: Security update for helm
Description of the patch: This update for helm fixes the following issues:
- Update to version 3.17.2 (bsc#1238688, CVE-2025-22870):
* Updating to 0.37.0 for x/net
* build(deps): bump the k8s-io group with 7 updates
- Update to version 3.17.1:
* merge null child chart objects
* build(deps): bump the k8s-io group with 7 updates
* fix: check group for resource info match
- Update to 3.17.0 (bsc#1235318, CVE-2024-45338):
Full changelog:
https://github.com/helm/helm/releases/tag/v3.17.0
* Notable Changes
- Allow pulling and installation by OCI digest
- Annotations and dependencies are now in chart metadata output
- New --take-ownership flag for install and upgrade commands
- SDK: Authorizer and registry authorizer are now configurable
- Removed the Kubernetes configuration file permissions check
- Added username/password to helm push and dependency
build/update subcommands
- Added toYamlPretty template function
- Update to version 3.16.4 (bsc#1234482, CVE-2024-45337):
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0
* Bump the k8s-io group with 7 updates
Patchnames: SUSE-SLE-Micro-6.0-291
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for helm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for helm fixes the following issues:\n\n- Update to version 3.17.2 (bsc#1238688, CVE-2025-22870):\n\n * Updating to 0.37.0 for x/net\n * build(deps): bump the k8s-io group with 7 updates\n\n- Update to version 3.17.1:\n\n * merge null child chart objects\n * build(deps): bump the k8s-io group with 7 updates\n * fix: check group for resource info match\n\n- Update to 3.17.0 (bsc#1235318, CVE-2024-45338):\n\n Full changelog:\n\n https://github.com/helm/helm/releases/tag/v3.17.0\n\n * Notable Changes\n\n - Allow pulling and installation by OCI digest\n - Annotations and dependencies are now in chart metadata output\n - New --take-ownership flag for install and upgrade commands\n - SDK: Authorizer and registry authorizer are now configurable\n - Removed the Kubernetes configuration file permissions check\n - Added username/password to helm push and dependency\n build/update subcommands\n - Added toYamlPretty template function\n\n\n- Update to version 3.16.4 (bsc#1234482, CVE-2024-45337):\n\n * Bump golang.org/x/crypto from 0.30.0 to 0.31.0\n * Bump the k8s-io group with 7 updates\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-291",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20196-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20196-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520196-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20196-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021144.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219969",
"url": "https://bugzilla.suse.com/1219969"
},
{
"category": "self",
"summary": "SUSE Bug 1220207",
"url": "https://bugzilla.suse.com/1220207"
},
{
"category": "self",
"summary": "SUSE Bug 1234482",
"url": "https://bugzilla.suse.com/1234482"
},
{
"category": "self",
"summary": "SUSE Bug 1235318",
"url": "https://bugzilla.suse.com/1235318"
},
{
"category": "self",
"summary": "SUSE Bug 1238688",
"url": "https://bugzilla.suse.com/1238688"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25620 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
}
],
"title": "Security update for helm",
"tracking": {
"current_release_date": "2025-04-22T14:08:15Z",
"generator": {
"date": "2025-04-22T14:08:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20196-1",
"initial_release_date": "2025-04-22T14:08:15Z",
"revision_history": [
{
"date": "2025-04-22T14:08:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.2-1.1.aarch64",
"product": {
"name": "helm-3.17.2-1.1.aarch64",
"product_id": "helm-3.17.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-bash-completion-3.17.2-1.1.noarch",
"product": {
"name": "helm-bash-completion-3.17.2-1.1.noarch",
"product_id": "helm-bash-completion-3.17.2-1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.2-1.1.s390x",
"product": {
"name": "helm-3.17.2-1.1.s390x",
"product_id": "helm-3.17.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.2-1.1.x86_64",
"product": {
"name": "helm-3.17.2-1.1.x86_64",
"product_id": "helm-3.17.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.2-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64"
},
"product_reference": "helm-3.17.2-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x"
},
"product_reference": "helm-3.17.2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64"
},
"product_reference": "helm-3.17.2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.2-1.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.2-1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25620"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25620",
"url": "https://www.suse.com/security/cve/CVE-2024-25620"
},
{
"category": "external",
"summary": "SUSE Bug 1219969 for CVE-2024-25620",
"url": "https://bugzilla.suse.com/1219969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T14:08:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-25620"
},
{
"cve": "CVE-2024-26147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26147"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26147",
"url": "https://www.suse.com/security/cve/CVE-2024-26147"
},
{
"category": "external",
"summary": "SUSE Bug 1220207 for CVE-2024-26147",
"url": "https://bugzilla.suse.com/1220207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T14:08:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26147"
},
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T14:08:15Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T14:08:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.aarch64",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.s390x",
"SUSE Linux Micro 6.0:helm-3.17.2-1.1.x86_64",
"SUSE Linux Micro 6.0:helm-bash-completion-3.17.2-1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T14:08:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
}
]
}
SUSE-SU-2025:20278-1
Vulnerability from csaf_suse - Published: 2025-04-22 13:49 - Updated: 2025-04-22 13:49Summary
Security update for helm
Severity
Important
Notes
Title of the patch: Security update for helm
Description of the patch: This update for helm fixes the following issues:
- Update to version 3.17.2 (bsc#1238688, CVE-2025-22870):
* Updating to 0.37.0 for x/net
* build(deps): bump the k8s-io group with 7 updates
- Update to version 3.17.1:
* merge null child chart objects
* build(deps): bump the k8s-io group with 7 updates
* fix: check group for resource info match
- Update to 3.17.0 (bsc#1235318, CVE-2024-45338):
Full changelog:
https://github.com/helm/helm/releases/tag/v3.17.0
* Notable Changes
- Allow pulling and installation by OCI digest
- Annotations and dependencies are now in chart metadata output
- New --take-ownership flag for install and upgrade commands
- SDK: Authorizer and registry authorizer are now configurable
- Removed the Kubernetes configuration file permissions check
- Added username/password to helm push and dependency
build/update subcommands
- Added toYamlPretty template function
- Update to version 3.16.4 (bsc#1234482, CVE-2024-45337):
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0
* Bump the k8s-io group with 7 updates
Patchnames: SUSE-SLE-Micro-6.1-75
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.4 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for helm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for helm fixes the following issues:\n\n- Update to version 3.17.2 (bsc#1238688, CVE-2025-22870):\n\n * Updating to 0.37.0 for x/net\n * build(deps): bump the k8s-io group with 7 updates\n\n- Update to version 3.17.1:\n\n * merge null child chart objects\n * build(deps): bump the k8s-io group with 7 updates\n * fix: check group for resource info match\n\n- Update to 3.17.0 (bsc#1235318, CVE-2024-45338):\n\n Full changelog:\n https://github.com/helm/helm/releases/tag/v3.17.0\n\n * Notable Changes\n\n - Allow pulling and installation by OCI digest\n - Annotations and dependencies are now in chart metadata output\n - New --take-ownership flag for install and upgrade commands\n - SDK: Authorizer and registry authorizer are now configurable\n - Removed the Kubernetes configuration file permissions check\n - Added username/password to helm push and dependency\n build/update subcommands\n - Added toYamlPretty template function\n\n- Update to version 3.16.4 (bsc#1234482, CVE-2024-45337):\n\n * Bump golang.org/x/crypto from 0.30.0 to 0.31.0\n * Bump the k8s-io group with 7 updates\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-75",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20278-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20278-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520278-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20278-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021044.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219969",
"url": "https://bugzilla.suse.com/1219969"
},
{
"category": "self",
"summary": "SUSE Bug 1220207",
"url": "https://bugzilla.suse.com/1220207"
},
{
"category": "self",
"summary": "SUSE Bug 1234482",
"url": "https://bugzilla.suse.com/1234482"
},
{
"category": "self",
"summary": "SUSE Bug 1235318",
"url": "https://bugzilla.suse.com/1235318"
},
{
"category": "self",
"summary": "SUSE Bug 1238688",
"url": "https://bugzilla.suse.com/1238688"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25620 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
}
],
"title": "Security update for helm",
"tracking": {
"current_release_date": "2025-04-22T13:49:38Z",
"generator": {
"date": "2025-04-22T13:49:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20278-1",
"initial_release_date": "2025-04-22T13:49:38Z",
"revision_history": [
{
"date": "2025-04-22T13:49:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.2-slfo.1.1_1.1.aarch64",
"product": {
"name": "helm-3.17.2-slfo.1.1_1.1.aarch64",
"product_id": "helm-3.17.2-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch",
"product": {
"name": "helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch",
"product_id": "helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.2-slfo.1.1_1.1.ppc64le",
"product": {
"name": "helm-3.17.2-slfo.1.1_1.1.ppc64le",
"product_id": "helm-3.17.2-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.2-slfo.1.1_1.1.s390x",
"product": {
"name": "helm-3.17.2-slfo.1.1_1.1.s390x",
"product_id": "helm-3.17.2-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.2-slfo.1.1_1.1.x86_64",
"product": {
"name": "helm-3.17.2-slfo.1.1_1.1.x86_64",
"product_id": "helm-3.17.2-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.2-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64"
},
"product_reference": "helm-3.17.2-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.2-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le"
},
"product_reference": "helm-3.17.2-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.2-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x"
},
"product_reference": "helm-3.17.2-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.2-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64"
},
"product_reference": "helm-3.17.2-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25620"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25620",
"url": "https://www.suse.com/security/cve/CVE-2024-25620"
},
{
"category": "external",
"summary": "SUSE Bug 1219969 for CVE-2024-25620",
"url": "https://bugzilla.suse.com/1219969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:49:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-25620"
},
{
"cve": "CVE-2024-26147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26147"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26147",
"url": "https://www.suse.com/security/cve/CVE-2024-26147"
},
{
"category": "external",
"summary": "SUSE Bug 1220207 for CVE-2024-26147",
"url": "https://bugzilla.suse.com/1220207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:49:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-26147"
},
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:49:38Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:49:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:helm-3.17.2-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:helm-bash-completion-3.17.2-slfo.1.1_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:49:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
}
]
}
WID-SEC-W-2024-0641
Vulnerability from csaf_certbund - Published: 2024-03-14 23:00 - Updated: 2025-06-03 22:00Summary
Red Hat Enterprise Linux (Advanced Cluster Management): Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
References
22 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0641 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0641.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0641 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0641"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1328 vom 2024-03-14",
"url": "https://access.redhat.com/errata/RHSA-2024:1328"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1255 vom 2024-03-19",
"url": "https://access.redhat.com/errata/RHSA-2024:1255"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1549 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1549"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1570 vom 2024-03-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1137-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018286.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4156 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4156"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4626 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4626"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6236 vom 2024-09-04",
"url": "https://access.redhat.com/errata/RHSA-2024:6236"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6013 vom 2024-09-05",
"url": "https://access.redhat.com/errata/RHSA-2024:6013"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6406 vom 2024-09-12",
"url": "https://access.redhat.com/errata/RHSA-2024:6406"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3266-1 vom 2024-09-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019442.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3267-1 vom 2024-09-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LVIWDYYN6LLZLFD7GR7LHE73UYRYDPHX/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6811 vom 2024-09-25",
"url": "https://access.redhat.com/errata/RHSA-2024:6811"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3718 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3718"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1012"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3656-1 vom 2024-10-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EAHKWTRWWAX4Y4SNTAAW5T57YHPEOMQG/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4360-1 vom 2024-12-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5QN46RDSEXZFITMIFYI2BFRQ6NL6TXZB/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20278-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021044.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20196-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021144.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Advanced Cluster Management): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-03T22:00:00.000+00:00",
"generator": {
"date": "2025-06-04T10:28:43.252+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0641",
"initial_release_date": "2024-03-14T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-08T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T033787",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.14",
"product_id": "T034932"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.14",
"product_id": "T034932-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.14"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.1",
"product_id": "T035804"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.1",
"product_id": "T035804-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.1"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.3.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.1",
"product_id": "T038314"
}
},
{
"category": "product_version",
"name": "9.3.1",
"product": {
"name": "Splunk Splunk Enterprise 9.3.1",
"product_id": "T038314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.3",
"product_id": "T038315"
}
},
{
"category": "product_version",
"name": "9.2.3",
"product": {
"name": "Splunk Splunk Enterprise 9.2.3",
"product_id": "T038315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.6",
"product_id": "T038316"
}
},
{
"category": "product_version",
"name": "9.1.6",
"product": {
"name": "Splunk Splunk Enterprise 9.1.6",
"product_id": "T038316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.6"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45142",
"product_status": {
"known_affected": [
"T033787",
"T034932",
"T002207",
"67646",
"T035804",
"T038314",
"T038315",
"T038316",
"T014111"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-47108",
"product_status": {
"known_affected": [
"T033787",
"T034932",
"T002207",
"67646",
"T035804",
"T038314",
"T038315",
"T038316",
"T014111"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2024-25620",
"product_status": {
"known_affected": [
"T033787",
"T034932",
"T002207",
"67646",
"T035804",
"T038314",
"T038315",
"T038316",
"T014111"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2024-25620"
},
{
"cve": "CVE-2024-26147",
"product_status": {
"known_affected": [
"T033787",
"T034932",
"T002207",
"67646",
"T035804",
"T038314",
"T038315",
"T038316",
"T014111"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2024-26147"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…