1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2023-c9b2182a4e

[FEDORA-2023-c9b2182a4e] Fedora 37: golang-github-need-being-tree, golang-helm-3, golang-oras, golang-oras-1, golang-oras-2

Severity Critical
Affected Packages 5
CVEs 4
Info Packages References Vulnerabilities

Update helm to 3.11.1, resolving multiple security issues

Package Affected Version
pkg:rpm/fedora/golang-oras?distro=fedora-37 < 0.15.1.1.20221105git690716b.fc37
pkg:rpm/fedora/golang-oras-2?distro=fedora-37 < 2.0.0~rc.4.1.fc37
pkg:rpm/fedora/golang-oras-1?distro=fedora-37 < 1.2.1.1.fc37
pkg:rpm/fedora/golang-helm-3?distro=fedora-37 < 3.11.1.1.fc37
pkg:rpm/fedora/golang-github-need-being-tree?distro=fedora-37 < 0.1.0.1.fc37
ID
FEDORA-2023-c9b2182a4e
Severity
critical
Severity from
CVE-2022-1996
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2023-c9b2182a4e
Published
2023-02-23T02:21:52
(19 months ago)
Modified
2023-02-23T02:21:52
(19 months ago)
Rights
Copyright 2023 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1971091 Bug #1971091 - Test failures on 32bit arches https://bugzilla.redhat.com/show_bug.cgi?id=1971091
Bugzilla 2142210 Bug #2142210 - F36FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2142210
Bugzilla 2138841 Bug #2138841 - F38FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2138841
Bugzilla 1971029 Bug #1971029 - Cannot build for s390x due to missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1971029
Bugzilla 2155938 Bug #2155938 - CVE-2022-23526 golang-helm-3: helm: Denial of service through schema file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2155938
Bugzilla 2142198 Bug #2142198 - F37FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2142198
Bugzilla 2097975 Bug #2097975 - CVE-2022-1996 golang-helm-3: go-restful: Authorization Bypass Through User-Controlled Key [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2097975
Bugzilla 2045644 Bug #2045644 - golang-helm-3: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045644
Bugzilla 1977738 Bug #1977738 - golang-helm-3-3.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1977738
Bugzilla 2163231 Bug #2163231 - CVE-2022-41717 golang-helm-3: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2163231
Bugzilla 2155939 Bug #2155939 - CVE-2022-23524 golang-helm-3: helm: Denial of service through string value parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2155939
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/golang-oras?distro=fedora-37 fedora golang-oras < 0.15.1.1.20221105git690716b.fc37 fedora-37
Affected pkg:rpm/fedora/golang-oras-2?distro=fedora-37 fedora golang-oras-2 < 2.0.0~rc.4.1.fc37 fedora-37
Affected pkg:rpm/fedora/golang-oras-1?distro=fedora-37 fedora golang-oras-1 < 1.2.1.1.fc37 fedora-37
Affected pkg:rpm/fedora/golang-helm-3?distro=fedora-37 fedora golang-helm-3 < 3.11.1.1.fc37 fedora-37
Affected pkg:rpm/fedora/golang-github-need-being-tree?distro=fedora-37 fedora golang-github-need-being-tree < 0.1.0.1.fc37 fedora-37
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date