[SUSE-SU-2023:4124-1] Security update for helm
Severity
Important
Affected Packages
6
CVEs
2
Security update for helm
This update for helm fixes the following issues:
helm was updated to version 3.13.1:
- Fixing precedence issue with the import of values.
- Add missing with clause to release gh action
- FIX Default ServiceAccount yaml
- fix(registry): unswallow error
- remove useless print during prepareUpgrade
- fix(registry): address anonymous pull issue
- Fix missing run statement on release action
- Write latest version to get.helm.sh bucket
- Increased release information key name max length.
helm was updated to version 3.13.0 (bsc#1215588):
- Fix leaking goroutines in Install
- Update Helm to use k8s 1.28.2 libraries
- make the dependabot k8s.io group explicit
- use dependabot's group support for k8s.io dependencies
- doc:Executing helm rollback release 0 will roll back to the previous release
- Use labels instead of selectorLabels for pod labels
- fix(helm): fix GetPodLogs, the hooks should be sorted before get the logs of each hook
- chore: HTTPGetter add default timeout
- Avoid nil dereference if passing a nil resolver
- Add required changes after merge
- Fix #3352, add support for --ignore-not-found just like kubectl delete
- Fix helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject
- Restore
helm get metadatacommand - Revert 'Add
helm get metadatacommand' - test: replace
ensure.TempDirwitht.TempDir - use json api url + report curl/wget error on fail
- Added error in case try to supply custom label with name of system label during install/upgrade
- fix(main): fix basic auth for helm pull or push
- cmd: support generating index in JSON format
- repo: detect JSON and unmarshal efficiently
- Tweaking new dry-run internal handling
- bump kubernetes modules to v0.27.3
- Remove warning for template directory not found.
- Added tests for created OCI annotation time format
- Add created OCI annotation
- Fix multiple bugs in values handling
- chore: fix a typo in
manager.go - add GetRegistryClient method
- oci: add tests for plain HTTP and insecure HTTPS registries
- oci: Add flag
--plain-httpto enable working with HTTP registries - docs: add an example for using the upgrade command with existing values
- Replace
fmt.Fprintfwithfmt.Fprintin get_metadata.go - Replace
fmt.Fprintlnwithfmt.Fprintfin get_metadata.go - update kubernetes dependencies from v0.27.0 to v0.27.1
- Add ClientOptResolver to test util file
- Check that missing keys are still handled in tpl
- tests: change crd golden file to match after #11870
- Adding details on the Factory interface
- update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart
- feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137
- bugfix:(#11391) helm lint infinite loop when malformed template object
- pkg/engine: fix nil-dereference
- pkg/chartutil: fix nil-dereference
- pkg/action: fix nil-dereference
- full source path when output-dir is not provided
- added Contributing.md section and ref link in the README
- feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137
- feat(helm): add ability for --dry-run to do lookup functions
- Add
CHART,VERSIONandAPP_VERSIONfields toget allcommand output - Adjust
getcommand description to account metadata - add volumes and volumeMounts in chartutil
- Seed a default switch to control
automountServiceAccountToken - Avoid confusing error when passing in '--version X.Y.Z'
- Add
helm get metadatacommand - Use wrapped error so that ErrNoObjectsVisited can be compared after return.
- Add exact version test.
- strict file permissions of repository.yaml
- Check redefinition of define and include in tpl
- Check that
.Templateis passed throughtpl - Make sure empty
tplvalues render empty. - Pick the test improvement out of PR#8371
- #11369 Use the correct index repo cache directory in the
parallelRepoUpdatemethod as well - #11369 Add a test case to prove the bug and its resolution
- ref(helm): export DescriptorPullSummary fields
- feat(helm): add 'ClientOptResolver' ClientOption
- Fix flaky TestSQLCreate test by making sqlmock ignore order of sql requests
- Fixing tests after adding labels to release fixture
- Make default release fixture contain custom labels to make tests check that labels are not lost
- Added support for storing custom labels in SQL storage driver
- Adding support merging new custom labels with original release labels during upgrade
- Added note to install/upgrade commands that original release labels wouldn't be persisted in upgraded release
- Added unit tests for implemented install/upgrade labels logic
- Remove redudant types from util_test.go
- Added tests for newly introduced util.go functions
- Fix broken tests for SQL storage driver
- Fix broken tests for configmap and secret storage drivers
- Make superseded releases keep labels
- Support configmap storage driver for install/upgrade actions --labels argument
- Added upgrade --install labels argument support
- Add labels support for install action with secret storage backend
- test: added tests to load plugin from home dir with space
- fix: plugin does not load when helm base dir contains space
- Add priority class to kind sorter
- Fixes #10566
- test(search): add mixedCase test case
- fix(search): print repo search result in original case
- Adjust error message wrongly claiming that there is a resource conflict
- Throw an error from jobReady() if the job exceeds its BackoffLimit
- github: add Asset Transparency action for GitHub releases
Update to version 3.12.3:
- bump kubernetes modules to v0.27.3
- Add priority class to kind sorter
Update to version 3.12.2:
- add GetRegistryClient method
Update to version 3.12.1:
- bugfix:(#11391) helm lint infinite loop when malformed template object
- update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart
- test(search): add mixedCase test case
- fix(search): print repo search result in original case
- strict file permissions of repository.yaml
- update kubernetes dependencies from v0.27.0 to v0.27.1
Update to version 3.12.0:
- Attach annotations to OCI artifacts
- Fix goroutine leak in action install
- fix quiet lint does not fail on non-linting errors
- create failing test for quietly linting a chart that doesn't exist
- Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774)
- fix: failed testcase on windows
- Fix 32bit-x86 typo in testsuite
- Handle failed DNS case for Go 1.20+
- Updating the Go version in go.mod
- Fix goroutine leak in perform
- Properly invalidate client after CRD install
- Provide a helper to set the registryClient in cmd
- Reimplemented change in httpgetter for insecure TLS option
- Added insecure option to login subcommand
- Added support for insecure OCI registries
- Enable custom certificates option for OCI
- Add testing to default and release branches
- Remove job dependency. Should have done when I moved job to new file
- Remove check to run only in helm org
- Add why comments
- Convert remaining CircleCI config to GitHub Actions
- Changed how the setup-go action sets go version
- chore:Use http constants as http.request parameters
- update k8s registry domain
- don't mark issues as stale where a PR is in progress
- Update to func handling
- Add option to support cascade deletion options
- the linter varcheck and deadcode are deprecated (since v1.49.0)
- Check status code before retrying request
- Fix improper use of Table request/response to k8s API
- fix template --output-dir issue
- Add protection for stack-overflows for nested keys
- feature(helm): add --set-literal flag for literal string interpretation
Update to version 3.11.3:
- Fix goroutine leak in perform
- Fix goroutine leak in action install
- Fix 32bit-x86 typo in testsuite
Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774)
avoid CGO to workaround missing gold dependency (bsc#1183043)
| Package | Affected Version |
|---|---|
 pkg:rpm/suse/helm?arch=x86_64&distro=sles-15&sp=3
|
< 3.13.1-150000.1.26.1 |
|
pkg:rpm/suse/helm?arch=s390x&distro=sles-15&sp=3
|
< 3.13.1-150000.1.26.1 |
|
pkg:rpm/suse/helm?arch=ppc64le&distro=sles-15&sp=3
|
< 3.13.1-150000.1.26.1 |
|
pkg:rpm/suse/helm?arch=aarch64&distro=sles-15&sp=3
|
< 3.13.1-150000.1.26.1 |
|
pkg:rpm/suse/helm-zsh-completion?arch=noarch&distro=sles-15&sp=3
|
< 3.13.1-150000.1.26.1 |
|
pkg:rpm/suse/helm-bash-completion?arch=noarch&distro=sles-15&sp=3
|
< 3.13.1-150000.1.26.1 |
- ID
- SUSE-SU-2023:4124-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20234124-1/
- Published
-
2023-10-19T07:33:52
(11 months ago) - Modified
-
2023-10-19T07:33:52
(11 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2023-1731
-
ALAS-2023-1825
-
ALAS-2023-1849
-
ALAS-2023-1866
-
ALAS-2023-1881
-
ALAS2-2023-2015
-
ALAS2-2023-2143
-
ALAS2-2023-2192
-
ALAS2-2023-2193
-
ALAS2-2023-2194
-
ALAS2-2023-2238
-
ALAS2-2023-2303
-
ALPINE:CVE-2022-41723
-
ALPINE:CVE-2023-25173
-
ALSA-2023:6346
-
ALSA-2023:6363
-
ALSA-2023:6402
-
ALSA-2023:6473
-
ALSA-2023:6474
-
ALSA-2023:6938
-
ALSA-2023:6939
-
ELSA-2023-6363
-
ELSA-2023-6402
-
ELSA-2023-6473
-
ELSA-2023-6474
-
ELSA-2023-6938
-
ELSA-2023-6939
-
FEDORA-2023-05b39bc048
-
FEDORA-2023-11dafed208
-
FEDORA-2023-28c182b657
-
FEDORA-2023-327346caa5
-
FEDORA-2023-3737bc1c0a
-
FEDORA-2023-5312f6200c
-
FEDORA-2023-62ce942e75
-
FEDORA-2023-8c02aee138
-
FEDORA-2023-9f5f1ef40a
-
FEDORA-2023-a4baceec07
-
FEDORA-2023-a5a5542890
-
FEDORA-2023-aadd08ab96
-
FEDORA-2023-abb47e24d8
-
FEDORA-2023-b9c1d0e4c5
-
FEDORA-2023-ca444fdecf
-
FEDORA-2023-cb20f08a4e
-
FEDORA-2023-ccaf5538dd
-
FEDORA-2023-cd000ea847
-
FEDORA-2023-cf3551046d
-
FEDORA-2023-e359fd31d2
-
FEDORA-2023-ee472c698c
-
FREEBSD:3D73E384-AD1F-11ED-983C-83FE35862E3A
-
GLSA-202311-09
-
GLSA-202408-01
-
GO-2023-1571
-
GO-2023-1574
-
MS:CVE-2022-41723
-
RHBA-2023:2181
-
RHSA-2023:3083
-
RHSA-2023:6346
-
RHSA-2023:6363
-
RHSA-2023:6402
-
RHSA-2023:6473
-
RHSA-2023:6474
-
RHSA-2023:6938
-
RHSA-2023:6939
-
RHSA-2023:7058
-
SUSE-SU-2023:0733-1
-
SUSE-SU-2023:0735-1
-
SUSE-SU-2023:0811-1
-
SUSE-SU-2023:0812-1
-
SUSE-SU-2023:0821-1
-
SUSE-SU-2023:0869-1
-
SUSE-SU-2023:0871-1
-
SUSE-SU-2023:1826-1
-
SUSE-SU-2023:1827-1
-
SUSE-SU-2023:2312-1
-
SUSE-SU-2023:2598-1
-
SUSE-SU-2023:3867-1
-
SUSE-SU-2023:3868-1
-
SUSE-SU-2023:3875-1
-
SUSE-SU-2024:0191-1
-
SUSE-SU-2024:0196-1
-
SUSE-SU-2024:3288-1
-
USN-6202-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Suse | SUSE ratings |
|
|
| Suse | URL of this CSAF notice |
|
|
| Suse | URL for SUSE-SU-2023:4124-1 |
|
|
| Suse | E-Mail link for SUSE-SU-2023:4124-1 |
|
|
| Bugzilla | SUSE Bug 1183043 |
|
|
| Bugzilla | SUSE Bug 1215588 |
|
|
| Bugzilla | SUSE Bug 1215711 |
|
|
| CVE | SUSE CVE CVE-2022-41723 page |
|
|
| CVE | SUSE CVE CVE-2023-25173 page |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/helm?arch=x86_64&distro=sles-15&sp=3 | suse |
helm
|
< 3.13.1-150000.1.26.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/helm?arch=s390x&distro=sles-15&sp=3 | suse |
helm
|
< 3.13.1-150000.1.26.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/helm?arch=ppc64le&distro=sles-15&sp=3 | suse |
helm
|
< 3.13.1-150000.1.26.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/helm?arch=aarch64&distro=sles-15&sp=3 | suse |
helm
|
< 3.13.1-150000.1.26.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/helm-zsh-completion?arch=noarch&distro=sles-15&sp=3 | suse |
helm-zsh-completion
|
< 3.13.1-150000.1.26.1 | sles-15 | noarch | |
| Affected | pkg:rpm/suse/helm-bash-completion?arch=noarch&distro=sles-15&sp=3 | suse |
helm-bash-completion
|
< 3.13.1-150000.1.26.1 | sles-15 | noarch |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |