[SUSE-SU-2023:4124-1] Security update for helm
Severity
Important
Affected Packages
6
CVEs
2
Security update for helm
This update for helm fixes the following issues:
helm was updated to version 3.13.1:
- Fixing precedence issue with the import of values.
- Add missing with clause to release gh action
- FIX Default ServiceAccount yaml
- fix(registry): unswallow error
- remove useless print during prepareUpgrade
- fix(registry): address anonymous pull issue
- Fix missing run statement on release action
- Write latest version to get.helm.sh bucket
- Increased release information key name max length.
helm was updated to version 3.13.0 (bsc#1215588):
- Fix leaking goroutines in Install
- Update Helm to use k8s 1.28.2 libraries
- make the dependabot k8s.io group explicit
- use dependabot's group support for k8s.io dependencies
- doc:Executing helm rollback release 0 will roll back to the previous release
- Use labels instead of selectorLabels for pod labels
- fix(helm): fix GetPodLogs, the hooks should be sorted before get the logs of each hook
- chore: HTTPGetter add default timeout
- Avoid nil dereference if passing a nil resolver
- Add required changes after merge
- Fix #3352, add support for --ignore-not-found just like kubectl delete
- Fix helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject
- Restore
helm get metadata
command - Revert 'Add
helm get metadata
command' - test: replace
ensure.TempDir
witht.TempDir
- use json api url + report curl/wget error on fail
- Added error in case try to supply custom label with name of system label during install/upgrade
- fix(main): fix basic auth for helm pull or push
- cmd: support generating index in JSON format
- repo: detect JSON and unmarshal efficiently
- Tweaking new dry-run internal handling
- bump kubernetes modules to v0.27.3
- Remove warning for template directory not found.
- Added tests for created OCI annotation time format
- Add created OCI annotation
- Fix multiple bugs in values handling
- chore: fix a typo in
manager.go
- add GetRegistryClient method
- oci: add tests for plain HTTP and insecure HTTPS registries
- oci: Add flag
--plain-http
to enable working with HTTP registries - docs: add an example for using the upgrade command with existing values
- Replace
fmt.Fprintf
withfmt.Fprint
in get_metadata.go - Replace
fmt.Fprintln
withfmt.Fprintf
in get_metadata.go - update kubernetes dependencies from v0.27.0 to v0.27.1
- Add ClientOptResolver to test util file
- Check that missing keys are still handled in tpl
- tests: change crd golden file to match after #11870
- Adding details on the Factory interface
- update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart
- feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137
- bugfix:(#11391) helm lint infinite loop when malformed template object
- pkg/engine: fix nil-dereference
- pkg/chartutil: fix nil-dereference
- pkg/action: fix nil-dereference
- full source path when output-dir is not provided
- added Contributing.md section and ref link in the README
- feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137
- feat(helm): add ability for --dry-run to do lookup functions
- Add
CHART
,VERSION
andAPP_VERSION
fields toget all
command output - Adjust
get
command description to account metadata - add volumes and volumeMounts in chartutil
- Seed a default switch to control
automountServiceAccountToken
- Avoid confusing error when passing in '--version X.Y.Z'
- Add
helm get metadata
command - Use wrapped error so that ErrNoObjectsVisited can be compared after return.
- Add exact version test.
- strict file permissions of repository.yaml
- Check redefinition of define and include in tpl
- Check that
.Template
is passed throughtpl
- Make sure empty
tpl
values render empty. - Pick the test improvement out of PR#8371
- #11369 Use the correct index repo cache directory in the
parallelRepoUpdate
method as well - #11369 Add a test case to prove the bug and its resolution
- ref(helm): export DescriptorPullSummary fields
- feat(helm): add 'ClientOptResolver' ClientOption
- Fix flaky TestSQLCreate test by making sqlmock ignore order of sql requests
- Fixing tests after adding labels to release fixture
- Make default release fixture contain custom labels to make tests check that labels are not lost
- Added support for storing custom labels in SQL storage driver
- Adding support merging new custom labels with original release labels during upgrade
- Added note to install/upgrade commands that original release labels wouldn't be persisted in upgraded release
- Added unit tests for implemented install/upgrade labels logic
- Remove redudant types from util_test.go
- Added tests for newly introduced util.go functions
- Fix broken tests for SQL storage driver
- Fix broken tests for configmap and secret storage drivers
- Make superseded releases keep labels
- Support configmap storage driver for install/upgrade actions --labels argument
- Added upgrade --install labels argument support
- Add labels support for install action with secret storage backend
- test: added tests to load plugin from home dir with space
- fix: plugin does not load when helm base dir contains space
- Add priority class to kind sorter
- Fixes #10566
- test(search): add mixedCase test case
- fix(search): print repo search result in original case
- Adjust error message wrongly claiming that there is a resource conflict
- Throw an error from jobReady() if the job exceeds its BackoffLimit
- github: add Asset Transparency action for GitHub releases
Update to version 3.12.3:
- bump kubernetes modules to v0.27.3
- Add priority class to kind sorter
Update to version 3.12.2:
- add GetRegistryClient method
Update to version 3.12.1:
- bugfix:(#11391) helm lint infinite loop when malformed template object
- update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart
- test(search): add mixedCase test case
- fix(search): print repo search result in original case
- strict file permissions of repository.yaml
- update kubernetes dependencies from v0.27.0 to v0.27.1
Update to version 3.12.0:
- Attach annotations to OCI artifacts
- Fix goroutine leak in action install
- fix quiet lint does not fail on non-linting errors
- create failing test for quietly linting a chart that doesn't exist
- Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774)
- fix: failed testcase on windows
- Fix 32bit-x86 typo in testsuite
- Handle failed DNS case for Go 1.20+
- Updating the Go version in go.mod
- Fix goroutine leak in perform
- Properly invalidate client after CRD install
- Provide a helper to set the registryClient in cmd
- Reimplemented change in httpgetter for insecure TLS option
- Added insecure option to login subcommand
- Added support for insecure OCI registries
- Enable custom certificates option for OCI
- Add testing to default and release branches
- Remove job dependency. Should have done when I moved job to new file
- Remove check to run only in helm org
- Add why comments
- Convert remaining CircleCI config to GitHub Actions
- Changed how the setup-go action sets go version
- chore:Use http constants as http.request parameters
- update k8s registry domain
- don't mark issues as stale where a PR is in progress
- Update to func handling
- Add option to support cascade deletion options
- the linter varcheck and deadcode are deprecated (since v1.49.0)
- Check status code before retrying request
- Fix improper use of Table request/response to k8s API
- fix template --output-dir issue
- Add protection for stack-overflows for nested keys
- feature(helm): add --set-literal flag for literal string interpretation
Update to version 3.11.3:
- Fix goroutine leak in perform
- Fix goroutine leak in action install
- Fix 32bit-x86 typo in testsuite
Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774)
avoid CGO to workaround missing gold dependency (bsc#1183043)
Package | Affected Version |
---|---|
pkg:rpm/suse/helm?arch=x86_64&distro=sles-15&sp=3 | < 3.13.1-150000.1.26.1 |
pkg:rpm/suse/helm?arch=s390x&distro=sles-15&sp=3 | < 3.13.1-150000.1.26.1 |
pkg:rpm/suse/helm?arch=ppc64le&distro=sles-15&sp=3 | < 3.13.1-150000.1.26.1 |
pkg:rpm/suse/helm?arch=aarch64&distro=sles-15&sp=3 | < 3.13.1-150000.1.26.1 |
pkg:rpm/suse/helm-zsh-completion?arch=noarch&distro=sles-15&sp=3 | < 3.13.1-150000.1.26.1 |
pkg:rpm/suse/helm-bash-completion?arch=noarch&distro=sles-15&sp=3 | < 3.13.1-150000.1.26.1 |
- ID
- SUSE-SU-2023:4124-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20234124-1/
- Published
-
2023-10-19T07:33:52
(11 months ago) - Modified
-
2023-10-19T07:33:52
(11 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2023-1731
- ALAS-2023-1825
- ALAS-2023-1849
- ALAS-2023-1866
- ALAS-2023-1881
- ALAS2-2023-2015
- ALAS2-2023-2143
- ALAS2-2023-2192
- ALAS2-2023-2193
- ALAS2-2023-2194
- ALAS2-2023-2238
- ALAS2-2023-2303
- ALPINE:CVE-2022-41723
- ALPINE:CVE-2023-25173
- ALSA-2023:6346
- ALSA-2023:6363
- ALSA-2023:6402
- ALSA-2023:6473
- ALSA-2023:6474
- ALSA-2023:6938
- ALSA-2023:6939
- ELSA-2023-6363
- ELSA-2023-6402
- ELSA-2023-6473
- ELSA-2023-6474
- ELSA-2023-6938
- ELSA-2023-6939
- FEDORA-2023-05b39bc048
- FEDORA-2023-11dafed208
- FEDORA-2023-28c182b657
- FEDORA-2023-327346caa5
- FEDORA-2023-3737bc1c0a
- FEDORA-2023-5312f6200c
- FEDORA-2023-62ce942e75
- FEDORA-2023-8c02aee138
- FEDORA-2023-9f5f1ef40a
- FEDORA-2023-a4baceec07
- FEDORA-2023-a5a5542890
- FEDORA-2023-aadd08ab96
- FEDORA-2023-abb47e24d8
- FEDORA-2023-b9c1d0e4c5
- FEDORA-2023-ca444fdecf
- FEDORA-2023-cb20f08a4e
- FEDORA-2023-ccaf5538dd
- FEDORA-2023-cd000ea847
- FEDORA-2023-cf3551046d
- FEDORA-2023-e359fd31d2
- FEDORA-2023-ee472c698c
- FREEBSD:3D73E384-AD1F-11ED-983C-83FE35862E3A
- GLSA-202311-09
- GLSA-202408-01
- GO-2023-1571
- GO-2023-1574
- MS:CVE-2022-41723
- RHBA-2023:2181
- RHSA-2023:3083
- RHSA-2023:6346
- RHSA-2023:6363
- RHSA-2023:6402
- RHSA-2023:6473
- RHSA-2023:6474
- RHSA-2023:6938
- RHSA-2023:6939
- RHSA-2023:7058
- SUSE-SU-2023:0733-1
- SUSE-SU-2023:0735-1
- SUSE-SU-2023:0811-1
- SUSE-SU-2023:0812-1
- SUSE-SU-2023:0821-1
- SUSE-SU-2023:0869-1
- SUSE-SU-2023:0871-1
- SUSE-SU-2023:1826-1
- SUSE-SU-2023:1827-1
- SUSE-SU-2023:2312-1
- SUSE-SU-2023:2598-1
- SUSE-SU-2023:3867-1
- SUSE-SU-2023:3868-1
- SUSE-SU-2023:3875-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:0196-1
- SUSE-SU-2024:3288-1
- USN-6202-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4124-1.json | |
Suse | URL for SUSE-SU-2023:4124-1 | https://www.suse.com/support/update/announcement/2023/suse-su-20234124-1/ | |
Suse | E-Mail link for SUSE-SU-2023:4124-1 | https://lists.suse.com/pipermail/sle-security-updates/2023-October/016751.html | |
Bugzilla | SUSE Bug 1183043 | https://bugzilla.suse.com/1183043 | |
Bugzilla | SUSE Bug 1215588 | https://bugzilla.suse.com/1215588 | |
Bugzilla | SUSE Bug 1215711 | https://bugzilla.suse.com/1215711 | |
CVE | SUSE CVE CVE-2022-41723 page | https://www.suse.com/security/cve/CVE-2022-41723/ | |
CVE | SUSE CVE CVE-2023-25173 page | https://www.suse.com/security/cve/CVE-2023-25173/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/helm?arch=x86_64&distro=sles-15&sp=3 | suse | helm | < 3.13.1-150000.1.26.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/helm?arch=s390x&distro=sles-15&sp=3 | suse | helm | < 3.13.1-150000.1.26.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/helm?arch=ppc64le&distro=sles-15&sp=3 | suse | helm | < 3.13.1-150000.1.26.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/helm?arch=aarch64&distro=sles-15&sp=3 | suse | helm | < 3.13.1-150000.1.26.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/helm-zsh-completion?arch=noarch&distro=sles-15&sp=3 | suse | helm-zsh-completion | < 3.13.1-150000.1.26.1 | sles-15 | noarch | |
Affected | pkg:rpm/suse/helm-bash-completion?arch=noarch&distro=sles-15&sp=3 | suse | helm-bash-completion | < 3.13.1-150000.1.26.1 | sles-15 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |