An update that fixes two vulnerabilities is now available.
Description:
This update for helm fixes the following issues:
helm was updated to version 3.9.4:
- CVE-2022-36055: Fixed denial of service through string value parsing
(bsc#1203054).
- Updating the certificates used for testing
- Updating index handling
helm was updated to version 3.9.3:
- CVE-2022-1996: Updated kube-openapi to fix an issue that could result in
a CORS protection bypass (bsc#1200528).
- Fix missing array length check on release
helm was updated to version 3.9.2:
- Update of the circleci image
helm was updated to version 3.9.1:
helm was updated to version 3.9.0:
- Added a --quiet flag to helm lint
- Added a --post-renderer-args flag to support arguments being passed to
the post renderer
- Added more checks during the signing process
- Updated to add Kubernetes 1.24 support
helm was updated to version 3.8.2:
- Bump oras.land/oras-go from 1.1.0 to 1.1.1
- Fixing downloader plugin error handling
- Simplify testdata charts
- Simplify testdata charts
- Add tests for multi-level dependencies.
- Fix value precedence
- Bumping Kubernetes package versions
- Updating vcs to latest version
- Dont modify provided transport
- Pass http getter as pointer in tests
- Add docs block
- Add transport option and tests
- Reuse http transport
- Updating Kubernetes libs to 0.23.4 (latest)
- fix: remove deadcode
- fix: helm package tests
- fix: helm package with dependency update for charts with OCI dependencies
- Fix typo Unset the env var before func return in Unit Test
- add legal name check
- maint: fix syntax error in deploy.sh
- linting issue fixed
- only apply overwrite if version is canary
- overwrite flag added to az storage blob upload-batch
- Avoid querying for OCI tags can explicit version provided in chart
dependencies
- Management of bearer tokens for tag listing
- Updating Kubernetes packages to 1.23.3
- refactor: use
os.ReadDir
for lightweight directory reading
- Add IngressClass to manifests to be (un)installed
- feat(comp): Shell completion for OCI
- Fix install memory/goroutine leak
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3666=1
-
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3666=1
-
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3666=1
-
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3666=1
-
SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3666=1
-
SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3666=1