Vulnerability Scan Report for registry.suse.com/suse/helm:3.13-22.4
Helm (Kubernetes Package Manager) container based on the SLE Base Container Image.
registry.suse.com/suse/helm:3.13-22.4
Last scanned on: June 26, 2025 06:41
Helm (Kubernetes Package Manager) container based on the SLE Base Container Image.
Last scanned on: June 26, 2025 06:41
| Package Name | Severity | Status | Description | Reference links | |
|---|---|---|---|---|---|
| crypto-policies | MEDIUM | fixed |
Security update for crypto-policies, krb5 Vulnerability ID: SUSE-SU-2025:0401-1 Installed Version: 20230920.570ea89-150600.1.9 Fixed Version: 20230920.570ea89-150600.3.3.1 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. |
||
| glibc | HIGH | fixed |
Security update for glibc Vulnerability ID: SUSE-SU-2025:01702-1 Installed Version: 2.38-150600.14.5.1 Fixed Version: 2.38-150600.14.32.1 This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). |
||
| glibc | LOW | fixed |
Security update for glibc Vulnerability ID: SUSE-SU-2025:0582-1 Installed Version: 2.38-150600.14.5.1 Fixed Version: 2.38-150600.14.23.1 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) |
||
| helm | HIGH | fixed |
Security update for helm Vulnerability ID: SUSE-SU-2025:0602-1 Installed Version: 3.13.3-150000.1.32.1 Fixed Version: 3.17.1-150000.1.41.1 This update for helm fixes the following issues: Update to version 3.17.1: - CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1235318). - CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent authorization bypass in golang.org/x/crypto (bsc#1234482). |
||
| helm | MEDIUM | fixed |
Recommended update for helm Vulnerability ID: SUSE-RU-2024:4213-1 Installed Version: 3.13.3-150000.1.32.1 Fixed Version: 3.16.3-150000.1.38.1 helm was updated to fix the following issues: Update to version 3.16.3: * fix: fix label name * Fix typo in pkg/lint/rules/chartfile_test.go * Increasing the size of the runner used for releases. * fix(hooks): correct hooks delete order * Bump github.com/containerd/containerd from 1.7.12 to 1.7.23 Update to version 3.16.2: * Revering change unrelated to issue #13176 * adds tests for handling of Helm index with broken chart versions #13176 * improves handling of Helm index with broken helm chart versions #13176 * Bump the k8s-io group with 7 updates * adding check-latest:true * Grammar fixes * Fix typos Update to version 3.16.1: * bumping version to 1.22.7 * Merge pull request #13327 from mattfarina/revert-11726 Update to version 3.16.0: Helm v3.16.0 is a feature release. Users are encouraged to upgrade for the best experience. * Notable Changes - added sha512sum template function - added ActiveHelp for cmds that don't take any more args - drops very old Kubernetes versions support in helm create - add --skip-schema-validation flag to helm 'install', 'upgrade' and 'lint' - fixed bug to now use burst limit setting for discovery - Added windows arm64 support * Full changelog see https://github.com/helm/helm/releases/tag/v3.16.0 Update to version 3.15.4: * Bump the k8s-io group across 1 directory with 7 updates * Bump github.com/docker/docker ------------------------------------------------------------------- Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 3.15.3: * fix(helm): Use burst limit setting for discovery * fixed dependency_update_test.go * fix(dependencyBuild): prevent race condition in concurrent helm dependency * fix: respect proxy envvars on helm install/upgrade * Merge pull request #13085 from alex-kattathra-johnson/issue-12961 Update to version 3.15.2: * fix: wrong cli description * fix typo in load_plugins.go * fix docs of DeployedAll * Bump github.com/docker/docker * bump oras minor version * feat(load.go): add warning on requirements.lock Update to version 3.15.1: * Fixing build issue where wrong version is used Update to version 3.15.0: Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best experience. * Updating to k8s 1.30 c4e37b3 (Matt Farina) * bump version to v3.15.0 d7afa3b (Matt Farina) * bump version to 7743467 (Matt Farina) * Fix namespace on kubeconfig error 214fb6e (Calvin Krist) * Update testdata PKI with keys that have validity until 3393 (Fixes #12880) 1b75d48 (Dirk Müller) * Modified how created annotation is populated based on package creation time 0a69a0d (Andrew Block) * Enabling hide secrets on install and upgrade dry run 25c4738 (Matt Farina) * Fixing all the linting errors d58d7b3 (Robert Sirchia) * Add a note about --dry-run displaying secrets a23dd9e (Matt Farina) * Updating .gitignore 8b424ba (Robert Sirchia) * add error messages 8d19bcb (George Jenkins) * Fix: Ignore alias validation error for index load 68294fd (George Jenkins) * validation fix 8e6a514 (Matt Farina) * bug: add proxy support for oci getter 94c1dea (Ricardo Maraschini) * Update architecture detection method 57a1bb8 (weidongkl) * Improve release action 4790bb9 (George Jenkins) * Fix grammatical error c25736c (Matt Carr) * Updated for review comments d2cf8c6 (MichaelMorris) * Add robustness to wait status checks fc74964 (MichaelMorris) * refactor: create a helper for checking if a release is uninstalled f908379 (Alex Petrov) * fix: reinstall previously uninstalled chart with --keep-history 9e198fa (Alex Petrov) Update to version 3.14.4: Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience. * refactor: create a helper for checking if a release is uninstalled 81c902a (Alex Petrov) * fix: reinstall previously uninstalled chart with --keep-history 5a11c76 (Alex Petrov) * bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini) Update to version 3.14.3: * Add a note about --dry-run displaying secrets * add error messages * Fix: Ignore alias validation error for index load * Update architecture detection method Update to version 3.14.2 (bsc#1220207, CVE-2024-26147): * Fix for uninitialized variable in yaml parsing Update to version 3.14.1 (bsc#1219969, CVE-2024-25620): * validation fix Update to version 3.14.0: * Notable Changes - New helm search flag of --fail-on-no-result - Allow a nested tpl invocation access to defines - Speed up the tpl function - Added qps/HELM_QPS parameter that tells Kubernetes packages how to operate - Added --kube-version to lint command - The ignore pkg is now public * Changelog - Improve release action - Fix issues when verify generation readiness was merged - fix test to use the default code's k8sVersionMinor - lint: Add --kube-version flag to set capabilities and deprecation rules - Removing Asset Transparency - tests(pkg/engine): test RenderWithClientProvider - Make the `ignore` pkg public again - feature(pkg/engine): introduce RenderWithClientProvider - Updating Helm libraries for k8s 1.28.4 - Remove excessive logging - Update CONTRIBUTING.md - Fixing release labelling in rollback - feat: move livenessProbe and readinessProbe values to default values file - Revert 'fix(main): fix basic auth for helm pull or push' - Revert 'fix(registry): address anonymous pull issue' - Update get-helm-3 - Drop filterSystemLabels usage from Query method - Apply review suggestions - Update get-helm-3 to get version through get.helm.sh - feat: print failed hook name - Fixing precedence issue with the import of values. - chore(create): indent to spaces - Allow using label selectors for system labels for sql backend. - Allow using label selectors for system labels for secrets and configmap backends. - remove useless print during prepareUpgrade - Add missing with clause to release gh action - FIX Default ServiceAccount yaml - fix(registry): address anonymous pull issue - fix(registry): unswallow error - Fix missing run statement on release action - Add qps/HELM_QPS parameter - Write latest version to get.helm.sh bucket - Increased release information key name max length. - Pin gox to specific commit - Remove `GoFish` from package managers for installing the binary - Test update for 'Allow a nested `tpl` invocation access to `defines` in a containing one' - Test update for 'Speed up `tpl`' - Add support for RISC-V - lint and validate dependency metadata to reference dependencies with a unique key (name or alias) - Work around template.Clone omitting options - fix: pass 'passCredentialsAll' as env-var to getter - feat: pass basic auth to env-vars when running download plugins - helm search: New CLI Flag --fail-on-no-result - Update pkg/kube/ready.go - fix post install hook deletion due to before-hook-creation policy - Allow a nested `tpl` invocation access to `defines` in a containing one - Remove the 'reference templates' concept - Speed up `tpl` - ready checker- comment update - ready checker- remove duplicate statefulset generational check - Verify generation in readiness checks - feat(helm): add --reset-then-reuse-values flag to 'helm upgrade' |
||