SUSE-RU-2024:4213-1: moderate: Recommended update for helm
SLE-UPDATES
null at suse.de
Thu Dec 5 20:31:08 UTC 2024
# Recommended update for helm
Announcement ID: SUSE-RU-2024:4213-1
Release Date: 2024-12-05T16:06:20Z
Rating: moderate
References:
* bsc#1219969
* bsc#1220207
* jsc#MSC-899
* jsc#SMO-479
Cross-References:
* CVE-2024-25620
* CVE-2024-26147
CVSS scores:
* CVE-2024-25620 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
* CVE-2024-26147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP5
* SUSE Package Hub 15 15-SP6
An update that solves two vulnerabilities and contains two features can now be
installed.
## Description:
helm was updated to fix the following issues:
Update to version 3.16.3:
* fix: fix label name
* Fix typo in pkg/lint/rules/chartfile_test.go
* Increasing the size of the runner used for releases.
* fix(hooks): correct hooks delete order
* Bump github.com/containerd/containerd from 1.7.12 to 1.7.23
Update to version 3.16.2:
* Revering change unrelated to issue #13176
* adds tests for handling of Helm index with broken chart versions #13176
* improves handling of Helm index with broken helm chart versions #13176
* Bump the k8s-io group with 7 updates
* adding check-latest:true
* Grammar fixes
* Fix typos
Update to version 3.16.1:
* bumping version to 1.22.7
* Merge pull request #13327 from mattfarina/revert-11726
Update to version 3.16.0:
Helm v3.16.0 is a feature release. Users are encouraged to upgrade for the best
experience. * Notable Changes \- added sha512sum template function \- added
ActiveHelp for cmds that don't take any more args \- drops very old Kubernetes
versions support in helm create \- add --skip-schema-validation flag to helm
'install', 'upgrade' and 'lint' \- fixed bug to now use burst limit setting for
discovery \- Added windows arm64 support * Full changelog see
https://github.com/helm/helm/releases/tag/v3.16.0
Update to version 3.15.4:
* Bump the k8s-io group across 1 directory with 7 updates
* Bump github.com/docker/docker
* * *
Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice at ojkastl.de
* Update to version 3.15.3:
* fix(helm): Use burst limit setting for discovery
* fixed dependency_update_test.go
* fix(dependencyBuild): prevent race condition in concurrent helm dependency
* fix: respect proxy envvars on helm install/upgrade
* Merge pull request #13085 from alex-kattathra-johnson/issue-12961
Update to version 3.15.2:
* fix: wrong cli description
* fix typo in load_plugins.go
* fix docs of DeployedAll
* Bump github.com/docker/docker
* bump oras minor version
* feat(load.go): add warning on requirements.lock
Update to version 3.15.1:
* Fixing build issue where wrong version is used
Update to version 3.15.0:
Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best
experience.
* Updating to k8s 1.30 c4e37b3 (Matt Farina)
* bump version to v3.15.0 d7afa3b (Matt Farina)
* bump version to 7743467 (Matt Farina)
* Fix namespace on kubeconfig error 214fb6e (Calvin Krist)
* Update testdata PKI with keys that have validity until 3393 (Fixes #12880)
1b75d48 (Dirk Müller)
* Modified how created annotation is populated based on package creation time
0a69a0d (Andrew Block)
* Enabling hide secrets on install and upgrade dry run 25c4738 (Matt Farina)
* Fixing all the linting errors d58d7b3 (Robert Sirchia)
* Add a note about --dry-run displaying secrets a23dd9e (Matt Farina)
* Updating .gitignore 8b424ba (Robert Sirchia)
* add error messages 8d19bcb (George Jenkins)
* Fix: Ignore alias validation error for index load 68294fd (George Jenkins)
* validation fix 8e6a514 (Matt Farina)
* bug: add proxy support for oci getter 94c1dea (Ricardo Maraschini)
* Update architecture detection method 57a1bb8 (weidongkl)
* Improve release action 4790bb9 (George Jenkins)
* Fix grammatical error c25736c (Matt Carr)
* Updated for review comments d2cf8c6 (MichaelMorris)
* Add robustness to wait status checks fc74964 (MichaelMorris)
* refactor: create a helper for checking if a release is uninstalled f908379
(Alex Petrov)
* fix: reinstall previously uninstalled chart with --keep-history 9e198fa
(Alex Petrov)
Update to version 3.14.4:
Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best
experience. Users are encouraged to upgrade for the best experience.
* refactor: create a helper for checking if a release is uninstalled 81c902a
(Alex Petrov)
* fix: reinstall previously uninstalled chart with --keep-history 5a11c76
(Alex Petrov)
* bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini)
Update to version 3.14.3:
* Add a note about --dry-run displaying secrets
* add error messages
* Fix: Ignore alias validation error for index load
* Update architecture detection method
Update to version 3.14.2 (bsc#1220207, CVE-2024-26147):
* Fix for uninitialized variable in yaml parsing
Update to version 3.14.1 (bsc#1219969, CVE-2024-25620):
* validation fix
Update to version 3.14.0:
* Notable Changes
* New helm search flag of --fail-on-no-result
* Allow a nested tpl invocation access to defines
* Speed up the tpl function
* Added qps/HELM_QPS parameter that tells Kubernetes packages how to operate
* Added --kube-version to lint command
* The ignore pkg is now public
* Changelog
* Improve release action
* Fix issues when verify generation readiness was merged
* fix test to use the default code's k8sVersionMinor
* lint: Add --kube-version flag to set capabilities and deprecation rules
* Removing Asset Transparency
* tests(pkg/engine): test RenderWithClientProvider
* Make the `ignore` pkg public again
* feature(pkg/engine): introduce RenderWithClientProvider
* Updating Helm libraries for k8s 1.28.4
* Remove excessive logging
* Update CONTRIBUTING.md
* Fixing release labelling in rollback
* feat: move livenessProbe and readinessProbe values to default values file
* Revert "fix(main): fix basic auth for helm pull or push"
* Revert "fix(registry): address anonymous pull issue"
* Update get-helm-3
* Drop filterSystemLabels usage from Query method
* Apply review suggestions
* Update get-helm-3 to get version through get.helm.sh
* feat: print failed hook name
* Fixing precedence issue with the import of values.
* chore(create): indent to spaces
* Allow using label selectors for system labels for sql backend.
* Allow using label selectors for system labels for secrets and configmap backends.
* remove useless print during prepareUpgrade
* Add missing with clause to release gh action
* FIX Default ServiceAccount yaml
* fix(registry): address anonymous pull issue
* fix(registry): unswallow error
* Fix missing run statement on release action
* Add qps/HELM_QPS parameter
* Write latest version to get.helm.sh bucket
* Increased release information key name max length.
* Pin gox to specific commit
* Remove `GoFish` from package managers for installing the binary
* Test update for "Allow a nested `tpl` invocation access to `defines` in a containing one"
* Test update for "Speed up `tpl`"
* Add support for RISC-V
* lint and validate dependency metadata to reference dependencies with a unique key (name or alias)
* Work around template.Clone omitting options
* fix: pass 'passCredentialsAll' as env-var to getter
* feat: pass basic auth to env-vars when running download plugins
* helm search: New CLI Flag --fail-on-no-result
* Update pkg/kube/ready.go
* fix post install hook deletion due to before-hook-creation policy
* Allow a nested `tpl` invocation access to `defines` in a containing one
* Remove the 'reference templates' concept
* Speed up `tpl`
* ready checker- comment update
* ready checker- remove duplicate statefulset generational check
* Verify generation in readiness checks
* feat(helm): add --reset-then-reuse-values flag to 'helm upgrade'
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-4213=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4213=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4213=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-4213=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-4213=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-4213=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4213=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4213=1
## Package List:
* openSUSE Leap Micro 5.5 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.16.3-150000.1.38.1
* helm-3.16.3-150000.1.38.1
* openSUSE Leap Micro 5.5 (noarch)
* helm-zsh-completion-3.16.3-150000.1.38.1
* helm-bash-completion-3.16.3-150000.1.38.1
* helm-fish-completion-3.16.3-150000.1.38.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.16.3-150000.1.38.1
* helm-3.16.3-150000.1.38.1
* openSUSE Leap 15.5 (noarch)
* helm-zsh-completion-3.16.3-150000.1.38.1
* helm-bash-completion-3.16.3-150000.1.38.1
* helm-fish-completion-3.16.3-150000.1.38.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.16.3-150000.1.38.1
* helm-3.16.3-150000.1.38.1
* openSUSE Leap 15.6 (noarch)
* helm-zsh-completion-3.16.3-150000.1.38.1
* helm-bash-completion-3.16.3-150000.1.38.1
* helm-fish-completion-3.16.3-150000.1.38.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.16.3-150000.1.38.1
* helm-3.16.3-150000.1.38.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* helm-bash-completion-3.16.3-150000.1.38.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.16.3-150000.1.38.1
* helm-3.16.3-150000.1.38.1
* Containers Module 15-SP5 (noarch)
* helm-zsh-completion-3.16.3-150000.1.38.1
* helm-bash-completion-3.16.3-150000.1.38.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.16.3-150000.1.38.1
* helm-3.16.3-150000.1.38.1
* Containers Module 15-SP6 (noarch)
* helm-zsh-completion-3.16.3-150000.1.38.1
* helm-bash-completion-3.16.3-150000.1.38.1
* SUSE Package Hub 15 15-SP5 (noarch)
* helm-fish-completion-3.16.3-150000.1.38.1
* SUSE Package Hub 15 15-SP6 (noarch)
* helm-fish-completion-3.16.3-150000.1.38.1
## References:
* https://www.suse.com/security/cve/CVE-2024-25620.html
* https://www.suse.com/security/cve/CVE-2024-26147.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219969
* https://bugzilla.suse.com/show_bug.cgi?id=1220207
* https://jira.suse.com/browse/MSC-899
* https://jira.suse.com/browse/SMO-479
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20241205/fd7267c2/attachment.htm>
More information about the sle-updates
mailing list