<div class="container">
<h1>Recommended update for helm</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2024:4213-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2024-12-05T16:06:20Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219969">bsc#1219969</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220207">bsc#1220207</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/MSC-899">jsc#MSC-899</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/SMO-479">jsc#SMO-479</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-25620.html">CVE-2024-25620</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-26147.html">CVE-2024-26147</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-25620</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.4</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-26147</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Containers Module 15-SP5</li>
<li class="list-group-item">Containers Module 15-SP6</li>
<li class="list-group-item">openSUSE Leap 15.5</li>
<li class="list-group-item">openSUSE Leap 15.6</li>
<li class="list-group-item">openSUSE Leap Micro 5.5</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Micro 5.5</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li>
<li class="list-group-item">SUSE Package Hub 15 15-SP5</li>
<li class="list-group-item">SUSE Package Hub 15 15-SP6</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves two vulnerabilities and contains two features can now be installed.</p>
<h2>Description:</h2>
<p>helm was updated to fix the following issues:</p>
<p>Update to version 3.16.3:</p>
<ul>
<li>fix: fix label name</li>
<li>Fix typo in pkg/lint/rules/chartfile_test.go</li>
<li>Increasing the size of the runner used for releases.</li>
<li>fix(hooks): correct hooks delete order</li>
<li>Bump github.com/containerd/containerd from 1.7.12 to 1.7.23</li>
</ul>
<p>Update to version 3.16.2:</p>
<ul>
<li>Revering change unrelated to issue #13176</li>
<li>adds tests for handling of Helm index with broken chart
versions #13176</li>
<li>improves handling of Helm index with broken helm chart versions
#13176</li>
<li>Bump the k8s-io group with 7 updates</li>
<li>adding check-latest:true</li>
<li>Grammar fixes</li>
<li>Fix typos</li>
</ul>
<p>Update to version 3.16.1:</p>
<ul>
<li>bumping version to 1.22.7</li>
<li>Merge pull request #13327 from mattfarina/revert-11726</li>
</ul>
<p>Update to version 3.16.0:</p>
<p>Helm v3.16.0 is a feature release. Users are encouraged to
upgrade for the best experience.
* Notable Changes
- added sha512sum template function
- added ActiveHelp for cmds that don't take any more args
- drops very old Kubernetes versions support in helm create
- add --skip-schema-validation flag to helm 'install',
'upgrade' and 'lint'
- fixed bug to now use burst limit setting for discovery
- Added windows arm64 support
* Full changelog see
https://github.com/helm/helm/releases/tag/v3.16.0</p>
<p>Update to version 3.15.4:</p>
<ul>
<li>Bump the k8s-io group across 1 directory with 7 updates</li>
<li>Bump github.com/docker/docker</li>
</ul>
<hr />
<p>Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de</p>
<ul>
<li>Update to version 3.15.3:</li>
<li>fix(helm): Use burst limit setting for discovery</li>
<li>fixed dependency_update_test.go</li>
<li>fix(dependencyBuild): prevent race condition in concurrent helm
dependency</li>
<li>fix: respect proxy envvars on helm install/upgrade</li>
<li>Merge pull request #13085 from
alex-kattathra-johnson/issue-12961</li>
</ul>
<p>Update to version 3.15.2:</p>
<ul>
<li>fix: wrong cli description</li>
<li>fix typo in load_plugins.go</li>
<li>fix docs of DeployedAll</li>
<li>Bump github.com/docker/docker</li>
<li>bump oras minor version</li>
<li>feat(load.go): add warning on requirements.lock</li>
</ul>
<p>Update to version 3.15.1:</p>
<ul>
<li>Fixing build issue where wrong version is used</li>
</ul>
<p>Update to version 3.15.0:</p>
<p>Helm v3.15.0 is a feature release. Users are encouraged to
upgrade for the best experience.</p>
<ul>
<li>Updating to k8s 1.30 c4e37b3 (Matt Farina)</li>
<li>bump version to v3.15.0 d7afa3b (Matt Farina)</li>
<li>bump version to 7743467 (Matt Farina)</li>
<li>Fix namespace on kubeconfig error 214fb6e (Calvin Krist)</li>
<li>Update testdata PKI with keys that have validity until 3393
(Fixes #12880) 1b75d48 (Dirk Müller)</li>
<li>Modified how created annotation is populated based on package
creation time 0a69a0d (Andrew Block)</li>
<li>Enabling hide secrets on install and upgrade dry run 25c4738
(Matt Farina)</li>
<li>Fixing all the linting errors d58d7b3 (Robert Sirchia)</li>
<li>Add a note about --dry-run displaying secrets a23dd9e (Matt
Farina)</li>
<li>Updating .gitignore 8b424ba (Robert Sirchia)</li>
<li>add error messages 8d19bcb (George Jenkins)</li>
<li>Fix: Ignore alias validation error for index load 68294fd
(George Jenkins)</li>
<li>validation fix 8e6a514 (Matt Farina)</li>
<li>bug: add proxy support for oci getter 94c1dea (Ricardo
Maraschini)</li>
<li>Update architecture detection method 57a1bb8 (weidongkl)</li>
<li>Improve release action 4790bb9 (George Jenkins)</li>
<li>Fix grammatical error c25736c (Matt Carr)</li>
<li>Updated for review comments d2cf8c6 (MichaelMorris)</li>
<li>Add robustness to wait status checks fc74964 (MichaelMorris)</li>
<li>refactor: create a helper for checking if a release is
uninstalled f908379 (Alex Petrov)</li>
<li>fix: reinstall previously uninstalled chart with --keep-history
9e198fa (Alex Petrov)</li>
</ul>
<p>Update to version 3.14.4:</p>
<p>Helm v3.14.4 is a patch release. Users are encouraged to upgrade
for the best experience. Users are encouraged to upgrade for the
best experience.</p>
<ul>
<li>refactor: create a helper for checking if a release is
uninstalled 81c902a (Alex Petrov)</li>
<li>fix: reinstall previously uninstalled chart with --keep-history
5a11c76 (Alex Petrov)</li>
<li>bug: add proxy support for oci getter aa7d953 (Ricardo
Maraschini)</li>
</ul>
<p>Update to version 3.14.3:</p>
<ul>
<li>Add a note about --dry-run displaying secrets</li>
<li>add error messages</li>
<li>Fix: Ignore alias validation error for index load</li>
<li>Update architecture detection method</li>
</ul>
<p>Update to version 3.14.2 (bsc#1220207, CVE-2024-26147):</p>
<ul>
<li>Fix for uninitialized variable in yaml parsing</li>
</ul>
<p>Update to version 3.14.1 (bsc#1219969, CVE-2024-25620):</p>
<ul>
<li>validation fix</li>
</ul>
<p>Update to version 3.14.0:</p>
<ul>
<li>Notable Changes<ul>
<li>New helm search flag of --fail-on-no-result</li>
<li>Allow a nested tpl invocation access to defines</li>
<li>Speed up the tpl function</li>
<li>Added qps/HELM_QPS parameter that tells Kubernetes packages
how to operate</li>
<li>Added --kube-version to lint command</li>
<li>The ignore pkg is now public</li>
</ul>
</li>
<li>Changelog<ul>
<li>Improve release action</li>
<li>Fix issues when verify generation readiness was merged</li>
<li>fix test to use the default code's k8sVersionMinor</li>
<li>lint: Add --kube-version flag to set capabilities and
deprecation rules</li>
<li>Removing Asset Transparency</li>
<li>tests(pkg/engine): test RenderWithClientProvider</li>
<li>Make the <code>ignore</code> pkg public again</li>
<li>feature(pkg/engine): introduce RenderWithClientProvider</li>
<li>Updating Helm libraries for k8s 1.28.4</li>
<li>Remove excessive logging</li>
<li>Update CONTRIBUTING.md</li>
<li>Fixing release labelling in rollback</li>
<li>feat: move livenessProbe and readinessProbe values to default
values file</li>
<li>Revert "fix(main): fix basic auth for helm pull or push"</li>
<li>Revert "fix(registry): address anonymous pull issue"</li>
<li>Update get-helm-3</li>
<li>Drop filterSystemLabels usage from Query method</li>
<li>Apply review suggestions</li>
<li>Update get-helm-3 to get version through get.helm.sh</li>
<li>feat: print failed hook name</li>
<li>Fixing precedence issue with the import of values.</li>
<li>chore(create): indent to spaces</li>
<li>Allow using label selectors for system labels for sql
backend.</li>
<li>Allow using label selectors for system labels for secrets and
configmap backends.</li>
<li>remove useless print during prepareUpgrade</li>
<li>Add missing with clause to release gh action</li>
<li>FIX Default ServiceAccount yaml</li>
<li>fix(registry): address anonymous pull issue</li>
<li>fix(registry): unswallow error</li>
<li>Fix missing run statement on release action</li>
<li>Add qps/HELM_QPS parameter</li>
<li>Write latest version to get.helm.sh bucket</li>
<li>Increased release information key name max length.</li>
<li>Pin gox to specific commit</li>
<li>Remove <code>GoFish</code> from package managers for installing the
binary</li>
<li>Test update for "Allow a nested <code>tpl</code> invocation access to
<code>defines</code> in a containing one"</li>
<li>Test update for "Speed up <code>tpl</code>"</li>
<li>Add support for RISC-V</li>
<li>lint and validate dependency metadata to reference
dependencies with a unique key (name or alias)</li>
<li>Work around template.Clone omitting options</li>
<li>fix: pass 'passCredentialsAll' as env-var to getter</li>
<li>feat: pass basic auth to env-vars when running download
plugins</li>
<li>helm search: New CLI Flag --fail-on-no-result</li>
<li>Update pkg/kube/ready.go</li>
<li>fix post install hook deletion due to before-hook-creation
policy</li>
<li>Allow a nested <code>tpl</code> invocation access to <code>defines</code> in a
containing one</li>
<li>Remove the 'reference templates' concept</li>
<li>Speed up <code>tpl</code></li>
<li>ready checker- comment update</li>
<li>ready checker- remove duplicate statefulset generational
check</li>
<li>Verify generation in readiness checks</li>
<li>feat(helm): add --reset-then-reuse-values flag to 'helm
upgrade'</li>
</ul>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap Micro 5.5
<br/>
<code>zypper in -t patch openSUSE-Leap-Micro-5.5-2024-4213=1</code>
</li>
<li class="list-group-item">
openSUSE Leap 15.5
<br/>
<code>zypper in -t patch openSUSE-SLE-15.5-2024-4213=1</code>
</li>
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch openSUSE-SLE-15.6-2024-4213=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Micro 5.5
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-5.5-2024-4213=1</code>
</li>
<li class="list-group-item">
Containers Module 15-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-4213=1</code>
</li>
<li class="list-group-item">
Containers Module 15-SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-4213=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4213=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4213=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap Micro 5.5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>helm-debuginfo-3.16.3-150000.1.38.1</li>
<li>helm-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
openSUSE Leap Micro 5.5 (noarch)
<ul>
<li>helm-zsh-completion-3.16.3-150000.1.38.1</li>
<li>helm-bash-completion-3.16.3-150000.1.38.1</li>
<li>helm-fish-completion-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>helm-debuginfo-3.16.3-150000.1.38.1</li>
<li>helm-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.5 (noarch)
<ul>
<li>helm-zsh-completion-3.16.3-150000.1.38.1</li>
<li>helm-bash-completion-3.16.3-150000.1.38.1</li>
<li>helm-fish-completion-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
<ul>
<li>helm-debuginfo-3.16.3-150000.1.38.1</li>
<li>helm-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (noarch)
<ul>
<li>helm-zsh-completion-3.16.3-150000.1.38.1</li>
<li>helm-bash-completion-3.16.3-150000.1.38.1</li>
<li>helm-fish-completion-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>helm-debuginfo-3.16.3-150000.1.38.1</li>
<li>helm-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Micro 5.5 (noarch)
<ul>
<li>helm-bash-completion-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>helm-debuginfo-3.16.3-150000.1.38.1</li>
<li>helm-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
Containers Module 15-SP5 (noarch)
<ul>
<li>helm-zsh-completion-3.16.3-150000.1.38.1</li>
<li>helm-bash-completion-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
<ul>
<li>helm-debuginfo-3.16.3-150000.1.38.1</li>
<li>helm-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
Containers Module 15-SP6 (noarch)
<ul>
<li>helm-zsh-completion-3.16.3-150000.1.38.1</li>
<li>helm-bash-completion-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP5 (noarch)
<ul>
<li>helm-fish-completion-3.16.3-150000.1.38.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP6 (noarch)
<ul>
<li>helm-fish-completion-3.16.3-150000.1.38.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-25620.html">https://www.suse.com/security/cve/CVE-2024-25620.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-26147.html">https://www.suse.com/security/cve/CVE-2024-26147.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219969">https://bugzilla.suse.com/show_bug.cgi?id=1219969</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220207">https://bugzilla.suse.com/show_bug.cgi?id=1220207</a>
</li>
<li>
<a href="https://jira.suse.com/browse/MSC-899">https://jira.suse.com/browse/MSC-899</a>
</li>
<li>
<a href="https://jira.suse.com/browse/SMO-479">https://jira.suse.com/browse/SMO-479</a>
</li>
</ul>
</div>