openSUSE Security Update: Security update for helm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1703-1 Rating: moderate References: #1118897 #1118898 #1118899 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for helm to version 2.13.1 fixes the following issues: - set correct git_commit value so that 'helm version' reports correctly - added service file for helm-serve - Require golang 1.10.6 or newer - Tiller should only enforce what we expect from Helm - Keepalive config should be independent of TLS - Bump client side grpc max msg size - Update deprecated grpc dial timeout - Includes fixes which allow Helm to correctly recognize resources created using the K8S 1.8/1.9 API namespaces Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2019-1703=1 Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): helm-2.13.1-5.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org