SUSE-RU-2024:4213-1: moderate: Recommended update for helm

5 Dec 2024

      # Recommended update for helm

Announcement ID: SUSE-RU-2024:4213-1  
Release Date: 2024-12-05T16:06:20Z  
Rating: moderate  
References:

  * bsc#1219969
  * bsc#1220207
  * jsc#MSC-899
  * jsc#SMO-479

Cross-References:

  * CVE-2024-25620
  * CVE-2024-26147

CVSS scores:

  * CVE-2024-25620 ( SUSE ):  6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
  * CVE-2024-26147 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

  * Containers Module 15-SP5
  * Containers Module 15-SP6
  * openSUSE Leap 15.5
  * openSUSE Leap 15.6
  * openSUSE Leap Micro 5.5
  * SUSE Linux Enterprise Desktop 15 SP5
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Real Time 15 SP5
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6
  * SUSE Package Hub 15 15-SP5
  * SUSE Package Hub 15 15-SP6

An update that solves two vulnerabilities and contains two features can now be
installed.

## Description:

helm was updated to fix the following issues:

Update to version 3.16.3:

  * fix: fix label name
  * Fix typo in pkg/lint/rules/chartfile_test.go
  * Increasing the size of the runner used for releases.
  * fix(hooks): correct hooks delete order
  * Bump github.com/containerd/containerd from 1.7.12 to 1.7.23

Update to version 3.16.2:

  * Revering change unrelated to issue #13176
  * adds tests for handling of Helm index with broken chart versions #13176
  * improves handling of Helm index with broken helm chart versions #13176
  * Bump the k8s-io group with 7 updates
  * adding check-latest:true
  * Grammar fixes
  * Fix typos

Update to version 3.16.1:

  * bumping version to 1.22.7
  * Merge pull request #13327 from mattfarina/revert-11726

Update to version 3.16.0:

Helm v3.16.0 is a feature release. Users are encouraged to upgrade for the best
experience. * Notable Changes \- added sha512sum template function \- added
ActiveHelp for cmds that don't take any more args \- drops very old Kubernetes
versions support in helm create \- add --skip-schema-validation flag to helm
'install', 'upgrade' and 'lint' \- fixed bug to now use burst limit setting for
discovery \- Added windows arm64 support * Full changelog see
https://github.com/helm/helm/releases/tag/v3.16.0

Update to version 3.15.4:

  * Bump the k8s-io group across 1 directory with 7 updates
  * Bump github.com/docker/docker

* * *

Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de

  * Update to version 3.15.3:
  * fix(helm): Use burst limit setting for discovery
  * fixed dependency_update_test.go
  * fix(dependencyBuild): prevent race condition in concurrent helm dependency
  * fix: respect proxy envvars on helm install/upgrade
  * Merge pull request #13085 from alex-kattathra-johnson/issue-12961

Update to version 3.15.2:

  * fix: wrong cli description
  * fix typo in load_plugins.go
  * fix docs of DeployedAll
  * Bump github.com/docker/docker
  * bump oras minor version
  * feat(load.go): add warning on requirements.lock

Update to version 3.15.1:

  * Fixing build issue where wrong version is used

Update to version 3.15.0:

Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best
experience.

  * Updating to k8s 1.30 c4e37b3 (Matt Farina)
  * bump version to v3.15.0 d7afa3b (Matt Farina)
  * bump version to 7743467 (Matt Farina)
  * Fix namespace on kubeconfig error 214fb6e (Calvin Krist)
  * Update testdata PKI with keys that have validity until 3393 (Fixes #12880)
    1b75d48 (Dirk MÃ¼ller)
  * Modified how created annotation is populated based on package creation time
    0a69a0d (Andrew Block)
  * Enabling hide secrets on install and upgrade dry run 25c4738 (Matt Farina)
  * Fixing all the linting errors d58d7b3 (Robert Sirchia)
  * Add a note about --dry-run displaying secrets a23dd9e (Matt Farina)
  * Updating .gitignore 8b424ba (Robert Sirchia)
  * add error messages 8d19bcb (George Jenkins)
  * Fix: Ignore alias validation error for index load 68294fd (George Jenkins)
  * validation fix 8e6a514 (Matt Farina)
  * bug: add proxy support for oci getter 94c1dea (Ricardo Maraschini)
  * Update architecture detection method 57a1bb8 (weidongkl)
  * Improve release action 4790bb9 (George Jenkins)
  * Fix grammatical error c25736c (Matt Carr)
  * Updated for review comments d2cf8c6 (MichaelMorris)
  * Add robustness to wait status checks fc74964 (MichaelMorris)
  * refactor: create a helper for checking if a release is uninstalled f908379
    (Alex Petrov)
  * fix: reinstall previously uninstalled chart with --keep-history 9e198fa
    (Alex Petrov)

Update to version 3.14.4:

Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best
experience. Users are encouraged to upgrade for the best experience.

  * refactor: create a helper for checking if a release is uninstalled 81c902a
    (Alex Petrov)
  * fix: reinstall previously uninstalled chart with --keep-history 5a11c76
    (Alex Petrov)
  * bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini)

Update to version 3.14.3:

  * Add a note about --dry-run displaying secrets
  * add error messages
  * Fix: Ignore alias validation error for index load
  * Update architecture detection method

Update to version 3.14.2 (bsc#1220207, CVE-2024-26147):

  * Fix for uninitialized variable in yaml parsing

Update to version 3.14.1 (bsc#1219969, CVE-2024-25620):

  * validation fix

Update to version 3.14.0:

  * Notable Changes
    * New helm search flag of --fail-on-no-result
    * Allow a nested tpl invocation access to defines
    * Speed up the tpl function
    * Added qps/HELM_QPS parameter that tells Kubernetes packages how to operate
    * Added --kube-version to lint command
    * The ignore pkg is now public
  * Changelog
    * Improve release action
    * Fix issues when verify generation readiness was merged
    * fix test to use the default code's k8sVersionMinor
    * lint: Add --kube-version flag to set capabilities and deprecation rules
    * Removing Asset Transparency
    * tests(pkg/engine): test RenderWithClientProvider
    * Make the `ignore` pkg public again
    * feature(pkg/engine): introduce RenderWithClientProvider
    * Updating Helm libraries for k8s 1.28.4
    * Remove excessive logging
    * Update CONTRIBUTING.md
    * Fixing release labelling in rollback
    * feat: move livenessProbe and readinessProbe values to default values file
    * Revert "fix(main): fix basic auth for helm pull or push"
    * Revert "fix(registry): address anonymous pull issue"
    * Update get-helm-3
    * Drop filterSystemLabels usage from Query method
    * Apply review suggestions
    * Update get-helm-3 to get version through get.helm.sh
    * feat: print failed hook name
    * Fixing precedence issue with the import of values.
    * chore(create): indent to spaces
    * Allow using label selectors for system labels for sql backend.
    * Allow using label selectors for system labels for secrets and configmap backends.
    * remove useless print during prepareUpgrade
    * Add missing with clause to release gh action
    * FIX Default ServiceAccount yaml
    * fix(registry): address anonymous pull issue
    * fix(registry): unswallow error
    * Fix missing run statement on release action
    * Add qps/HELM_QPS parameter
    * Write latest version to get.helm.sh bucket
    * Increased release information key name max length.
    * Pin gox to specific commit
    * Remove `GoFish` from package managers for installing the binary
    * Test update for "Allow a nested `tpl` invocation access to `defines` in a containing one"
    * Test update for "Speed up `tpl`"
    * Add support for RISC-V
    * lint and validate dependency metadata to reference dependencies with a unique key (name or alias)
    * Work around template.Clone omitting options
    * fix: pass 'passCredentialsAll' as env-var to getter
    * feat: pass basic auth to env-vars when running download plugins
    * helm search: New CLI Flag --fail-on-no-result
    * Update pkg/kube/ready.go
    * fix post install hook deletion due to before-hook-creation policy
    * Allow a nested `tpl` invocation access to `defines` in a containing one
    * Remove the 'reference templates' concept
    * Speed up `tpl`
    * ready checker- comment update
    * ready checker- remove duplicate statefulset generational check
    * Verify generation in readiness checks
    * feat(helm): add --reset-then-reuse-values flag to 'helm upgrade'

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap Micro 5.5  
    zypper in -t patch openSUSE-Leap-Micro-5.5-2024-4213=1

  * openSUSE Leap 15.5  
    zypper in -t patch openSUSE-SLE-15.5-2024-4213=1

  * openSUSE Leap 15.6  
    zypper in -t patch openSUSE-SLE-15.6-2024-4213=1

  * SUSE Linux Enterprise Micro 5.5  
    zypper in -t patch SUSE-SLE-Micro-5.5-2024-4213=1

  * Containers Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-4213=1

  * Containers Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-4213=1

  * SUSE Package Hub 15 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4213=1

  * SUSE Package Hub 15 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4213=1

## Package List:

  * openSUSE Leap Micro 5.5 (aarch64 ppc64le s390x x86_64)
    * helm-debuginfo-3.16.3-150000.1.38.1
    * helm-3.16.3-150000.1.38.1
  * openSUSE Leap Micro 5.5 (noarch)
    * helm-zsh-completion-3.16.3-150000.1.38.1
    * helm-bash-completion-3.16.3-150000.1.38.1
    * helm-fish-completion-3.16.3-150000.1.38.1
  * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
    * helm-debuginfo-3.16.3-150000.1.38.1
    * helm-3.16.3-150000.1.38.1
  * openSUSE Leap 15.5 (noarch)
    * helm-zsh-completion-3.16.3-150000.1.38.1
    * helm-bash-completion-3.16.3-150000.1.38.1
    * helm-fish-completion-3.16.3-150000.1.38.1
  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    * helm-debuginfo-3.16.3-150000.1.38.1
    * helm-3.16.3-150000.1.38.1
  * openSUSE Leap 15.6 (noarch)
    * helm-zsh-completion-3.16.3-150000.1.38.1
    * helm-bash-completion-3.16.3-150000.1.38.1
    * helm-fish-completion-3.16.3-150000.1.38.1
  * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
    * helm-debuginfo-3.16.3-150000.1.38.1
    * helm-3.16.3-150000.1.38.1
  * SUSE Linux Enterprise Micro 5.5 (noarch)
    * helm-bash-completion-3.16.3-150000.1.38.1
  * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
    * helm-debuginfo-3.16.3-150000.1.38.1
    * helm-3.16.3-150000.1.38.1
  * Containers Module 15-SP5 (noarch)
    * helm-zsh-completion-3.16.3-150000.1.38.1
    * helm-bash-completion-3.16.3-150000.1.38.1
  * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * helm-debuginfo-3.16.3-150000.1.38.1
    * helm-3.16.3-150000.1.38.1
  * Containers Module 15-SP6 (noarch)
    * helm-zsh-completion-3.16.3-150000.1.38.1
    * helm-bash-completion-3.16.3-150000.1.38.1
  * SUSE Package Hub 15 15-SP5 (noarch)
    * helm-fish-completion-3.16.3-150000.1.38.1
  * SUSE Package Hub 15 15-SP6 (noarch)
    * helm-fish-completion-3.16.3-150000.1.38.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-25620.html
  * https://www.suse.com/security/cve/CVE-2024-26147.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1219969
  * https://bugzilla.suse.com/show_bug.cgi?id=1220207
  * https://jira.suse.com/browse/MSC-899
  * https://jira.suse.com/browse/SMO-479

OPENSUSE-UPDATES

tags

participants (1)