Bugzilla – Bug 1215588
VUL-0: CVE-2023-25173, CVE-2022-41723: helm: need to update helm
Last modified: 2023-10-23 11:01:49 UTC
Helm (3.11.2) package in SUSE:SLE-15:Update need to be updated to the latest version 3.12.3 in order to mitigate CVE-2023-25173 and CVE-2022-41723.
as for the GO package it was built from or for embedded code?
Also helm currently still builds against go1.19, which is EOL. Please make it build against go1.21 or at least go1.20.
submitted as ibs rq 308907
This is an autogenerated message for OBS integration: This bug (1215588) was mentioned in https://build.opensuse.org/request/show/1115550 Factory / helm
SUSE-SU-2023:4124-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1183043, 1215588, 1215711 CVE References: CVE-2022-41723, CVE-2023-25173 Sources used: Containers Module 15-SP4 (src): helm-3.13.1-150000.1.26.1 Containers Module 15-SP5 (src): helm-3.13.1-150000.1.26.1 SUSE Package Hub 15 15-SP4 (src): helm-3.13.1-150000.1.26.1 SUSE Package Hub 15 15-SP5 (src): helm-3.13.1-150000.1.26.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): helm-3.13.1-150000.1.26.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): helm-3.13.1-150000.1.26.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): helm-3.13.1-150000.1.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): helm-3.13.1-150000.1.26.1 SUSE Enterprise Storage 7.1 (src): helm-3.13.1-150000.1.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done