Fedora 37: FEDORA-2023-c9b2182a4e Critical: helm Security Fix

Helm is a tool for managing Charts. Charts are packages of pre-configured

Kubernetes resources.

Use Helm to:

- Find and use popular software packaged as Helm Charts to run in Kubernetes

- Share your own applications as Helm Charts

- Create reproducible builds of your Kubernetes applications

- Intelligently manage your Kubernetes manifest files

- Manage releases of Helm packages

Update helm to 3.11.1, resolving multiple security issues

* Tue Feb 21 2023 Davide Cavalca - 3.11.1-1

- Update to 3.11.1; Fixes: RHBZ#1977738, RHBZ#2045644, RHBZ#2138841,

RHBZ#2142198, RHBZ#2142210, RHBZ#2097975, RHBZ#2155938, RHBZ#2155939,

RHBZ#2163231, RHBZ#1971091, RHBZ#1971029

* Thu Jan 19 2023 Fedora Release Engineering - 3.5.4-8

- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

* Wed Aug 10 2022 Maxwell G - 3.5.4-7

- Rebuild to fix FTBFS

* Thu Jul 21 2022 Fedora Release Engineering - 3.5.4-6

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Tue Jul 19 2022 Maxwell G - 3.5.4-5

- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in

golang

* Sat Jul 9 2022 Maxwell G - 3.5.4-4

- Rebuild for CVE-2022-{24675,28327,29526 in golang}

* Thu Jan 20 2022 Fedora Release Engineering - 3.5.4-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

[ 1 ] Bug #1971029 - Cannot build for s390x due to missing dependency

https://bugzilla.redhat.com/show_bug.cgi?id=1971029

[ 2 ] Bug #1971091 - Test failures on 32bit arches

https://bugzilla.redhat.com/show_bug.cgi?id=1971091

[ 3 ] Bug #1977738 - golang-helm-3-3.11.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1977738

[ 4 ] Bug #2045644 - golang-helm-3: FTBFS in Fedora rawhide/f36

https://bugzilla.redhat.com/show_bug.cgi?id=2045644

[ 5 ] Bug #2097975 - CVE-2022-1996 golang-helm-3: go-restful: Authorization Bypass Through User-Controlled Key [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2097975

[ 6 ] Bug #2138841 - F38FailsToInstall: golang-helm-3-devel

https://bugzilla.redhat.com/show_bug.cgi?id=2138841

[ 7 ] Bug #2142198 - F37FailsToInstall: golang-helm-3-devel

https://bugzilla.redhat.com/show_bug.cgi?id=2142198

[ 8 ] Bug #2142210 - F36FailsToInstall: golang-helm-3-devel

https://bugzilla.redhat.com/show_bug.cgi?id=2142210

[ 9 ] Bug #2155938 - CVE-2022-23526 golang-helm-3: helm: Denial of service through schema file [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2155938

[ 10 ] Bug #2155939 - CVE-2022-23524 golang-helm-3: helm: Denial of service through string value parsing [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2155939

[ 11 ] Bug #2163231 - CVE-2022-41717 golang-helm-3: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2163231

su -c 'dnf upgrade --advisory FEDORA-2023-c9b2182a4e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: