Explore top 10 tips to secure your open-source projects now. Read More
×
This update for helm fixes the following issue
- CVE-2026-48978: oras.land/oras-go/v2/registry/remote/auth: malicious registry can hijack Bearer token realm to
exfiltrate credentials and refresh tokens (bsc#1270127).
Changes for helm:
- Update to version 3.21.2.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1235=1
- openSUSE Leap 16.0:
helm-3.21.2-160000.2.1
helm-bash-completion-3.21.2-160000.2.1
helm-fish-completion-3.21.2-160000.2.1
helm-zsh-completion-3.21.2-160000.2.1
* bsc#1270127
References:
* https://www.suse.com/security/cve/CVE-2026-48978.html
Get the latest Linux and open source security news straight to your inbox.