This update for helm fixes the following issues:
Update to version 3.20.2.
Security issued fixed:
- CVE-2025-55199: specially crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093).
- CVE-2026-35206: specially crafted Chart will have contents extracted to immediate output directory rather than to
expected output directory suffixed by the Chart's name (bsc#1261938).
Other updates and bugfixes:
- Version 3.20.1:
- chore(deps): bump the k8s-io group with 7 updates a2369ca (dependabot[bot])
- add image index test 90e1056 (Pedro Trres)
- fix pulling charts from OCI indices 911f2e9 (Pedro Trres)
- Remove refactorring changes from coalesce_test.go 76dad33 (Evans Mungai)
- Fix import 45c12f7 (Evans Mungai)
- Update pkg/chart/common/util/coalesce_test.go 26c6f19 (Evans Mungai)
- Fix lint warning 09f5129 (Evans Mungai)
- Preserve nil values in chart already 417deb2 (Evans Mungai)
- fix(values): preserve nil values when chart default is empty map...
Read the Full Advisory- openSUSE Leap 16.0:
helm-3.20.2-160000.1.1
helm-bash-completion-3.20.2-160000.1.1
helm-fish-completion-3.20.2-160000.1.1
helm-zsh-completion-3.20.2-160000.1.1
* bsc#1248093
* bsc#1261938
References:
* https://www.suse.com/security/cve/CVE-2025-55199.html
* https://www.suse.com/security/cve/CVE-2026-35206.html
Get the latest Linux and open source security news straight to your inbox.