Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisorycriticalpatchSUSE Linux Micro 6.0: 2025:20196-1 important helm patch announcements
* bsc#1219969 * bsc#1220207 * bsc#1234482 * bsc#1235318 * bsc#1238688 . # Security update for helm Announcement ID: SUSE-SU-2025:20196-1 Release Date: 2025-04-22T14:06:49Z Rating: important References: * bsc#1219969 * bsc#1220207 * bsc#1234482 * bsc#1235318 * bsc#1238688 Cross-References: * CVE-2024-25620 * CVE-2024-26147 * CVE-2024-45337 * CVE-2024-45338 * CVE-2025-22870 CVSS scores: * CVE-2024-25620 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2024-25620 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2024-25620 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2024-26147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26147 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26147 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45338 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-22870 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2025-22870 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for helm fixes the following issues: * Update to version 3.17.2 (bsc#1238688, CVE-2025-22870): * Updating to 0.37.0 for x/net * build(deps): bump the k8s-io group with 7 updates * Update to version 3.17.1: * merge null child chart objects * build(deps): bump the k8s-io group with 7 updates * fix:check group for resource info match * Update to 3.17.0 (bsc#1235318, CVE-2024-45338): Full changelog: https://github.com/helm/helm/releases/tag/v3.17.0 * Notable Changes * Allow pulling and installation by OCI digest * Annotations and dependencies are now in chart metadata output * New --take-ownership flag for install and upgrade commands * SDK: Authorizer and registry authorizer are now configurable * Removed the Kubernetes configuration file permissions check * Added username/password to helm push and dependency build/update subcommands * Added toYamlPretty template function * Update to version 3.16.4 (bsc#1234482, CVE-2024-45337): * Bump golang.org/x/crypto from 0.30.0 to 0.31.0 * Bump the k8s-io group with 7 updates ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-291=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * helm-debuginfo-3.17.2-1.1 * helm-3.17.2-1.1 * SUSE Linux Micro 6.0 (noarch) * helm-bash-completion-3.17.2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-25620.html * https://www.suse.com/security/cve/CVE-2024-26147.html * https://www.suse.com/security/cve/CVE-2024-45337.html * https://www.suse.com/security/cve/CVE-2024-45338.html * https://www.suse.com/security/cve/CVE-2025-22870.html * https://bugzilla.suse.com/show_bug.cgi?id=1219969 * https://bugzilla.suse.com/show_bug.cgi?id=1220207 * https://bugzilla.suse.com/show_bug.cgi?id=1234482 * https://bugzilla.suse.com/show_bug.cgi?id=1235318 * https://bugzilla.suse.com/show_bug.cgi?id=1238688 . SUSE Linux Micro 6.0 crucial helm security patch tackling several vulnerabilities. Safeguard your systems now.. Security Updates, Helm, SUSE Linux, Open Source, Cybersecurity. . Severity: Important.LinuxSecurity.com Team
Jun 04, 2025
•Important
SuSE
202
security advisorymoderate severitydependency managementopenSUSE: 2024:1137-1 Moderate: Helm Directory Access Security Update
This update for helm fixes the following issues: CVE-2024-25620: Fixed with dependency management path traversal (bsc#1219969).. # Security update for helm Announcement ID: SUSE-SU-2024:1137-1 Rating: moderate References: * bsc#1219969 * bsc#1220207 Cross-References: * CVE-2024-25620 * CVE-2024-26147 CVSS scores: * CVE-2024-25620 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2024-26147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for helm fixes the following issues: * CVE-2024-25620: Fixed with dependency management path traversal (bsc#1219969). * CVE-2024-26147: Fixed uninitialized variable in yaml parsing (bsc#1220207). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1137=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-1137=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1137=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * helm-3.13.3-150000.1.32.1 * helm-debuginfo-3.13.3-150000.1.32.1 * openSUSE Leap 15.5 (noarch) * helm-zsh-completion-3.13.3-150000.1.32.1 * helm-bash-completion-3.13.3-150000.1.32.1 * helm-fish-completion-3.13.3-150000.1.32.1 * Containers Module 15-SP5(aarch64 ppc64le s390x x86_64) * helm-3.13.3-150000.1.32.1 * helm-debuginfo-3.13.3-150000.1.32.1 * Containers Module 15-SP5 (noarch) * helm-zsh-completion-3.13.3-150000.1.32.1 * helm-bash-completion-3.13.3-150000.1.32.1 * SUSE Package Hub 15 15-SP5 (noarch) * helm-fish-completion-3.13.3-150000.1.32.1 ## References: * https://www.suse.com/security/cve/CVE-2024-25620.html * https://www.suse.com/security/cve/CVE-2024-26147.html * https://bugzilla.suse.com/show_bug.cgi?id=1219969 * https://bugzilla.suse.com/show_bug.cgi?id=1220207 . Security patch released for helm tackling vulnerabilities CVE-2024-25620 and CVE-2024-26147 on openSUSE platforms.. helm update, openSUSE security, dependency management, path traversal, uninitialized variables. . LinuxSecurity.com Team
Apr 08, 2024
OpenSUSE
100
security advisorymoderate severitysuseSUSE: 2023:4250-2 moderate: suse/helm memory corruption vulnerability
The container suse/helm was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4250-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.28 , suse/helm:latest Container Release : 3.28 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated . SUSE: 2023:4270-1 has released updates for suse/docker that include patches correcting moderate severity flaws in libgcrypt.. SUSE Container Update,suse/helm,Security Updates,ncurses,Segmentation Fault. . LinuxSecurity.com Team
Dec 22, 2023
SuSE
89
security advisorydenial of serviceFedoraFedora 36: FEDORA-2023-6550d9323b Critical: Helm Security Fixes
Update helm to 3.11.1, resolving multiple security issues. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-6550d9323b 2023-02-23 01:24:11.817167 --------------------------------------------------------------------------------Name : golang-oras-2 Product : Fedora 36 Version : 2.0.0~rc.4 Release : 1.fc36 URL : https://github.com/oras-project/oras-go Summary : ORAS Go library Description : ORAS Go library. --------------------------------------------------------------------------------Update Information: Update helm to 3.11.1, resolving multiple security issues --------------------------------------------------------------------------------ChangeLog: * Tue Feb 21 2023 Davide Cavalca - 2.0.0~rc.4-1 - Initial import; Fixes: RHBZ#2172237 --------------------------------------------------------------------------------References: [ 1 ] Bug #1971029 - Cannot build for s390x due to missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1971029 [ 2 ] Bug #1971091 - Test failures on 32bit arches https://bugzilla.redhat.com/show_bug.cgi?id=1971091 [ 3 ] Bug #1977738 - golang-helm-3-3.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1977738 [ 4 ] Bug #2045644 - golang-helm-3: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045644 [ 5 ] Bug #2097975 - CVE-2022-1996 golang-helm-3: go-restful: Authorization Bypass Through User-Controlled Key [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2097975 [ 6 ] Bug #2138841 - F38FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2138841 [ 7 ] Bug #2142198 - F37FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2142198 [ 8 ] Bug #2142210 - F36FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2142210 [ 9 ] Bug #2155938 -CVE-2022-23526 golang-helm-3: helm: Denial of service through schema file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2155938 [ 10 ] Bug #2155939 - CVE-2022-23524 golang-helm-3: helm: Denial of service through string value parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2155939 [ 11 ] Bug #2163231 - CVE-2022-41717 golang-helm-3: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2163231 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-6550d9323b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 23, 2023
•Critical
Fedora
89
security advisorycritical issuefedoraFedora 36: FEDORA-2023-6550d9323b Critical: Helm DoS Vulnerability Fix
Update helm to 3.11.1, resolving multiple security issues. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-6550d9323b 2023-02-23 01:24:11.817167 --------------------------------------------------------------------------------Name : golang-oras Product : Fedora 36 Version : 0.15.1 Release : 1.20221105git690716b.fc36 URL : https://github.com/oras-project/oras Summary : Work with OCI registries, but for secure supply chain Description : Work with OCI registries, but for secure supply chain - managing content like artifacts, images, SBOM. --------------------------------------------------------------------------------Update Information: Update helm to 3.11.1, resolving multiple security issues --------------------------------------------------------------------------------ChangeLog: * Tue Feb 21 2023 Davide Cavalca - 0.15.1-1 - Initial import; Fixes: RHBZ#2172238 --------------------------------------------------------------------------------References: [ 1 ] Bug #1971029 - Cannot build for s390x due to missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1971029 [ 2 ] Bug #1971091 - Test failures on 32bit arches https://bugzilla.redhat.com/show_bug.cgi?id=1971091 [ 3 ] Bug #1977738 - golang-helm-3-3.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1977738 [ 4 ] Bug #2045644 - golang-helm-3: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045644 [ 5 ] Bug #2097975 - CVE-2022-1996 golang-helm-3: go-restful: Authorization Bypass Through User-Controlled Key [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2097975 [ 6 ] Bug #2138841 - F38FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2138841 [ 7 ] Bug #2142198 - F37FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2142198 [ 8 ] Bug#2142210 - F36FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2142210 [ 9 ] Bug #2155938 - CVE-2022-23526 golang-helm-3: helm: Denial of service through schema file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2155938 [ 10 ] Bug #2155939 - CVE-2022-23524 golang-helm-3: helm: Denial of service through string value parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2155939 [ 11 ] Bug #2163231 - CVE-2022-41717 golang-helm-3: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2163231 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-6550d9323b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 23, 2023
•Critical
Fedora
100
security advisorydenial of servicesoftware updateSUSE Linux 15-SP4: SUSE-SU-2022:4606-1 Moderate Helm Denial Of Service
An update that fixes 5 vulnerabilities is now available. . SUSE Security Update: Security update for helm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4606-1 Rating: moderate References: #1181419 #1206467 #1206469 #1206471 Cross-References: CVE-2021-21272 CVE-2022-1996 CVE-2022-23524 CVE-2022-23525 CVE-2022-23526 CVSS scores: CVE-2021-21272 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1996 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-23524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23524 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23525 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23525 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23526 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23526 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This updatefor helm fixes the following issues: Update to version 3.10.3: - CVE-2022-23524: Fixed a denial of service in the string value parsing (bsc#1206467). - CVE-2022-23525: Fixed a denial of service with the repository index file (bsc#1206469). - CVE-2022-23526: Fixed a denial of service in the schema file handling (bsc#1206471). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4606=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4606=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4606=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4606=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): helm-3.10.3-150000.1.13.1 helm-debuginfo-3.10.3-150000.1.13.1 - openSUSE Leap 15.4 (noarch): helm-bash-completion-3.10.3-150000.1.13.1 helm-fish-completion-3.10.3-150000.1.13.1 helm-zsh-completion-3.10.3-150000.1.13.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): helm-3.10.3-150000.1.13.1 helm-debuginfo-3.10.3-150000.1.13.1 - openSUSE Leap 15.3 (noarch): helm-bash-completion-3.10.3-150000.1.13.1 helm-fish-completion-3.10.3-150000.1.13.1 helm-zsh-completion-3.10.3-150000.1.13.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): helm-fish-completion-3.10.3-150000.1.13.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): helm-3.10.3-150000.1.13.1 helm-debuginfo-3.10.3-150000.1.13.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): helm-bash-completion-3.10.3-150000.1.13.1 helm-zsh-completion-3.10.3-150000.1.13.1 References: https://www.suse.com/security/cve/CVE-2021-21272.html https://www.suse.com/security/cve/CVE-2022-1996.html https://www.suse.com/security/cve/CVE-2022-23524.html https://www.suse.com/security/cve/CVE-2022-23525.html https://www.suse.com/security/cve/CVE-2022-23526.html https://bugzilla.suse.com/1181419 https://bugzilla.suse.com/1206467 https://bugzilla.suse.com/1206469 https://bugzilla.suse.com/1206471 . Red Hat has issued a security patch for Kubernetes, focusing on addressing issues of moderate severity and offering guidance for application of the fixes to users.. SUSE Linux, helm security, denial of service, patch update, security fix. . LinuxSecurity.com Team
Dec 22, 2022
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!