Описание
Security update for helm-mirror
This update for helm-mirror fixes the following issues:
- Updated to version 0.3.1:
- CVE-2019-18658: Fixed a potential symbolic link issue in helm that could be used to leak sensitive files (bsc#1156646).
Список пакетов
SUSE Linux Enterprise Module for Containers 15 SP3
helm-mirror-0.3.1-150000.1.13.1
SUSE Linux Enterprise Module for Containers 15 SP4
helm-mirror-0.3.1-150000.1.13.1
openSUSE Leap 15.3
helm-mirror-0.3.1-150000.1.13.1
openSUSE Leap 15.4
helm-mirror-0.3.1-150000.1.13.1
Ссылки
- Link for SUSE-SU-2022:1888-1
- E-Mail link for SUSE-SU-2022:1888-1
- SUSE Security Ratings
- SUSE Bug 1156646
- SUSE Bug 1197728
- SUSE CVE CVE-2019-18658 page
Описание
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.
Затронутые продукты
SUSE Linux Enterprise Module for Containers 15 SP3:helm-mirror-0.3.1-150000.1.13.1
SUSE Linux Enterprise Module for Containers 15 SP4:helm-mirror-0.3.1-150000.1.13.1
openSUSE Leap 15.3:helm-mirror-0.3.1-150000.1.13.1
openSUSE Leap 15.4:helm-mirror-0.3.1-150000.1.13.1
Ссылки
- CVE-2019-18658
- SUSE Bug 1156646