Описание
Security update for helm
This update for helm fixes the following issues:
- CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238688).
Other fixes:
- Updated to version 3.17.2
- Updated to 0.37.0 for x/net
Список пакетов
Container suse/helm:latest
helm-3.17.2-150000.1.44.1
SUSE Linux Enterprise Micro 5.5
helm-3.17.2-150000.1.44.1
helm-bash-completion-3.17.2-150000.1.44.1
SUSE Linux Enterprise Module for Containers 15 SP6
helm-3.17.2-150000.1.44.1
helm-bash-completion-3.17.2-150000.1.44.1
helm-zsh-completion-3.17.2-150000.1.44.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
helm-fish-completion-3.17.2-150000.1.44.1
openSUSE Leap 15.6
helm-3.17.2-150000.1.44.1
helm-bash-completion-3.17.2-150000.1.44.1
helm-fish-completion-3.17.2-150000.1.44.1
helm-zsh-completion-3.17.2-150000.1.44.1
Ссылки
- Link for SUSE-SU-2025:1007-1
- E-Mail link for SUSE-SU-2025:1007-1
- SUSE Security Ratings
- SUSE Bug 1238688
- SUSE CVE CVE-2025-22870 page
Описание
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Затронутые продукты
Container suse/helm:latest:helm-3.17.2-150000.1.44.1
SUSE Linux Enterprise Micro 5.5:helm-3.17.2-150000.1.44.1
SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.2-150000.1.44.1
SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.2-150000.1.44.1
Ссылки
- CVE-2025-22870
- SUSE Bug 1238572
- SUSE Bug 1238611