Описание
Security update for helm
This update for helm fixes the following issues:
- Update to version 3.19.1
- CVE-2025-53547: Fixed local code execution in Helm Chart. (bsc#1246152)
- CVE-2025-58190: Fixed excessive memory consumption by
html.ParseFragmentwhen processing specially crafted input. (bsc#1251649) - CVE-2025-47911: Fixed various algorithms with quadratic complexity when parsing HTML documents. (bsc#1251442)
Список пакетов
SUSE Enterprise Storage 7.1
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Micro 5.5
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Module for Containers 15 SP6
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Module for Containers 15 SP7
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
helm-fish-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
helm-fish-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Server 15 SP3-LTSS
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Server 15 SP4-LTSS
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Server 15 SP5-LTSS
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
openSUSE Leap 15.6
helm-3.19.1-150000.1.57.1
helm-bash-completion-3.19.1-150000.1.57.1
helm-fish-completion-3.19.1-150000.1.57.1
helm-zsh-completion-3.19.1-150000.1.57.1
Ссылки
- Link for SUSE-SU-2025:4190-1
- E-Mail link for SUSE-SU-2025:4190-1
- SUSE Security Ratings
- SUSE Bug 1246152
- SUSE Bug 1251442
- SUSE Bug 1251649
- SUSE CVE CVE-2025-47911 page
- SUSE CVE CVE-2025-53547 page
- SUSE CVE CVE-2025-58190 page
Описание
unknown
Затронутые продукты
SUSE Enterprise Storage 7.1:helm-3.19.1-150000.1.57.1
SUSE Enterprise Storage 7.1:helm-bash-completion-3.19.1-150000.1.57.1
SUSE Enterprise Storage 7.1:helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.19.1-150000.1.57.1
Ссылки
- CVE-2025-47911
- SUSE Bug 1251308
Описание
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.
Затронутые продукты
SUSE Enterprise Storage 7.1:helm-3.19.1-150000.1.57.1
SUSE Enterprise Storage 7.1:helm-bash-completion-3.19.1-150000.1.57.1
SUSE Enterprise Storage 7.1:helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.19.1-150000.1.57.1
Ссылки
- CVE-2025-53547
- SUSE Bug 1246150
Описание
unknown
Затронутые продукты
SUSE Enterprise Storage 7.1:helm-3.19.1-150000.1.57.1
SUSE Enterprise Storage 7.1:helm-bash-completion-3.19.1-150000.1.57.1
SUSE Enterprise Storage 7.1:helm-zsh-completion-3.19.1-150000.1.57.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.19.1-150000.1.57.1
Ссылки
- CVE-2025-58190
- SUSE Bug 1251309