{"affected":[{"ecosystem_specific":{"binaries":[{"helm":"3.18.3-150000.1.50.1","helm-bash-completion":"3.18.3-150000.1.50.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.18.3-150000.1.50.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm":"3.18.3-150000.1.50.1","helm-bash-completion":"3.18.3-150000.1.50.1","helm-zsh-completion":"3.18.3-150000.1.50.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP6","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.18.3-150000.1.50.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm":"3.18.3-150000.1.50.1","helm-bash-completion":"3.18.3-150000.1.50.1","helm-zsh-completion":"3.18.3-150000.1.50.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP7","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.18.3-150000.1.50.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm-fish-completion":"3.18.3-150000.1.50.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.18.3-150000.1.50.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm-fish-completion":"3.18.3-150000.1.50.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP7","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.18.3-150000.1.50.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm":"3.18.3-150000.1.50.1","helm-bash-completion":"3.18.3-150000.1.50.1","helm-fish-completion":"3.18.3-150000.1.50.1","helm-zsh-completion":"3.18.3-150000.1.50.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"helm","purl":"pkg:rpm/opensuse/helm&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.18.3-150000.1.50.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for helm fixes the following issues:\n\nUpdate to version 3.18.3:\n\n  * build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0\n    6838ebc (dependabot[bot])\n  * fix: user username password for login 5b9e2f6 (Terry Howe)\n  * Update pkg/registry/transport.go 2782412 (Terry Howe)\n  * Update pkg/registry/transport.go e66cf6a (Terry Howe)\n  * fix: add debug logging to oci transport 191f05c (Terry Howe)\n\nUpdate to version 3.18.2:\n\n  * fix: legacy docker support broken for login 04cad46 (Terry\n    Howe)\n  * Handle an empty registry config file. bc9f8a2 (Matt Farina)\n\nUpdate to version 3.18.1:\n\n  * Notes:\n\n    - This release fixes regressions around template generation and\n      OCI registry interaction in 3.18.0\n    - There are at least 2 known regressions unaddressed in this\n      release. They are being worked on.\n      - Empty registry configuration files. When the file exists\n        but it is empty.\n      - Login to Docker Hub on some domains fails.\n\n  * Changelog\n\n    - fix(client): skipnode utilization for PreCopy\n    - fix(client): layers now returns manifest - remove duplicate\n      from descriptors\n    - fix(client): return nil on non-allowed media types\n    - Prevent fetching newReference again as we have in calling\n      method\n    - Prevent failure when resolving version tags in oras memory\n      store\n    - Update pkg/plugin/plugin.go\n    - Update pkg/plugin/plugin.go\n    - Wait for Helm v4 before raising when platformCommand and\n      Command are set\n    - Fix 3.18.0 regression: registry login with scheme\n    - Revert 'fix (helm) : toToml` renders int as float [ backport\n      to v3 ]'\n\nUpdate to version 3.18.0 (bsc#1241802, CVE-2025-22872):\n\n  * Notable Changes\n\n    - Add support for JSON Schema 2020\n    - Enabled cpu and memory profiling\n    - Add hook annotation to output hook logs to client on error\n\n  * Changelog\n\n    - build(deps): bump the k8s-io group with 7 updates\n    - fix: govulncheck workflow\n    - bump version to v3.18.0\n    - fix:add proxy support when mTLS configured\n    - docs: Note about http fallback for OCI registries\n    - Bump net package to avoid CVE on dev-v3\n    - Bump toml\n    - backport #30677to dev3\n    - build(deps): bump github.com/rubenv/sql-migrate from 1.7.2 to\n      1.8.0\n    - Add install test for TakeOwnership flag\n    - Fix --take-ownership\n    - build(deps): bump github.com/rubenv/sql-migrate from 1.7.1 to\n      1.7.2\n    - build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0\n    - build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0\n    - Testing text bump\n    - Permit more Go version and not only 1.23.8\n    - Bumps github.com/distribution/distribution/v3 from 3.0.0-rc.3\n      to 3.0.0\n    - Unarchiving fix\n    - Fix typo\n    - Report as debug log, the time spent waiting for resources\n    - build(deps): bump github.com/containerd/containerd from\n      1.7.26 to 1.7.27\n    - Update pkg/registry/fallback.go\n    - automatic fallback to http\n    - chore(oci): upgrade to ORAS v2\n    - Updating to 0.37.0 for x/net\n    - build(deps): bump the k8s-io group with 7 updates\n    - build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0\n    - build(deps): bump github.com/opencontainers/image-spec\n    - build(deps): bump github.com/containerd/containerd from\n      1.7.25 to 1.7.26\n    - build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0\n    - Fix cherry-pick helm.sh/helm/v4 -> helm.sh/helm/v3\n    - Add HookOutputFunc and generic yaml unmarshaller\n    - clarify fix error message\n    - fix err check\n    - add short circuit return\n    - Add hook annotations to output pod logs to client on success\n      and fail\n    - chore: use []error instead of []string\n    - Update cmd/helm/profiling.go\n    - chore: update profiling doc in CONTRIBUTING.md\n    - Update CONTRIBUTING guide\n    - Prefer environment variables to CLI flags\n    - Move pprof paths to HELM_PPROF env variable\n    - feat: Add flags to enable CPU and memory profiling\n    - build(deps): bump github.com/distribution/distribution/v3\n    - build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1\n    - Moving to SetOut and SetErr for Cobra\n    - build(deps): bump the k8s-io group with 7 updates\n    - build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0\n    - build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0\n    - build(deps): bump golang.org/x/text from 0.21.0 to 0.22.0\n    - build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6\n    - build(deps): bump github.com/cyphar/filepath-securejoin\n    - build(deps): bump github.com/evanphx/json-patch\n    - build(deps): bump the k8s-io group with 7 updates\n    - fix: check group for resource info match\n    - Bump github.com/cyphar/filepath-securejoin from 0.3.6 to\n      0.4.0\n    - add test for nullifying nested global value\n    - Ensuring the file paths are clean prior to passing to\n      securejoin\n    - Bump github.com/containerd/containerd from 1.7.24 to 1.7.25\n    - Bump golang.org/x/crypto from 0.31.0 to 0.32.0\n    - Bump golang.org/x/term from 0.27.0 to 0.28.0\n    - bump version to v3.17.0\n    - Bump github.com/moby/term from 0.5.0 to 0.5.2\n    - Add test case for removing an entire object\n    - Tests for bugfix: Override subcharts with null values #12879\n    - feat: Added multi-platform plugin hook support to v3\n    - This commit fixes the issue where the yaml.Unmarshaller\n      converts all int values into float64, this passes in option\n      to decoder, which enables conversion of int into .\n    - merge null child chart objects\n","id":"SUSE-SU-2025:02121-1","modified":"2025-06-26T08:34:10Z","published":"2025-06-26T08:34:10Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502121-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241802"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22872"}],"related":["CVE-2025-22872"],"summary":"Security update for helm","upstream":["CVE-2025-22872"]}