{"affected":[{"ecosystem_specific":{"binaries":[{"helm":"3.17.2-1.1","helm-bash-completion":"3.17.2-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.17.2-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for helm fixes the following issues:\n\n- Update to version 3.17.2 (bsc#1238688, CVE-2025-22870):\n\n  * Updating to 0.37.0 for x/net\n  * build(deps): bump the k8s-io group with 7 updates\n\n- Update to version 3.17.1:\n\n  * merge null child chart objects\n  * build(deps): bump the k8s-io group with 7 updates\n  * fix: check group for resource info match\n\n- Update to 3.17.0 (bsc#1235318, CVE-2024-45338):\n\n  Full changelog:\n\n  https://github.com/helm/helm/releases/tag/v3.17.0\n\n  * Notable Changes\n\n    - Allow pulling and installation by OCI digest\n    - Annotations and dependencies are now in chart metadata output\n    - New --take-ownership flag for install and upgrade commands\n    - SDK: Authorizer and registry authorizer are now configurable\n    - Removed the Kubernetes configuration file permissions check\n    - Added username/password to helm push and dependency\n      build/update subcommands\n    - Added toYamlPretty template function\n\n\n- Update to version 3.16.4 (bsc#1234482, CVE-2024-45337):\n\n  * Bump golang.org/x/crypto from 0.30.0 to 0.31.0\n  * Bump the k8s-io group with 7 updates\n\n","id":"SUSE-SU-2025:20196-1","modified":"2025-04-22T14:08:15Z","published":"2025-04-22T14:08:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520196-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219969"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220207"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234482"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235318"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238688"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-25620"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-26147"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45337"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45338"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22870"}],"related":["CVE-2024-25620","CVE-2024-26147","CVE-2024-45337","CVE-2024-45338","CVE-2025-22870"],"summary":"Security update for helm","upstream":["CVE-2024-25620","CVE-2024-26147","CVE-2024-45337","CVE-2024-45338","CVE-2025-22870"]}