Overview

File _patchinfo of Package patchinfo.37517

<patchinfo incident="37517">
  <issue tracker="bnc" id="1234482">VUL-0: CVE-2024-45337: TRACKERBUG: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto</issue>
  <issue tracker="bnc" id="1235318">VUL-0: CVE-2024-45338: helm: golang.org/x/net/html: denial of service due to non-linear parsing of case-insensitive content</issue>
  <issue tracker="cve" id="2024-45338"/>
  <issue tracker="cve" id="2024-45337"/>
  <packager>dirkmueller</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for helm</summary>
  <description>This update for helm fixes the following issues:

Update to version 3.17.1:

- CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1235318).
- CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent authorization bypass in golang.org/x/crypto (bsc#1234482).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places