SUSE SLES15 Security Update : helm (SUSE-SU-2026:2049-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2049-1 advisory. This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2...

Security update for helm

This update for helm fixes the following issues Security issues: CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

distribution-registry-3.1.1-1.1 on GA media (moderate)

distribution-registry-3.1.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10812-1 Rating: moderate Cross-References: CVE-2026-41888 CVSS scores: CVE-2026-41888 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2026-41888 SUSE : 6.3...

helm-4.2.0-1.1 on GA media (moderate)

helm-4.2.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10814-1 Rating: moderate Cross-References: CVE-2026-41888 CVSS scores: CVE-2026-41888 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2026-41888 SUSE : 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N...

SUSE CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

CVE-2026-41888

creationtimestamp| type| source ---|---|--- 2026-05-01 14:27:56+00:00| published-proof-of-concept| https://github.com/distribution/distribution/security/advisories/GHSA-6pjf-3r9x-m592...