Refresh RPM lockfiles [SECURITY]#257
Open
red-hat-konflux[bot] wants to merge 1 commit into
Open
Conversation
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
2 times, most recently
from
efdf0dd to
8de9ee7
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
ee5d327 to
8d21661
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
7 times, most recently
from
a559529 to
ae6e123
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
9 times, most recently
from
8f3222d to
aacbbe9
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
3d7dd05 to
b1f055b
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
2 times, most recently
from
f1eb15b to
948fd66
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
from
948fd66 to
f4b0a7e
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
cafce85 to
ad930ce
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
91e2e66 to
90133c6
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
2 times, most recently
from
9b209b9 to
72f4091
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
5 times, most recently
from
121d437 to
e9e0ab6
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
4 times, most recently
from
063ef31 to
0786b53
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
6 times, most recently
from
d041053 to
1730a9e
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
5 times, most recently
from
36181a7 to
8c1aae4
Compare
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
002d46f to
c20f23a
Compare
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/alpha/lock-file-maintenance-vulnerability
branch
from
c20f23a to
8d26ab4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
File rpms.in.yaml:
12.92-1.el9->12.98-1.el91.84.1-1.el9->1.88.0-1.el919.1.7-2.el9->20.1.8-3.el919.1.7-2.el9->20.1.8-3.el919.1.7-2.el9->20.1.8-3.el919.1.7-2.el9->20.1.8-3.el92:1-117.el9_6->4:1-135.el9_711.5.0-5.el9_5->11.5.0-11.el93.19-1.el9->3.19-3.el93.19-1.el9->3.19-3.el91.21-1.el9_6->1.23.1-2.el9_70.14-3.el9->0.16-1.el96-2.el9_0->6-4.el91:27.2-13.el9_6->1:27.2-18.el91.14-1.el9->1.16-1.el9_711.5.0-5.el9_5->11.5.0-11.el911.5.0-5.el9_5->11.5.0-11.el911.5.0-5.el9_5->11.5.0-11.el92.41-3.el9->2.41-5.el9_7.114.2.1-7.1.el9->14.2.1-12.el9_714.2.1-7.1.el9->14.2.1-12.el9_714.2.1-7.1.el9->14.2.1-12.el9_714.0-1.el9->14.0-2.el92.47.1-2.el9_6->2.47.3-1.el9_62.47.1-2.el9_6->2.47.3-1.el9_62.47.1-2.el9_6->2.47.3-1.el9_62.34-168.el9_6.19->2.34-231.el9_7.102.34-168.el9_6.19->2.34-231.el9_7.103.6.0-10.el9_6->3.6.0-13.el9_75.14.0-570.22.1.el9_6->5.14.0-611.38.1.el9_71.0-13.el9->1.0-14.el919.1.7-2.el9->20.1.8-3.el919.1.7-2.el9->20.1.8-3.el911.5.0-5.el9_5->11.5.0-11.el919.1.7-2.el9->20.1.8-3.el919.1.7-2.el9->20.1.8-3.el919.1.7-2.el9->20.1.8-3.el919.1.7-2.el9->20.1.8-3.el919.1.7-2.el9->20.1.8-3.el92:1.20.1-22.el9_6.2->2:1.20.1-22.el9_6.32:1.20.1-22.el9_6.2->2:1.20.1-22.el9_6.32:1.20.1-22.el9_6.2->2:1.20.1-22.el9_6.31:3.2.2-6.el9_5.1->1:3.5.1-7.el9_74:5.32.1-481.el9->4:5.32.1-481.1.el9_61.01-481.el9->1.01-481.1.el9_65.74-481.el9->5.74-481.1.el9_65.74-481.el9->5.74-481.1.el9_61.80-481.el9->1.80-481.1.el9_61.23-481.el9->1.23-481.1.el9_60.66-481.el9->0.66-481.1.el9_60.03-481.el9->0.03-481.1.el9_60.06-481.el9->0.06-481.1.el9_61.28-481.el9->1.28-481.1.el9_61.06-481.el9->1.06-481.1.el9_61.05-481.el9->1.05-481.1.el9_62.27-481.el9->2.27-481.1.el9_61.47-481.el9->1.47-481.1.el9_61.11-481.el9->1.11-481.1.el9_61.30-481.el9->1.30-481.1.el9_60.25-481.el9->0.25-481.1.el9_61.35-481.el9->1.35-481.1.el9_61.09-481.el9->1.09-481.1.el9_61.13-481.el9->1.13-481.1.el9_62.85-481.el9->2.85-481.1.el9_61.100.600-481.el9->1.100.600-481.1.el9_62.34-481.el9->2.34-481.1.el9_61.12-481.el9->1.12-481.1.el9_61.37-481.el9->1.37-481.1.el9_61.09-481.el9->1.09-481.1.el9_61.10-481.el9->1.10-481.1.el9_62.03-481.el9->2.03-481.1.el9_61.51-481.el9->1.51-481.1.el9_61.18-481.el9->1.18-481.1.el9_61.12-481.el9->1.12-481.1.el9_62.47.1-2.el9_6->2.47.3-1.el9_60.23-481.el9->0.23-481.1.el9_61.20-481.el9->1.20-481.1.el9_61.02-481.el9->1.02-481.1.el9_60.44-481.el9->0.44-481.1.el9_60.19-481.el9->0.19-481.1.el9_61.43-481.el9->1.43-481.1.el9_61.21-481.el9->1.21-481.1.el9_61:0.21-481.el9->1:0.21-481.1.el9_61.59-481.el9->1.59-481.1.el9_61.03-481.el9->1.03-481.1.el9_61:0.08-481.el9->1:0.08-481.1.el9_61.15-481.el9->1.15-481.1.el9_60.67-481.el9->0.67-481.1.el9_61.02-481.el9->1.02-481.1.el9_61.94-1.el9->1.94-3.el91.16-481.el9->1.16-481.1.el9_61.48-481.el9->1.48-481.1.el9_61.94-481.el9->1.94-481.1.el9_61.13-481.el9->1.13-481.1.el9_61.25-481.el9->1.25-481.1.el9_62.41-481.el9->2.41-481.1.el9_61.07-481.el9->1.07-481.1.el9_61.02-481.el9->1.02-481.1.el9_61.26-481.el9->1.26-481.1.el9_61.08-481.el9->1.08-481.1.el9_61.23-481.el9->1.23-481.1.el9_61.403-481.el9->1.403-481.1.el9_61.17-481.el9->1.17-481.1.el9_61.31-481.el9->1.31-481.1.el9_61.02-481.el9->1.02-481.1.el9_63.05-481.el9->3.05-481.1.el9_62.13-481.el9->2.13-481.1.el9_64.6-481.el9->4.6-481.1.el9_61.06-481.el9->1.06-481.1.el9_61.1-481.el9->1.1-481.1.el9_61.03-481.el9->1.03-481.1.el9_61.3401-481.el9->1.3401-481.1.el9_60.75-481.el9->0.75-481.1.el9_61.03-481.el9->1.03-481.1.el9_61.11-481.el9->1.11-481.1.el9_62.27-481.el9->2.27-481.1.el9_61.07-481.el9->1.07-481.1.el9_61.56-481.el9->1.56-481.1.el9_60.04-481.el9->0.04-481.1.el9_64:5.32.1-481.el9->4:5.32.1-481.1.el9_61.37-481.el9->1.37-481.1.el9_65.32.1-481.el9->5.32.1-481.1.el9_60.13-481.el9->0.13-481.1.el9_62.27-481.el9->2.27-481.1.el9_61.03-481.el9->1.03-481.1.el9_60.60.800-481.el9->0.60.800-481.1.el9_64:5.32.1-481.el9->4:5.32.1-481.1.el9_60.03-481.el9->0.03-481.1.el9_60.65-481.el9->0.65-481.1.el9_64:5.32.1-481.el9->4:5.32.1-481.1.el9_64:5.32.1-481.el9->4:5.32.1-481.1.el9_61.09-481.el9->1.09-481.1.el9_64:5.32.1-481.el9->4:5.32.1-481.1.el9_65.32.1-481.el9->5.32.1-481.1.el9_61.23-481.el9->1.23-481.1.el9_61.12-481.el9->1.12-481.1.el9_61.31-481.el9->1.31-481.1.el9_60.02-481.el9->0.02-481.1.el9_65.32.1-481.el9->5.32.1-481.1.el9_61.09-481.el9->1.09-481.1.el9_62.04-481.el9->2.04-481.1.el9_61.03-481.el9->1.03-481.1.el9_65.32.1-481.el9->5.32.1-481.1.el9_61.05-481.el9->1.05-481.1.el9_61.04-481.el9->1.04-481.1.el9_63.6-2.1.el9->3.6-3.el93.1.5-4.el9->3.1.5-7.el93.6-2.1.el9->3.6-3.el990.4-2.el9->90.5-1.el9_6.1209-1.el9->210-1.el91.84.1-1.el9->1.88.0-1.el91.84.1-1.el9->1.88.0-1.el91.84.1-1.el9->1.88.0-1.el92:1.18.1-2.el9_6->2:1.20.0-3.el9_71.3.2-1.el9->1.3.3-1.el95.2-2.el9->5.3-3.el92.35.2-63.el9->2.35.2-67.el9_7.12.35.2-63.el9->2.35.2-67.el9_7.10.192-5.el9->0.193-1.el95.3.0-1.el9->5.3.0-2.el92.34-168.el9_6.19->2.34-231.el9_7.1028-10.el9->28-11.el9590-5.el9->590-6.el911.5.0-5.el9_5->11.5.0-11.el91.0.9-7.el9_5->1.0.9-9.el9_73.18.0-9.el9->3.18.0-12.el92.9.3-7.el9->2.9.3-9.el96.2-10.20210508.el9->6.2-12.20210508.el98.7p1-45.el9->8.7p1-47.el9_78.7p1-45.el9->8.7p1-47.el9_73.6-2.1.el9->3.6-3.el92:4.9-12.el9->2:4.9-15.el96.0-58.el9_5->6.0-59.el92:8.2.2637-22.el9_6->2:8.2.2637-23.el9_73.14.0-16.el9->3.14.0-17.el9_71.84.1-1.el9->1.88.0-1.el91.6-17.el9->1.6-19.el93.14.0-16.el9->3.14.0-17.el9_73.14.0-16.el9->3.14.0-17.el9_7binutils: GNU Binutils Linker heap-based overflow
CVE-2025-11083
More information
Details
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
Severity
Moderate
References
glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
CVE-2025-15281
More information
Details
A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.
Severity
Moderate
References
glibc: glibc: Information disclosure via zero-valued network query
CVE-2026-0915
More information
Details
A flaw was found in glibc, the GNU C Library. When an application calls the
getnetbyaddrorgetnetbyaddr_rfunctions to resolve a network address, and the system'snsswitch.conffile is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.Severity
Moderate
References
glibc: Integer overflow in memalign leads to heap corruption
CVE-2026-0861
More information
Details
A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.
Severity
Moderate
References
os/exec: Unexpected paths returned from LookPath in os/exec
CVE-2025-47906
More information
Details
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Severity
Moderate
References
golang: net/url: Memory exhaustion in query parameter parsing in net/url
CVE-2025-61726
More information
Details
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
Severity
Important
References
Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS
CVE-2025-6176
More information
Details
Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.
Severity
Important
References
openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand
CVE-2025-61984
More information
Details
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
Severity
Moderate
References
openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand
CVE-2025-61985
More information
Details
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
Severity
Moderate
References
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
CVE-2026-0994
More information
Details
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service (DoS) vulnerability by supplying deeply nested
google.protobuf.Anymessages to thegoogle.protobuf.json_format.ParseDict()function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’s recursion stack and causing aRecursionError, which results in a denial of service.Severity
Important
References
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.