chore(deps): refresh rpm lockfiles [SECURITY] #50
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-6.1/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
1c92da7 to
90ff99c
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-6.1/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
5215124 to
b3c65f4
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-6.1/lock-file-maintenance-vulnerability
branch
from
b3c65f4 to
3ad933c
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-6.1/lock-file-maintenance-vulnerability
branch
2 times, most recently
from
75ca8cf to
78ab2cd
Compare
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-6.1/lock-file-maintenance-vulnerability
branch
from
78ab2cd to
5929f40
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
File rpms.in.yaml:
2.2.8-4.el9_5->2.2.8-6.el91.94-1.el9->1.94-3.el93.1.5-4.el9->3.1.5-7.el92024.2.69_v8.0.303-91.4.el9_4->2025.2.80_v9.0.305-91.el920250128-1.git5269e22.el9->20250905-1.git377cc42.el9_77.76.1-31.el9_6.1->7.76.1-34.el92.1.27-21.el9->2.1.27-22.el90.192-6.el9_6->0.193-1.el92.5.0-5.el9_6->2.5.0-5.el9_7.12.34-168.el9_6.23->2.34-231.el9_7.22.34-168.el9_6.23->2.34-231.el9_7.22.34-168.el9_6.23->2.34-231.el9_7.22.34-168.el9_6.23->2.34-231.el9_7.26.11.0-1.el9->6.14.0-2.el928-10.el9->28-11.el92:1.5.0-1.el9->2:1.5.0-2.el92.48-9.el9_2->2.48-10.el91.46.5-7.el9->1.46.5-8.el97.76.1-31.el9_6.1->7.76.1-34.el911.5.0-5.el9_5->11.5.0-11.el93.6-2.el9->3.6-3.el90.10.4-13.el9->0.10.4-15.el9_70.10.4-13.el9->0.10.4-15.el9_711.5.0-5.el9_5->11.5.0-11.el92.9.13-12.el9_6->2.9.13-14.el9_76.2-10.20210508.el9_6.2->6.2-12.20210508.el96.2-10.20210508.el9_6.2->6.2-12.20210508.el96.2-10.20210508.el9_6.2->6.2-12.20210508.el91:3.2.2-6.el9_5.1->1:3.5.1-4.el9_73.0.7-6.el9_5->3.0.7-8.el93.0.7-6.el9_5->3.0.7-8.el91:3.2.2-6.el9_5.1->1:3.5.1-4.el9_79.6-0.1.el9->9.7-0.7.el99.6-0.1.el9->9.7-0.7.el94.16.1.3-37.el9->4.16.1.3-39.el94.16.1.3-37.el9->4.16.1.3-39.el92:4.9-12.el9->2:4.9-15.el93.34.1-8.el9_6->3.34.1-9.el9_7252-51.el9_6.2->252-55.el9_7.7252-51.el9_6.2->252-55.el9_7.7252-51.el9_6.2->252-55.el9_7.7252-51.el9_6.2->252-55.el9_7.72025b-1.el9->2025b-2.el9curl: libcurl: Curl out of bounds read for cookie path
CVE-2025-9086
More information
Details
securekeyword forhttps://targethttp://target(samehostname, but using clear text HTTP) using the same cookie set
path='/').Since this site is not secure, the cookie should just be ignored.
boundary
The bug either causes a crash or it potentially makes the comparison come to
the wrong conclusion and lets the clear-text site override the contents of the
secure cookie, contrary to expectations and depending on the memory contents
immediately following the single-byte allocation that holds the path.
The presumed and correct behavior would be to plainly ignore the second set of
the cookie since it was already set as secure on a secure host so overriding
it on an insecure host should not be okay.
Severity
Moderate
References
expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
CVE-2025-59375
More information
Details
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
Severity
Important
References
libssh: out-of-bounds read in sftp_handle()
CVE-2025-5318
More information
Details
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Severity
Moderate
References
libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
CVE-2025-9714
More information
Details
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
Severity
Moderate
References
sqlite: Integer Truncation in SQLite
CVE-2025-6965
More information
Details
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
Severity
Important
References
systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump
CVE-2025-4598
More information
Details
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.
A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
Severity
Moderate
References
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.