chore(deps): refresh rpm lockfiles [SECURITY] #46
+1,360
−1,308
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
f7ad781 to
7de73cc
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability
branch
2 times, most recently
from
b90754e to
a868b72
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability
branch
2 times, most recently
from
17433c5 to
dcb3b49
Compare
|
/retest |
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability
branch
from
dcb3b49 to
25ae355
Compare
|
/retest |
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability
branch
from
25ae355 to
b29c88c
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability
branch
2 times, most recently
from
3c85318 to
c19fcd1
Compare
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability
branch
from
c19fcd1 to
b254d22
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
File rpms.in.yaml:
2.2.8-4.el9_5->2.2.8-6.el91.94-1.el9->1.94-3.el93.1.5-4.el9->3.1.5-7.el92024.2.69_v8.0.303-91.4.el9_4->2025.2.80_v9.0.305-91.el920250128-1.git5269e22.el9->20250905-1.git377cc42.el9_77.76.1-31.el9_6.1->7.76.1-34.el92.1.27-21.el9->2.1.27-22.el90.192-6.el9_6->0.193-1.el92.5.0-5.el9_6->2.5.0-5.el9_7.12.34-168.el9_6.23->2.34-231.el9_7.22.34-168.el9_6.23->2.34-231.el9_7.22.34-168.el9_6.23->2.34-231.el9_7.22.34-168.el9_6.23->2.34-231.el9_7.26.11.0-1.el9->6.14.0-2.el928-10.el9->28-11.el92:1.5.0-1.el9->2:1.5.0-2.el92.48-9.el9_2->2.48-10.el91.46.5-7.el9->1.46.5-8.el97.76.1-31.el9_6.1->7.76.1-34.el911.5.0-5.el9_5->11.5.0-11.el93.6-2.el9->3.6-3.el90.10.4-13.el9->0.10.4-15.el9_70.10.4-13.el9->0.10.4-15.el9_711.5.0-5.el9_5->11.5.0-11.el92.9.13-12.el9_6->2.9.13-14.el9_76.2-10.20210508.el9_6.2->6.2-12.20210508.el96.2-10.20210508.el9_6.2->6.2-12.20210508.el96.2-10.20210508.el9_6.2->6.2-12.20210508.el91:3.2.2-6.el9_5.1->1:3.5.1-4.el9_73.0.7-6.el9_5->3.0.7-8.el93.0.7-6.el9_5->3.0.7-8.el91:3.2.2-6.el9_5.1->1:3.5.1-4.el9_79.6-0.1.el9->9.7-0.7.el99.6-0.1.el9->9.7-0.7.el94.16.1.3-37.el9->4.16.1.3-39.el94.16.1.3-37.el9->4.16.1.3-39.el92:4.9-12.el9->2:4.9-15.el93.34.1-8.el9_6->3.34.1-9.el9_7252-51.el9_6.2->252-55.el9_7.7252-51.el9_6.2->252-55.el9_7.7252-51.el9_6.2->252-55.el9_7.7252-51.el9_6.2->252-55.el9_7.72025b-1.el9->2025b-2.el9expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
CVE-2025-59375
More information
Details
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
Severity
Important
References
libssh: out-of-bounds read in sftp_handle()
CVE-2025-5318
More information
Details
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Severity
Moderate
References
libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
CVE-2025-9714
More information
Details
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
Severity
Moderate
References
sqlite: Integer Truncation in SQLite
CVE-2025-6965
More information
Details
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
Severity
Important
References
systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump
CVE-2025-4598
More information
Details
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.
A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
Severity
Moderate
References
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.