chore(deps): refresh rpm lockfiles [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
kernel-headers	5.14.0-611.42.1.el9_7 -> 5.14.0-611.45.1.el9_7
openssh	8.7p1-47.el9_7 -> 8.7p1-48.el9_7
openssh-clients	8.7p1-47.el9_7 -> 8.7p1-48.el9_7
vim-filesystem	2:8.2.2637-23.el9_7 -> 2:8.2.2637-23.el9_7.1

---

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

CVE-2026-3497

More information

Details

A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the sshpkt_disconnect() function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2026-3497
• https://bugzilla.redhat.com/show_bug.cgi?id=2447085
• https://www.cve.org/CVERecord?id=CVE-2026-3497
• https://nvd.nist.gov/vuln/detail/CVE-2026-3497
• https://ubuntu.com/security/CVE-2026-3497
• https://www.openwall.com/lists/oss-security/2026/03/12/3

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[rhacs-bot]

Auto-approved by automation.

[rhacs-bot]

Auto-approved by automation.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.38%. Comparing base (c8c0181) to head (a8df9e9).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3183   +/-   ##
=======================================
  Coverage   27.38%   27.38%           
=======================================
  Files          95       95           
  Lines        5427     5427           
  Branches     2548     2548           
=======================================
  Hits         1486     1486           
  Misses       3214     3214           
  Partials      727      727           

Flag	Coverage Δ
collector-unit-tests	27.38% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.