chore(deps): refresh rpm lockfiles [SECURITY]#2574
chore(deps): refresh rpm lockfiles [SECURITY]#2574red-hat-konflux[bot] wants to merge 2 commits intorelease-3.23from
Conversation
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
rhacs-bot
left a comment
There was a problem hiding this comment.
Auto-approved by automation.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## release-3.23 #2574 +/- ##
=============================================
Coverage 28.79% 28.79%
=============================================
Files 95 95
Lines 5796 5796
Branches 2551 2551
=============================================
Hits 1669 1669
Misses 3409 3409
Partials 718 718
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
| - name: extra-labels | ||
| value: | ||
| # X.Y in the cpe label must be adjusted for every version stream. | ||
| - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el8" |
There was a problem hiding this comment.
| - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el8" | |
| - "cpe=cpe:/a:redhat:advanced_cluster_security:4.9::el8" |
Without this the change won't solve it.
|
#2573 got auto-merged so I'll close this PR to get it auto-reopened only with MintMaker's changes. |
This PR contains the following updates:
File rpms.in.yaml:
2:8.0.1763-19.el8_6.4->2:8.0.1763-21.el8_102.30-125.el8_10->2.30-127.el8_107.61.1-34.el8_10.3->7.61.1-34.el8_10.85.33-26.el8->5.33-27.el8_105.33-26.el8->5.33-27.el8_103.6.16-8.el8_10.3->3.6.16-8.el8_10.41:2.02-167.el8_10->1:2.02-169.el8_101:2.02-167.el8_10->1:2.02-169.el8_101:2.02-167.el8_10->1:2.02-169.el8_104.18.0-553.75.1.el8_10->4.18.0-553.79.1.el8_101.45.6-6.el8_10->1.45.6-7.el8_101.45.6-6.el8_10->1.45.6-7.el8_107.61.1-34.el8_10.3->7.61.1-34.el8_10.87.61.1-34.el8_10.3->7.61.1-34.el8_10.88.0p1-25.el8_10->8.0p1-26.el8_108.0p1-25.el8_10->8.0p1-26.el8_102:2.29.0-3.el8_10.1->2:2.29.0-3.el8_10.32:2.29.0-3.el8_10.1->2:2.29.0-3.el8_10.32:2.29.0-3.el8_10.1->2:2.29.0-3.el8_10.3gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()
CVE-2025-6395
More information
Details
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
Severity
Moderate
References
gnutls: Vulnerability in GnuTLS certtool template parsing
CVE-2025-32990
More information
Details
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Severity
Moderate
References
gnutls: Vulnerability in GnuTLS otherName SAN export
CVE-2025-32988
More information
Details
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.
This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
Severity
Moderate
References
openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled
CVE-2025-26465
More information
Details
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Severity
Moderate
References
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.This PR has been generated by MintMaker (powered by Renovate Bot).