chore(deps): refresh rpm lockfiles [SECURITY]#2932
Merged
red-hat-konflux[bot] merged 1 commit intomasterfrom Feb 18, 2026
Merged
Conversation
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
red-hat-konflux
bot
added
auto-approve
build-builder-image
rebuild-test-container
red-hat-konflux
bot
requested review from
a team and
rhacs-bot
as code owners
red-hat-konflux
bot
added
build-builder-image
rebuild-test-container
rhacs-bot
approved these changes
Feb 18, 2026
Contributor
rhacs-bot
left a comment
rhacs-bot
left a comment
There was a problem hiding this comment.
Auto-approved by automation.
rhacs-bot
approved these changes
Feb 18, 2026
Contributor
rhacs-bot
left a comment
rhacs-bot
left a comment
There was a problem hiding this comment.
Auto-approved by automation.
|
/retest collector-on-push |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #2932 +/- ##
=======================================
Coverage 27.38% 27.38%
=======================================
Files 95 95
Lines 5427 5427
Branches 2548 2548
=======================================
Hits 1486 1486
Misses 3214 3214
Partials 727 727
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
red-hat-konflux
bot
deleted the
konflux/mintmaker/master/lock-file-maintenance-vulnerability
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
File rpms.in.yaml:
3.26.5-2.el9->3.26.5-3.el9_73.26.5-2.el9->3.26.5-3.el9_73.26.5-2.el9->3.26.5-3.el9_72.34-231.el9_7.2->2.34-231.el9_7.105.14.0-611.26.1.el9_7->5.14.0-611.34.1.el9_77.76.1-34.el9->7.76.1-35.el9_7.32.37.4-21.el9->2.37.4-21.el9_71:3.5.1-5.el9_7->1:3.5.1-7.el9_73.9.25-2.el9_7->3.9.25-3.el9_77.76.1-34.el9->7.76.1-35.el9_7.32.34-231.el9_7.2->2.34-231.el9_7.102.34-231.el9_7.2->2.34-231.el9_7.102.34-231.el9_7.2->2.34-231.el9_7.102.34-231.el9_7.2->2.34-231.el9_7.102.37.4-21.el9->2.37.4-21.el9_71.0.9-7.el9_5->1.0.9-9.el9_77.76.1-34.el9->7.76.1-35.el9_7.32.37.4-21.el9->2.37.4-21.el9_72.37.4-21.el9->2.37.4-21.el9_72.37.4-21.el9->2.37.4-21.el9_72.37.4-21.el9->2.37.4-21.el9_71:3.5.1-5.el9_7->1:3.5.1-7.el9_71:3.5.1-5.el9_7->1:3.5.1-7.el9_73.9.25-2.el9_7->3.9.25-3.el9_73.9.25-2.el9_7->3.9.25-3.el9_72.37.4-21.el9->2.37.4-21.el9_72.37.4-21.el9->2.37.4-21.el9_72.34-231.el9_7.2->2.34-231.el9_7.10glibc: Integer overflow in memalign leads to heap corruption
CVE-2026-0861
More information
Details
A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.
Severity
Moderate
References
glibc: glibc: Information disclosure via zero-valued network query
CVE-2026-0915
More information
Details
A flaw was found in glibc, the GNU C Library. When an application calls the
getnetbyaddrorgetnetbyaddr_rfunctions to resolve a network address, and the system'snsswitch.conffile is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.Severity
Moderate
References
glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
CVE-2025-15281
More information
Details
A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.
Severity
Moderate
References
curl: libcurl: Curl out of bounds read for cookie path
CVE-2025-9086
More information
Details
securekeyword forhttps://targethttp://target(samehostname, but using clear text HTTP) using the same cookie set
path=\"/\",).Since this site is not secure, the cookie should just be ignored.
boundary
The bug either causes a crash or it potentially makes the comparison come to
the wrong conclusion and lets the clear-text site override the contents of the
secure cookie, contrary to expectations and depending on the memory contents
immediately following the single-byte allocation that holds the path.
The presumed and correct behavior would be to plainly ignore the second set of
the cookie since it was already set as secure on a secure host so overriding
it on an insecure host should not be okay.
Severity
Moderate
References
util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames
CVE-2025-14104
More information
Details
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the
setpwnam()function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Severity
Moderate
References
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
CVE-2025-12084
More information
Details
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Severity
Moderate
References
Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS
CVE-2025-6176
More information
Details
Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.
Severity
Important
References
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.