Skip to content

chore(deps): refresh rpm lockfiles [SECURITY]#3374

Merged
red-hat-konflux[bot] merged 1 commit into
masterfrom
konflux/mintmaker/master/lock-file-maintenance-vulnerability
May 20, 2026
Merged

chore(deps): refresh rpm lockfiles [SECURITY]#3374
red-hat-konflux[bot] merged 1 commit into
masterfrom
konflux/mintmaker/master/lock-file-maintenance-vulnerability

Conversation

@red-hat-konflux
Copy link
Copy Markdown
Contributor

@red-hat-konflux red-hat-konflux Bot commented May 19, 2026
edited
Loading

This PR contains the following updates:

File rpms.in.yaml:

Package Change
clang 20.1.8-3.el9 -> 21.1.8-2.el9
clang-libs 20.1.8-3.el9 -> 21.1.8-2.el9
clang-resource-filesystem 20.1.8-3.el9 -> 21.1.8-2.el9
cmake 3.26.5-3.el9_7 -> 3.31.8-3.el9
cmake-data 3.26.5-3.el9_7 -> 3.31.8-3.el9
cmake-filesystem 3.26.5-3.el9_7 -> 3.31.8-3.el9
compiler-rt 20.1.8-3.el9 -> 21.1.8-2.el9
cpp 11.5.0-11.el9 -> 11.5.0-14.el9
elfutils-libelf-devel 0.193-1.el9 -> 0.194-1.el9
gcc 11.5.0-11.el9 -> 11.5.0-14.el9
gcc-c++ 11.5.0-11.el9 -> 11.5.0-14.el9
git 2.47.3-1.el9_6 -> 2.52.0-1.el9
git-core 2.47.3-1.el9_6 -> 2.52.0-1.el9
git-core-doc 2.47.3-1.el9_6 -> 2.52.0-1.el9
glibc-devel 2.34-231.el9_7.10 -> 2.34-266.el9_8
kernel-headers 5.14.0-611.55.1.el9_7 -> 5.14.0-687.10.1.el9_8
libasan 11.5.0-11.el9 -> 11.5.0-14.el9
libcurl-devel 7.76.1-35.el9_7.3 -> 7.76.1-40.el9
libomp 20.1.8-3.el9 -> 21.1.8-2.el9
libomp-devel 20.1.8-3.el9 -> 21.1.8-2.el9
libstdc++-devel 11.5.0-11.el9 -> 11.5.0-14.el9
libubsan 11.5.0-11.el9 -> 11.5.0-14.el9
libuuid-devel 2.37.4-21.el9_7 -> 2.37.4-25.el9
llvm 20.1.8-3.el9 -> 21.1.8-2.el9
llvm-filesystem 20.1.8-3.el9 -> 21.1.8-2.el9
llvm-libs 20.1.8-3.el9 -> 21.1.8-2.el9
openssl-devel 1:3.5.1-7.el9_7 -> 1:3.5.5-2.el9_8
perl-Git 2.47.3-1.el9_6 -> 2.52.0-1.el9
policycoreutils-python-utils 3.6-3.el9 -> 3.6-5.el9
python-unversioned-command 3.9.25-3.el9_7.3 -> 3.9.25-7.el9_8
python3-audit 3.1.5-7.el9 -> 3.1.5-8.el9
python3-policycoreutils 3.6-3.el9 -> 3.6-5.el9
systemtap-sdt-devel 5.3-3.el9 -> 5.4-4.el9
systemtap-sdt-dtrace 5.3-3.el9 -> 5.4-4.el9
audit-libs 3.1.5-7.el9 -> 3.1.5-8.el9
binutils 2.35.2-67.el9_7.1 -> 2.35.2-72.el9
binutils-gold 2.35.2-67.el9_7.1 -> 2.35.2-72.el9
bzip2-libs 1.0.8-10.el9_5 -> 1.0.8-11.el9
coreutils 8.32-39.el9 -> 8.32-40.el9
coreutils-common 8.32-39.el9 -> 8.32-40.el9
cracklib 2.9.6-27.el9 -> 2.9.6-28.el9
cracklib-dicts 2.9.6-27.el9 -> 2.9.6-28.el9
crypto-policies 20250905-1.git377cc42.el9_7 -> 20260224-1.gitea0f072.el9_8
crypto-policies-scripts 20250905-1.git377cc42.el9_7 -> 20260224-1.gitea0f072.el9_8
curl 7.76.1-35.el9_7.3 -> 7.76.1-40.el9
elfutils-debuginfod-client 0.193-1.el9 -> 0.194-1.el9
elfutils-default-yama-scope 0.193-1.el9 -> 0.194-1.el9
elfutils-libelf 0.193-1.el9 -> 0.194-1.el9
elfutils-libs 0.193-1.el9 -> 0.194-1.el9
expat 2.5.0-5.el9_7.1 -> 2.5.0-6.el9
glibc 2.34-231.el9_7.10 -> 2.34-266.el9_8
glibc-common 2.34-231.el9_7.10 -> 2.34-266.el9_8
glibc-gconv-extra 2.34-231.el9_7.10 -> 2.34-266.el9_8
glibc-minimal-langpack 2.34-231.el9_7.10 -> 2.34-266.el9_8
gnutls 3.8.3-10.el9_7 -> 3.8.10-3.el9
krb5-libs 1.21.1-9.el9_7 -> 1.21.1-10.el9_8
libatomic 11.5.0-11.el9 -> 11.5.0-14.el9
libblkid 2.37.4-21.el9_7 -> 2.37.4-25.el9
libcap 2.48-10.el9_7.1 -> 2.48-10.el9_8.1
libcurl-minimal 7.76.1-35.el9_7.3 -> 7.76.1-40.el9
libeconf 0.4.1-4.el9 -> 0.4.1-5.el9
libedit 3.1-38.20210216cvs.el9 -> 3.1-39.20210216cvs.el9
libfdisk 2.37.4-21.el9_7 -> 2.37.4-25.el9
libgcc 11.5.0-11.el9 -> 11.5.0-14.el9
libgomp 11.5.0-11.el9 -> 11.5.0-14.el9
libmount 2.37.4-21.el9_7 -> 2.37.4-25.el9
libnghttp2 1.43.0-6.el9_7.1 -> 1.43.0-6.el9_8.1
libsmartcols 2.37.4-21.el9_7 -> 2.37.4-25.el9
libstdc++ 11.5.0-11.el9 -> 11.5.0-14.el9
libuuid 2.37.4-21.el9_7 -> 2.37.4-25.el9
mpfr 4.1.0-7.el9 -> 4.1.0-10.el9
openssh 8.7p1-49.el9_7 -> 9.9p1-7.el9_8
openssh-clients 8.7p1-49.el9_7 -> 9.9p1-7.el9_8
openssl 1:3.5.1-7.el9_7 -> 1:3.5.5-2.el9_8
openssl-libs 1:3.5.1-7.el9_7 -> 1:3.5.5-2.el9_8
p11-kit 0.25.3-3.el9_5 -> 0.26.2-1.el9
p11-kit-trust 0.25.3-3.el9_5 -> 0.26.2-1.el9
pam 1.5.1-26.el9_6 -> 1.5.1-28.el9
policycoreutils 3.6-3.el9 -> 3.6-5.el9
python3 3.9.25-3.el9_7.3 -> 3.9.25-7.el9_8
python3-libs 3.9.25-3.el9_7.3 -> 3.9.25-7.el9_8
redhat-release 9.7-0.10.el9 -> 9.8-1.0.el9
redhat-release-eula 9.7-0.10.el9 -> 9.8-1.0.el9
rpm 4.16.1.3-39.el9 -> 4.16.1.3-40.el9
rpm-libs 4.16.1.3-39.el9 -> 4.16.1.3-40.el9
sed 4.8-9.el9 -> 4.8-10.el9
shadow-utils 2:4.9-15.el9 -> 2:4.9-16.el9
sqlite-libs 3.34.1-9.el9_7 -> 3.34.1-10.el9_8
systemd 252-55.el9_7.9 -> 252-67.el9_8.2
systemd-libs 252-55.el9_7.9 -> 252-67.el9_8.2
systemd-pam 252-55.el9_7.9 -> 252-67.el9_8.2
systemd-rpm-macros 252-55.el9_7.9 -> 252-67.el9_8.2
tar 2:1.34-9.el9_7 -> 2:1.34-11.el9
unzip 6.0-59.el9 -> 6.0-60.el9
util-linux 2.37.4-21.el9_7 -> 2.37.4-25.el9
util-linux-core 2.37.4-21.el9_7 -> 2.37.4-25.el9
vim-filesystem 2:8.2.2637-23.el9_7.3 -> 2:8.2.2637-26.el9_8.4
librtas 2.0.6-1.el9 -> 2.0.6-3.el9
glibc-headers 2.34-231.el9_7.10 -> 2.34-266.el9_8

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

CVE-2026-4519

More information

Severity

Important

References

cpython: wsgiref.headers.Headers allows header newline injection in Python

CVE-2026-0865

More information

Severity

Moderate

References

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

CVE-2026-6100

More information

Severity

Important

References

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

CVE-2026-4786

More information

Severity

Important

References

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

CVE-2025-14831

More information

Severity

Moderate

References

krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism

CVE-2026-40355

More information

Severity

Important

References

krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read

CVE-2026-40356

More information

Severity

Important

References

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

CVE-2026-4878

More information

Severity

Important

References

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

CVE-2026-35386

More information

Severity

Important

References

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

CVE-2026-35387

More information

Severity

Important

References

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

CVE-2026-35385

More information

Severity

Important

References

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

CVE-2026-35388

More information

Severity

Important

References

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

CVE-2026-35414

More information

Severity

Important

References

p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters

CVE-2026-2100

More information

Severity

Moderate

References

systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

CVE-2026-29111

More information

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot requested a review from rhacs-bot as a code owner May 19, 2026 10:46
@red-hat-konflux red-hat-konflux Bot requested a review from a team as a code owner May 19, 2026 10:46
@red-hat-konflux red-hat-konflux Bot added build-builder-image rebuild-test-container Rebuild the collector-tests container. labels May 19, 2026
@red-hat-konflux red-hat-konflux Bot requested a review from a team as a code owner May 19, 2026 10:46
@red-hat-konflux red-hat-konflux Bot enabled auto-merge (squash) May 19, 2026 10:46
rhacs-bot
rhacs-bot approved these changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@rhacs-bot rhacs-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by automation.

rhacs-bot
rhacs-bot approved these changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@rhacs-bot rhacs-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by automation.

@red-hat-konflux
chore(deps): refresh rpm lockfiles [SECURITY]
2375423 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/master/lock-file-maintenance-vulnerability branch from 7cb1a46 to 2375423 Compare May 20, 2026 19:08
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 20, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.34%. Comparing base (01135a9) to head (2375423).
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3374   +/-   ##
=======================================
  Coverage   27.34%   27.34%           
=======================================
  Files          95       95           
  Lines        5420     5420           
  Branches     2545     2545           
=======================================
  Hits         1482     1482           
  Misses       3211     3211           
  Partials      727      727
Flag Coverage Δ
collector-unit-tests 27.34% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@red-hat-konflux red-hat-konflux Bot merged commit e0673b7 into master May 20, 2026
53 of 54 checks passed
@red-hat-konflux red-hat-konflux Bot deleted the konflux/mintmaker/master/lock-file-maintenance-vulnerability branch May 20, 2026 21:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhacs-bot rhacs-bot rhacs-bot approved these changes

Assignees

No one assigned

Labels

auto-approve build-builder-image rebuild-test-container Rebuild the collector-tests container.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @rhacs-bot