Skip to content

Refresh RPM lockfiles (release-2.12) [SECURITY] #1985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-2.12
Choose a base branch
from
Open

Refresh RPM lockfiles (release-2.12) [SECURITY] #1985

wants to merge 1 commit into from

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Sep 26, 2025
edited
Loading

This PR contains the following updates:

File rpms.in.yaml:

Package Change
cpp 11.5.0-5.el9_5 -> 11.5.0-11.el9
gcc 11.5.0-5.el9_5 -> 11.5.0-11.el9
gcc-c++ 11.5.0-5.el9_5 -> 11.5.0-11.el9
glibc-devel 2.34-168.el9_6.20 -> 2.34-231.el9_7.2
kernel-headers 5.14.0-570.24.1.el9_6 -> 5.14.0-611.7.1.el9_7
libasan 11.5.0-5.el9_5 -> 11.5.0-11.el9
libstdc++-devel 11.5.0-5.el9_5 -> 11.5.0-11.el9
libubsan 11.5.0-5.el9_5 -> 11.5.0-11.el9
audit-libs 3.1.5-4.el9 -> 3.1.5-7.el9
binutils 2.35.2-63.el9 -> 2.35.2-67.el9
binutils-gold 2.35.2-63.el9 -> 2.35.2-67.el9
crypto-policies 20250128-1.git5269e22.el9 -> 20250905-1.git377cc42.el9_7
cyrus-sasl-lib 2.1.27-21.el9 -> 2.1.27-22.el9
elfutils-debuginfod-client 0.192-6.el9_6 -> 0.193-1.el9
elfutils-default-yama-scope 0.192-6.el9_6 -> 0.193-1.el9
elfutils-libelf 0.192-6.el9_6 -> 0.193-1.el9
elfutils-libs 0.192-6.el9_6 -> 0.193-1.el9
glibc 2.34-168.el9_6.20 -> 2.34-231.el9_7.2
glibc-common 2.34-168.el9_6.20 -> 2.34-231.el9_7.2
glibc-gconv-extra 2.34-168.el9_6.20 -> 2.34-231.el9_7.2
glibc-minimal-langpack 2.34-168.el9_6.20 -> 2.34-231.el9_7.2
kmod-libs 28-10.el9 -> 28-11.el9
libatomic 11.5.0-5.el9_5 -> 11.5.0-11.el9
libcap 2.48-9.el9_2 -> 2.48-10.el9
libcom_err 1.46.5-7.el9 -> 1.46.5-8.el9
libcurl 7.76.1-31.el9 -> 7.76.1-34.el9
libgcc 11.5.0-5.el9_5 -> 11.5.0-11.el9
libgomp 11.5.0-5.el9_5 -> 11.5.0-11.el9
libsepol 3.6-2.el9 -> 3.6-3.el9
libssh 0.10.4-13.el9 -> 0.10.4-15.el9_7
libssh-config 0.10.4-13.el9 -> 0.10.4-15.el9_7
libstdc++ 11.5.0-5.el9_5 -> 11.5.0-11.el9
ncurses-base 6.2-10.20210508.el9 -> 6.2-12.20210508.el9
ncurses-libs 6.2-10.20210508.el9 -> 6.2-12.20210508.el9
openssl 1:3.2.2-6.el9_5.1 -> 1:3.5.1-4.el9_7
openssl-fips-provider 3.0.7-6.el9_5 -> 3.0.7-8.el9
openssl-fips-provider-so 3.0.7-6.el9_5 -> 3.0.7-8.el9
openssl-libs 1:3.2.2-6.el9_5.1 -> 1:3.5.1-4.el9_7
pam 1.5.1-25.el9_6 -> 1.5.1-26.el9_6
redhat-release 9.6-0.1.el9 -> 9.7-0.7.el9
shadow-utils 2:4.9-12.el9 -> 2:4.9-15.el9
systemd 252-51.el9_6.1 -> 252-55.el9_7.2
systemd-libs 252-51.el9_6.1 -> 252-55.el9_7.2
systemd-pam 252-51.el9_6.1 -> 252-55.el9_7.2
systemd-rpm-macros 252-51.el9_6.1 -> 252-55.el9_7.2
tzdata 2025b-1.el9 -> 2025b-2.el9
glibc-headers 2.34-168.el9_6.20 -> 2.34-231.el9_7.2

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

glibc: Double free in glibc

CVE-2025-8058

More information

Severity

Moderate

References

kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

CVE-2025-21928

More information

Severity

Important

References

kernel: net/sched: fix use-after-free in taprio_dev_notifier

CVE-2025-38087

More information

Severity

Important

References

microcode_ctl: From CVEorg collector

CVE-2024-28956

More information

Severity

Important

References

kernel: cifs: Fix integer overflow while processing closetimeo mount option

CVE-2025-21962

More information

Severity

Important

References

kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry

CVE-2025-37958

More information

Severity

Moderate

References

kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()

CVE-2025-22121

More information

Severity

Moderate

References

kernel: media: uvcvideo: Fix double free in error path

CVE-2024-57980

More information

Severity

Moderate

References

kernel: udp: Fix memory accounting leak.

CVE-2025-22058

More information

Severity

Important

References

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

CVE-2022-49788

More information

Severity

Important

References

kernel: tls: always refresh the queue when reading sock

CVE-2025-38471

More information

Severity

Important

References

kernel: i2c/designware: Fix an initialization issue

CVE-2025-38380

More information

Severity

Important

References

kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done

CVE-2025-38052

More information

Severity

Important

References

kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

CVE-2025-38089

More information

Severity

Important

References

kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

CVE-2025-38159

More information

Severity

Important

References

kernel: wifi: iwlwifi: limit printed string from FW file

CVE-2025-21905

More information

Severity

Moderate

References

kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()

CVE-2025-21867

More information

Severity

Important

References

kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

CVE-2025-38085

More information

Severity

Important

References

kernel: media: uvcvideo: Remove dangling pointers

CVE-2024-58002

More information

Severity

Important

References

kernel: ice: fix eswitch code memory leak in reset scenario

CVE-2025-38417

More information

Severity

Important

References

kernel: net: ch9200: fix uninitialised access during mii_nway_restart

CVE-2025-38086

More information

Severity

Moderate

References

kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling

CVE-2025-37797

More information

Severity

Moderate

References

kernel: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access

CVE-2025-38110

More information

Severity

Moderate

References

kernel: net: fix udp gso skb_segment after pull from frag_list

CVE-2025-38124

More information

Severity

Important

References

kernel: net_sched: ets: Fix double list add in class with netem as child qdisc

CVE-2025-37914

More information

Severity

Important

References

kernel: RDMA/core: Fix use-after-free when rename device name

CVE-2025-22085

More information

Severity

Moderate

References

kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove

CVE-2025-22020

More information

Severity

Important

References

kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush()

CVE-2025-38250

More information

Severity

Important

References

kernel: RDMA/mlx5: Fix page_size variable overflow

CVE-2025-22091

More information

Severity

Moderate

References

kernel: mm/hugetlb: unshare page tables during VMA split, not before

CVE-2025-38084

More information

Severity

Important

References

kernel: padata: fix UAF in padata_reorder

CVE-2025-21727

More information

Severity

Important

References

kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

CVE-2025-37890

More information

Severity

Important

References

kernel: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()

CVE-2025-21929

More information

Severity

Important

References

kernel: ext4: avoid journaling sb update on error if journal is destroying

CVE-2025-22113

More information

Severity

Moderate

References

libssh: out-of-bounds read in sftp_handle()

CVE-2025-5318

More information

Severity

Moderate

References

ncurses: segfaulting OOB read

CVE-2022-29458

More information

Severity

Low

References

linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Severity

Important

References

linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Severity

Important

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@openshift-ci
Copy link

openshift-ci bot commented Sep 26, 2025

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a stolostron member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@clyang82 clyang82 mentioned this pull request Sep 27, 2025
Closed
1 task
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-2.12-release-2.12/lock-file-maintenance-vulnerability branch 7 times, most recently from 285b185 to 2e9ce84 Compare September 29, 2025 08:25
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-2.12-release-2.12/lock-file-maintenance-vulnerability branch 7 times, most recently from 24cd36a to 2b4e9ae Compare October 6, 2025 20:22
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-2.12-release-2.12/lock-file-maintenance-vulnerability branch 12 times, most recently from 3b2be51 to b2ed7f2 Compare October 17, 2025 04:19
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-2.12-release-2.12/lock-file-maintenance-vulnerability branch 27 times, most recently from 8b3ea07 to 2f1c21f Compare November 13, 2025 20:33
@red-hat-konflux
Refresh RPM lockfiles [SECURITY]
cbc4102 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-2.12-release-2.12/lock-file-maintenance-vulnerability branch from 2f1c21f to cbc4102 Compare November 13, 2025 20:33
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 13, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@yanmxa yanmxa

Labels

approved dco-signoff: yes ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yanmxa