Skip to content

Comments

NO-ISSUE: Refresh RPM lockfiles [SECURITY]#703

Open
red-hat-konflux[bot] wants to merge 1 commit intomainfrom
konflux/mintmaker/main/rpm-lockfile-refresh-vulnerability
Open

NO-ISSUE: Refresh RPM lockfiles [SECURITY]#703
red-hat-konflux[bot] wants to merge 1 commit intomainfrom
konflux/mintmaker/main/rpm-lockfile-refresh-vulnerability

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Feb 18, 2026

This PR contains the following updates:

File rpm-prefetching/rpms.in.yaml:

Package Change
autoconf 2.69-39.el9 -> 2.69-41.el9
cpp 11.5.0-5.el9_5 -> 11.5.0-11.el9
emacs-filesystem 1:27.2-14.el9_6.2 -> 1:27.2-18.el9
gcc 11.5.0-5.el9_5 -> 11.5.0-11.el9
glibc-devel 2.34-168.el9_6.23 -> 2.34-231.el9_7.2
kernel-headers 5.14.0-570.46.1.el9_6 -> 5.14.0-611.34.1.el9_7
libasan 11.5.0-5.el9_5 -> 11.5.0-11.el9
libsepol-devel 3.6-1.el9 -> 3.6-3.el9
libubsan 11.5.0-5.el9_5 -> 11.5.0-11.el9
libuuid-devel 2.37.4-21.el9 -> 2.37.4-21.el9_7
pcre2-devel 10.40-5.el9 -> 10.40-6.el9
pcre2-utf16 10.40-5.el9 -> 10.40-6.el9
pcre2-utf32 10.40-5.el9 -> 10.40-6.el9
perl-Net-SSLeay 1.92-2.el9 -> 1.94-3.el9
binutils 2.35.2-63.el9 -> 2.35.2-67.el9_7.1
binutils-gold 2.35.2-63.el9 -> 2.35.2-67.el9_7.1
elfutils-debuginfod-client 0.190-2.el9 -> 0.193-1.el9
libblkid 2.37.4-21.el9 -> 2.37.4-21.el9_7
libgomp 11.5.0-5.el9_5 -> 11.5.0-11.el9
libmount 2.37.4-21.el9 -> 2.37.4-21.el9_7
libuuid 2.37.4-21.el9 -> 2.37.4-21.el9_7
ncurses 6.2-10.20210508.el9_6.2 -> 6.2-12.20210508.el9
glibc-headers 2.34-168.el9_6.23 -> 2.34-231.el9_7.2

util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2025-14104

More information

Details

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Severity

Moderate

References

binutils: GNU Binutils Linker heap-based overflow

CVE-2025-11083

More information

Details

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux
NO-ISSUE: Refresh RPM lockfiles [SECURITY]
fc976a4 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. rpm-lockfile labels Feb 18, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 18, 2026
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 18, 2026

@red-hat-konflux[bot]: This pull request explicitly references no jira issue.

Details

In response to this:

This PR contains the following updates:

File rpm-prefetching/rpms.in.yaml:

Package Change
autoconf 2.69-39.el9 -> 2.69-41.el9
cpp 11.5.0-5.el9_5 -> 11.5.0-11.el9
emacs-filesystem 1:27.2-14.el9_6.2 -> 1:27.2-18.el9
gcc 11.5.0-5.el9_5 -> 11.5.0-11.el9
glibc-devel 2.34-168.el9_6.23 -> 2.34-231.el9_7.2
kernel-headers 5.14.0-570.46.1.el9_6 -> 5.14.0-611.34.1.el9_7
libasan 11.5.0-5.el9_5 -> 11.5.0-11.el9
libsepol-devel 3.6-1.el9 -> 3.6-3.el9
libubsan 11.5.0-5.el9_5 -> 11.5.0-11.el9
libuuid-devel 2.37.4-21.el9 -> 2.37.4-21.el9_7
pcre2-devel 10.40-5.el9 -> 10.40-6.el9
pcre2-utf16 10.40-5.el9 -> 10.40-6.el9
pcre2-utf32 10.40-5.el9 -> 10.40-6.el9
perl-Net-SSLeay 1.92-2.el9 -> 1.94-3.el9
binutils 2.35.2-63.el9 -> 2.35.2-67.el9_7.1
binutils-gold 2.35.2-63.el9 -> 2.35.2-67.el9_7.1
elfutils-debuginfod-client 0.190-2.el9 -> 0.193-1.el9
libblkid 2.37.4-21.el9 -> 2.37.4-21.el9_7
libgomp 11.5.0-5.el9_5 -> 11.5.0-11.el9
libmount 2.37.4-21.el9 -> 2.37.4-21.el9_7
libuuid 2.37.4-21.el9 -> 2.37.4-21.el9_7
ncurses 6.2-10.20210508.el9_6.2 -> 6.2-12.20210508.el9
glibc-headers 2.34-168.el9_6.23 -> 2.34-231.el9_7.2

util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2025-14104

More information

Details

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Severity

Moderate

References

binutils: GNU Binutils Linker heap-based overflow

CVE-2025-11083

More information

Details

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Feb 18, 2026
@openshift-ci openshift-ci bot requested review from danmanor and eranco74 February 18, 2026 20:32
@openshift-ci
Copy link

openshift-ci bot commented Feb 18, 2026

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

2 similar comments
@openshift-ci
Copy link

openshift-ci bot commented Feb 18, 2026

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link

openshift-ci bot commented Feb 18, 2026

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@giladravid16
Copy link
Contributor

giladravid16 commented Feb 19, 2026

/retest

@codecov
Copy link

codecov bot commented Feb 19, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.02%. Comparing base (9890909) to head (fc976a4).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #703   +/-   ##
=======================================
  Coverage   59.02%   59.02%           
=======================================
  Files          27       27           
  Lines        1674     1674           
=======================================
  Hits          988      988           
  Misses        524      524           
  Partials      162      162
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@openshift-ci
Copy link

openshift-ci bot commented Feb 19, 2026

@red-hat-konflux[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/edge-e2e-ai-operator-ztp fc976a4 link true /test edge-e2e-ai-operator-ztp

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danmanor danmanor Awaiting requested review from danmanor

@eranco74 eranco74 Awaiting requested review from eranco74

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. rpm-lockfile size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@openshift-ci-robot @giladravid16