chore(deps): refresh rpm lockfiles [SECURITY]

[konflux-internal-p02]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
bash	4.4.20-5.el8 -> 4.4.20-6.el8_10
dbus	1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-common	1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-daemon	1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-libs	1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-tools	1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
glibc	2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-all-langpacks	2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-common	2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-gconv-extra	2.28-251.el8_10.22 -> 2.28-251.el8_10.25
libarchive	3.3.3-5.el8 -> 3.3.3-6.el8_10
libgcc	8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libgomp	8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libstdc++	8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libxml2	2.9.7-21.el8_10.1 -> 2.9.7-21.el8_10.3
pam	1.3.1-37.el8_10 -> 1.3.1-38.el8_10
platform-python	3.6.8-70.el8_10 -> 3.6.8-71.el8_10
python3-libs	3.6.8-70.el8_10 -> 3.6.8-71.el8_10
sqlite-libs	3.26.0-19.el8_9 -> 3.26.0-20.el8_10
which	2.21-20.el8 -> 2.21-21.el8_10
tar	2:1.30-10.el8_10 -> 2:1.30-11.el8_10

---

glibc: Double free in glibc

CVE-2025-8058

More information

Details

A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-8058
• https://bugzilla.redhat.com/show_bug.cgi?id=2383146
• https://www.cve.org/CVERecord?id=CVE-2025-8058
• https://nvd.nist.gov/vuln/detail/CVE-2025-8058
• https://sourceware.org/bugzilla/show_bug.cgi?id=33185
• https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f

---

libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

CVE-2025-5914

More information

Details

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-5914
• https://bugzilla.redhat.com/show_bug.cgi?id=2370861
• https://www.cve.org/CVERecord?id=CVE-2025-5914
• https://nvd.nist.gov/vuln/detail/CVE-2025-5914
• https://github.com/libarchive/libarchive/pull/2598
• https://github.com/libarchive/libarchive/releases/tag/v3.8.0

---

libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

CVE-2025-7425

More information

Details

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-7425
• https://bugzilla.redhat.com/show_bug.cgi?id=2379274
• https://www.cve.org/CVERecord?id=CVE-2025-7425
• https://nvd.nist.gov/vuln/detail/CVE-2025-7425
• https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

---

libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

CVE-2025-32415

More information

Details

A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-32415
• https://bugzilla.redhat.com/show_bug.cgi?id=2360768
• https://www.cve.org/CVERecord?id=CVE-2025-32415
• https://nvd.nist.gov/vuln/detail/CVE-2025-32415
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

---

linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Details

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://www.cve.org/CVERecord?id=CVE-2025-8941
• https://nvd.nist.gov/vuln/detail/CVE-2025-8941

---

linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Details

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-6020
• https://bugzilla.redhat.com/show_bug.cgi?id=2372512
• https://www.cve.org/CVERecord?id=CVE-2025-6020
• https://nvd.nist.gov/vuln/detail/CVE-2025-6020

---

cpython: Cpython infinite loop when parsing a tarfile

CVE-2025-8194

More information

Details

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-8194
• https://bugzilla.redhat.com/show_bug.cgi?id=2384043
• https://www.cve.org/CVERecord?id=CVE-2025-8194
• https://nvd.nist.gov/vuln/detail/CVE-2025-8194
• https://github.com/python/cpython/issues/130577
• https://github.com/python/cpython/pull/137027
• https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/

---

sqlite: Integer Truncation in SQLite

CVE-2025-6965

More information

Details

A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-6965
• https://bugzilla.redhat.com/show_bug.cgi?id=2380149
• https://www.cve.org/CVERecord?id=CVE-2025-6965
• https://nvd.nist.gov/vuln/detail/CVE-2025-6965
• https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).