chore(deps): rpm updates [security] #2212
Open
+160
−160
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![red-hat-konflux[bot]](https://avatars.githubusercontent.com/in/296509?s=60&v=4){kind=small}
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## release-3.22 #2212 +/- ##
=============================================
Coverage 28.83% 28.83%
=============================================
Files 96 96
Lines 5799 5799
Branches 2551 2551
=============================================
Hits 1672 1672
Misses 3408 3408
Partials 719 719
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
red-hat-konflux
bot
force-pushed
the
konflux/mintmaker/release-3.22/rpm-updates
branch
6 times, most recently
from
be4b689 to
2b0adc5
Compare
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
red-hat-konflux
bot
force-pushed
the
konflux/mintmaker/release-3.22/rpm-updates
branch
from
2b0adc5 to
6a52834
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.3.1-36.el8_10->1.3.1-37.el8_103.6.8-69.el8_10->3.6.8-70.el8_103.6.8-69.el8_10->3.6.8-70.el8_103.12.10-1.el8_10->3.12.11-1.el8_103.12.10-1.el8_10->3.12.11-1.el8_10linux-pam: Linux-pam directory Traversal
CVE-2025-6020
More information
Details
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Severity
Important
References
cpython: python: Extraction filter bypass for linking outside extraction directory
CVE-2025-4330
More information
Details
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter="data" or filter="tar" parameters. This issue leads to potentially overwriting or modifying system files and metadata.
Severity
Important
References
cpython: Tarfile extracts filtered members when errorlevel=0
CVE-2025-4435
More information
Details
A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.
Severity
Important
References
cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
CVE-2025-4138
More information
Details
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to "data" or "tar".
Severity
Important
References
cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
CVE-2024-12718
More information
Details
A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters.
Severity
Important
References
python: cpython: Arbitrary writes via tarfile realpath overflow
CVE-2025-4517
More information
Details
A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to "data" or "tar".
Severity
Important
References
python: cpython: URL parser allowed square brackets in domain names
CVE-2025-0938
More information
Details
A flaw was found in Python. The Python standard library functions
urllib.parse.urlsplitandurlparseaccept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.Severity
Moderate
References
Configuration
📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.This PR has been generated by MintMaker (powered by Renovate Bot).