chore(deps): refresh rpm lockfiles [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
glibc-devel	2.34-266.el9_8 -> 2.34-270.el9_8
glibc	2.34-266.el9_8 -> 2.34-270.el9_8
glibc-common	2.34-266.el9_8 -> 2.34-270.el9_8
glibc-gconv-extra	2.34-266.el9_8 -> 2.34-270.el9_8
glibc-minimal-langpack	2.34-266.el9_8 -> 2.34-270.el9_8
gnutls	3.8.10-3.el9 -> 3.8.10-4.el9_8
tzdata	2026a-1.el9 -> 2026b-1.el9
glibc-headers	2.34-266.el9_8 -> 2.34-270.el9_8

---

gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

CVE-2025-9820

More information

Details

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-9820
• https://bugzilla.redhat.com/show_bug.cgi?id=2392528
• https://www.cve.org/CVERecord?id=CVE-2025-9820
• https://nvd.nist.gov/vuln/detail/CVE-2025-9820
• https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5
• https://gitlab.com/gnutls/gnutls/-/issues/1732
• https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18

---

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

CVE-2025-14831

More information

Details

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-14831
• https://bugzilla.redhat.com/show_bug.cgi?id=2423177
• https://www.cve.org/CVERecord?id=CVE-2025-14831
• https://nvd.nist.gov/vuln/detail/CVE-2025-14831
• https://gitlab.com/gnutls/gnutls/-/issues/1773

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[rhacs-bot]

Auto-approved by automation.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.34%. Comparing base (cdba51a) to head (b019440).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3394   +/-   ##
=======================================
  Coverage   27.34%   27.34%           
=======================================
  Files          95       95           
  Lines        5420     5420           
  Branches     2545     2545           
=======================================
  Hits         1482     1482           
  Misses       3211     3211           
  Partials      727      727           

Flag	Coverage Δ
collector-unit-tests	27.34% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.