chore(deps): refresh rpm lockfiles [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
coreutils	8.30-16.el8_10 -> 8.30-17.el8_10
coreutils-common	8.30-16.el8_10 -> 8.30-17.el8_10
curl	7.61.1-34.el8_10.10 -> 7.61.1-34.el8_10.11
gnutls	3.6.16-8.el8_10.4 -> 3.6.16-8.el8_10.5
libcurl	7.61.1-34.el8_10.10 -> 7.61.1-34.el8_10.11
platform-python	3.6.8-73.el8_10 -> 3.6.8-74.el8_10
python3-libs	3.6.8-73.el8_10 -> 3.6.8-74.el8_10

---

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

CVE-2025-14831

More information

Details

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-14831
• https://bugzilla.redhat.com/show_bug.cgi?id=2423177
• https://www.cve.org/CVERecord?id=CVE-2025-14831
• https://nvd.nist.gov/vuln/detail/CVE-2025-14831
• https://gitlab.com/gnutls/gnutls/-/issues/1773

---

gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

CVE-2025-9820

More information

Details

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-9820
• https://bugzilla.redhat.com/show_bug.cgi?id=2392528
• https://www.cve.org/CVERecord?id=CVE-2025-9820
• https://nvd.nist.gov/vuln/detail/CVE-2025-9820
• https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5
• https://gitlab.com/gnutls/gnutls/-/issues/1732
• https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18

---

python: cpython: URL parser allowed square brackets in domain names

CVE-2025-0938

More information

Details

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-0938
• https://bugzilla.redhat.com/show_bug.cgi?id=2343237
• https://www.cve.org/CVERecord?id=CVE-2025-0938
• https://nvd.nist.gov/vuln/detail/CVE-2025-0938
• https://github.com/python/cpython/issues/105704
• https://github.com/python/cpython/pull/129418

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[rhacs-bot]

Auto-approved by automation.