chore(deps): refresh rpm lockfiles [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
kernel-headers	5.14.0-611.13.1.el9_7 -> 5.14.0-611.16.1.el9_7
libssh	0.10.4-15.el9_7 -> 0.10.4-17.el9_7
libssh-config	0.10.4-15.el9_7 -> 0.10.4-17.el9_7
tzdata	2025b-2.el9 -> 2025c-1.el9

---

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

CVE-2025-5987

More information

Details

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-5987
• https://bugzilla.redhat.com/show_bug.cgi?id=2376219
• https://www.cve.org/CVERecord?id=CVE-2025-5987
• https://nvd.nist.gov/vuln/detail/CVE-2025-5987

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.