chore(deps): refresh rpm lockfiles [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
device-mapper	8:1.02.181-15.el8_10.2 -> 8:1.02.181-15.el8_10.3
device-mapper-libs	8:1.02.181-15.el8_10.2 -> 8:1.02.181-15.el8_10.3
gnupg2	2.2.20-3.el8_6 -> 2.2.20-4.el8_10
gnupg2-smime	2.2.20-3.el8_6 -> 2.2.20-4.el8_10
kernel-headers	4.18.0-553.92.1.el8_10 -> 4.18.0-553.94.1.el8_10
os-prober	1.74-9.el8 -> 1.74-11.el8_10
systemd	239-82.el8_10.8 -> 239-82.el8_10.13
systemd-libs	239-82.el8_10.8 -> 239-82.el8_10.13
systemd-pam	239-82.el8_10.8 -> 239-82.el8_10.13
systemd-udev	239-82.el8_10.8 -> 239-82.el8_10.13

---

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

CVE-2025-68973

More information

Details

A flaw was found in GnuPG. An attacker can provide crafted input to the armor_filter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-68973
• https://bugzilla.redhat.com/show_bug.cgi?id=2425966
• https://www.cve.org/CVERecord?id=CVE-2025-68973
• https://nvd.nist.gov/vuln/detail/CVE-2025-68973
• https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306
• https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9
• https://gpg.fail/memcpy
• https://news.ycombinator.com/item?id=46403200
• https://www.openwall.com/lists/oss-security/2025/12/28/5

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.61%. Comparing base (441bc18) to head (0b1f9d6).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@              Coverage Diff              @@
##           release-3.22    #2789   +/-   ##
=============================================
  Coverage         27.61%   27.61%           
=============================================
  Files                96       96           
  Lines              5424     5424           
  Branches           2523     2523           
=============================================
  Hits               1498     1498           
  Misses             3214     3214           
  Partials            712      712           

Flag	Coverage Δ
collector-unit-tests	27.61% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.