chore(deps): refresh rpm lockfiles [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
kernel-headers	5.14.0-611.34.1.el9_7 -> 5.14.0-611.35.1.el9_7
protobuf	3.14.0-16.el9 -> 3.14.0-17.el9_7
protobuf-compiler	3.14.0-16.el9 -> 3.14.0-17.el9_7
protobuf-devel	3.14.0-16.el9 -> 3.14.0-17.el9_7

---

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

CVE-2026-0994

More information

Details

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service (DoS) vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.json_format.ParseDict() function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’s recursion stack and causing a RecursionError, which results in a denial of service.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2026-0994
• https://bugzilla.redhat.com/show_bug.cgi?id=2432398
• https://www.cve.org/CVERecord?id=CVE-2026-0994
• https://nvd.nist.gov/vuln/detail/CVE-2026-0994
• https://github.com/protocolbuffers/protobuf/pull/25239

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[rhacs-bot]

Auto-approved by automation.

[rhacs-bot]

Auto-approved by automation.