Issued at: 2026-02-11
Updated at: 2026-02-11
Synopsis
Important: resource-agents security update
Description
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.
Security Fix(es):
* urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)
* urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)
* urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.