RLSA-2026:1240

Описание

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

Security Fix(es):

• urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)

• urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)

• urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.