{"id":"OESA-2025-1826","summary":"resource-agents security update","details":"Resource agent is a standardized interface for a cluster resource. In translates a standard set of operations into steps specific to the resource or application, and interprets their results as success or failure.\r\n\r\nSecurity Fix(es):\n\nRequests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one&apos;s Requests Session.(CVE-2024-47081)","modified":"2026-03-11T07:10:09.222545Z","published":"2025-07-11T12:31:10Z","upstream":["CVE-2024-47081"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1826"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47081"}],"affected":[{"package":{"name":"resource-agents","ecosystem":"openEuler:22.03-LTS-SP3","purl":"pkg:rpm/openEuler/resource-agents&distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.0-5.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["ldirectord-4.2.0-5.oe2203sp3.aarch64.rpm","resource-agents-4.2.0-5.oe2203sp3.aarch64.rpm","resource-agents-debuginfo-4.2.0-5.oe2203sp3.aarch64.rpm","resource-agents-debugsource-4.2.0-5.oe2203sp3.aarch64.rpm","resource-agents-help-4.2.0-5.oe2203sp3.aarch64.rpm"],"x86_64":["ldirectord-4.2.0-5.oe2203sp3.x86_64.rpm","resource-agents-4.2.0-5.oe2203sp3.x86_64.rpm","resource-agents-debuginfo-4.2.0-5.oe2203sp3.x86_64.rpm","resource-agents-debugsource-4.2.0-5.oe2203sp3.x86_64.rpm","resource-agents-help-4.2.0-5.oe2203sp3.x86_64.rpm"],"src":["resource-agents-4.2.0-5.oe2203sp3.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2025-1826.json"}}],"schema_version":"1.7.5"}