{"id":"OESA-2025-1711","summary":"resource-agents security update","details":"Resource agent is a standardized interface for a cluster resource. In translates a standard set of operations into steps specific to the resource or application, and interprets their results as success or failure.\r\n\r\nSecurity Fix(es):\n\nRequests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.(CVE-2024-47081)","modified":"2025-09-03T06:31:13.973627Z","published":"2025-07-04T14:42:38Z","upstream":["CVE-2024-47081"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1711"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47081"}],"affected":[{"package":{"name":"resource-agents","ecosystem":"openEuler:24.03-LTS","purl":"pkg:rpm/openEuler/resource-agents&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.13.0-26.oe2403"}]}],"ecosystem_specific":{"src":["resource-agents-4.13.0-26.oe2403.src.rpm"],"aarch64":["ldirectord-4.13.0-26.oe2403.aarch64.rpm","resource-agents-4.13.0-26.oe2403.aarch64.rpm","resource-agents-debuginfo-4.13.0-26.oe2403.aarch64.rpm","resource-agents-debugsource-4.13.0-26.oe2403.aarch64.rpm","resource-agents-help-4.13.0-26.oe2403.aarch64.rpm"],"x86_64":["ldirectord-4.13.0-26.oe2403.x86_64.rpm","resource-agents-4.13.0-26.oe2403.x86_64.rpm","resource-agents-debuginfo-4.13.0-26.oe2403.x86_64.rpm","resource-agents-debugsource-4.13.0-26.oe2403.x86_64.rpm","resource-agents-help-4.13.0-26.oe2403.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2025-1711.json"}}],"schema_version":"1.7.3"}