Threats Tagged 'cve-2025-66418'

A security vulnerability (CVE-2025-66418) affecting the fence-agents packages in Red Hat Enterprise Linux 8. 4 has been identified. The issue involves an unbounded decompression chain in the urllib3 library, which can lead to resource exhaustion. Fence-agents are scripts used for remote power management in clusters, allowing failed nodes to be forcibly restarted or removed. Red Hat has issued a security advisory (RHSA-2026:2279) addressing this vulnerability with an update. The severity of this issue is rated as high by Red Hat Product Security. No known exploits are reported in the wild. The advisory provides updated packages to remediate the vulnerability.

Red Hat has issued a security advisory for Red Hat Ceph Storage container images, which are updated to the latest ubi9 base image and Ceph 7. 1. This advisory addresses multiple vulnerabilities identified by CVE-2024-31884 and five additional CVEs from 2025. The advisory does not specify detailed technical vulnerability descriptions or exploitation methods but categorizes the severity as high. No explicit patch or fix details are provided in the advisory, but updated container images are available for download from the Red Hat container registry.

Multiple vulnerabilities have been identified in the python-urllib3 package used in Red Hat Enterprise Linux 10. These include an unbounded decompression chain leading to resource exhaustion (CVE-2025-66418), improper handling of highly compressed data in the streaming API (CVE-2025-66471), and a decompression-bomb safeguard bypass when following HTTP redirects in the streaming API (CVE-2026-21441). Red Hat has issued an important security advisory with updated packages addressing these issues. The vulnerabilities could potentially lead to resource exhaustion or bypass of decompression safeguards. A security update is available and should be applied to affected systems to remediate these issues.

This advisory addresses security vulnerabilities in the fence-agents packages used in Red Hat Enterprise Linux 9. These packages manage remote power control for cluster devices, enabling forced restart and removal of failed or unreachable nodes. The update fixes three urllib3-related vulnerabilities involving unbounded decompression chains and improper handling of highly compressed data, which could lead to resource exhaustion or bypass decompression-bomb safeguards. The vendor rates the update as important and has released patches for affected Red Hat Enterprise Linux 9 variants. No known exploits are reported in the wild at this time.

Multiple vulnerabilities affecting the fence-agents packages in Red Hat Enterprise Linux 8 have been addressed. These vulnerabilities relate to the urllib3 library used by fence-agents, including unbounded decompression chains leading to resource exhaustion (CVE-2025-66418), improper handling of highly compressed data in the streaming API (CVE-2025-66471), and a decompression-bomb safeguard bypass when following HTTP redirects (CVE-2026-21441). The fence-agents packages are used for remote power management in cluster environments, enabling forced restart and removal of failed or unreachable nodes. Red Hat has released an important security update to fix these issues. The advisory does not indicate any known exploits in the wild. No CVSS scores are provided, but the vendor rates the update as important, and the overall severity is high.

This advisory addresses multiple security vulnerabilities in the urllib3 library used by the resource-agents packages in Red Hat Enterprise Linux 8 High Availability and Resilient Storage environments. The vulnerabilities include unbounded decompression chains leading to resource exhaustion (CVE-2025-66418), improper handling of highly compressed data in the streaming API (CVE-2025-66471), and a decompression-bomb safeguard bypass when following HTTP redirects (CVE-2026-21441). These issues could impact the stability and reliability of high-availability service managers that rely on these scripts. Red Hat has released an important security update to fix these issues. Users of affected Red Hat Enterprise Linux 8 variants should apply the update as per the vendor guidance.

This advisory addresses multiple security vulnerabilities in the python3. 12-urllib3 package for Red Hat Enterprise Linux 9. 6 Extended Update Support. The issues include an unbounded decompression chain leading to resource exhaustion (CVE-2025-66418), improper handling of highly compressed data in the streaming API (CVE-2025-66471), and a decompression-bomb safeguard bypass when following HTTP redirects in the streaming API (CVE-2026-21441). These vulnerabilities could allow resource exhaustion or bypass of decompression safeguards. Red Hat has released updated python3. 12-urllib3 packages that fix these issues. The advisory rates the security impact as Important (high severity).

Multiple security vulnerabilities have been identified in the python-urllib3 package used in Red Hat Enterprise Linux 9. 6 Extended Update Support. These include an unbounded decompression chain leading to resource exhaustion (CVE-2025-66418), improper handling of highly compressed data in the streaming API (CVE-2025-66471), and a decompression-bomb safeguard bypass when following HTTP redirects in the streaming API (CVE-2026-21441). Red Hat has issued an important security advisory (RHSA-2026:1729) addressing these issues with updated python-urllib3 packages. The vulnerabilities relate to resource exhaustion and potential denial-of-service conditions. Updated packages are available for multiple Red Hat Enterprise Linux 9. 6 variants and architectures. Users are advised to apply the provided updates to remediate these vulnerabilities.

The Red Hat Trusted Artifact Signer (RHTAS) Operator, compatible with OpenShift Container Platform versions 4. 16 through 4. 20, has associated vulnerabilities identified by CVE-2025-66418 and related CVEs. These vulnerabilities are categorized under CWE-770 (Allocation of Resources Without Limits or Throttling) and CWE-409 (Improper Synchronization), indicating potential issues with resource management and concurrency. The advisory does not provide details on exploitation or fixes. No patches or official fixes are currently available as per the vendor advisory. The vulnerabilities affect on-premise deployments of RHTAS, a tool used to cryptographically sign and verify software artifacts to ensure supply chain integrity. No known exploits are reported in the wild at this time.

Red Hat Satellite 6. 17. 6. 3 addresses multiple vulnerabilities in the python-urllib3 library related to improper handling of highly compressed data and decompression-bomb safeguard bypasses. These issues can lead to unbounded decompression chains causing resource exhaustion. The update also fixes a bug affecting upgrades from Satellite 6. 17. 5 to 6. 18 related to Pulpcore database migration. The vulnerabilities are rated as high severity by Red Hat.