Fedora 42: brotli 1.2.0 Critical DoS Fix FEDORA-2025-9e233a4e22
fedora
December 18, 2025
Update brotli to 1.2.0
Summary
Brotli is a generic-purpose lossless compression algorithm that compresses data
using a combination of a modern variant of the LZ77 algorithm, Huffman coding
and 2nd order context modeling, with a compression ratio comparable to the best
currently available general-purpose compression methods. It is similar in speed
with deflate but offers more dense compression.
Update Information:
Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial- of-service security issues related to \u201cdecompression bombs,\u201d such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages.
Topics Covered
Change Log
* Mon Dec 8 2025 Benjamin A. Beasley
References
[ 1 ] Bug #2419491 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419491
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9e233a4e22' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: brotli
Product: Fedora 42
Version: 1.2.0
Release: 1.fc42
Summary: Lossless compression algorithm
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!