Fedora 43: perl-Alien-Brotli Critical Security DoS Fix 2025-d93200cf16

fedora

December 12, 2025

Update brotli to 1.2.0 and python-urllib3 to 2.6.1

Summary

This distribution installs the brotli compressor, so that it can be used by

other distributions, and provides a way to find the executable.

Update Information:

Update brotli to 1.2.0 and python-urllib3 to 2.6.1. In python-urllib3: Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 / `GHSA-2xpw-w6gg-jr37) Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 / `GHSA-gm62-xv2j-4w53)

Topics Covered

security advisory denial of service fedora critical brotli python-urllib3

Change Log

* Wed Dec 10 2025 Miro Hron\u010dok - 0.2.2-11 - Rebuilt for brotli 1.2.0

References

[ 1 ] Bug #2419408 - python-urllib3-2.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2419408 [ 2 ] Bug #2419493 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2419493

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d93200cf16' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: perl-Alien-Brotli

Product: Fedora 43

Version: 0.2.2

Release: 11.fc43

URL: http://metacpan.org/dist/Alien-Brotli

Summary: Find and install the Brotli compressor

Topics Covered

security advisory denial of service fedora critical brotli python-urllib3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43: perl-Alien-Brotli Critical Security DoS Fix 2025-d93200cf16

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43: perl-Alien-Brotli Critical Security DoS Fix 2025-d93200cf16

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!