Stay Secure with the Latest Linux Advisories

security advisorydenial of servicefedora

Fedora 42: brotli 1.2.0 Critical DoS Fix FEDORA-2025-9e233a4e22

Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial- of-service security issues related to \u201cdecompression bombs,\u201d such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-9e233a4e22 2025-12-18 01:10:20.380939+00:00 -------------------------------------------------------------------------------- Name : brotli Product : Fedora 42 Version : 1.2.0 Release : 1.fc42 URL : https://github.com/google/brotli Summary : Lossless compression algorithm Description : Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. -------------------------------------------------------------------------------- Update Information: Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial- of-service security issues related to \u201cdecompression bombs,\u201d such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 8 2025 Benjamin A. Beasley - 1.2.0-1 - Update to 1.2.0 (close RHBZ#2401888) - Stop trying to support EPEL7, which is end-of-life - Port to pyproject-rpm-macros (close RHBZ#2377212) - Test the Python extension * Fri Sep 19 2025 Python Maint - 1.1.0-10 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Aug 15 2025 Python Maint - 1.1.0-9 - Rebuilt for Python 3.14.0rc2 bytecode * Wed Jul 23 2025 Fedora Release Engineering - 1.1.0-8 - Rebuiltfor https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jun 2 2025 Python Maint - 1.1.0-7 - Rebuilt for Python 3.14 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2419491 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419491 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9e233a4e22' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . The update to brotli version 1.2.0 mitigates denial-of-service vulnerabilities and improves the Python API for better performance and security. brotli update, Fedora 42, denial of service, Python security. . Severity: Critical. LinuxSecurity.com Team

Dec 18, 2025 •Critical Fedora