stable

brotli-1.2.0-1.fc43, perl-Alien-Brotli-0.2.2-11.fc43, & 1 more

FEDORA-2025-d93200cf16 created by music a month ago for Fedora 43

Update brotli to 1.2.0 and python-urllib3 to 2.6.1.

In python-urllib3:

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 / `GHSA-2xpw-w6gg-jr37)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 / `GHSA-gm62-xv2j-4w53)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-d93200cf16

This update's test gating status has been changed to 'waiting'.

a month ago

This update has been submitted for testing by bodhi.

a month ago

This update's test gating status has been changed to 'passed'.

a month ago

This update has been pushed to testing.

a month ago
User Icon derekenz commented & provided feedback a month ago
karma

Works

User Icon besser82 commented & provided feedback a month ago
karma

Works great! LGTM! =)

This update can be pushed to stable now if the maintainer wishes

a month ago
User Icon geraldosimiao provided feedback a month ago
karma

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a month ago
in testing
a month ago
in stable
a month ago
approved
a month ago
Builds
3
brotli-1.2.0-1.fc43
perl-Alien-Brotli-0.2.2-11.fc43
python-urllib3-2.6.1-1.fc43
BZ#2419408 python-urllib3-2.6.1 is available
0
0
BZ#2419493 CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-43]
0
0
brotli-1.2.0-1.fc43
perl-Alien-Brotli-0.2.2-11.fc43
python-urllib3-2.6.1-1.fc43

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-16-cfb44.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy