brotli-1.0.9-9.el9_7

エラータID: AXSA:2026-148:01

リリース日: 
2026/02/06 Friday - 15:32
題名: 
brotli-1.0.9-9.el9_7
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.

Security Fix(es):

* Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS (CVE-2025-6176)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.

解決策: 

Update packages.

CVE: 
CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. brotli-1.0.9-9.el9_7.src.rpm
    MD5: ae5d411b1b359567bb57d09f9105f4d8
    SHA-256: 2b268b4035b3c660740ccf539ea84cd2a599080121f597dc907757761253dbfb
    Size: 499.04 kB

Asianux Server 9 for x86_64
  1. brotli-1.0.9-9.el9_7.i686.rpm
    MD5: 2f31eca6595695e9bc727ca378faa9f3
    SHA-256: f0fb8cf8bba9ef73fab5c8245ca44dde8527a84bee5fb62a56e3e01439d1d8a5
    Size: 313.96 kB
  2. brotli-1.0.9-9.el9_7.x86_64.rpm
    MD5: 802ca0afeb018f3dff9acd6b39dc80c9
    SHA-256: 115c5c03275f4774f595ed56667a22259e922b1ec8054f8f49fa454f4886837a
    Size: 310.76 kB
  3. brotli-devel-1.0.9-9.el9_7.i686.rpm
    MD5: 463f8dce27fcf3cb2805f3da09f758ce
    SHA-256: 5431c7ea76841b1c2dc317304b4cc66605784838c6cad1474e46b24399abce1d
    Size: 30.24 kB
  4. brotli-devel-1.0.9-9.el9_7.x86_64.rpm
    MD5: fddd9c48acc3376bfa8467199153fefe
    SHA-256: 2880b5b786832e6a68af3f364bf36d60e10b7ce5cdf74b7989905576e97c5661
    Size: 30.24 kB
  5. libbrotli-1.0.9-9.el9_7.i686.rpm
    MD5: 930acea57cee1f38b3b6c82e684423b6
    SHA-256: ef40fe0efa47057ce5ab9610fdbc039004c2e189c0ffb5ec36964fd66c756c53
    Size: 313.81 kB
  6. libbrotli-1.0.9-9.el9_7.x86_64.rpm
    MD5: 965aac59ea3f9b997207970606380d89
    SHA-256: 11cc3bf0dc18096e77ff822df5546397c117286ef4baabe75204320fa62c1eab
    Size: 311.50 kB
  7. python3-brotli-1.0.9-9.el9_7.x86_64.rpm
    MD5: 308946e3a243ac962f59fa5eb61e1a58
    SHA-256: 75dc780bbcc587724a75280ea471ae8734908967aeb4988608027f4fd3f35211
    Size: 313.96 kB