brotli-1.0.6-4.el8_10.ML.1

エラータID: AXSA:2026-176:02

リリース日: 
2026/02/13 Friday - 17:39
題名: 
brotli-1.0.6-4.el8_10.ML.1
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- brotli の展開処理の実装には、リモートの攻撃者により、サービス
拒否攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2025-6176)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. brotli-1.0.6-4.el8_10.ML.1.src.rpm
    MD5: 29610bd9b92b06126d1868417a3cecfb
    SHA-256: f91577df4ca768104be15927c7a8bfeec5c9e6d0a79aa2bd30017331038792e9
    Size: 22.74 MB

Asianux Server 8 for x86_64
  1. brotli-1.0.6-4.el8_10.ML.1.i686.rpm
    MD5: 35452b72f000451f5fc2040d1b99a336
    SHA-256: 92381af481fa7b30856d7bade82b56489cf545aa2ef7a3d26ce3d58f1dddfe93
    Size: 321.31 kB
  2. brotli-1.0.6-4.el8_10.ML.1.x86_64.rpm
    MD5: 43faf0d2ef95b0a77ace351630be166a
    SHA-256: 0c6374e01380f444554f3cf371e20762b65dc0c35b34b2f91ce5b51ec2018a7d
    Size: 322.21 kB
  3. brotli-devel-1.0.6-4.el8_10.ML.1.i686.rpm
    MD5: d91f642e7fd440294c5d9b26ad703b3c
    SHA-256: 0df5d4415b184de3eb8f056df978b6c3722fae77f9eae322ced68892fb0f150c
    Size: 30.30 kB
  4. brotli-devel-1.0.6-4.el8_10.ML.1.x86_64.rpm
    MD5: 34959caf8eadbe24c0a96440725f1a51
    SHA-256: e4f714f7813949a09073cd1d3f2f6fb1e2adeae7f2ece7d367d1fcaf4525b994
    Size: 30.29 kB
  5. python3-brotli-1.0.6-4.el8_10.ML.1.x86_64.rpm
    MD5: fc2b12f859d1794c8dc6e5d7b7623f80
    SHA-256: 7fb9d10cd346f0c6a318e24cb712e21ee55705dfef5a1c5262f7af79a50d45d1
    Size: 306.89 kB