RLSA-2026:2389 Important: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

RLSA-2026:1254 Important: python-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Security update for python-brotlipy

This update for python-brotlipy fixes the following issues: Add max length decompression bsc1254867, bsc1256017 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

SUSE-SU-2026:0423-1 Security update for python-brotlipy

This update for python-brotlipy fixes the following issues: - Add max length decompression bsc1254867, bsc1256017...

RockyLinux 8 : python-urllib3 (RLSA-2026:1254)

The remote RockyLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1254 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RHEL 9 : python3.12-urllib3 (RHSA-2026:1957)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:1957 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RockyLinux 10 : python-urllib3 (RLSA-2026:1086)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1086 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RockyLinux 9 : python-urllib3 (RLSA-2026:1087)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1087 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RockyLinux 8 : python3.11-urllib3 (RLSA-2026:1224)

The remote RockyLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1224 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RockyLinux 8 : brotli (RLSA-2026:2389)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:2389 advisory. Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-6176 Tenable has extracted the preceding description block directly from the RockyLin...

RockyLinux 8 : python3.12-urllib3 (RLSA-2026:1226)

The remote RockyLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1226 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RockyLinux 9 : python3.11-urllib3 (RLSA-2026:1089)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1089 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

CVE-2025-15570

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in...

SUSE-SU-2026:0417-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. - CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in...

CVE-2025-15570 ckolivas lrzip stream.c lzma_decompress_buf use after free

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabilit...