Fedora 43 and 44 Python-Scrapy DoS Vulnerabilities Addressed

Fedora has released updates for python-scrapy to address a denial-of-service (DoS) vulnerability identified as CVE-2025-6176. This vulnerability, known as a Brotli decompression bomb, affects versions of python-scrapy in Fedora 43 and 44. The updates were published on June 13, 2026, by Filipe Rosset, with Fedora 44 receiving version 2.14.2-1 and Fedora 43 receiving version 2.13.4-1. Users are advised to apply these updates using the 'dnf' update program to mitigate the risk of exploitation. The vulnerability was published on October 31, 2025, and could potentially allow attackers to exhaust system resources, leading to service disruption. Both Fedora versions are now patched, reducing the risk of exploitation.

Key Points: • CVE-2025-6176 is a DoS vulnerability affecting python-scrapy in Fedora 43 and 44. • Updates were released on June 13, 2026, to mitigate the risk of exploitation. • Users are urged to apply the updates using the 'dnf' update program.