[ALSA-2026:13670] Moderate: python-tornado security update
Type:
security
Severity:
moderate
Release date:
2026-05-06
Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958) * tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments (CVE-2026-35536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 python3-tornado-6.5.5-1.el9_7.1.aarch64.rpm a89130e4a7ea7342f5df303a1882c4e8633e1b6d664a554de24348b9ec1565e1
ppc64le python3-tornado-6.5.5-1.el9_7.1.ppc64le.rpm fee7425b4a407807b9ada28ccf714857c3df30f6375d1b3dcea73f19b2c4d3a2
s390x python3-tornado-6.5.5-1.el9_7.1.s390x.rpm 6fefe08bb5ca1ce6434f53a7cd1cd3c8dccab97b45546016274a891e06504ed5
x86_64 python3-tornado-6.5.5-1.el9_7.1.x86_64.rpm 756bdb24f9430c5ab77412cda741c156ea4078a95fe821435e01e997715c84aa
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.