Mageia Issues Advisory for Critical DoS Vulnerability in python-tornado

mageia

June 17, 2026

Security update

Summary

Description: Tornado has a DoS due to too many multipart parts. (CVE-2026-31958) In Tornado, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters. (CVE-2026-35536)

References

- https://bugs.mageia.org/show_bug.cgi?id=35420

- https://ubuntu.com/security/notices/USN-8198-1

- https://www.cve.org/CVERecord?id=CVE-2026-31958

- https://www.cve.org/CVERecord?id=CVE-2026-35536

Topics Covered

security advisory critical DoS cookie injection Mageia python-tornado

Resolution

SRPMS

- 9/core/python-tornado-6.3.2-1.4.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 17 Jun 2026

URL: https://advisories.mageia.org/MGASA-2026-0216.html

Type: security

CVE: CVE-2026-31958, CVE-2026-35536

Topics Covered

security advisory critical DoS cookie injection Mageia python-tornado

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia Issues Advisory for Critical DoS Vulnerability in python-tornado

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia Issues Advisory for Critical DoS Vulnerability in python-tornado

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!