Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Ubuntu: Security Patch for Critical XSS Vulnerability CVE-2023-0456

opensuse
Calendar Grey January 5, 2026
Dist Opensuse Esm H88
Important update for python-tornado6 on openSUSE addressing security issues with critical fixes and patches.
An update that solves three vulnerabilities can now be installed.

Description

This update for python-tornado6 fixes the following issues:

* CVE-2025-67724: unescaped `reason` argument used in HTTP headers and in HTML

default error pages can be used by attackers to launch header injection or

XSS attacks (bsc#1254903).

* CVE-2025-67725: quadratic complexity of string concatenation operations used

by the `HTTPHeaders.add` method can lead to DoS when processing a

maliciously crafted HTTP request (bsc#1254905).

* CVE-2025-67726: quadratic complexity algorithm used in the `_parseparam`

function of `httputil.py` can lead to DoS when processing maliciously

crafted parameters in a `Content-Disposition` header (bsc#1254904).

Topics%20covered

Topics Covered

security advisory denial of service important OpenSUSE header injection python-tornado6

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-10=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-10=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-10=1

* SUSE Linux Enterprise Server 15 SP4 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-10=1

* SUSE Linux Enterprise Server 15 SP5 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-10=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-10=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

zypper in -t patch...

Read the Full Advisory

Package List

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64

x86_64)

* python311-tornado6-6.3.2-150400.9.12.1

* python-tornado6-debugsource-6.3.2-150400.9.12.1

* python311-tornado6-debuginfo-6.3.2-150400.9.12.1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64

x86_64)

* python311-tornado6-6.3.2-150400.9.12.1

* python-tornado6-debugsource-6.3.2-150400.9.12.1

* python311-tornado6-debuginfo-6.3.2-150400.9.12.1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64

x86_64)

* python311-tornado6-6.3.2-150400.9.12.1

* python-tornado6-debugsource-6.3.2-150400.9.12.1

* python311-tornado6-debuginfo-6.3.2-150400.9.12.1

* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)

* python311-tornado6-6.3.2-150400.9.12.1

* python-tornado6-debugsource-6.3.2-150400.9.12.1

* python311-tornado6-debuginfo-6.3.2-150400.9.12.1

* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)

* python311-tornado6-6.3.2-150400.9.12.1

*...

Read the Full Advisory

References

* bsc#1254903

* bsc#1254904

* bsc#1254905

## References:

* https://www.suse.com/security/cve/CVE-2025-67724.html

* https://www.suse.com/security/cve/CVE-2025-67725.html

* https://www.suse.com/security/cve/CVE-2025-67726.html

* https://bugzilla.suse.com/show_bug.cgi?id=1254903

* https://bugzilla.suse.com/show_bug.cgi?id=1254904

* https://bugzilla.suse.com/show_bug.cgi?id=1254905

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0010-1
Release Date: 2026-01-05T10:27:06Z
Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7

Topics%20covered

Topics Covered

security advisory denial of service important OpenSUSE header injection python-tornado6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here