Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
219
security advisorymoderatedenial of serviceRocky Linux 10 tornado-python Brief Service Break RLSA-2026-24685
Moderate: python-tornado security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:13641", "synopsis": "Moderate: python-tornado security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for python-tornado.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958)\n\n* tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments (CVE-2026-35536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2454716", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2454716", "description": ""}, {"ticket": "2446765", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2446765", "description": ""}], "cves": [{"name": "CVE-2026-31958", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-770"}, {"name": "CVE-2026-35536", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-88"}], "references": [], "publishedAt":"2026-05-06T12:05:16.751656Z", "rpms": {"Rocky Linux 10": {"nvras": ["python-tornado-debugsource-0:6.5.5-1.el10_1.1.s390x.rpm", "python3-tornado-0:6.5.5-1.el10_1.1.ppc64le.rpm", "python-tornado-debugsource-0:6.5.5-1.el10_1.1.aarch64.rpm", "python3-tornado-0:6.5.5-1.el10_1.1.x86_64.rpm", "python3-tornado-0:6.5.5-1.el10_1.1.aarch64.rpm", "python-tornado-debugsource-0:6.5.5-1.el10_1.1.ppc64le.rpm", "python-tornado-0:6.5.5-1.el10_1.1.src.rpm", "python3-tornado-debuginfo-0:6.5.5-1.el10_1.1.s390x.rpm", "python3-tornado-debuginfo-0:6.5.5-1.el10_1.1.x86_64.rpm", "python3-tornado-debuginfo-0:6.5.5-1.el10_1.1.ppc64le.rpm", "python3-tornado-0:6.5.5-1.el10_1.1.s390x.rpm", "python-tornado-debugsource-0:6.5.5-1.el10_1.1.x86_64.rpm", "python3-tornado-debuginfo-0:6.5.5-1.el10_1.1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate security update available for python-tornado on Rocky Linux 10 to address denial of service and cookie injection.. python tornado update, rocky linux advisory, moderate security fix. . LinuxSecurity.com Team
May 06, 2026
Rocky Linux
219
security advisorymoderatedenial of serviceRocky Linux 11 python-flask Minimal DDoS Session Issue RLSB-2026-54322
Moderate: python-tornado security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:13641", "synopsis": "Moderate: python-tornado security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for python-tornado.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958)\n\n* tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments (CVE-2026-35536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2454716", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2454716", "description": ""}, {"ticket": "2446765", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2446765", "description": ""}], "cves": [{"name": "CVE-2026-31958", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-770"}, {"name": "CVE-2026-35536", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-88"}], "references": [], "publishedAt":"2026-05-06T12:05:16.751656Z", "rpms": {"Rocky Linux 10": {"nvras": ["python-tornado-debugsource-0:6.5.5-1.el10_1.1.s390x.rpm", "python3-tornado-0:6.5.5-1.el10_1.1.ppc64le.rpm", "python-tornado-debugsource-0:6.5.5-1.el10_1.1.aarch64.rpm", "python3-tornado-0:6.5.5-1.el10_1.1.x86_64.rpm", "python3-tornado-0:6.5.5-1.el10_1.1.aarch64.rpm", "python-tornado-debugsource-0:6.5.5-1.el10_1.1.ppc64le.rpm", "python-tornado-0:6.5.5-1.el10_1.1.src.rpm", "python3-tornado-debuginfo-0:6.5.5-1.el10_1.1.s390x.rpm", "python3-tornado-debuginfo-0:6.5.5-1.el10_1.1.x86_64.rpm", "python3-tornado-debuginfo-0:6.5.5-1.el10_1.1.ppc64le.rpm", "python3-tornado-0:6.5.5-1.el10_1.1.s390x.rpm", "python-tornado-debugsource-0:6.5.5-1.el10_1.1.x86_64.rpm", "python3-tornado-debuginfo-0:6.5.5-1.el10_1.1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate python-tornado security update for Rocky Linux addresses Denial of Service and cookie injection issues.. python tornado, Rocky Linux 10, security update, denial of service, cookie attribute injection. . LinuxSecurity.com Team
May 06, 2026
Rocky Linux
172
security advisorydenial of serviceUbuntuUbuntu 26.04 LTS USN-8198-2 Tornado Important Denial of Service
Several security issues were fixed in Tornado.. ========================================================================== Ubuntu Security Notice USN-8198-2 April 28, 2026 python-tornado vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Several security issues were fixed in Tornado. Software Description: - python-tornado: scalable, non-blocking web server and tools Details: USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-31958) It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use this issue to inject arbitrary cookie attributes. (CVE-2026-35536) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-tornado 6.5.4-0.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8198-2 https://ubuntu.com/security/notices/USN-8198-1 CVE-2026-31958, CVE-2026-35536 Package Information: https://launchpad.net/ubuntu/+source/python-tornado/6.5.4-0.1ubuntu0.1 . Stay protected: Ubuntu 26.04 LTS Tornado update fixes critical security flaws. Ensure your system is updated to avoid risks.. Ubuntu 26.04,Linux security,python-tornado vulnerabilities,Tornado Denial of Service,Cookie Injection. . Severity: Important. LinuxSecurity.com Team
Apr 28, 2026
•Important
Ubuntu
219
security advisorymoderatedenial of serviceRocky Linux 8 Systems Security Patch RLSA-2026-8214 for CVE-2026-33033
Moderate: pcs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8093", "synopsis": "Moderate: pcs security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for pcs.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2446765", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2446765", "description": ""}], "cves": [{"name": "CVE-2026-31958", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-31958", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-770"}], "references": [], "publishedAt": "2026-04-16T12:00:37.623432Z", "rpms": {"Rocky Linux 8": {"nvras": ["pcs-0:0.10.18-2.el8_10.9.aarch64.rpm", "pcs-0:0.10.18-2.el8_10.9.src.rpm", "pcs-0:0.10.18-2.el8_10.9.x86_64.rpm", "pcs-snmp-0:0.10.18-2.el8_10.9.aarch64.rpm", "pcs-snmp-0:0.10.18-2.el8_10.9.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux pcs security update addresses a denial-of-service issue through a moderate severity update for the system.. Rocky Linux, pcs security update, denial of service, moderate severity, tornado-python. . LinuxSecurity.com Team
Apr 16, 2026
Rocky Linux
219
security advisorymoderatedenial of serviceRocky Linux 8 pcs Security Update RLSA-2026-8093 Moderate DoS Threat
Moderate: pcs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8093", "synopsis": "Moderate: pcs security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for pcs.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2446765", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2446765", "description": ""}], "cves": [{"name": "CVE-2026-31958", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-770"}], "references": [], "publishedAt": "2026-04-16T12:00:37.623432Z", "rpms": {"Rocky Linux 8": {"nvras": ["pcs-0:0.10.18-2.el8_10.9.aarch64.rpm", "pcs-0:0.10.18-2.el8_10.9.src.rpm", "pcs-0:0.10.18-2.el8_10.9.x86_64.rpm", "pcs-snmp-0:0.10.18-2.el8_10.9.aarch64.rpm", "pcs-snmp-0:0.10.18-2.el8_10.9.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 8 security advisory for pcs update addressing denial of service risks from tornado-python. Immediate action recommended.. Rocky Linux, pcs security, denial of service, security update, tornado-python. . LinuxSecurity.com Team
Apr 16, 2026
Rocky Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!