Not a user yet?
Log in Register for free Suggest a product
Update

USN-7150-1: Tornado vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7150-1: Tornado vulnerabilities
11 December 2024

Several security issues were fixed in Tornado.

Releases

  • Ubuntu 24.10
  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages
python-tornado - scalable, non-blocking web server and tools

Details
It was discovered that Tornado incorrectly handled a certain redirect.
A remote attacker could possibly use this issue to redirect a user to an
arbitrary web site and conduct a phishing attack by having the user access
a specially crafted URL. This issue was only addressed in Ubuntu 22.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Ubuntu 16.04 LTS was previously
addressed in USN-6159-1. (CVE-2023-28370)

It was discovered that Tornado inefficiently handled requests when parsing
cookies. An attacker could possibly use this issue to increase resource
utilization leading to a denial of service. (CVE-2024-52804)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.10

  • python3-tornado - 6.4.1-2ubuntu0.1
    Ubuntu 24.04
  • python3-tornado - 6.4.0-1ubuntu0.1
    Ubuntu 22.04
  • python3-tornado - 6.1.0-3ubuntu0.1~esm1
    Ubuntu 20.04
  • python3-tornado - 6.0.3+really5.1.1-3ubuntu0.1~esm1
    Ubuntu 18.04
  • python-tornado - 4.5.3-1ubuntu0.2+esm1
  • python3-tornado - 4.5.3-1ubuntu0.2+esm1

In general, a standard system update will make all the necessary changes.

More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad