Not a user yet?
Log in Register for free Suggest a product
Update

USN-8198-1: Tornado vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-8198-1: Tornado vulnerabilities

Publication date: 22 April 2026
Overview: Several security issues were fixed in Tornado.

Packages
python-tornado - scalable, non-blocking web server and tools

Details
It was discovered that Tornado incorrectly handled parsing of large
multipart request bodies. An attacker could possibly use this issue to
cause a denial of service. (CVE-2026-31958)

It was discovered that Tornado did not properly validate characters in
cookie values. An attacker could possibly use this issue to inject
arbitrary cookie attributes. (CVE-2026-35536)

Update instructions
In general, a standard system update will make all the necessary changes.
The problem can be corrected by updating your system to the following package versions:

  • 25.10 questing python3-tornado – 6.4.2-3ubuntu0.3
  • 24.04 LTS noble python3-tornado – 6.4.0-1ubuntu0.5
  • 22.04 LTS jammy python3-tornado – 6.1.0-3ubuntu0.1~esm5
  • 20.04 LTS focal python3-tornado – 6.0.3+really5.1.1-3ubuntu0.1~esm5
  • 18.04 LTS bionic python-tornado – 4.5.3-1ubuntu0.2+esm3
  • python3-tornado – 4.5.3-1ubuntu0.2+esm3
  • 16.04 LTS xenial python-tornado – 4.2.1-1ubuntu3.1+esm3
  • python3-tornado – 4.2.1-1ubuntu3.1+esm3
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad