|
|
Subscribe / Log in / New account

Ubuntu alert USN-7547-1 (python-tornado)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7547-1] Tornado vulnerability


Date:
              Mon, 02 Jun 2025 15:57:48 +0000


Message-ID:
              <E1uM7Xo-0007GN-J0@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7547-1
June 02, 2025

python-tornado vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Tornado could be made to consume excessive resources when processing
specially crafted HTTP requests.

Software Description:
- python-tornado: scalable, non-blocking web server and tools

Details:

It was discovered that Tornado inefficiently handled requests when
parsing certain form data. An attacker could possibly use this issue to
increase resource utilization leading to a denial of service. This issue
was only addressed in Ubuntu 24.04 LTS and Ubuntu 22.04 LTS.
(CVE-2025-47287)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  python3-tornado                 6.4.2-1ubuntu0.25.04.1

Ubuntu 24.10
  python3-tornado                 6.4.1-2ubuntu0.2

Ubuntu 24.04 LTS
  python3-tornado                 6.4.0-1ubuntu0.2

Ubuntu 22.04 LTS
  python3-tornado                 6.1.0-3ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7547-1
  CVE-2025-47287

Package Information:
  https://launchpad.net/ubuntu/+source/python-tornado/6.4.2...
  https://launchpad.net/ubuntu/+source/python-tornado/6.4.1...
  https://launchpad.net/ubuntu/+source/python-tornado/6.4.0...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmg9xiMACgkQcpJm3tlz
hgHKKg/9FoGS84MgDu5JW1ZPYM1DUbob+nXxautt6IaXqrnAEDacQvS9zBoklzxU
U+0U0e/dxaA2LKJy6qZ+pgQRM4kGhVAxx5kqkmiVGHEKOBoAYXWcL7IY9J9vsIik
uhh1lj6H7MFcI03UuQem3+EajEc5jJKdoeDwpANW8h++4VG9Uz9Scq5emRf2NLcN
NzM9mHj/NkAtLytFpClpXMvUtBXhRAU/RPyk4p6TuHnRSSQpWCr+5Yd/1RgBMsv+
sd3FusVaKZpzHIKmTnjKXYJOMjlws2Hd2QcAqGR5VhADulFC2FXpeHfgiI4U7Mf3
OpHgAbcTzbWjAPMBqLo41X5uiMwqaSbgl7b9MvteQweXQ4o9pcZP/bm5OnIKhG8S
s39TbLkFUf5GaG/j4G2UXgH1ZaiEBMSNFbuA1xKNr+6AEdYMlc6HLCRjkfm8RKDC
x6+tamUM8Oh8cyVQzuWKhB/9HIubYs1+dzNFQJssLt5Po4usiOCg51ZAy3CBo0Gj
Kv54oetQBEs02CsmH28W7QdwHow6Ai4yVdN/EXd5Awb+WVFBmuMZ5aLRTULrcN3G
rmeUh/2VaG9Rt+QEnhjKUGzga0ME5poxmLPuMRPgAWHF1DcB5DAzuAtRoDVJd9xS
WbQZ/ubAzP2HWB+XPEOgziVi7+8dadNcl69x/4MJtwNk3i0h99E=
=9RaY
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds