Описание
Security update for python-tornado6
This update for python-tornado6 fixes the following issues:
- CVE-2024-52804: Fixed a denial of service caused by quadratic performance of cookie parsing (bsc#1233668)
Список пакетов
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-tornado6-6.3.2-150400.9.6.1
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-tornado6-6.3.2-150400.9.6.1
openSUSE Leap 15.5
python311-tornado6-6.3.2-150400.9.6.1
openSUSE Leap 15.6
python311-tornado6-6.3.2-150400.9.6.1
Ссылки
- Link for SUSE-SU-2024:4137-1
- E-Mail link for SUSE-SU-2024:4137-1
- SUSE Security Ratings
- SUSE Bug 1233668
- SUSE CVE CVE-2024-52804 page
Описание
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP5:python311-tornado6-6.3.2-150400.9.6.1
SUSE Linux Enterprise Module for Python 3 15 SP6:python311-tornado6-6.3.2-150400.9.6.1
openSUSE Leap 15.5:python311-tornado6-6.3.2-150400.9.6.1
openSUSE Leap 15.6:python311-tornado6-6.3.2-150400.9.6.1
Ссылки
- CVE-2024-52804
- SUSE Bug 1233668