-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-db6e9bb7fb 2025-05-31 01:33:18.712928+00:00 --------------------------------------------------------------------------------
Name : python-tornado Product : Fedora 41 Version : 6.3.3 Release : 9.fc41 URL : https://www.tornadoweb.org Summary : Scalable, non-blocking web server and tools Description : Tornado is an open source version of the scalable, non-blocking web server and tools.
The framework is distinct from most mainstream web server frameworks (and certainly most Python frameworks) because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle thousands of simultaneous standing connections, which means it is ideal for real-time web services.
-------------------------------------------------------------------------------- Update Information:
This contains the backported fix for CVE-2024-52804 (cookie parsing DoS vuln) -------------------------------------------------------------------------------- ChangeLog:
* Tue May 20 2025 Robby Callicotte rcallicotte@fedoraproject.org - 6.3.3-9 - Backported fix for CVE-2024-52804 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2328101 - CVE-2024-52804 python-tornado: Tornado has HTTP cookie parsing DoS vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2328101 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-db6e9bb7fb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org
-
updates@fedoraproject.org