Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceSUSE-SU-2026:1162-1

SUSE-SU-2026:1162-1

UNKNOWN

Security update for python-tornado

Published Mar 31, 2026

Modified 3 weeks ago

Fix available

Details

This update for python-tornado fixes the following issues:

CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903).
CVE-2025-67725: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254905).
CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553).
incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes (bsc#1259630).

Affected Packages

python-tornado

SUSE Manager Client Tools 12

Fixed in:

4.2.1-17.18.1

python3-tornado

SUSE Manager Client Tools 12

Fixed in:

4.2.1-17.18.1

References

https://bugzilla.suse.com/1254903

https://bugzilla.suse.com/1254905

https://bugzilla.suse.com/1259553

https://bugzilla.suse.com/1259630

https://www.suse.com/security/cve/CVE-2025-67724

https://www.suse.com/security/cve/CVE-2025-67725

https://www.suse.com/security/cve/CVE-2026-31958

https://www.suse.com/support/update/announcement/2026/suse-su-20261162-1/

Upstream

CVE-2025-67724 CVE-2025-67725 CVE-2026-31958

Related

CVE-2025-67724 CVE-2025-67725 CVE-2026-31958

Ecosystems

SUSE Manager Client Tools 12

Timeline

PublishedMar 31, 2026

ModifiedMar 31, 2026

SUSE-SU-2026:1162-1 | Mondoo Vulnerability Intelligence