Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

SUSE-SU-2026:20043-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2026:20043-1

SUSE-SU-2026:20043-1

UNKNOWN

Security update for python-tornado6

Published Jan 8, 2026

Modified 1 weeks ago

Fix available

Details

This update for python-tornado6 fixes the following issues:

CVE-2025-67724: Fixed missing validation of the supplied reason phrase (bsc#1254903)
CVE-2025-67725: Fixed inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905)
CVE-2025-67726: Fixed Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904)

Affected Packages

python-tornado6

SUSE Linux Micro 6.0

Fixed in:

6.4-4.1

python311-tornado6

SUSE Linux Micro 6.0

Fixed in:

6.4-4.1

References

REPORThttps://bugzilla.suse.com/1254903 REPORThttps://bugzilla.suse.com/1254904 REPORThttps://bugzilla.suse.com/1254905 WEBhttps://www.suse.com/security/cve/CVE-2025-67724 WEBhttps://www.suse.com/security/cve/CVE-2025-67725 WEBhttps://www.suse.com/security/cve/CVE-2025-67726 ADVISORYhttps://www.suse.com/support/update/announcement/2026/suse-su-202620043-1/

Upstream

CVE-2025-67724 CVE-2025-67725 CVE-2025-67726

Related

CVE-2025-67724 CVE-2025-67725 CVE-2025-67726

Ecosystems

SUSE Linux Micro 6.0

Timeline

PublishedJan 8, 2026

ModifiedJan 8, 2026