python-tornado-6.1.0-9.el9

エラータID: AXSA:2023-6669:02

Release date: 
Thursday, December 7, 2023 - 09:11
Subject: 
python-tornado-6.1.0-9.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools.

Security Fix(es):

* python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations (CVE-2023-28370)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-28370
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

Solution: 

Update packages.

CVEs: 
CVE-2023-28370
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-tornado-6.1.0-9.el9.src.rpm
    MD5: 2cbd36cb1333cb0050b71de4d86f1306
    SHA-256: dd370bfc3d5fec405f380484957c06aa8eb2fa3543797281a1980df481646fe1
    Size: 516.59 kB

Asianux Server 9 for x86_64
  1. python3-tornado-6.1.0-9.el9.x86_64.rpm
    MD5: eb3769a02d10a5394164ffe9a6391da3
    SHA-256: c12b630cb3d942834551878d455e6260d53024c88ce41f69c2ea5c99162a45e4
    Size: 645.04 kB