python-tornado-6.4.2-1.el9_5
エラータID: AXSA:2024-9436:01
リリース日:
2024/12/19 Thursday - 22:54
題名:
python-tornado-6.4.2-1.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Tornado の HTTP クッキー解析処理は、意図せず CPU
リソースを過剰消費してしまう問題があるため、リモート
の攻撃者により、サービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2024-52804)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-52804
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- python-tornado-6.4.2-1.el9_5.src.rpm
MD5: ab4f35747c3e8a24c0efa2428a0f232e
SHA-256: 0eccb406126fab021437891dd32d61216dd792a574a457967ad03dbd61c14117
Size: 533.37 kB
Asianux Server 9 for x86_64
- python3-tornado-6.4.2-1.el9_5.x86_64.rpm
MD5: 38aecec7a8a8a9bbcc3920801f98cef2
SHA-256: b3150537b94af502b213efdce1c5603a1b3b80b5619cc199ac72d883d08378aa
Size: 719.44 kB
English