Red Hat Product Errata RHSA-2026:24342 - Security Advisory Issued: 2026-06-08 Updated: 2026-06-08 RHSA-2026:24342 - Security Advisory Overview Updated Packages Synopsis Moderate: python-tornado security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python-tornado is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958) tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments (CVE-2026-35536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64 Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le Fixes BZ - 2446765 - CVE-2026-31958 tornado-python: Tornado: Denial of Service via large multipart bodies BZ - 2454716 - CVE-2026-35536 tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments CVEs CVE-2026-31958 CVE-2026-35536 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 SRPM python-tornado-4.2.1-5.el7_9.3.src.rpm SHA-256: 956c4be5f21fd044b3e7a93a91c65f75fad6b1415aedfb864820464002f24745 x86_64 python-tornado-4.2.1-5.el7_9.3.x86_64.rpm SHA-256: 41420fd270cb21fe260a5fd1281cb632ca62db3b9ed26afa06768d138062c2b7 python-tornado-debuginfo-4.2.1-5.el7_9.3.x86_64.rpm SHA-256: 36ef46b8099809f525d58a90373890a7f74e80a37ff9a0ae9600a4121eb0d691 python-tornado-doc-4.2.1-5.el7_9.3.x86_64.rpm SHA-256: d5b1149902a58339400914ea512b42da8244ba7a2131e5bee504057fe9819a06 Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 SRPM python-tornado-4.2.1-5.el7_9.3.src.rpm SHA-256: 956c4be5f21fd044b3e7a93a91c65f75fad6b1415aedfb864820464002f24745 s390x python-tornado-4.2.1-5.el7_9.3.s390x.rpm SHA-256: 0eff17ca72b677cf4d691811adc28cb72639ddb94560d6321c199fa7c81b56b3 python-tornado-debuginfo-4.2.1-5.el7_9.3.s390x.rpm SHA-256: 56e61b5f4082ea814e411e50417891c91f93a841ae0aeb68a5265d582a1b4e4f python-tornado-doc-4.2.1-5.el7_9.3.s390x.rpm SHA-256: a7ef87e7f86339a004e2a19a7eff7b0051d176676a10ee5f65f27336c70e3d4f Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 SRPM python-tornado-4.2.1-5.el7_9.3.src.rpm SHA-256: 956c4be5f21fd044b3e7a93a91c65f75fad6b1415aedfb864820464002f24745 ppc64 python-tornado-4.2.1-5.el7_9.3.ppc64.rpm SHA-256: 2a77c53a930b1c6efc8a31cce2a4bdfb80fe0b29028213470ad4106737ba09d2 python-tornado-debuginfo-4.2.1-5.el7_9.3.ppc64.rpm SHA-256: 3553458bb1e6bac216fd4b5546e4b45a597f07a7617e7371de7da5e98be89520 python-tornado-doc-4.2.1-5.el7_9.3.ppc64.rpm SHA-256: af57a89b2fb9801345ead8fa94f878dc8d5509217a5b72dc560a1ba0ab2f2eaa Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 SRPM python-tornado-4.2.1-5.el7_9.3.src.rpm SHA-256: 956c4be5f21fd044b3e7a93a91c65f75fad6b1415aedfb864820464002f24745 ppc64le python-tornado-4.2.1-5.el7_9.3.ppc64le.rpm SHA-256: 250a819db6c5583a7122ca5c67848b4b817dc3d26aa4d7438378cd67a384cfd5 python-tornado-debuginfo-4.2.1-5.el7_9.3.ppc64le.rpm SHA-256: 6595dae1bb3451542042b8bd16c92114793da207524bec4ee5b931ce986ff2ec python-tornado-doc-4.2.1-5.el7_9.3.ppc64le.rpm SHA-256: dc23476a0aba52a2c8f2cf4affca78171a7f553e56c170b7cf6b364458c82210 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .