Red Hat Product Errata RHSA-2023:6523 - Security Advisory
Issued:
2023-11-07
Updated:
2023-11-07

RHSA-2023:6523 - Security Advisory

Synopsis

Moderate: python-tornado security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-tornado is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools.

Security Fix(es):

  • python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations (CVE-2023-28370)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2210199 - CVE-2023-28370 python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations

Red Hat Enterprise Linux for x86_64 9

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
x86_64
python-tornado-debugsource-6.1.0-9.el9.x86_64.rpm SHA-256: 2d1ed6d5418d72b1be61f0b3affb77fa0671fb11e9de9baa4b2a804b0b6254ae
python3-tornado-6.1.0-9.el9.x86_64.rpm SHA-256: 10cbfe08de71e50ea2c3409785488349fafe8b3e12c109b0ff07915862ef57c3
python3-tornado-debuginfo-6.1.0-9.el9.x86_64.rpm SHA-256: 17c77661673cf7656f23577efde0d367724f557c4ea928987fa83bcfdc8e2c6e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
x86_64
python-tornado-debugsource-6.1.0-9.el9.x86_64.rpm SHA-256: 2d1ed6d5418d72b1be61f0b3affb77fa0671fb11e9de9baa4b2a804b0b6254ae
python3-tornado-6.1.0-9.el9.x86_64.rpm SHA-256: 10cbfe08de71e50ea2c3409785488349fafe8b3e12c109b0ff07915862ef57c3
python3-tornado-debuginfo-6.1.0-9.el9.x86_64.rpm SHA-256: 17c77661673cf7656f23577efde0d367724f557c4ea928987fa83bcfdc8e2c6e

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
x86_64
python-tornado-debugsource-6.1.0-9.el9.x86_64.rpm SHA-256: 2d1ed6d5418d72b1be61f0b3affb77fa0671fb11e9de9baa4b2a804b0b6254ae
python3-tornado-6.1.0-9.el9.x86_64.rpm SHA-256: 10cbfe08de71e50ea2c3409785488349fafe8b3e12c109b0ff07915862ef57c3
python3-tornado-debuginfo-6.1.0-9.el9.x86_64.rpm SHA-256: 17c77661673cf7656f23577efde0d367724f557c4ea928987fa83bcfdc8e2c6e

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
s390x
python-tornado-debugsource-6.1.0-9.el9.s390x.rpm SHA-256: dd16e85b520dc57954ebadd46021ed6ea4c7f196cab5e6d0fb981778f0e97327
python3-tornado-6.1.0-9.el9.s390x.rpm SHA-256: bc0a11eb036fdee0c62d329edc971a550dfd04376acfbdb36d8d184a19cc988a
python3-tornado-debuginfo-6.1.0-9.el9.s390x.rpm SHA-256: 0005e683a2e627d1dd1ebe959eae4321f7522909765693f78291293f3549b29b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
s390x
python-tornado-debugsource-6.1.0-9.el9.s390x.rpm SHA-256: dd16e85b520dc57954ebadd46021ed6ea4c7f196cab5e6d0fb981778f0e97327
python3-tornado-6.1.0-9.el9.s390x.rpm SHA-256: bc0a11eb036fdee0c62d329edc971a550dfd04376acfbdb36d8d184a19cc988a
python3-tornado-debuginfo-6.1.0-9.el9.s390x.rpm SHA-256: 0005e683a2e627d1dd1ebe959eae4321f7522909765693f78291293f3549b29b

Red Hat Enterprise Linux for Power, little endian 9

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
ppc64le
python-tornado-debugsource-6.1.0-9.el9.ppc64le.rpm SHA-256: 58ab98fcf237936a37f3d1a83017585ff1a3e8b6e2b630ab5815cccb7b08dfa8
python3-tornado-6.1.0-9.el9.ppc64le.rpm SHA-256: 2daa66360945f7c4eba9fad7ccb432bcca5be190bbae87a23b56615ec1cee703
python3-tornado-debuginfo-6.1.0-9.el9.ppc64le.rpm SHA-256: 8bf3221f308f53f20d705179afba81a14c76d4b5a97f9d93762bf0c76ea33591

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
ppc64le
python-tornado-debugsource-6.1.0-9.el9.ppc64le.rpm SHA-256: 58ab98fcf237936a37f3d1a83017585ff1a3e8b6e2b630ab5815cccb7b08dfa8
python3-tornado-6.1.0-9.el9.ppc64le.rpm SHA-256: 2daa66360945f7c4eba9fad7ccb432bcca5be190bbae87a23b56615ec1cee703
python3-tornado-debuginfo-6.1.0-9.el9.ppc64le.rpm SHA-256: 8bf3221f308f53f20d705179afba81a14c76d4b5a97f9d93762bf0c76ea33591

Red Hat Enterprise Linux for ARM 64 9

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
aarch64
python-tornado-debugsource-6.1.0-9.el9.aarch64.rpm SHA-256: ad1adbc43b127178b9489041b045120c8de8dfc8db4e1f27ec46650fe05a495c
python3-tornado-6.1.0-9.el9.aarch64.rpm SHA-256: 2223b9008bd356c3810fb55b866f8b504462df243dec84542ce548554e23cac7
python3-tornado-debuginfo-6.1.0-9.el9.aarch64.rpm SHA-256: ca0046a345765db8a758b22acf515afa77f272c233df6c5d2e09ba3a6a11a590

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
aarch64
python-tornado-debugsource-6.1.0-9.el9.aarch64.rpm SHA-256: ad1adbc43b127178b9489041b045120c8de8dfc8db4e1f27ec46650fe05a495c
python3-tornado-6.1.0-9.el9.aarch64.rpm SHA-256: 2223b9008bd356c3810fb55b866f8b504462df243dec84542ce548554e23cac7
python3-tornado-debuginfo-6.1.0-9.el9.aarch64.rpm SHA-256: ca0046a345765db8a758b22acf515afa77f272c233df6c5d2e09ba3a6a11a590

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
ppc64le
python-tornado-debugsource-6.1.0-9.el9.ppc64le.rpm SHA-256: 58ab98fcf237936a37f3d1a83017585ff1a3e8b6e2b630ab5815cccb7b08dfa8
python3-tornado-6.1.0-9.el9.ppc64le.rpm SHA-256: 2daa66360945f7c4eba9fad7ccb432bcca5be190bbae87a23b56615ec1cee703
python3-tornado-debuginfo-6.1.0-9.el9.ppc64le.rpm SHA-256: 8bf3221f308f53f20d705179afba81a14c76d4b5a97f9d93762bf0c76ea33591

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
x86_64
python-tornado-debugsource-6.1.0-9.el9.x86_64.rpm SHA-256: 2d1ed6d5418d72b1be61f0b3affb77fa0671fb11e9de9baa4b2a804b0b6254ae
python3-tornado-6.1.0-9.el9.x86_64.rpm SHA-256: 10cbfe08de71e50ea2c3409785488349fafe8b3e12c109b0ff07915862ef57c3
python3-tornado-debuginfo-6.1.0-9.el9.x86_64.rpm SHA-256: 17c77661673cf7656f23577efde0d367724f557c4ea928987fa83bcfdc8e2c6e

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
aarch64
python-tornado-debugsource-6.1.0-9.el9.aarch64.rpm SHA-256: ad1adbc43b127178b9489041b045120c8de8dfc8db4e1f27ec46650fe05a495c
python3-tornado-6.1.0-9.el9.aarch64.rpm SHA-256: 2223b9008bd356c3810fb55b866f8b504462df243dec84542ce548554e23cac7
python3-tornado-debuginfo-6.1.0-9.el9.aarch64.rpm SHA-256: ca0046a345765db8a758b22acf515afa77f272c233df6c5d2e09ba3a6a11a590

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
python-tornado-6.1.0-9.el9.src.rpm SHA-256: 96abaa59584da040eb7459ec95ff99e49468da61ac9089d8f869479f897541de
s390x
python-tornado-debugsource-6.1.0-9.el9.s390x.rpm SHA-256: dd16e85b520dc57954ebadd46021ed6ea4c7f196cab5e6d0fb981778f0e97327
python3-tornado-6.1.0-9.el9.s390x.rpm SHA-256: bc0a11eb036fdee0c62d329edc971a550dfd04376acfbdb36d8d184a19cc988a
python3-tornado-debuginfo-6.1.0-9.el9.s390x.rpm SHA-256: 0005e683a2e627d1dd1ebe959eae4321f7522909765693f78291293f3549b29b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.