Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...

SUSE-SU-2026:0623-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. - CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904...

SUSE-SU-2026:0222-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. - CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904...

CVE-2025-67725

Tornado (Python) vulnerable in versions

CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...