Red Hat Product Errata RHSA-2026:19189 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19189 - Security Advisory Overview Updated Packages Synopsis Moderate: python-tornado security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958) tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments (CVE-2026-35536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2446765 - CVE-2026-31958 tornado-python: Tornado: Denial of Service via large multipart bodies BZ - 2454716 - CVE-2026-35536 tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments CVEs CVE-2026-31958 CVE-2026-35536 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 x86_64 python-tornado-debugsource-6.5.5-1.el9_8.x86_64.rpm SHA-256: 9ed425cc986e8051b078fb15287aaefc461d85c3591c6e2e223c35f041b65a25 python3-tornado-6.5.5-1.el9_8.x86_64.rpm SHA-256: 852d0f0fcffcbb9fac1dbccc8d2b386fb1771fd0e5cccad17b8af41cc0ec9bc5 python3-tornado-debuginfo-6.5.5-1.el9_8.x86_64.rpm SHA-256: daa9554f7d1a83e04f1bffc1b6f324db2cb89c41da37d3ca50bd836bd336bdd2 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 x86_64 python-tornado-debugsource-6.5.5-1.el9_8.x86_64.rpm SHA-256: 9ed425cc986e8051b078fb15287aaefc461d85c3591c6e2e223c35f041b65a25 python3-tornado-6.5.5-1.el9_8.x86_64.rpm SHA-256: 852d0f0fcffcbb9fac1dbccc8d2b386fb1771fd0e5cccad17b8af41cc0ec9bc5 python3-tornado-debuginfo-6.5.5-1.el9_8.x86_64.rpm SHA-256: daa9554f7d1a83e04f1bffc1b6f324db2cb89c41da37d3ca50bd836bd336bdd2 Red Hat Enterprise Linux for IBM z Systems 9 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 s390x python-tornado-debugsource-6.5.5-1.el9_8.s390x.rpm SHA-256: bdf5154cf978ccf023401f4ddc96d2051d661c1a7273efed42afbe885cf9b06f python3-tornado-6.5.5-1.el9_8.s390x.rpm SHA-256: 0cb313db0d2964eb106e64bc07cc1f5c05f8afbcc9454fc1e4dd1ed407d71112 python3-tornado-debuginfo-6.5.5-1.el9_8.s390x.rpm SHA-256: d1ba7591827b292867dfa4ca128319e71be19cd68406e15d45d4248295d1ab09 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 s390x python-tornado-debugsource-6.5.5-1.el9_8.s390x.rpm SHA-256: bdf5154cf978ccf023401f4ddc96d2051d661c1a7273efed42afbe885cf9b06f python3-tornado-6.5.5-1.el9_8.s390x.rpm SHA-256: 0cb313db0d2964eb106e64bc07cc1f5c05f8afbcc9454fc1e4dd1ed407d71112 python3-tornado-debuginfo-6.5.5-1.el9_8.s390x.rpm SHA-256: d1ba7591827b292867dfa4ca128319e71be19cd68406e15d45d4248295d1ab09 Red Hat Enterprise Linux for Power, little endian 9 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 ppc64le python-tornado-debugsource-6.5.5-1.el9_8.ppc64le.rpm SHA-256: 27a8e42e51cc7d11a066f16196a645347256ac01761a74c6666eb7ab1e11d4f4 python3-tornado-6.5.5-1.el9_8.ppc64le.rpm SHA-256: d5b3d2c5666453d92a4775d1ea46ca82a7401420fe963b680f204016092012ac python3-tornado-debuginfo-6.5.5-1.el9_8.ppc64le.rpm SHA-256: 8d52e137f50d6faab55a0ed69479d740369fc80e735a49fb2caee7b5530a9094 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 ppc64le python-tornado-debugsource-6.5.5-1.el9_8.ppc64le.rpm SHA-256: 27a8e42e51cc7d11a066f16196a645347256ac01761a74c6666eb7ab1e11d4f4 python3-tornado-6.5.5-1.el9_8.ppc64le.rpm SHA-256: d5b3d2c5666453d92a4775d1ea46ca82a7401420fe963b680f204016092012ac python3-tornado-debuginfo-6.5.5-1.el9_8.ppc64le.rpm SHA-256: 8d52e137f50d6faab55a0ed69479d740369fc80e735a49fb2caee7b5530a9094 Red Hat Enterprise Linux for ARM 64 9 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 aarch64 python-tornado-debugsource-6.5.5-1.el9_8.aarch64.rpm SHA-256: c51bc2681dbafa33eb8f4f88e3bd16130a70e8b51bb858bfc1418bcfdd3f2f8d python3-tornado-6.5.5-1.el9_8.aarch64.rpm SHA-256: 62d643f21179b8a25cef70818cd29414ab886264b75512dbfd330a0409f59e95 python3-tornado-debuginfo-6.5.5-1.el9_8.aarch64.rpm SHA-256: cd55bd7b3c15b17941bb1c9ea27ee72f3562a8f56d25169d245442b0d5d35c99 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 aarch64 python-tornado-debugsource-6.5.5-1.el9_8.aarch64.rpm SHA-256: c51bc2681dbafa33eb8f4f88e3bd16130a70e8b51bb858bfc1418bcfdd3f2f8d python3-tornado-6.5.5-1.el9_8.aarch64.rpm SHA-256: 62d643f21179b8a25cef70818cd29414ab886264b75512dbfd330a0409f59e95 python3-tornado-debuginfo-6.5.5-1.el9_8.aarch64.rpm SHA-256: cd55bd7b3c15b17941bb1c9ea27ee72f3562a8f56d25169d245442b0d5d35c99 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 ppc64le python-tornado-debugsource-6.5.5-1.el9_8.ppc64le.rpm SHA-256: 27a8e42e51cc7d11a066f16196a645347256ac01761a74c6666eb7ab1e11d4f4 python3-tornado-6.5.5-1.el9_8.ppc64le.rpm SHA-256: d5b3d2c5666453d92a4775d1ea46ca82a7401420fe963b680f204016092012ac python3-tornado-debuginfo-6.5.5-1.el9_8.ppc64le.rpm SHA-256: 8d52e137f50d6faab55a0ed69479d740369fc80e735a49fb2caee7b5530a9094 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 x86_64 python-tornado-debugsource-6.5.5-1.el9_8.x86_64.rpm SHA-256: 9ed425cc986e8051b078fb15287aaefc461d85c3591c6e2e223c35f041b65a25 python3-tornado-6.5.5-1.el9_8.x86_64.rpm SHA-256: 852d0f0fcffcbb9fac1dbccc8d2b386fb1771fd0e5cccad17b8af41cc0ec9bc5 python3-tornado-debuginfo-6.5.5-1.el9_8.x86_64.rpm SHA-256: daa9554f7d1a83e04f1bffc1b6f324db2cb89c41da37d3ca50bd836bd336bdd2 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 aarch64 python-tornado-debugsource-6.5.5-1.el9_8.aarch64.rpm SHA-256: c51bc2681dbafa33eb8f4f88e3bd16130a70e8b51bb858bfc1418bcfdd3f2f8d python3-tornado-6.5.5-1.el9_8.aarch64.rpm SHA-256: 62d643f21179b8a25cef70818cd29414ab886264b75512dbfd330a0409f59e95 python3-tornado-debuginfo-6.5.5-1.el9_8.aarch64.rpm SHA-256: cd55bd7b3c15b17941bb1c9ea27ee72f3562a8f56d25169d245442b0d5d35c99 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 s390x python-tornado-debugsource-6.5.5-1.el9_8.s390x.rpm SHA-256: bdf5154cf978ccf023401f4ddc96d2051d661c1a7273efed42afbe885cf9b06f python3-tornado-6.5.5-1.el9_8.s390x.rpm SHA-256: 0cb313db0d2964eb106e64bc07cc1f5c05f8afbcc9454fc1e4dd1ed407d71112 python3-tornado-debuginfo-6.5.5-1.el9_8.s390x.rpm SHA-256: d1ba7591827b292867dfa4ca128319e71be19cd68406e15d45d4248295d1ab09 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 SRPM python-tornado-6.5.5-1.el9_8.src.rpm SHA-256: d22ea541fb70837485c695ea32f7a9ccbeca76d2a01de44636263e8842df9948 x86_64 python-tornado-debugsourc