[PKG-Openstack-devel] Bug#917030: python-pykmip: CVE-2018-1000872
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 21 18:13:52 GMT 2018
Source: python-pykmip
Version: 0.7.0-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/OpenKMIP/PyKMIP/issues/430
Hi,
The following vulnerability was published for python-pykmip.
CVE-2018-1000872[0]:
| OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399:
| Resource Management Errors (similar issue to CVE-2015-5262)
| vulnerability in PyKMIP server that can result in DOS: the server can
| be made unavailable by one or more clients opening all of the
| available sockets. This attack appear to be exploitable via A client
| or clients open sockets with the server and then never close them.
| This vulnerability appears to have been fixed in 0.8.0.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1000872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000872
[1] https://github.com/OpenKMIP/PyKMIP/issues/430
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Openstack-devel
mailing list