[PKG-Openstack-devel] Bug#917030: python-pykmip: CVE-2018-1000872

Salvatore Bonaccorso carnil at debian.org
Fri Dec 21 18:13:52 GMT 2018

Source: python-pykmip
Version: 0.7.0-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/OpenKMIP/PyKMIP/issues/430


The following vulnerability was published for python-pykmip.

| OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399:
| Resource Management Errors (similar issue to CVE-2015-5262)
| vulnerability in PyKMIP server that can result in DOS: the server can
| be made unavailable by one or more clients opening all of the
| available sockets. This attack appear to be exploitable via A client
| or clients open sockets with the server and then never close them.
| This vulnerability appears to have been fixed in 0.8.0.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1000872
[1] https://github.com/OpenKMIP/PyKMIP/issues/430

Please adjust the affected versions in the BTS as needed.


More information about the Openstack-devel mailing list