[PKG-Openstack-devel] Bug#917030: python-pykmip: CVE-2018-1000872
Moritz Mühlenhoff
jmm at inutil.org
Tue Feb 19 21:37:07 GMT 2019
On Fri, Dec 21, 2018 at 07:13:52PM +0100, Salvatore Bonaccorso wrote:
> Source: python-pykmip
> Version: 0.7.0-2
> Severity: important
> Tags: patch security upstream
> Forwarded: https://github.com/OpenKMIP/PyKMIP/issues/430
>
> Hi,
>
> The following vulnerability was published for python-pykmip.
>
> CVE-2018-1000872[0]:
> | OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399:
> | Resource Management Errors (similar issue to CVE-2015-5262)
> | vulnerability in PyKMIP server that can result in DOS: the server can
> | be made unavailable by one or more clients opening all of the
> | available sockets. This attack appear to be exploitable via A client
> | or clients open sockets with the server and then never close them.
> | This vulnerability appears to have been fixed in 0.8.0.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-1000872
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000872
> [1] https://github.com/OpenKMIP/PyKMIP/issues/430
This is fixed in https://github.com/OpenKMIP/PyKMIP/commit/3a7b880bdf70d295ed8af3a5880bab65fa6b3932
can we please get the patch in buster?
Cheers,
Moritz
More information about the Openstack-devel
mailing list