Source: python-pykmip Version: 0.7.0-2 Severity: important Tags: patch security upstream Forwarded: https://github.com/OpenKMIP/PyKMIP/issues/430
Hi, The following vulnerability was published for python-pykmip. CVE-2018-1000872[0]: | OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: | Resource Management Errors (similar issue to CVE-2015-5262) | vulnerability in PyKMIP server that can result in DOS: the server can | be made unavailable by one or more clients opening all of the | available sockets. This attack appear to be exploitable via A client | or clients open sockets with the server and then never close them. | This vulnerability appears to have been fixed in 0.8.0. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000872 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000872 [1] https://github.com/OpenKMIP/PyKMIP/issues/430 Please adjust the affected versions in the BTS as needed. Regards, Salvatore

