Candidate: CVE-2019-14867
PublicDate: 2019-11-27 09:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14867
 https://pagure.io/freeipa/c/4abd2f76d76c4c1a1ec5087ec447f4515b63c2c6
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14867
 https://www.freeipa.org/page/Releases/4.6.7
 https://www.freeipa.org/page/Releases/4.7.4
 https://www.freeipa.org/page/Releases/4.8.3
Description:
 A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x
 versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the
 internal function ber_scanf() was used in some components of the IPA
 server, which parsed kerberos key data. An unauthenticated attacker who
 could trigger parsing of the krb principal key could cause the IPA server
 to crash or in some conditions, cause arbitrary code to be executed on the
 server hosting the IPA server.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_freeipa:
 upstream: https://pagure.io/freeipa/c/4abd2f76d76c4c1a1ec5087ec447f4515b63c2c6
upstream_freeipa: released (4.8.3-1)
precise/esm_freeipa: DNE
trusty_freeipa: ignored (out of standard support)
trusty/esm_freeipa: needed
xenial_freeipa: ignored (end of standard support, was needed)
bionic_freeipa: needed
disco_freeipa: ignored (reached end-of-life)
eoan_freeipa: ignored (reached end-of-life)
focal_freeipa: needed
groovy_freeipa: ignored (reached end-of-life)
hirsute_freeipa: ignored (reached end-of-life)
impish_freeipa: needed
jammy_freeipa: needed
devel_freeipa: needed