CVE-2019-14867

Priority
Description
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x
versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the
internal function ber_scanf() was used in some components of the IPA
server, which parsed kerberos key data. An unauthenticated attacker who
could trigger parsing of the krb principal key could cause the IPA server
to crash or in some conditions, cause arbitrary code to be executed on the
server hosting the IPA server.
Notes
Package
Upstream:released (4.8.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):ignored (reached end-of-life)
Ubuntu 19.10 (Eoan Ermine):needed
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://pagure.io/freeipa/c/4abd2f76d76c4c1a1ec5087ec447f4515b63c2c6
More Information

Updated: 2020-01-23 20:47:51 UTC (commit b4629892d998f2ede31f59bb7508dc50a92ac664)