{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2019-14867","title":"Title"},{"category":"description","text":"A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2019-14867","url":"https://www.suse.com/security/cve/CVE-2019-14867"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"}],"title":"SUSE CVE CVE-2019-14867","tracking":{"current_release_date":"2025-03-15T10:36:49Z","generator":{"date":"2023-10-31T02:33:23Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2019-14867","initial_release_date":"2023-10-31T02:33:23Z","revision_history":[{"date":"2023-10-31T02:33:23Z","number":"2","summary":"Current version"},{"date":"2025-01-01T06:21:23Z","number":"3","summary":"Current version"},{"date":"2025-02-15T07:00:42Z","number":"4","summary":"Current version"},{"date":"2025-02-17T07:25:32Z","number":"5","summary":"Current version"},{"date":"2025-03-15T10:36:49Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Liberty Linux 7","product":{"name":"SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7","product_identification_helper":{"cpe":"cpe:/o:suse:sll:7"}}},{"category":"product_version","name":"ipa-client-4.6.5-11.el7_7.4","product":{"name":"ipa-client-4.6.5-11.el7_7.4","product_id":"ipa-client-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/ipa-client@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"ipa-client-common-4.6.5-11.el7_7.4","product":{"name":"ipa-client-common-4.6.5-11.el7_7.4","product_id":"ipa-client-common-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/ipa-client-common@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"ipa-common-4.6.5-11.el7_7.4","product":{"name":"ipa-common-4.6.5-11.el7_7.4","product_id":"ipa-common-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/ipa-common@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"ipa-python-compat-4.6.5-11.el7_7.4","product":{"name":"ipa-python-compat-4.6.5-11.el7_7.4","product_id":"ipa-python-compat-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/ipa-python-compat@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"ipa-server-4.6.5-11.el7_7.4","product":{"name":"ipa-server-4.6.5-11.el7_7.4","product_id":"ipa-server-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/ipa-server@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"ipa-server-common-4.6.5-11.el7_7.4","product":{"name":"ipa-server-common-4.6.5-11.el7_7.4","product_id":"ipa-server-common-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/ipa-server-common@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"ipa-server-dns-4.6.5-11.el7_7.4","product":{"name":"ipa-server-dns-4.6.5-11.el7_7.4","product_id":"ipa-server-dns-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/ipa-server-dns@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"ipa-server-trust-ad-4.6.5-11.el7_7.4","product":{"name":"ipa-server-trust-ad-4.6.5-11.el7_7.4","product_id":"ipa-server-trust-ad-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/ipa-server-trust-ad@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"python2-ipaclient-4.6.5-11.el7_7.4","product":{"name":"python2-ipaclient-4.6.5-11.el7_7.4","product_id":"python2-ipaclient-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/python2-ipaclient@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"python2-ipalib-4.6.5-11.el7_7.4","product":{"name":"python2-ipalib-4.6.5-11.el7_7.4","product_id":"python2-ipalib-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/python2-ipalib@4.6.5-11.el7_7.4"}}},{"category":"product_version","name":"python2-ipaserver-4.6.5-11.el7_7.4","product":{"name":"python2-ipaserver-4.6.5-11.el7_7.4","product_id":"python2-ipaserver-4.6.5-11.el7_7.4","product_identification_helper":{"purl":"pkg:rpm/suse/python2-ipaserver@4.6.5-11.el7_7.4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"ipa-client-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ipa-client-4.6.5-11.el7_7.4"},"product_reference":"ipa-client-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ipa-client-common-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ipa-client-common-4.6.5-11.el7_7.4"},"product_reference":"ipa-client-common-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ipa-common-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ipa-common-4.6.5-11.el7_7.4"},"product_reference":"ipa-common-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ipa-python-compat-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ipa-python-compat-4.6.5-11.el7_7.4"},"product_reference":"ipa-python-compat-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ipa-server-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ipa-server-4.6.5-11.el7_7.4"},"product_reference":"ipa-server-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ipa-server-common-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ipa-server-common-4.6.5-11.el7_7.4"},"product_reference":"ipa-server-common-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ipa-server-dns-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ipa-server-dns-4.6.5-11.el7_7.4"},"product_reference":"ipa-server-dns-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ipa-server-trust-ad-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ipa-server-trust-ad-4.6.5-11.el7_7.4"},"product_reference":"ipa-server-trust-ad-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"python2-ipaclient-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:python2-ipaclient-4.6.5-11.el7_7.4"},"product_reference":"python2-ipaclient-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"python2-ipalib-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:python2-ipalib-4.6.5-11.el7_7.4"},"product_reference":"python2-ipalib-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"python2-ipaserver-4.6.5-11.el7_7.4 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:python2-ipaserver-4.6.5-11.el7_7.4"},"product_reference":"python2-ipaserver-4.6.5-11.el7_7.4","relates_to_product_reference":"SUSE Liberty Linux 7"}]},"vulnerabilities":[{"cve":"CVE-2019-14867","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-14867"}],"notes":[{"category":"general","text":"A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.","title":"CVE description"}],"product_status":{"recommended":["SUSE Liberty Linux 7:ipa-client-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-client-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-python-compat-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-dns-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-trust-ad-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipaclient-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipalib-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipaserver-4.6.5-11.el7_7.4"]},"references":[{"category":"external","summary":"CVE-2019-14867","url":"https://www.suse.com/security/cve/CVE-2019-14867"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Liberty Linux 7:ipa-client-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-client-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-python-compat-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-dns-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-trust-ad-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipaclient-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipalib-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipaserver-4.6.5-11.el7_7.4"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Liberty Linux 7:ipa-client-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-client-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-python-compat-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-common-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-dns-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:ipa-server-trust-ad-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipaclient-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipalib-4.6.5-11.el7_7.4","SUSE Liberty Linux 7:python2-ipaserver-4.6.5-11.el7_7.4"]}],"threats":[{"category":"impact","date":"2019-11-27T06:39:12Z","details":"important"}],"title":"CVE-2019-14867"}]}