Note:
This project will be discontinued after December 13, 2021. [more]
2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.
| Products | Bareos, Debian_linux |
| Type | Heap-based Buffer Overflow (CWE-122) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
• https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html • https://bugs.bareos.org/view.php?id=1210 |