Impact
A heap overflow in Bareos Director before 19.2.8, 18.2 before 18.2.9, 17.2 before 17.2.10, and earlier allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job.
Patches
Bareos 19.2.8, 18.2.9 and 17.2.10 fix the issue by making sure the buffer is large enough. All users that use verify jobs should immediately upgrade to one of the mentioned versions.
Workarounds
Disabling verify jobs mitigates the problem.
References
https://bugs.bareos.org/view.php?id=1210
For more information
If you have any questions or comments about this advisory:
Impact
A heap overflow in Bareos Director before 19.2.8, 18.2 before 18.2.9, 17.2 before 17.2.10, and earlier allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job.
Patches
Bareos 19.2.8, 18.2.9 and 17.2.10 fix the issue by making sure the buffer is large enough. All users that use verify jobs should immediately upgrade to one of the mentioned versions.
Workarounds
Disabling verify jobs mitigates the problem.
References
https://bugs.bareos.org/view.php?id=1210
For more information
If you have any questions or comments about this advisory: