CVE-2020-4042 and CVE-2020-11061

Question

CVE-2020-4042 and CVE-2020-11061

Closed this issue 4 years ago · 1 comments

Bareos has released new versions to patch authentication bypass and heap overflow issues. The barcus/bareos* containers should be regenerated to incorporate the fixes.

GHSA-vqpj-2vhj-h752 / CVE-2020-4042: Authentication bypass in director when allowing client and director initiated connections (https://bugs.bareos.org/view.php?id=1250)
GHSA-mm45-cg35-54j4 / CVE-2020-11061: Heap overflow in director when running a verify job against a malicious filedaemon (https://bugs.bareos.org/view.php?id=1210)

Answer 1 · 2020-08-30T17:19:52.000Z

Images have been regenerated. Thank you @westphaldp