Candidate: CVE-2020-11061
PublicDate: 2020-07-10 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11061
 https://bugs.bareos.org/view.php?id=1210
 https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
Description:
 In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and
 19.2.7, a heap overflow allows a malicious client to corrupt the director's
 memory via oversized digest strings sent during initialization of a verify
 job. Disabling verify jobs mitigates the problem. This issue is also
 patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L [7.4 HIGH]


Patches_bareos:
upstream_bareos: needs-triage
precise/esm_bareos: DNE
trusty_bareos: ignored (out of standard support)
trusty/esm_bareos: DNE
xenial_bareos: ignored (end of standard support, was needs-triage)
bionic_bareos: DNE
eoan_bareos: DNE
focal_bareos: DNE
groovy_bareos: DNE
hirsute_bareos: DNE
impish_bareos: DNE
jammy_bareos: DNE
devel_bareos: DNE

Patches_bacula:
upstream_bacula: needs-triage
precise/esm_bacula: DNE
trusty_bacula: ignored (out of standard support)
trusty/esm_bacula: DNE
xenial_bacula: ignored (end of standard support, was needs-triage)
bionic_bacula: needs-triage
focal_bacula: needs-triage
groovy_bacula: not-affected (9.6.5-2)
hirsute_bacula: not-affected (9.6.5-2)
impish_bacula: not-affected (9.6.5-2)
devel_bacula: not-affected (9.6.5-2)