Heartbleed bug and Bareos
If Bareos is configured to use TLS encrpytion for the network connection, there is a possibility that this bug could be exploited.
Usually, the openssl library is part of the operating system, so please make sure that you install the newest updates for theopenssl library offered by your OS vendor and restart the bareos daemons afterwards.
On Windows, the openssl library is shipped with the bareos installer.
The openssl library was upgraded in our buildsystem and all newly created
installers will ship openssl version 1.0.1g where the bug is fixed.
Users with a bareos subscription find patched installers for the stable versions in their repository.
The installers with the fixed Openssl Version are:
Version 12.4: Release 6.5:
Version 13.2: Release 12.5:
Users without subscription can use the windows installers from the nightly builds,as the nightly builds of the windows installers already use the newest version of openssl.
Please upgrade your installation.
How to verify your installation:
You can verify the version of the openssl libraries in your system by right-clicking on the file "libssl-10.dll" in your bareos directory and selecting "properties".
If you do not have Version 1.0.1g, please upgrade.