[Borgbackup] TAM authentication issue
Catalin Bucur
cata at geniusnet.ro
Fri Oct 13 06:50:58 EDT 2023
Hello,
I perform daily backups using the Borg client version 1.1.18 in a remote
repository that is not under my control. All I know about it is that two
versions are simultaneously offered: 1.1.18 and 1.2.4 (default).
I perform weekly archive checks, and during the last one, I received a
warning regarding the "Pre-1.2.5 archives spoofing vulnerability
(CVE-2023-36811)":
/"Archive TAM authentication issue for archive
blocked_NX-2023-05-24T14:03:36: Data integrity error: Archive
authentication did not verify
This archive will be *removed* from the manifest! It will be deleted."/
What I would like to know is:
- if I create a backup using client version 1.1.18 and I don't specify
a version during the operation, in what way (version) will the data be
written to the server, 1.1.18 or 1.2.4?
- with access to the files created by Borg on the server, can I find
out in which version they were written/saved?
- why am I getting the warning if neither the client nor the server
has a version greater than 1.2.4?
- the solution to avoid losing those archives is to run the commands
with the "BORG_WORKAROUNDS" switch, using client version 1.2.4?
Thank you for your time.
Best regards,
--
Catalin Bucur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/borgbackup/attachments/20231013/7733899e/attachment.html>
More information about the Borgbackup
mailing list