UbuntuUpdates.org

Package "amanda-common"

Name: amanda-common

Description:

Advanced Maryland Automatic Network Disk Archiver (Libs)

Latest version: 1:3.5.1-1ubuntu0.3
Release: bionic (18.04)
Level: security
Repository: universe
Head package: amanda
Homepage: http://www.amanda.org/

Links


Download "amanda-common"


Other versions of "amanda-common" in Bionic

Repository Area Version
base universe 1:3.5.1-1build2
updates universe 1:3.5.1-1ubuntu0.3

Changelog

Version: 1:3.5.1-1ubuntu0.3 2023-04-03 03:06:51 UTC

  amanda (1:3.5.1-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: information leak calcsize SUID binary
    - d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
      privileged information
    - CVE-2022-37703
  * SECURITY UPDATE: privilege escalation via rundump SUID binary
    - d/p/50-fix-CVE-2022-37704: add option validation
    - d/p/52-fix-CVE-2022-37704_part_2: filter RSH environment variable
    - CVE-2022-37704
  * SECURITY UPDATE: privilege escalation via runtar SUID binary
    - d/p/48-fix-CVE-2022-37705: fix option parsing
    - d/p/49-fix-CVE-2022-37705_part_2: amendment to above patch
    - CVE-2022-37705

 -- David Lane <email address hidden> Tue, 28 Mar 2023 14:28:44 +1100

Source diff to previous version
CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a direc

Version: 1:3.5.1-1ubuntu0.2 2023-03-23 15:07:00 UTC

  amanda (1:3.5.1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY REGRESSION: Remove all patches from version 1:3.5.1-1ubuntu0.1
    getting the package back to the state of 1:3.5.1-1build2. Pending further
    investigation. (LP: #2012536)

 -- Eduardo Barretto <email address hidden> Thu, 23 Mar 2023 11:17:18 +0100

Source diff to previous version
2012536 All GNUTAR-based backups fail after the package update to1:3.5.1-8ubuntu1.1

Version: 1:3.5.1-1ubuntu0.1 2023-03-21 10:06:58 UTC

  amanda (1:3.5.1-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: information leak calcsize SUID binary
    - d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
      privileged information
    - CVE-2022-37703
  * SECURITY UPDATE: privilege escalation via rundump SUID binary
    - d/p/50-fix-CVE-2022-37704: add option validation
    - d/p/52-fix-CVE-2022-37704_part_2: filter RSH environment variable
    - CVE-2022-37704
  * SECURITY UPDATE: privilege escalation via runtar SUID binary
    - d/p/48-fix-CVE-2022-37705: fix option parsing
    - CVE-2022-37705

 -- David Lane <email address hidden> Thu, 09 Mar 2023 15:47:49 +1100

CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a direc



About   -   Send Feedback to @ubuntu_updates