UbuntuUpdates.org

Package "amanda-server"

Name: amanda-server

Description:

Advanced Maryland Automatic Network Disk Archiver (Server)

Latest version: 1:3.5.1-2ubuntu0.4
Release: focal (20.04)
Level: security
Repository: universe
Head package: amanda
Homepage: http://www.amanda.org/

Links


Download "amanda-server"


Other versions of "amanda-server" in Focal

Repository Area Version
base universe 1:3.5.1-2build3
updates universe 1:3.5.1-2ubuntu0.4

Changelog

Version: 1:3.5.1-2ubuntu0.4 2024-01-30 12:08:07 UTC

  amanda (1:3.5.1-2ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: argument mishandling
    - debian/patches/57-CVE-2023-30577.patch: introduces checks in runtar.c to
      ensure that runtar binary is called only with expected arguments.
    - CVE-2023-30577

 -- Jorge Sancho Larraz <email address hidden> Fri, 19 Jan 2024 14:01:42 +0100

Source diff to previous version
CVE-2023-30577 AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerab

Version: 1:3.5.1-2ubuntu0.3 2023-04-03 03:06:52 UTC

  amanda (1:3.5.1-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: information leak calcsize SUID binary
    - d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
      privileged information
    - CVE-2022-37703
  * SECURITY UPDATE: privilege escalation via rundump SUID binary
    - d/p/50-fix-CVE-2022-37704: add option validation
    - d/p/52-fix-CVE-2022-37704_part_2: filter RSH environment variable
    - CVE-2022-37704
  * SECURITY UPDATE: privilege escalation via runtar SUID binary
    - d/p/48-fix-CVE-2022-37705: fix option parsing
    - d/p/49-fix-CVE-2022-37705_part_2: amendment to above patch
    - CVE-2022-37705

 -- David Lane <email address hidden> Tue, 28 Mar 2023 20:54:04 +1100

Source diff to previous version
CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a direc

Version: 1:3.5.1-2ubuntu0.2 2023-03-23 22:06:57 UTC

  amanda (1:3.5.1-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY REGRESSION: Remove all patches from version 1:3.5.1-2ubuntu0.1
    getting the package back to the state of 1:3.5.1-2build3. Pending further
    investigation. (LP: #2012536)

 -- Eduardo Barretto <email address hidden> Thu, 23 Mar 2023 11:12:27 +0100

Source diff to previous version
2012536 All GNUTAR-based backups fail after the package update to1:3.5.1-8ubuntu1.1

Version: 1:3.5.1-2ubuntu0.1 2023-03-21 10:06:59 UTC

  amanda (1:3.5.1-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: information leak calcsize SUID binary
    - d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
      privileged information
    - CVE-2022-37703
  * SECURITY UPDATE: privilege escalation via rundump SUID binary
    - d/p/50-fix-CVE-2022-37704: add option validation
    - d/p/52-fix-CVE-2022-37704_part_2: filter RSH environment variable
    - CVE-2022-37704
  * SECURITY UPDATE: privilege escalation via runtar SUID binary
    - d/p/48-fix-CVE-2022-37705: fix option parsing
    - CVE-2022-37705

 -- David Lane <email address hidden> Thu, 09 Mar 2023 15:48:28 +1100

CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a direc



About   -   Send Feedback to @ubuntu_updates