UbuntuUpdates.org

Package "amanda-client"

Name: amanda-client

Description:

Advanced Maryland Automatic Network Disk Archiver (Client)

Latest version: 1:3.5.1-8ubuntu1.4
Release: jammy (22.04)
Level: security
Repository: universe
Head package: amanda
Homepage: http://www.amanda.org/

Links


Download "amanda-client"


Other versions of "amanda-client" in Jammy

Repository Area Version
base universe 1:3.5.1-8ubuntu1
updates universe 1:3.5.1-8ubuntu1.4

Changelog

Version: 1:3.5.1-8ubuntu1.4 2024-01-30 12:08:09 UTC

  amanda (1:3.5.1-8ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: argument mishandling
    - debian/patches/57-CVE-2023-30577.patch: introduces checks in runtar.c to
      ensure that runtar binary is called only with expected arguments.
    - CVE-2023-30577

 -- Jorge Sancho Larraz <email address hidden> Fri, 19 Jan 2024 13:54:35 +0100

Source diff to previous version
CVE-2023-30577 AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerab

Version: 1:3.5.1-8ubuntu1.3 2023-04-03 03:06:54 UTC

  amanda (1:3.5.1-8ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: information leak calcsize SUID binary
    - d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
      privileged information
    - CVE-2022-37703
  * SECURITY UPDATE: privilege escalation via rundump SUID binary
    - d/p/50-fix-CVE-2022-37704: add option validation
    - d/p/52-fix-CVE-2022-37704_part_2: filter RSH environment variable
    - CVE-2022-37704
  * SECURITY UPDATE: privilege escalation via runtar SUID binary
    - d/p/48-fix-CVE-2022-37705: fix option parsing
    - d/p/49-fix-CVE-2022-37705_part_2: amendment to above patch
    - CVE-2022-37705

 -- David Lane <email address hidden> Tue, 28 Mar 2023 20:57:05 +1100

Source diff to previous version
CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a direc

Version: 1:3.5.1-8ubuntu1.2 2023-03-25 16:06:49 UTC

  amanda (1:3.5.1-8ubuntu1.2) jammy-security; urgency=medium

  * SECURITY REGRESSION: Remove all patches from version 1:3.5.1-8ubuntu1.1
    getting the package back to the state of 1:3.5.1-8ubuntu1.1. Pending further
    investigation. (LP: #2012536)

 -- Eduardo Barretto <email address hidden> Thu, 23 Mar 2023 11:06:24 +0100

Source diff to previous version
2012536 All GNUTAR-based backups fail after the package update to1:3.5.1-8ubuntu1.1

Version: 1:3.5.1-8ubuntu1.1 2023-03-21 10:07:02 UTC

  amanda (1:3.5.1-8ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: information leak calcsize SUID binary
    - d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
      privileged information
    - CVE-2022-37703
  * SECURITY UPDATE: privilege escalation via rundump SUID binary
    - d/p/50-fix-CVE-2022-37704: add option validation
    - d/p/52-fix-CVE-2022-37704_part_2: filter RSH environment variable
    - CVE-2022-37704
  * SECURITY UPDATE: privilege escalation via runtar SUID binary
    - d/p/48-fix-CVE-2022-37705: fix option parsing
    - CVE-2022-37705

 -- David Lane <email address hidden> Thu, 09 Mar 2023 15:48:59 +1100

CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a direc



About   -   Send Feedback to @ubuntu_updates