Package "amanda-client"

Name: amanda-client


Advanced Maryland Automatic Network Disk Archiver (Client)

Latest version: 1:3.3.3-2ubuntu1.1+actuallyesm2
Release: trusty (14.04)
Level: security
Repository: universe
Head package: amanda


Download "amanda-client"

Other versions of "amanda-client" in Trusty

Repository Area Version
base universe 1:3.3.3-2ubuntu1
updates universe 1:3.3.3-2ubuntu1.1+actuallyesm2


Version: 1:3.3.3-2ubuntu1.1+actuallyesm2 2023-03-24 07:06:46 UTC

  amanda (1:3.3.3-2ubuntu1.1+actuallyesm2) trusty-security; urgency=medium

  * SECURITY REGRESSION: Remove all patches from version 1:3.3.3-2ubuntu1.1
    restoring the package to the state of 1:3.3.3-2ubuntu1. (LP: #2012536)

 -- David Lane <email address hidden> Fri, 24 Mar 2023 12:33:20 +1100

Source diff to previous version
2012536 All GNUTAR-based backups fail after the package update to1:3.5.1-8ubuntu1.1

Version: 1:3.3.3-2ubuntu1.1 2023-03-21 10:06:54 UTC

  amanda (1:3.3.3-2ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: information leak calcsize SUID binary
    - d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
      privileged information
    - CVE-2022-37703
  * SECURITY UPDATE: privilege escalation via rundump SUID binary
    - d/p/50-fix-CVE-2022-37704: add option validation
    - d/p/52-fix-CVE-2022-37704_part_2-backport: filter RSH env variable
    - CVE-2022-37704
  * SECURITY UPDATE: privilege escalation via runtar SUID binary
    - d/p/48-fix-CVE-2022-37705-backport: fix option parsing
    - CVE-2022-37705

 -- David Lane <email address hidden> Thu, 16 Mar 2023 13:18:40 +1100

CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a direc

About   -   Send Feedback to @ubuntu_updates