Package "amanda-server"

Name: amanda-server


Advanced Maryland Automatic Network Disk Archiver (Server)

Latest version: 1:3.3.6-4.1ubuntu0.1+actuallyesm2
Release: xenial (16.04)
Level: security
Repository: universe
Head package: amanda


Download "amanda-server"

Other versions of "amanda-server" in Xenial

Repository Area Version
base universe 1:3.3.6-4.1
updates universe 1:3.3.6-4.1ubuntu0.1+actuallyesm2


Version: 1:3.3.6-4.1ubuntu0.1+actuallyesm2 2023-03-24 07:06:48 UTC

  amanda (1:3.3.6-4.1ubuntu0.1+actuallyesm2) xenial-security; urgency=medium

  * SECURITY REGRESSION: Remove all patches from version 1:3.3.6-4.1ubuntu0.1
    restoring the package to the state of 1:3.3.6-4.1. (LP: #2012536)

 -- David Lane <email address hidden> Fri, 24 Mar 2023 12:35:23 +1100

Source diff to previous version
2012536 All GNUTAR-based backups fail after the package update to1:3.5.1-8ubuntu1.1

Version: 1:3.3.6-4.1ubuntu0.1 2023-03-21 10:06:56 UTC

  amanda (1:3.3.6-4.1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: information leak calcsize SUID binary
    - d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
      privileged information
    - CVE-2022-37703
  * SECURITY UPDATE: privilege escalation via rundump SUID binary
    - d/p/50-fix-CVE-2022-37704: add option validation
    - d/p/52-fix-CVE-2022-37704_part_2-backport: filter RSH env variable
    - CVE-2022-37704
  * SECURITY UPDATE: privilege escalation via runtar SUID binary
    - d/p/48-fix-CVE-2022-37705-backport: fix option parsing
    - CVE-2022-37705

 -- David Lane <email address hidden> Thu, 16 Mar 2023 13:22:45 +1100

CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a direc

About   -   Send Feedback to @ubuntu_updates