Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 38: FEDORA-2023-3d0619d767 Critical: Amanda Multiple Issues

fedora
Calendar Grey April 2, 2023
Dist Fedora Esm H88
Fedora 38 enhances amanda to version 3.5.3, addressing slight security vulnerabilities and incorporating various bug corrections.
Update to version 3.5.3, which contains fixes for three minor security issues as well as other minor bugfixes

Summary

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a

backup system that allows the administrator of a LAN to set up a

single master backup server to back up multiple hosts to one or more

tape drives or disk files. AMANDA uses native dump and/or GNU tar

facilities and can back up a large number of workstations running

multiple versions of Unix. Newer versions of AMANDA (including this

version) can use SAMBA to back up Microsoft(TM) Windows95/NT hosts.

The amanda package contains the core AMANDA programs and will need to

be installed on both AMANDA clients and AMANDA servers. Note that you

will have to install the amanda-client and/or amanda-server packages as

well.

Update to version 3.5.3, which contains fixes for three minor security issues as

well as other minor bugfixes.

https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3

* Thu Mar 16 2023 Orion Poplawski - 3.5.3-1

- Update to 3.5.3

- Fixes CVE-2022-37703 (bz#2126849) CVE-2022-37704 (bz#2168789) CVE-2022-37705 (bz#2168797)

[ 1 ] Bug #2104645 - amanda bugfix for build/test issue and missing 1st char in error message

https://bugzilla.redhat.com/show_bug.cgi?id=2104645

[ 2 ] Bug #2126849 - CVE-2022-37703 amanda: information leak (discovery of directory existence) [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2126849

[ 3 ] Bug #2168789 - CVE-2022-37704 amanda: rundump: local privilege escalation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2168789

[ 4 ] Bug #2168797 - CVE-2022-37705 amanda: crafted arguments to the runtar SUID binary leads to local privilege escalation to root [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2168797

su -c 'dnf upgrade --advisory FEDORA-2023-3d0619d767' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory security issue update Fedora bugfix Amanda

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 38
Version: 3.5.3
Release: 1.fc38
URL: https://www.amanda.org/
Summary: A network-capable tape backup solution

Topics%20covered

Topics Covered

security advisory security issue update Fedora bugfix Amanda

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here