Stay Secure with the Latest Linux Advisories

security advisorysoftware updateamanda regression

Ubuntu 22.10: USN-5966-2 Critical: Amanda Regression Issue

USN-5966-1 introduced a regression in amanda. =========================================================================Ubuntu Security Notice USN-5966-2 March 23, 2023 amanda regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: USN-5966-1 introduced a regression in amanda Software Description: - amanda: Advanced Maryland Automatic Network Disk Archiver (Client) Details: USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703) Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704) Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: amanda-client 1:3.5.1-9ubuntu0.2 Ubuntu 22.04 LTS: amanda-client 1:3.5.1-8ubuntu1.2 Ubuntu 20.04 LTS: amanda-client 1:3.5.1-2ubuntu0.2 Ubuntu 18.04 LTS: amanda-client 1:3.5.1-1ubuntu0.2 Ubuntu 16.04 ESM: amanda-client 1:3.3.6-4.1ubuntu0.1+esm2 Ubuntu 14.04 ESM: amanda-client 1:3.3.3-2ubuntu1.1+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5966-2 https://ubuntu.com/security/notices/USN-5966-1 https://bugs.launchpad.net/ubuntu/+source/amanda/+bug/2012536 Package Information: https://launchpad.net/ubuntu/+source/amanda/1:3.5.1-9ubuntu0.2 https://launchpad.net/ubuntu/+source/amanda/1:3.5.1-8ubuntu1.2 https://launchpad.net/ubuntu/+source/amanda/1:3.5.1-2ubuntu0.2 https://launchpad.net/ubuntu/+source/amanda/1:3.5.1-1ubuntu0.2 . Ubuntu versions 22.10, 22.04, 20.04, among others, are encountering an amanda issue. It is advised to update promptly to reduce possible vulnerabilities.. Amanda Regression, Ubuntu Security Notice, Software Update, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Mar 23, 2023 •Critical Ubuntu