USN-5966-2: amanda regression

Read Time:52 Second

USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced
a regression in GNUTAR-based backups. This update reverts all of the
changes in amanda until a better fix is provided.

We apologize for the inconvenience.

Original advisory details:

Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)

Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)

Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)

Cyber Security News

Friday Squid Blogging: Light-Emitting Squid

University of Manchester Suffers Suspected Data Breach During Cyber Incident

Barracuda: Immediately rip out and replace our security hardware

Google launches Secure AI Framework to help secure AI technology

Barracuda Urges Swift Replacement of Vulnerable ESG Appliances

Operation Triangulation: Zero-Click iPhone Malware

Google Launches Framework to Secure Generative AI

Security Experts Highlight Exploit for Patched Windows Flaw

Pros and Cons of AI in Daily Life

kernel-6.3.7-100.fc37

kernel-6.3.7-200.fc38

chromium-114.0.5735.106-1.fc38

chromium-114.0.5735.106-1.el8

chromium-114.0.5735.106-1.fc37

chromium-114.0.5735.106-1.el9