USN-5966-3: amanda regression

Read Time:56 Second

USN-5966-1 fixed vulnerabilities in amanda. Unfortunately that update
caused a regression and was reverted in USN-5966-2. This update provides
security fixes for Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04
LTS and Ubuntu 18.04 LTS.

We apologize for the inconvenience.

Original advisory details:

Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)

Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)

Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)

Improvements in Brute Force Attacks

US Legislators Demand Transparency in Apple’s UK Backdoor Court Fight

£1M Lost as UK Social Media and Email Account Hacks Skyrocket

Security Database Aims to Empower Non-Profits

Tj-actions Supply Chain Attack Exposes 23,000 Organizations

Free file converter malware scam “rampant” claims FBI

Borked Chromecasts are beginning to receive their update – just hope you didn’t do a factory reset

ClickFix: How to Infect Your PC in Three Easy Steps

Friday Squid Blogging: SQUID Band

dotnet9.0-9.0.104-1.fc40

dotnet9.0-9.0.104-1.fc41

dotnet9.0-9.0.104-1.fc42

USN-7352-1: FreeType vulnerability

USN-7299-4: X.Org X Server regression

OpenIPMI-2.0.36-1.fc41