USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced
a regression in GNUTAR-based backups. This update reverts all of the
changes in amanda until a better fix is provided.
We apologize for the inconvenience.
Original advisory details:
Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)
Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)
Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)
More Stories
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
What is the vulnerability? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged...
gdcm-3.0.23-5.fc39
FEDORA-2024-11821b16ac Packages in this update: gdcm-3.0.23-5.fc39 Update description: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569:...
gdcm-3.0.12-7.el9
FEDORA-EPEL-2024-f5884f808a Packages in this update: gdcm-3.0.12-7.el9 Update description: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569:...
gdcm-3.0.21-4.fc38
FEDORA-2024-7a57842ec3 Packages in this update: gdcm-3.0.21-4.fc38 Update description: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569:...
gdcm-3.0.23-5.fc40
FEDORA-2024-fae33e6e9f Packages in this update: gdcm-3.0.23-5.fc40 Update description: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569:...
gdcm-3.0.23-5.fc41
FEDORA-2024-c5909efa5c Packages in this update: gdcm-3.0.23-5.fc41 Update description: Automatic update for gdcm-3.0.23-5.fc41. Changelog * Fri Apr 26 2024 Sandro <devel@penguinpee.nl>...