USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced
a regression in GNUTAR-based backups. This update reverts all of the
changes in amanda until a better fix is provided.
We apologize for the inconvenience.
Original advisory details:
Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)
Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)
Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)
More Stories
firefox-126.0-5.fc39
FEDORA-2024-a2c6c8afa9 Packages in this update: firefox-126.0-5.fc39 Update description: new upstream update (126.0) Read More
firefox-126.0-5.fc38
FEDORA-2024-6dd1f32f22 Packages in this update: firefox-126.0-5.fc38 Update description: new upstream update (126.0) New upstream version (125.0.3) Latest upstream release. Read...
firefox-126.0-5.fc40
FEDORA-2024-eabe68b149 Packages in this update: firefox-126.0-5.fc40 Update description: new upstream update (126.0) Read More
USN-6772-1: strongSwan vulnerability
Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue...
USN-6767-2: Linux kernel (BlueField) vulnerabilities
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could...
pgadmin4-8.6-1.fc40 python-libgravatar-1.0.4-1.fc40
FEDORA-2024-4d4ceb61f7 Packages in this update: pgadmin4-8.6-1.fc40 python-libgravatar-1.0.4-1.fc40 Update description: Update to pgadmin4-8.6 Read More