--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2023-1293196f34
2023-04-02 01:33:23.803433
--------------------------------------------------------------------------------Name        : amanda
Product     : Fedora 36
Version     : 3.5.3
Release     : 1.fc36
URL         : https://www.amanda.org/
Summary     : A network-capable tape backup solution
Description :
AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a
backup system that allows the administrator of a LAN to set up a
single master backup server to back up multiple hosts to one or more
tape drives or disk files.  AMANDA uses native dump and/or GNU tar
facilities and can back up a large number of workstations running
multiple versions of Unix.  Newer versions of AMANDA (including this
version) can use SAMBA to back up Microsoft(TM) Windows95/NT hosts.
The amanda package contains the core AMANDA programs and will need to
be installed on both AMANDA clients and AMANDA servers.  Note that you
will have to install the amanda-client and/or amanda-server packages as
well.

--------------------------------------------------------------------------------Update Information:

Update to version 3.5.3, which contains fixes for three minor security issues as
well as other minor bugfixes.
https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3
--------------------------------------------------------------------------------ChangeLog:

* Thu Mar 16 2023 Orion Poplawski  - 3.5.3-1
- Update to 3.5.3
- Fixes CVE-2022-37703 (bz#2126849) CVE-2022-37704 (bz#2168789) CVE-2022-37705 (bz#2168797)
* Wed Jan 18 2023 Fedora Release Engineering  - 3.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 30 2022 Orion Poplawski  - 3.5.2-1
- Update to 3.5.2
* Wed Jul 20 2022 Fedora Release Engineering  - 3.5.1-37
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2104645 - amanda bugfix for build/test issue and missing 1st char in error message
        https://bugzilla.redhat.com/show_bug.cgi?id=2104645
  [ 2 ] Bug #2126849 - CVE-2022-37703 amanda: information leak (discovery of directory existence) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2126849
  [ 3 ] Bug #2168789 - CVE-2022-37704 amanda: rundump: local privilege escalation [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2168789
  [ 4 ] Bug #2168797 - CVE-2022-37705 amanda: crafted arguments to the runtar SUID binary leads to local privilege escalation to root [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2168797
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-1293196f34' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 36: amanda 2023-1293196f34

April 2, 2023
Update to version 3.5.3, which contains fixes for three minor security issues as well as other minor bugfixes

Summary

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a

backup system that allows the administrator of a LAN to set up a

single master backup server to back up multiple hosts to one or more

tape drives or disk files. AMANDA uses native dump and/or GNU tar

facilities and can back up a large number of workstations running

multiple versions of Unix. Newer versions of AMANDA (including this

version) can use SAMBA to back up Microsoft(TM) Windows95/NT hosts.

The amanda package contains the core AMANDA programs and will need to

be installed on both AMANDA clients and AMANDA servers. Note that you

will have to install the amanda-client and/or amanda-server packages as

well.

Update to version 3.5.3, which contains fixes for three minor security issues as

well as other minor bugfixes.

https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3

* Thu Mar 16 2023 Orion Poplawski - 3.5.3-1

- Update to 3.5.3

- Fixes CVE-2022-37703 (bz#2126849) CVE-2022-37704 (bz#2168789) CVE-2022-37705 (bz#2168797)

* Wed Jan 18 2023 Fedora Release Engineering - 3.5.2-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

* Tue Aug 30 2022 Orion Poplawski - 3.5.2-1

- Update to 3.5.2

* Wed Jul 20 2022 Fedora Release Engineering - 3.5.1-37

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

[ 1 ] Bug #2104645 - amanda bugfix for build/test issue and missing 1st char in error message

https://bugzilla.redhat.com/show_bug.cgi?id=2104645

[ 2 ] Bug #2126849 - CVE-2022-37703 amanda: information leak (discovery of directory existence) [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2126849

[ 3 ] Bug #2168789 - CVE-2022-37704 amanda: rundump: local privilege escalation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2168789

[ 4 ] Bug #2168797 - CVE-2022-37705 amanda: crafted arguments to the runtar SUID binary leads to local privilege escalation to root [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2168797

su -c 'dnf upgrade --advisory FEDORA-2023-1293196f34' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: https://pagure.io/login/

FEDORA-2023-1293196f34 2023-04-02 01:33:23.803433 Product : Fedora 36 Version : 3.5.3 Release : 1.fc36 URL : https://www.amanda.org/ Summary : A network-capable tape backup solution Description : AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to one or more tape drives or disk files. AMANDA uses native dump and/or GNU tar facilities and can back up a large number of workstations running multiple versions of Unix. Newer versions of AMANDA (including this version) can use SAMBA to back up Microsoft(TM) Windows95/NT hosts. The amanda package contains the core AMANDA programs and will need to be installed on both AMANDA clients and AMANDA servers. Note that you will have to install the amanda-client and/or amanda-server packages as well. Update to version 3.5.3, which contains fixes for three minor security issues as well as other minor bugfixes. https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 * Thu Mar 16 2023 Orion Poplawski - 3.5.3-1 - Update to 3.5.3 - Fixes CVE-2022-37703 (bz#2126849) CVE-2022-37704 (bz#2168789) CVE-2022-37705 (bz#2168797) * Wed Jan 18 2023 Fedora Release Engineering - 3.5.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Aug 30 2022 Orion Poplawski - 3.5.2-1 - Update to 3.5.2 * Wed Jul 20 2022 Fedora Release Engineering - 3.5.1-37 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild [ 1 ] Bug #2104645 - amanda bugfix for build/test issue and missing 1st char in error message https://bugzilla.redhat.com/show_bug.cgi?id=2104645 [ 2 ] Bug #2126849 - CVE-2022-37703 amanda: information leak (discovery of directory existence) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2126849 [ 3 ] Bug #2168789 - CVE-2022-37704 amanda: rundump: local privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2168789 [ 4 ] Bug #2168797 - CVE-2022-37705 amanda: crafted arguments to the runtar SUID binary leads to local privilege escalation to root [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2168797 su -c 'dnf upgrade --advisory FEDORA-2023-1293196f34' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/

Change Log

References

Update Instructions

Severity
Product : Fedora 36
Version : 3.5.3
Release : 1.fc36
URL : https://www.amanda.org/
Summary : A network-capable tape backup solution

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved