Debian dla-3880 : amanda-client - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3880 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3880-1 [email protected]...

RHEL 8 : amanda (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - amanda: runtar: crafted arguments can lead to local privilege escalation CVE-2022-37705 - In Amanda 3.5.1...

RHEL 6 : amanda (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - amanda: Improper argument checking for runtar.c CVE-2023-30577 - In Amanda 3.5.1, an information leak...

CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

CVE-2022-37704

Summary of CVE-2022-37704 : Amanda 3.5.1 contains a privilege escalation in the SUID binary /lib/amanda/rundump, which can cause root execution of /usr/sbin/dump with attacker-controlled arguments. This can enable local privilege escalation, and may also lead to denial of service and information ...

Ubuntu: Security Advisory (USN-5966-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for amanda (FEDORA-2023-e295804b3d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : amanda regression (USN-5966-3)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5966-3 advisory. USN-5966-1 fixed vulnerabilities in amanda. Unfortunately that update caused a regression and was reverted in USN-5966-2. This...

Fedora 38 : amanda (2023-3d0619d767)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3d0619d767 advisory. Update to version 3.5.3, which contains fixes for three minor security issues as well as other minor bugfixes...

Ubuntu: Security Advisory (USN-5966-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5966-1: amanda vulnerabilities

Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. CVE-2022-37703 Maher Azzouzi discovered a privilege...

OPENSUSE-SU-2023:0069-1 Security update for amanda

This update for amanda fixes the following issues: - CVE-2022-37704: fix privilege escalation via rundump boo1208033, ghzmanda/amanda195 - CVE-2022-37705: fix privilege escalation via runtar suid binary boo1208032, ghzmanda/amanda194...

OESA-2023-1149 amanda security update

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape or disk drive. Amanda uses native tools such as GNUtar, dump for backup and ca...

Debian: Security Advisory (DLA-3330-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3330-1] amanda security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3330-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 21, 2023 https://wiki.debian.org/LTS -...