[ubuntu/kinetic-security] amanda 1:3.5.1-9ubuntu0.3 (Accepted)
David Lane
david.lane at canonical.com
Mon Apr 3 01:09:21 UTC 2023
amanda (1:3.5.1-9ubuntu0.3) kinetic-security; urgency=medium
* SECURITY UPDATE: information leak calcsize SUID binary
- d/p/56-fix-CVE-2022-37703: remove perror call disclosing potentially
privileged information
- CVE-2022-37703
* SECURITY UPDATE: privilege escalation via rundump SUID binary
- d/p/50-fix-CVE-2022-37704: add option validation
- d/p/52-fix-CVE-2022-37704_part_2: filter RSH environment variable
- CVE-2022-37704
* SECURITY UPDATE: privilege escalation via runtar SUID binary
- d/p/48-fix-CVE-2022-37705: fix option parsing
- d/p/49-fix-CVE-2022-37705_part_2: amendment to above patch
- CVE-2022-37705
Date: 2023-04-02 10:43:09.436283+00:00
Changed-By: David Lane <david.lane at canonical.com>
https://launchpad.net/ubuntu/+source/amanda/1:3.5.1-9ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list