Release Info

Advisory: CLSA-2023:1692295986

OS: Ubuntu 16.04 ELS

Public date: 2023-08-17 14:13:08

Project: amanda

Version: 1:3.3.6-4.1+tuxcare.els1

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2023-1692295986.html

Changelog

* SECURITY UPDATE: privilege escalation through runtar SUID program - debian/patches/CVE-2022-37705.patch: filter tar options - CVE-2022-37705 * SECURITY UPDATE: privilege escalation through runtar SUID program - debian/patches/CVE-2023-30577.patch: introduce tar option allow list - CVE-2023-30577

Update

Update command: apt-get update apt-get --only-upgrade install amanda*

Packages list

amanda-client_3.3.6-4.1+tuxcare.els1_amd64.deb amanda-common_3.3.6-4.1+tuxcare.els1_amd64.deb amanda-server_3.3.6-4.1+tuxcare.els1_amd64.deb

CVEs

CVE-2023-30577
CVE-2022-37705