Debian 9818 Published by

An amanda security update has been released for Debian GNU/Linux 9 Extended LTS to address a potential privilege escalation vulnerability.



ELA-822-1 amanda security update

Package : amanda
Version : 1:3.3.9-5+deb9u1 (stretch)

Related CVEs :
CVE-2022-37704

It was discovered that there was a potential privilege escalation vulnerability
in the “amanda” backup utility. The SUID binary located at /lib/amanda/rundump
executed /usr/sbin/dump as root with arguments controlled by the attacker,
which may have led to an escalation of privileges, denial of service (DoS) or
information disclosure.

  ELA-822-1 amanda security update