Fedora Linux 8612 Published by

An amanda security update has been released for Fedora 36.

SECURITY: Fedora 36 Update: amanda-3.5.3-1.fc36

Fedora Update Notification
2023-04-02 01:33:23.803433

Name : amanda
Product : Fedora 36
Version : 3.5.3
Release : 1.fc36
URL :   http://www.amanda.org
Summary : A network-capable tape backup solution
Description :
AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a
backup system that allows the administrator of a LAN to set up a
single master backup server to back up multiple hosts to one or more
tape drives or disk files. AMANDA uses native dump and/or GNU tar
facilities and can back up a large number of workstations running
multiple versions of Unix. Newer versions of AMANDA (including this
version) can use SAMBA to back up Microsoft(TM) Windows95/NT hosts.
The amanda package contains the core AMANDA programs and will need to
be installed on both AMANDA clients and AMANDA servers. Note that you
will have to install the amanda-client and/or amanda-server packages as

Update Information:

Update to version 3.5.3, which contains fixes for three minor security issues as
well as other minor bugfixes.

* Thu Mar 16 2023 Orion Poplawski - 3.5.3-1
- Update to 3.5.3
- Fixes CVE-2022-37703 (bz#2126849) CVE-2022-37704 (bz#2168789) CVE-2022-37705 (bz#2168797)
* Wed Jan 18 2023 Fedora Release Engineering - 3.5.2-2
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 30 2022 Orion Poplawski - 3.5.2-1
- Update to 3.5.2
* Wed Jul 20 2022 Fedora Release Engineering - 3.5.1-37
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

[ 1 ] Bug #2104645 - amanda bugfix for build/test issue and missing 1st char in error message
[ 2 ] Bug #2126849 - CVE-2022-37703 amanda: information leak (discovery of directory existence) [fedora-all]
[ 3 ] Bug #2168789 - CVE-2022-37704 amanda: rundump: local privilege escalation [fedora-all]
[ 4 ] Bug #2168797 - CVE-2022-37705 amanda: crafted arguments to the runtar SUID binary leads to local privilege escalation to root [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-1293196f34' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at