An amanda security update has been released for Debian GNU/Linux 9 Extended LTS to address a potential privilege escalation vulnerability.
ELA-822-1 amanda security update
Package : amanda
ELA-822-1 amanda security update
Version : 1:3.3.9-5+deb9u1 (stretch)
Related CVEs :
CVE-2022-37704
It was discovered that there was a potential privilege escalation vulnerability
in the “amanda” backup utility. The SUID binary located at /lib/amanda/rundump
executed /usr/sbin/dump as root with arguments controlled by the attacker,
which may have led to an escalation of privileges, denial of service (DoS) or
information disclosure.