| Package | amanda |
|---|---|
| Version | 1:3.3.9-5+deb9u1 (stretch) |
| Related CVEs | CVE-2022-37704 |
It was discovered that there was a potential privilege escalation vulnerability in the “amanda” backup utility. The SUID binary located at /lib/amanda/rundump executed /usr/sbin/dump as root with arguments controlled by the attacker, which may have led to an escalation of privileges, denial of service (DoS) or information disclosure.
For Debian 9 stretch, these problems have been fixed in version 1:3.3.9-5+deb9u1.
We recommend that you upgrade your amanda packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.