This bug was fixed in the package amanda - 1:3.5.1-1ubuntu0.2
---------------
amanda (1:3.5.1-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY REGRESSION: Remove all patches from version 1:3.5.1-1ubuntu0.1
getting the package back to the state of 1:3.5.1-1build2. Pending further
investigation. (LP: #2012536)
-- Eduardo Barretto <eduardo.barre...@canonical.com> Thu, 23 Mar 2023
11:17:18 +0100
** Changed in: amanda (Ubuntu Bionic)
Status: New => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2012536
Title:
All GNUTAR-based backups fail after the package update
to1:3.5.1-8ubuntu1.1
Status in amanda package in Ubuntu:
Confirmed
Status in amanda source package in Trusty:
New
Status in amanda source package in Xenial:
New
Status in amanda source package in Bionic:
Fix Released
Status in amanda source package in Focal:
New
Status in amanda source package in Jammy:
New
Status in amanda source package in Kinetic:
New
Status in amanda package in Debian:
Unknown
Bug description:
After updating our Ubuntu 22.04 LTS servers yesterday to the Amanda
package version 1:3.5.1-8ubuntu1.1, all our server backups configured
to use the 'GNUTAR' backup program failed. The failure all has the
same messages:
colony.cs.toronto.edu / lev 1 FAILED [no backup size line]
colony.cs.toronto.edu / lev 1 FAILED [Got empty header]
colony.cs.toronto.edu / lev 1 FAILED [no backup size line]
colony.cs.toronto.edu / lev 1 FAILED [Got empty header]
and a specific report of:
/-- colony.cs.toronto.edu / lev 1 FAILED [no backup size line]
sendbackup: start [colony.cs.toronto.edu:/ level 1]
sendbackup: info BACKUP=/usr/bin/tar
sendbackup: info RECOVER_CMD=/usr/bin/tar -xpGf - ...
sendbackup: info end
? runtar: error [runtar invalid option: -]
sendbackup: error [no backup size line]
\--------
The sendbackup log file in /var/log/amanda/... says:
Tue Mar 21 20:10:16.108110031 2023: pid 2784691: thd-0x5572211f0800:
sendbackup: doing level 1 dump as listed-incremental from
'/var/lib/amanda/gnutar-lists/colony.cs.toronto.edu__0' to
'/var/lib/amanda/gnutar-lists/colony.cs.toronto.edu__1.new'
Tue Mar 21 20:10:16.108409938 2023: pid 2784691: thd-0x5572211f0800:
sendbackup: Spawning "/usr/lib/amanda/runtar runtar n_tape /usr/bin/tar
--create --file - --directory / --one-file-system --listed-incremental
/var/lib/amanda/gnutar-lists/colony.cs.toronto.edu__1.new --sparse
--ignore-failed-read --totals ." in pipeline
[...]
Tue Mar 21 20:10:16.134876924 2023: pid 2784691: thd-0x5572211f0800:
sendbackup: 119: strange(?): runtar: error [runtar invalid option: -]
The dump type used here is configured with:
estimate server
index yes
program "GNUTAR"
record yes
Other backups using amgtar worked so this is not a total Amanda backup
failure, this is a failure specifically in GNUTAR. Given that
1:3.5.1-8ubuntu1.1 specifically says it includes a change to runtar
option parsing, I believe this fix may be incorrect:
* SECURITY UPDATE: privilege escalation via runtar SUID binary
- d/p/48-fix-CVE-2022-37705: fix option parsing
- CVE-2022-37705
This is a critical bug for anyone using GNUTAR Amanda backups on
Ubuntu 22.04 (and possibly other Ubuntu versions).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amanda/+bug/2012536/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
