X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=docs%2Fsecurity.txt;h=e69de29bb2d1d6434b8b29ae775ad8c2e48c5391;hb=d92f70685083588e2a7ce6bc312a735f6937b5a6;hp=a252a9dd7784a4310171845cc05a40faffc39d09;hpb=6c1f39091444e58c33362f0cc086375d9d273e77;p=debian%2Famanda diff --git a/docs/security.txt b/docs/security.txt index a252a9d..e69de29 100644 --- a/docs/security.txt +++ b/docs/security.txt @@ -1,79 +0,0 @@ - -Chapter 29. Response to CPIO Security Notice Issue 11: -Prev Part VI. Historical files Next - -------------------------------------------------------------------------------- - -Chapter 29. Response to CPIO Security Notice Issue 11: - - -Amanda Core Team - -Original text -AMANDA Core Team - -Stefan G. Weichinger - -XML-conversion;Updates -AMANDA Core Team - -Table of Contents - - - Affected_Versions - - Workaround - - Acknowledgements - -The Amanda development team confirms the existence of the amrecover security -hole in recent versions of Amanda. We have made a new release, Amanda 2.4.0b5, -that fixes the amrecover problem and other potential security holes, and is the -product of a security audit conducted in conjunction with the OpenBSD effort. -The new version is available at: -ftp://ftp.amanda.org/pub/amanda/amanda-2.4.0b5.tar.gz -Here's some more information about the amrecover problem to supplement the -information given in the CPIO Security Notice: - - Affected Versions - -The Amanda 2.3.0.x interim releases that introduced amrecover, and the 2.4.0 -beta releases by the Amanda team are vulnerable. -Amanda 2.3.0 and earlier UMD releases are not affected by this particular bug, -as amrecover was not part of those releases. However, earlier releases do have -potential security problems and other bugs, so the Amanda Team recommends -upgrading to the new release as soon as practicable. - - Workaround - -At an active site running Amanda 2.3.0.x or 2.4.0 beta, amrecover/ amindexd can -be disabled by: - -* removing amandaidx and amidxtape from /etc/inetd.conf - - -* restarting /etc/inetd.conf (kill -HUP should do) - -This will avoid this particular vulnerability while continuing to run backups. -However, other vulnerabilities might exist, so the Amanda Team recommends -upgrading to the new release as soon as practicable. - - Acknowledgements - -This release (2.4.0) has addressed a number of security concerns with the -assistance of Theo de Raadt, Ejovi Nuwere and David Sacerdote of the OpenBSD -project. Thanks guys! Any problems that remain are our own fault, of course. -The Amanda Team would also like to thank the many other people who have -contributed suggestions, patches, and new subsystems for Amanda. We're grateful -for any contribution that helps us achieve and sustain critical mass for -improving Amanda. - -Note - -Refer to http://www.amanda.org/docs/security.html for the current version of -this document. -------------------------------------------------------------------------------- - -Prev Up Next -Part VI. Historical files Home Chapter 30. Upgrade Issues -