← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 2012536] Re: All GNUTAR-based backups fail after the package update to1:3.5.1-8ubuntu1.1

 

This bug was fixed in the package amanda - 1:3.5.1-1ubuntu0.2

---------------
amanda (1:3.5.1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY REGRESSION: Remove all patches from version 1:3.5.1-1ubuntu0.1
    getting the package back to the state of 1:3.5.1-1build2. Pending further
    investigation. (LP: #2012536)

 -- Eduardo Barretto <eduardo.barretto@xxxxxxxxxxxxx>  Thu, 23 Mar 2023
11:17:18 +0100

** Changed in: amanda (Ubuntu Bionic)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2012536

Title:
  All GNUTAR-based backups fail after the package update
  to1:3.5.1-8ubuntu1.1

Status in amanda package in Ubuntu:
  Confirmed
Status in amanda source package in Trusty:
  New
Status in amanda source package in Xenial:
  New
Status in amanda source package in Bionic:
  Fix Released
Status in amanda source package in Focal:
  New
Status in amanda source package in Jammy:
  New
Status in amanda source package in Kinetic:
  New
Status in amanda package in Debian:
  Unknown

Bug description:
  After updating our Ubuntu 22.04 LTS servers yesterday to the Amanda
  package version 1:3.5.1-8ubuntu1.1, all our server backups configured
  to use the 'GNUTAR' backup program failed. The failure all has the
  same messages:

    colony.cs.toronto.edu / lev 1  FAILED [no backup size line]
    colony.cs.toronto.edu / lev 1  FAILED [Got empty header]
    colony.cs.toronto.edu / lev 1  FAILED [no backup size line]
    colony.cs.toronto.edu / lev 1  FAILED [Got empty header]

  and a specific report of:
    /-- colony.cs.toronto.edu / lev 1 FAILED [no backup size line]
    sendbackup: start [colony.cs.toronto.edu:/ level 1]
    sendbackup: info BACKUP=/usr/bin/tar
    sendbackup: info RECOVER_CMD=/usr/bin/tar -xpGf - ...
    sendbackup: info end
    ? runtar: error [runtar invalid option: -]
    sendbackup: error [no backup size line]
    \--------

  The sendbackup log file in /var/log/amanda/... says:
  Tue Mar 21 20:10:16.108110031 2023: pid 2784691: thd-0x5572211f0800: sendbackup: doing level 1 dump as listed-incremental from '/var/lib/amanda/gnutar-lists/colony.cs.toronto.edu__0' to '/var/lib/amanda/gnutar-lists/colony.cs.toronto.edu__1.new'
  Tue Mar 21 20:10:16.108409938 2023: pid 2784691: thd-0x5572211f0800: sendbackup: Spawning "/usr/lib/amanda/runtar runtar n_tape /usr/bin/tar --create --file - --directory / --one-file-system --listed-incremental /var/lib/amanda/gnutar-lists/colony.cs.toronto.edu__1.new --sparse --ignore-failed-read --totals ." in pipeline
  [...]
  Tue Mar 21 20:10:16.134876924 2023: pid 2784691: thd-0x5572211f0800: sendbackup: 119: strange(?): runtar: error [runtar invalid option: -]

  The dump type used here is configured with:
      estimate server
      index yes
      program "GNUTAR"
      record yes

  Other backups using amgtar worked so this is not a total Amanda backup
  failure, this is a failure specifically in GNUTAR. Given that
  1:3.5.1-8ubuntu1.1 specifically says it includes a change to runtar
  option parsing, I believe this fix may be incorrect:

    * SECURITY UPDATE: privilege escalation via runtar SUID binary
      - d/p/48-fix-CVE-2022-37705: fix option parsing
      - CVE-2022-37705

  This is a critical bug for anyone using GNUTAR Amanda backups on
  Ubuntu 22.04 (and possibly other Ubuntu versions).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amanda/+bug/2012536/+subscriptions