Introducing Amanda 3.5.4: Enhancing Backup Security and Reliability

What is Amanda?

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or optical media. Amanda uses native utilities and formats (e.g. dump and/or GNU tar) and can back up a large number of servers and workstations running multiple versions of Linux or Unix. Amanda uses a native Windows client to back up Microsoft Windows desktops and servers.

The latest stable version of Amanda, 3.5.4 was released on 25th August 2023. This release encompasses the resolution of security vulnerabilities to further enhance your backup experience.

The latest stable version of Amanda, 3.5.3 was released on 15th March 2023. As part of this release, we have addressed security vulnerabilities and some stability fixes.

The latest release in the 3.4.x series is 3.4,5, released on June 8, 2017. This is a bugfix release for 3.4.4.

The latest release in the 3.3.x series is 3.3.9, released on February 10, 2016. It is a security fix. The amanda user was allowed to run any code as root, upgrade is not required if you trust the amanda user.

The latest release in the 3.2.x series is 3.2.3, released on May 9, 2011. It is a bug fix release for version 3.2.2.

The latest release in the 3.1.x series is 3.1.3, released on October 5, 2010. It is a security release for version 3.1.2.

Amanda-3.1.2 has a known security vulnerability, and all users should upgrade to Amanda-3.1.3 as soon as possible. See the security alert.

Download here! (README) | Learn more about the Amanda Community 3.5.4 release

Release Notes for 3.5.4:

Amanda 3.5.4 is the latest release that includes security enhancements to further elevate your backup experience. This release focuses on delivering the utmost data protection by addressing Common Vulnerabilities and Exposures (CVEs), ensuring a smoother and more reliable backup process.

Security Bug Fixes

  • Security enhancements were applied to runtar (CVE-2023-30577) utility.

Release Notes for 3.5.3:

The 3.5.3 version of Amanda has addressed a few Common Vulnerabilities and Exposures (CVEs). This release enhances the security of your systems, mitigating the risk of attacks and data breaches, and providing a safer backup environment.

Security Bug Fixes

  • Minor data privacy enhancement to the calcsize utility (CVE-2022-37703).
  • Security enhancements and default hardening were applied to rundump.c (CVE-2022-37704) and runtar (CVE-2022-37705) utilities.

Release Notes for 3.5.2:

The 3.5.2 version of Amanda will prevent unintentional deletions of data on tapes. With this release, you can stay assured that your data on tapes is safe, irrespective of the value set on the retention period.

Enhancement

Prevent auto-label from erasing tapes - Auto-label is disabled from claiming non-Amanda and other configuration labels by default. This change will prevent rewriting your existing tape media with new backup set.

Release Notes for 3.5.1:

  • compilation on Solaris
  • Do not check all 'r' bit on suid binary
  • Fix parsing of configuration override (-o)
    • can unset some setting
  • client code will not fail if shared memory is not available
  • amreport
    • lot of improvement
  • allow '*' for a datestamp wildcard
  • amgetconf
    • print an empty string if a parameter is not set instead of 'no such parameter'
  • amdump
    • new --no-dump, --no-flush and --no-vault argument
  • amstatus fix
  • lock holding disk to protect multiple parallel access

Release Notes for 3.5:

  • Use different thread to connect to different client
  • amservice, amcheck, planner, dumper are no longer suid root
  • ambind
    • new suid program to bind to a privileged port
  • amanda-security.conf
    • new tcp_port_range, range of privileged tcp port
    • new udp_port_range, range of privileged udp port
  • S3 device
    • openstack keystone v3 support
      • device-property STORAGE-API must be set to SWIFT-3
      • new PROJECT-NAME device-property
      • new DOMAIN-NAME device-property
  • amfetchdump
    • rename --directory argument to --target
  • ampgsql
    • new --incremental property
    • new --remove-full-wal property
    • new --remove-incremental-wal property

  • fix planner looping
  • fix overflow in S3 device
  • fix compilation on OpenBSD
  • fix race in amarchive reader
  • fix amflush (flush date selected by user)
  • fix local auth, use getaddrinfo to find if the host is local
  • fix dumper cancelling the shm_ring with a STRANGE result
  • fix chunker hang
  • Improve taperscan with chg-single and interactivity

View more available versions

Amanda Web Pages


Last updated: $Date: 2017-09-28 21:37:44 $