Amanda Security Alert - October 5, 2010

The Amanda development team has discovered a security vulnerability introduced in Amanda-3.1.2. The vulnerability affects both Amanda servers and clients, and could lead to remote execution of code as the Amanda user.

The problem is fixed in Amanda-3.1.3, which is released as of October 5, 2010. It is a patch release in the 3.1.x series, and contains the fix for this security vulnerability as well as fixes for several other significant bugs in 3.1.2.

This upgrade should be considered a high priority upgrade.

Updated images and tarballs are available at

The MD5 sum for the release tarball is f72fa06d4f90f7997b17ded1d7b4314e.