AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is
a backup solution that allows the IT administrator to set up a
single master backup server to back up multiple hosts over network
to tape drives/changers or disks or optical media.
Amanda uses native utilities and formats (e.g. dump and/or GNU
tar) and can back up a large number of servers and workstations
running multiple versions of Linux or Unix. Amanda uses
a native Windows client to back up Microsoft Windows
desktops and servers.
The latest stable version of Amanda, 3.5.3 was released on 15th March 2023. As part of this release, we have addressed security vulnerabilities and some stability fixes.
The latest release in the 3.4.x series is 3.4,5, released on June 8, 2017. This is a bugfix release for 3.4.4.
The latest release in the 3.3.x series is 3.3.9, released on February 10, 2016. It is a security fix. The amanda user was allowed to run any code as root, upgrade is not required if you trust the amanda user.
The latest release in the 3.2.x series is 3.2.3, released on
May 9, 2011. It is a bug fix release for version 3.2.2.
The latest release in the 3.1.x series is 3.1.3, released on
October 5, 2010. It is a security release for version 3.1.2.
Amanda-3.1.2 has a known security
vulnerability, and all users should upgrade to Amanda-3.1.3 as soon as
possible. See the security alert.
Amanda is a backup system designed to backup and archive many computers on a network to disk, tape
changer/drive or cloud storage. It is a freely distributable source and executable. University of
Maryland (BSD style) license and GPL. Amanda is built on top of standard backup software: Unix
dump/restore, GNU Tar and other archival tools. It is extensible to support new archival
applications.
Release Notes for 3.5.3:
The 3.5.3 version of Amanda has addressed a few Common Vulnerabilities and Exposures (CVEs). This release enhances the security of your systems, mitigating the risk of attacks and data breaches, and providing a safer backup environment.
Security Bug Fixes
Fixed a security vulnerability (CVE-2022-37703) in the SUID binary calcsize utility - Unauthorized user will not be able to determine the existence of a particular directory in the file system.
Fixed a security vulnerability (CVE-2022-37704) in SUID binary rundump.c utility - Users with limited access will not be able to manipulate the RSH environment variable and invoke dump to execute arbitrary code with root privileges. The getopt() was utilized to enable the allowance of only valid options while filtering out the blacklist options.
Fixed a security vulnerability (CVE-2022-37705) in SUID binary runtar utility - Low-privileged users part of amandabackup group will not be able to execute arbitrary commands as root users even via careful selection of arguments.
Release Notes for 3.5.2:
The 3.5.2 version of Amanda will prevent unintentional deletions of data on tapes. With this release, you can stay assured that your data on tapes is safe, irrespective of the value set on the retention period.
Enhancement
Prevent auto-label from erasing tapes - Auto-label is disabled from claiming non-Amanda and other configuration labels by default. This change will prevent rewriting your existing tape media with new backup set.
Release Notes for 3.5.1:
compilation on Solaris
Do not check all 'r' bit on suid binary
Fix parsing of configuration override (-o)
can unset some setting
client code will not fail if shared memory is not available
amreport
lot of improvement
allow '*' for a datestamp wildcard
amgetconf
print an empty string if a parameter is not set instead of 'no such parameter'
amdump
new --no-dump, --no-flush and --no-vault argument
amstatus fix
lock holding disk to protect multiple parallel access
Release Notes for 3.5:
Use different thread to connect to different client
amservice, amcheck, planner, dumper are no longer suid root
ambind
new suid program to bind to a privileged port
amanda-security.conf
new tcp_port_range, range of privileged tcp port
new udp_port_range, range of privileged udp port
S3 device
openstack keystone v3 support
device-property STORAGE-API must be set to SWIFT-3
new PROJECT-NAME device-property
new DOMAIN-NAME device-property
amfetchdump
rename --directory argument to --target
ampgsql
new --incremental property
new --remove-full-wal property
new --remove-incremental-wal property
fix planner looping
fix overflow in S3 device
fix compilation on OpenBSD
fix race in amarchive reader
fix amflush (flush date selected by user)
fix local auth, use getaddrinfo to find if the host is local
fix dumper cancelling the shm_ring with a STRANGE result
fix chunker hang
Improve taperscan with chg-single and interactivity