[ALSA-2023:2866] Moderate: git-lfs security and bug fix update
Type:
security
Severity:
moderate
Release date:
2023-05-19
Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 git-lfs-3.2.0-2.el8.aarch64.rpm ca8f5f9ab61b400d8e17b5f42a8aa260672f3cf5f6a178fbd1569b685de1f817
ppc64le git-lfs-3.2.0-2.el8.ppc64le.rpm 7286aaa1a43b70f2af8f904d8a035cbaad3a308fa5f89d9054163bc68e57ee43
s390x git-lfs-3.2.0-2.el8.s390x.rpm 97cdb66170eff8ef887a9ff71d2b3fd70a1e522969aab01c7a588a8469881d11
x86_64 git-lfs-3.2.0-2.el8.x86_64.rpm 64e984801e35b7f751dd862bb01f4d2417bd75575a205f1c5ff984e6463c88a7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.