Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
git-lfs-3.4.1-2.el8_10.aarch64.rpm |
ab7eddf402bccad258ce5d28bfc47d80a62c8626f90981b63ea0428812790d62 |
| ppc64le |
git-lfs-3.4.1-2.el8_10.ppc64le.rpm |
e3e7b4480e48eaf88ae8c5454ae1a48b36002480727210127602ec5b8a92e275 |
| s390x |
git-lfs-3.4.1-2.el8_10.s390x.rpm |
b793bb44fb30c8f4fea44221227ed9f1a532cf4a6ef626200ba8138f07dc28a6 |
| x86_64 |
git-lfs-3.4.1-2.el8_10.x86_64.rpm |
d68e014cb0f6bb1d84b99edb527b96d4a1316c9ba1a5faacb6504ad820147091 |
