[ALSA-2024:7135] Important: git-lfs security update
Type:
security
Severity:
important
Release date:
2024-09-26
Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 git-lfs-3.4.1-3.el8_10.aarch64.rpm de209eac6a11df074d8d2edfc7793dd9580150d1b9cbfc0ff65e1ba8beb92088
ppc64le git-lfs-3.4.1-3.el8_10.ppc64le.rpm 93bd2bbf27fdced2f769507e2561434022715921cbb8cb289add4b95509f045c
s390x git-lfs-3.4.1-3.el8_10.s390x.rpm 8468dcdb052867173c5b0f2629f8749b55aa41fb030620115ded06aa8c5b422c
x86_64 git-lfs-3.4.1-3.el8_10.x86_64.rpm 7e6afd5e4e69f968f56fac668b5e6989d85b0f080a8002dda1256bc2ab712f0b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.