ALSA-2025:0673

[ALSA-2025:0673] Important: git-lfs security update

Type:

security

Severity:

important

Release date:

2025-01-24

Description:

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.  

Security Fix(es):  

  * git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs (CVE-2024-53263)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-lfs-3.4.1-4.el9_5.aarch64.rpm	54408b326c5b943bffa1c31c7b37f986dd10187481e5cc5df8214cf40fe6229a
ppc64le	git-lfs-3.4.1-4.el9_5.ppc64le.rpm	32b0ef9becbb0bb6b5e4688a2c31d9cc07340579ae803a24411ab81cbfbf17b6
s390x	git-lfs-3.4.1-4.el9_5.s390x.rpm	c622a750909e25dc8534945fbc8004f7cefe5a3a05e51988d0d9efc88996536a
x86_64	git-lfs-3.4.1-4.el9_5.x86_64.rpm	4bcc8e9a5fb31b492ec2ba09cb413146a306566e92dd6c87ac50c5c4b3958e76

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.