git-lfs-3.4.1-3.el8_10

エラータID: AXSA:2024-8855:06

Release date: 
Thursday, September 26, 2024 - 21:09
Subject: 
git-lfs-3.4.1-3.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Solution: 

Update packages.

CVEs: 
CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Additional Info: 

N/A

Download: 

SRPMS
  1. git-lfs-3.4.1-3.el8_10.src.rpm
    MD5: 81a4c2ebf29328a5b53848b2f9589686
    SHA-256: a1080aadd26d37e5a5e824fe0d3f62b905b1ccaac060b31a5f058f6379c320c6
    Size: 3.37 MB

Asianux Server 8 for x86_64
  1. git-lfs-3.4.1-3.el8_10.x86_64.rpm
    MD5: 8ab2c99c010c8ec237d56eda9b85711d
    SHA-256: a8c5dad8bdba64d77ea6daf72623214a81a2f8bb2075a8046301db98d32bc64f
    Size: 4.23 MB