git-lfs-3.4.1-4.el8_10
エラータID: AXSA:2025-9621:02
リリース日:
2025/02/03 Monday - 19:05
題名:
git-lfs-3.4.1-4.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Git LFS には、認証情報に埋め込まれた改行・復帰文字の
サニタイズを行わずにリモートホストに引き渡してしまう
問題があるため、リモートの攻撃者により、細工された
URL の送信を介して、Git の認証情報の不正な取得を可能
とする脆弱性が存在します。(CVE-2024-53263)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-53263
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time.
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time.
追加情報:
N/A
ダウンロード:
SRPMS
- git-lfs-3.4.1-4.el8_10.src.rpm
MD5: 800e5a1635e8ce059f9644704e56e6e9
SHA-256: 1ed8f35625d6a84600e20e2f513f64a81f36df6ff4b6ba321e67773107e2542d
Size: 3.38 MB
Asianux Server 8 for x86_64
- git-lfs-3.4.1-4.el8_10.x86_64.rpm
MD5: 37a3ff287eee5630b0e35714fa37024e
SHA-256: 12bed4e53359bc70e413bceac117e7105edc344451d57a975274d13ca9c9e3e7
Size: 4.34 MB