Issued:: 2025-01-23
Updated:: 2025-01-23

RHSA-2025:0673 - Security Advisory

Overview
Updated Packages

Synopsis

Important: git-lfs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git-lfs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs (CVE-2024-53263)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

BZ - 2338002 - CVE-2024-53263 git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

CVEs

CVE-2024-53263

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
x86_64
git-lfs-3.4.1-4.el9_5.x86_64.rpm	SHA-256: 4d99b7f9565610f9a4bb4645f1a4aad5315312074f8d9cf6e2994e73eca6176e
git-lfs-debuginfo-3.4.1-4.el9_5.x86_64.rpm	SHA-256: 23162e0cc00b8b445ff97c5808fb7fa781f8d7750c7143c3df56c56ef2d33832
git-lfs-debugsource-3.4.1-4.el9_5.x86_64.rpm	SHA-256: fb586cabb82532844dd8774e1484f257261d375fac431b570b0b109948a7d171

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
x86_64
git-lfs-3.4.1-4.el9_5.x86_64.rpm	SHA-256: 4d99b7f9565610f9a4bb4645f1a4aad5315312074f8d9cf6e2994e73eca6176e
git-lfs-debuginfo-3.4.1-4.el9_5.x86_64.rpm	SHA-256: 23162e0cc00b8b445ff97c5808fb7fa781f8d7750c7143c3df56c56ef2d33832
git-lfs-debugsource-3.4.1-4.el9_5.x86_64.rpm	SHA-256: fb586cabb82532844dd8774e1484f257261d375fac431b570b0b109948a7d171

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
x86_64
git-lfs-3.4.1-4.el9_5.x86_64.rpm	SHA-256: 4d99b7f9565610f9a4bb4645f1a4aad5315312074f8d9cf6e2994e73eca6176e
git-lfs-debuginfo-3.4.1-4.el9_5.x86_64.rpm	SHA-256: 23162e0cc00b8b445ff97c5808fb7fa781f8d7750c7143c3df56c56ef2d33832
git-lfs-debugsource-3.4.1-4.el9_5.x86_64.rpm	SHA-256: fb586cabb82532844dd8774e1484f257261d375fac431b570b0b109948a7d171

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
s390x
git-lfs-3.4.1-4.el9_5.s390x.rpm	SHA-256: 608424b53a261e427071a4bbb491a87b5faf0d44550bb2a22f388e6760040c83
git-lfs-debuginfo-3.4.1-4.el9_5.s390x.rpm	SHA-256: 774d1ab2ca948b02766ee5e2e48cfd18a88be8a23a4e08d8d019e602887d8a99
git-lfs-debugsource-3.4.1-4.el9_5.s390x.rpm	SHA-256: 03b87708eed1d44f4b2b53f57a43279052223438d361e01eccbef9e2afb8e611

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
s390x
git-lfs-3.4.1-4.el9_5.s390x.rpm	SHA-256: 608424b53a261e427071a4bbb491a87b5faf0d44550bb2a22f388e6760040c83
git-lfs-debuginfo-3.4.1-4.el9_5.s390x.rpm	SHA-256: 774d1ab2ca948b02766ee5e2e48cfd18a88be8a23a4e08d8d019e602887d8a99
git-lfs-debugsource-3.4.1-4.el9_5.s390x.rpm	SHA-256: 03b87708eed1d44f4b2b53f57a43279052223438d361e01eccbef9e2afb8e611

Red Hat Enterprise Linux for Power, little endian 9

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
ppc64le
git-lfs-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: 75ba2922fb0c3c21ce3b36cbcfb0dc7d4ae6e143385a6794b0bee0cab4f8b5cb
git-lfs-debuginfo-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: 45f1b309e1f5c1c013123bc0f20c7130256f6cf1d053cc89c6f4d30bd73d9ae7
git-lfs-debugsource-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: a795e179cb85f9ecb3fffdd41a7960d0a94c0ba45ef937e986f5ebf6b1ae2b14

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
ppc64le
git-lfs-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: 75ba2922fb0c3c21ce3b36cbcfb0dc7d4ae6e143385a6794b0bee0cab4f8b5cb
git-lfs-debuginfo-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: 45f1b309e1f5c1c013123bc0f20c7130256f6cf1d053cc89c6f4d30bd73d9ae7
git-lfs-debugsource-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: a795e179cb85f9ecb3fffdd41a7960d0a94c0ba45ef937e986f5ebf6b1ae2b14

Red Hat Enterprise Linux for ARM 64 9

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
aarch64
git-lfs-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 2e920997a465cd029a658da8b8cdd23fcdb32d700148a9c76fac64fd2f1af375
git-lfs-debuginfo-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 2a8910dd9c1916c0c808569017c93d07f34f76e0fcf52b46e1192e518b3fdf74
git-lfs-debugsource-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 83168223e1f980d9563737e189a54a782dc9caf655aa82984185cf325578868c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
aarch64
git-lfs-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 2e920997a465cd029a658da8b8cdd23fcdb32d700148a9c76fac64fd2f1af375
git-lfs-debuginfo-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 2a8910dd9c1916c0c808569017c93d07f34f76e0fcf52b46e1192e518b3fdf74
git-lfs-debugsource-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 83168223e1f980d9563737e189a54a782dc9caf655aa82984185cf325578868c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
ppc64le
git-lfs-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: 75ba2922fb0c3c21ce3b36cbcfb0dc7d4ae6e143385a6794b0bee0cab4f8b5cb
git-lfs-debuginfo-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: 45f1b309e1f5c1c013123bc0f20c7130256f6cf1d053cc89c6f4d30bd73d9ae7
git-lfs-debugsource-3.4.1-4.el9_5.ppc64le.rpm	SHA-256: a795e179cb85f9ecb3fffdd41a7960d0a94c0ba45ef937e986f5ebf6b1ae2b14

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
x86_64
git-lfs-3.4.1-4.el9_5.x86_64.rpm	SHA-256: 4d99b7f9565610f9a4bb4645f1a4aad5315312074f8d9cf6e2994e73eca6176e
git-lfs-debuginfo-3.4.1-4.el9_5.x86_64.rpm	SHA-256: 23162e0cc00b8b445ff97c5808fb7fa781f8d7750c7143c3df56c56ef2d33832
git-lfs-debugsource-3.4.1-4.el9_5.x86_64.rpm	SHA-256: fb586cabb82532844dd8774e1484f257261d375fac431b570b0b109948a7d171

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
aarch64
git-lfs-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 2e920997a465cd029a658da8b8cdd23fcdb32d700148a9c76fac64fd2f1af375
git-lfs-debuginfo-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 2a8910dd9c1916c0c808569017c93d07f34f76e0fcf52b46e1192e518b3fdf74
git-lfs-debugsource-3.4.1-4.el9_5.aarch64.rpm	SHA-256: 83168223e1f980d9563737e189a54a782dc9caf655aa82984185cf325578868c

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
git-lfs-3.4.1-4.el9_5.src.rpm	SHA-256: 1ae68536ad47e8da68516935177b71403a9953538e9376c3797b064edcef772e
s390x
git-lfs-3.4.1-4.el9_5.s390x.rpm	SHA-256: 608424b53a261e427071a4bbb491a87b5faf0d44550bb2a22f388e6760040c83
git-lfs-debuginfo-3.4.1-4.el9_5.s390x.rpm	SHA-256: 774d1ab2ca948b02766ee5e2e48cfd18a88be8a23a4e08d8d019e602887d8a99
git-lfs-debugsource-3.4.1-4.el9_5.s390x.rpm	SHA-256: 03b87708eed1d44f4b2b53f57a43279052223438d361e01eccbef9e2afb8e611

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation