Red Hat Product Errata RHSA-2025:0762 - Security Advisory
Issued:
2025-01-28
Updated:
2025-01-28

RHSA-2025:0762 - Security Advisory

Synopsis

Important: git-lfs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git-lfs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

  • git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs (CVE-2024-53263)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2338002 - CVE-2024-53263 git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
git-lfs-3.2.0-2.el8_8.3.src.rpm SHA-256: b043dd5b50e54b8f5d2b9557952a2f30bde4b79c0e438bed0e3c50d80f230ede
x86_64
git-lfs-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 7503e08b48970a2aab53f5870f0bf1f5fd8068fed5bddd640e88337e37c1e0ab
git-lfs-debuginfo-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 10d2ee983e7fabd9a62af2cb98bcfca7632338a44dae09e8ee71c41e91d06662
git-lfs-debugsource-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 1a5704aff46400a4f59cea46f982f4bae4dce56309d5a85f02df15bf7c6b8079

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
git-lfs-3.2.0-2.el8_8.3.src.rpm SHA-256: b043dd5b50e54b8f5d2b9557952a2f30bde4b79c0e438bed0e3c50d80f230ede
s390x
git-lfs-3.2.0-2.el8_8.3.s390x.rpm SHA-256: 1c3809f82f8f9639e4a5b70eff8a2079faf56faffb7a6a357ede3bb669adf68e
git-lfs-debuginfo-3.2.0-2.el8_8.3.s390x.rpm SHA-256: d95f0eb0b0569959b230ae35f8d7df8b948cb968b6ff5b1da828f389dec068af
git-lfs-debugsource-3.2.0-2.el8_8.3.s390x.rpm SHA-256: a3c1f60e9d0b89c3faf6afc70fae9f2215b701458e9fb3c0a22d91a561fee8dd

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
git-lfs-3.2.0-2.el8_8.3.src.rpm SHA-256: b043dd5b50e54b8f5d2b9557952a2f30bde4b79c0e438bed0e3c50d80f230ede
ppc64le
git-lfs-3.2.0-2.el8_8.3.ppc64le.rpm SHA-256: 3ce3ca5fc6502790b30578ba4a1ea93fdc45bd5edfbc4900fb6f4635ebbfd26c
git-lfs-debuginfo-3.2.0-2.el8_8.3.ppc64le.rpm SHA-256: 5d6c3933ce9baa90e35ce033a0f0422d90d454674656890cc5333ea2144d5e79
git-lfs-debugsource-3.2.0-2.el8_8.3.ppc64le.rpm SHA-256: 2e0353c957f315fc59d6504c3b5ab42833170a85bf3a9c04e13d01f065a7c8b3

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
git-lfs-3.2.0-2.el8_8.3.src.rpm SHA-256: b043dd5b50e54b8f5d2b9557952a2f30bde4b79c0e438bed0e3c50d80f230ede
x86_64
git-lfs-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 7503e08b48970a2aab53f5870f0bf1f5fd8068fed5bddd640e88337e37c1e0ab
git-lfs-debuginfo-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 10d2ee983e7fabd9a62af2cb98bcfca7632338a44dae09e8ee71c41e91d06662
git-lfs-debugsource-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 1a5704aff46400a4f59cea46f982f4bae4dce56309d5a85f02df15bf7c6b8079

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
git-lfs-3.2.0-2.el8_8.3.src.rpm SHA-256: b043dd5b50e54b8f5d2b9557952a2f30bde4b79c0e438bed0e3c50d80f230ede
aarch64
git-lfs-3.2.0-2.el8_8.3.aarch64.rpm SHA-256: 794501f13b78338379ace95b735e383162c3088f4aabc89e9a26758d614d2ede
git-lfs-debuginfo-3.2.0-2.el8_8.3.aarch64.rpm SHA-256: eb267f382900e20e75c5c56922ca7e48dd093ecdcb359d5f04556d5476bb69a5
git-lfs-debugsource-3.2.0-2.el8_8.3.aarch64.rpm SHA-256: a3273b6bbf0917152c5f2148fb13481334617a44f6e9617f9bb64ced65beabeb

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
git-lfs-3.2.0-2.el8_8.3.src.rpm SHA-256: b043dd5b50e54b8f5d2b9557952a2f30bde4b79c0e438bed0e3c50d80f230ede
ppc64le
git-lfs-3.2.0-2.el8_8.3.ppc64le.rpm SHA-256: 3ce3ca5fc6502790b30578ba4a1ea93fdc45bd5edfbc4900fb6f4635ebbfd26c
git-lfs-debuginfo-3.2.0-2.el8_8.3.ppc64le.rpm SHA-256: 5d6c3933ce9baa90e35ce033a0f0422d90d454674656890cc5333ea2144d5e79
git-lfs-debugsource-3.2.0-2.el8_8.3.ppc64le.rpm SHA-256: 2e0353c957f315fc59d6504c3b5ab42833170a85bf3a9c04e13d01f065a7c8b3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
git-lfs-3.2.0-2.el8_8.3.src.rpm SHA-256: b043dd5b50e54b8f5d2b9557952a2f30bde4b79c0e438bed0e3c50d80f230ede
x86_64
git-lfs-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 7503e08b48970a2aab53f5870f0bf1f5fd8068fed5bddd640e88337e37c1e0ab
git-lfs-debuginfo-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 10d2ee983e7fabd9a62af2cb98bcfca7632338a44dae09e8ee71c41e91d06662
git-lfs-debugsource-3.2.0-2.el8_8.3.x86_64.rpm SHA-256: 1a5704aff46400a4f59cea46f982f4bae4dce56309d5a85f02df15bf7c6b8079

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.