Lucene search
AlmaLinuxALSA-2024:2724HistoryMay 07, 2024 - 12:00 a.m.
Important: git-lfs security update
2024-05-0700:00:00
errata.almalinux.org
5
git large file storage
security update
golang vulnerabilities
remote server
dos
memory exhaustion
cvss score
cve page
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
- golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
- golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
- golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
- golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | x86_64 | git-lfs | < 3.4.1-2.el9_4 | git-lfs-3.4.1-2.el9_4.x86_64.rpm |
| almalinux | 9 | ppc64le | git-lfs | < 3.4.1-2.el9_4 | git-lfs-3.4.1-2.el9_4.ppc64le.rpm |
| almalinux | 9 | aarch64 | git-lfs | < 3.4.1-2.el9_4 | git-lfs-3.4.1-2.el9_4.aarch64.rpm |
| almalinux | 9 | s390x | git-lfs | < 3.4.1-2.el9_4 | git-lfs-3.4.1-2.el9_4.s390x.rpm |
References
access.redhat.com/errata/RHSA-2024:2724
access.redhat.com/security/cve/CVE-2023-45288
access.redhat.com/security/cve/CVE-2023-45289
access.redhat.com/security/cve/CVE-2023-45290
access.redhat.com/security/cve/CVE-2024-24783
bugzilla.redhat.com/2268017
bugzilla.redhat.com/2268018
bugzilla.redhat.com/2268019
bugzilla.redhat.com/2268273
errata.almalinux.org/9/ALSA-2024-2724.html
Related
nessus
nessus
AlmaLinux 9 : git-lfs (ALSA-2024:2724)
2024-05-09 00:00:00
Oracle Linux 8 : git-lfs (ELSA-2024-3346)
2024-05-30 00:00:00
RHEL 9 : git-lfs (RHSA-2024:2724)
2024-05-07 00:00:00
osv
osv
Important: git-lfs security update
2024-05-07 00:00:00
Important: git-lfs security update
2024-05-10 14:32:42
Important: git-lfs security update
2024-05-23 00:00:00
rocky
rocky
git-lfs security update
2024-05-10 14:32:42
golang security update
2024-05-10 14:32:42
git-lfs security update
2024-05-09 18:50:42
almalinux
almalinux
Important: git-lfs security update
2024-05-23 00:00:00
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Important: golang security update
2024-04-30 00:00:00
redhat
redhat
(RHSA-2024:3346) Important: git-lfs security update
2024-05-23 14:21:44
(RHSA-2024:2724) Important: git-lfs security update
2024-05-07 09:06:06
(RHSA-2024:3259) Important: go-toolset:rhel8 security update
2024-05-22 10:41:22
oraclelinux
oraclelinux
git-lfs security update
2024-05-07 00:00:00
git-lfs security update
2024-05-29 00:00:00
go-toolset:ol8 security update
2024-05-29 00:00:00
redos
redos
ROS-20240422-05
2024-04-22 00:00:00
amazon
amazon
Medium: golang
2024-05-23 22:04:00
Medium: cni-plugins
2024-05-23 22:04:00
Medium: amazon-cloudwatch-agent
2024-05-23 22:04:00
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1567)
2024-05-10 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1589)
2024-05-10 00:00:00
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
2024-03-25 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
forgejo -- HTTP/2 CONTINUATION flood in net/http
2024-04-04 00:00:00
go -- http2: close connections when receiving too many headers
2024-04-03 00:00:00
ubuntucve
ubuntucve
redhatcve
redhatcve
cve
cve
prion
prion
Design/Logic Flaw
2024-03-05 23:15:00
Authorization
2024-03-05 23:15:00
Design/Logic Flaw
2024-03-05 23:15:00
cgr
cgr
CVE-2024-24783 vulnerabilities
2024-05-19 03:07:16
CVE-2023-45290 vulnerabilities
2024-05-19 03:07:16
CVE-2023-45289 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
alpinelinux
alpinelinux
veracode
veracode
Denial Of Service
2024-03-17 17:31:04
Memory Exhaustion
2024-03-17 15:19:33
Sensitive Information Disclosure
2024-03-17 15:19:39
wolfi
wolfi
CVE-2024-24783 vulnerabilities
2024-06-07 09:07:51
CVE-2023-45289 vulnerabilities
2024-06-07 09:07:51
CVE-2023-45290 vulnerabilities
2024-06-07 09:07:51
nvd
nvd
cbl_mariner
cbl_mariner
CVE-2024-24783 affecting package golang for versions less than 1.21.6-1
2024-06-07 09:07:58
CVE-2023-45289 affecting package golang for versions less than 1.21.6-1
2024-06-07 09:07:58
CVE-2023-45290 affecting package golang for versions less than 1.21.6-1
2024-06-07 09:07:58
cvelist
cvelist
mageia
mageia
Updated golang packages fix security vulnerability
2024-04-13 19:56:38
ibm
ibm
github
github
Traefik affected by HTTP/2 CONTINUATION flood in net/http
2024-04-15 18:14:51
net/http, x/net/http2: close connections when receiving too many headers
2024-04-04 21:30:32
githubexploit
githubexploit
Exploit for CVE-2023-45288
2024-04-06 06:33:45
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0746
2024-04-04 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0589
2024-04-04 00:00:00