Moderate: git-lfs security update

🗓️ 13 May 2025 00:00:00Reported by AlmaLinuxType

almalinux

almalinux🔗 errata.almalinux.org👁 3 Views

Security update for Git LFS addressing several vulnerabilities in Golang and enhancing performance.

Reporter	Title	Published	Views	Family All 2998
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and the IntegrationServer and IntegrationRuntime operands are vulnerable to networking errors [CVE-2024-24790]	23 Aug 202409:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus	4 Feb 202518:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service due to [CVE-2024-24788]	5 Jun 202415:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go	5 Jun 202420:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift	15 Apr 202502:37	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go	30 Oct 202316:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-24790).	16 Oct 202410:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Cartridge has addressed a security vulnerability in Golang Go (CVE-2024-24790)	2 May 202516:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024.	30 May 202513:17	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
almalinux	9	ppc64le	git-lfs	3.6.1-1.el9	git-lfs-3.6.1-1.el9.ppc64le.rpm
almalinux	9	x86_64	git-lfs	3.6.1-1.el9	git-lfs-3.6.1-1.el9.x86_64.rpm
almalinux	9	aarch64	git-lfs	3.6.1-1.el9	git-lfs-3.6.1-1.el9.aarch64.rpm
almalinux	9	s390x	git-lfs	3.6.1-1.el9	git-lfs-3.6.1-1.el9.s390x.rpm

Source	Link
access	www.access.redhat.com/errata/RHSA-2025:7256
access	www.access.redhat.com/security/cve/CVE-2023-39321
access	www.access.redhat.com/security/cve/CVE-2023-39322
access	www.access.redhat.com/security/cve/CVE-2024-24788
access	www.access.redhat.com/security/cve/CVE-2024-24790
access	www.access.redhat.com/security/cve/CVE-2024-24791
access	www.access.redhat.com/security/cve/CVE-2024-9355
bugzilla	www.bugzilla.redhat.com/2237777
bugzilla	www.bugzilla.redhat.com/2237778
bugzilla	www.bugzilla.redhat.com/2279814

02 Jul 2025 13:09Current

7.3High risk

Vulners AI Score7.3

CVSS 3.19.8

EPSS0.01952

SSVC

git large file storage security update cve-2023-39321 cve-2023-39322 cve-2024-24788 cve-2024-24790 cve-2024-24791 cve-2024-9355 almalinux release notes