[Apollo] Advisories Statistics light light Login


Security Mirrored from RHSA-2024:2724
Issued at: 2024-05-10
Updated at: 2024-05-10


Important: git-lfs security update


Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64


2268017 2268018 2268019 2268273


CVE-2023-45288 CVE-2023-45289 CVE-2023-45290 CVE-2024-24783

Affected packages

Rocky Linux 9 aarch64 - AppStream

git-lfs-0:3.4.1-2.el9_4.aarch64.rpm git-lfs-0:3.4.1-2.el9_4.src.rpm git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64.rpm git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

git-lfs-0:3.4.1-2.el9_4.ppc64le.rpm git-lfs-0:3.4.1-2.el9_4.src.rpm git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le.rpm git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

git-lfs-0:3.4.1-2.el9_4.s390x.rpm git-lfs-0:3.4.1-2.el9_4.src.rpm git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x.rpm git-lfs-debugsource-0:3.4.1-2.el9_4.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

git-lfs-0:3.4.1-2.el9_4.src.rpm git-lfs-0:3.4.1-2.el9_4.x86_64.rpm git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64.rpm git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64.rpm