Fedora 40 Update: git-lfs-3.6.1-1.fc40
Fedora 41 Update: pam-u2f-1.3.2-1.fc41
Fedora 41 Update: git-lfs-3.6.1-1.fc41
[SECURITY] Fedora 40 Update: git-lfs-3.6.1-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-50deb0acd5
2025-01-24 01:31:27.317862+00:00
--------------------------------------------------------------------------------
Name : git-lfs
Product : Fedora 40
Version : 3.6.1
Release : 1.fc40
URL : https://git-lfs.github.io/
Summary : Git extension for versioning large files
Description :
Git Large File Storage (LFS) replaces large files such as audio samples,
videos, datasets, and graphics with text pointers inside Git, while
storing the file contents on a remote server.
--------------------------------------------------------------------------------
Update Information:
Update to latest version
Fix CVE-2024-53263
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 3.6.1-1
- Update to latest version (#2338023)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2338002 - CVE-2024-53263 git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs
https://bugzilla.redhat.com/show_bug.cgi?id=2338002
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-50deb0acd5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: pam-u2f-1.3.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-29900cbe83
2025-01-24 01:24:33.422011+00:00
--------------------------------------------------------------------------------
Name : pam-u2f
Product : Fedora 41
Version : 1.3.2
Release : 1.fc41
URL : https://github.com/Yubico/pam-u2f
Summary : Implements PAM authentication over U2F
Description :
The PAM U2F module provides an easy way to integrate the Yubikey (or
other U2F-compliant authenticators) into your existing user
authentication infrastructure.
--------------------------------------------------------------------------------
Update Information:
pam-u2f 1.3.1 includes a fix to resolve CVE-2025-23013 (Partial Authentication
Bypass). CVSS score 7.3. 1.3.2 is a fix for a regression that could impact
existing use cases.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 16 2025 Gary Buhrmaster [gary.buhrmaster@gmail.com] - 1.3.2-1
- Update to 1.3.2 - resolves rhbz#2338418
1.3.2 fixes a potentially breaking issue with tightened authfile checking with 1.3.1
* Tue Jan 14 2025 Gary Buhrmaster [gary.buhrmaster@gmail.com] - 1.3.1-1
- Update to 1.3.1 - resolves rhbz#2337634
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2338115 - CVE-2025-23013 pam-u2f: Partial Authentication Bypass in pam-u2f Software Package [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2338115
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-29900cbe83' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: git-lfs-3.6.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1de066b8af
2025-01-24 01:24:33.421855+00:00
--------------------------------------------------------------------------------
Name : git-lfs
Product : Fedora 41
Version : 3.6.1
Release : 1.fc41
URL : https://git-lfs.github.io/
Summary : Git extension for versioning large files
Description :
Git Large File Storage (LFS) replaces large files such as audio samples,
videos, datasets, and graphics with text pointers inside Git, while
storing the file contents on a remote server.
--------------------------------------------------------------------------------
Update Information:
Update to latest version
Fix CVE-2024-53263
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 3.6.1-1
- Update to latest version (#2338023)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2338002 - CVE-2024-53263 git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs
https://bugzilla.redhat.com/show_bug.cgi?id=2338002
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1de066b8af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--