GitHub¡¢´ÉÍý¼Ô¸¢¸Â¤ò¼èÆÀ¤Ç¤¤ëEnterprise Server¤ÎÀȼåÀ¤ò½¤Àµ
GitHub¤Ï2024ǯ8·î20Æü(¸½ÃÏ»þ´Ö)¡¢GitHub Enterpise Server¤Î3·ï¤ÎÀȼåÀ¤ò½¤Àµ¤·¤¿¥Ð¡¼¥¸¥ç¥ó3.13.3¤ò¥ê¥ê¡¼¥¹¤·¤¿¡£3·ï¤Î¤¦¤Á¤Î1·ï¤Ï¿¼¹ïÅÙ¤¬¡ÖCritical¡×¡Ê¶ÛµÞ¡Ë¤ËʬÎव¤ì¤Æ¤ª¤ê¡¢´ÉÍý¼Ô¸¢¸Â¤Î¼èÆÀ¤Ë°ÍѤǤ¤ë²ÄǽÀ¤¬¤¢¤ë¤¿¤áÁáµÞ¤ËÂн褹¤ëɬÍפ¬¤¢¤ë¡£
¾ÜºÙ¤Ï°Ê²¼¤Î¥ê¥ê¡¼¥¹¥Î¡¼¥È¤Ë¤Þ¤È¤á¤é¤ì¤Æ¤¤¤ë¡£
Release notes - GitHub Enterprise Server 3.13 Docs
¡ûSAMLǧ¾Ú¤Ë¤ª¤±¤ë½ÅÂç¤ÊÀȼåÀ
GitHub Enterpise Server¤Ï¡¢GitHub¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤Î¥»¥ë¥Õ¥Û¥¹¥ÈÈǤǤ¢¤ê¡¢¥ª¥ó¥×¥ì¥¹´Ä¶¤ÇGitHub¤ÈƱ¤¸Git¥ê¥Ý¥¸¥È¥ê¡¼´Ä¶¤òŸ³«¤Ç¤¤ë¡£º£²ó¤Î¥ê¥ê¡¼¥¹¤Ç½¤Àµ¤µ¤ì¤¿ºÇ¤â¿¼¹ï¤ÊÀȼåÀ¤Ï¡ÖCVE-2024-6800¡×¤È¤·¤Æ¼±Ê̤µ¤ì¤Æ¤ª¤ê¡¢CVSS v3¤Î¥Ù¡¼¥¹¥¹¥³¥¢¤Ï9.5¤È¤Ê¤Ã¤Æ¤¤¤ë¡£
¥ê¥ê¡¼¥¹¥Î¡¼¥È¤Ë¤è¤ì¤Ð¡¢¤³¤ÎÀȼåÀ¤ÏÆÃÄê¤Î´Ä¶¤ÇSAMLǧ¾Ú¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ë±Æ¶Á¤ò¼õ¤±¤ë²ÄǽÀ¤¬¤¢¤ë¤È¤¤¤¦¡£É¸Åª¤ÎGitHub Enterprise Server¤ËÂФ·¤ÆľÀܥͥåȥ¥¯¥¢¥¯¥»¥¹¸¢¸Â¤ò»ý¤Ä¹¶·â¼Ô¤Ï¡¢SAML±þÅú¤òµ¶Â¤¤¹¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢´ÉÍý¼Ô¸¢¸Â¤ò»ý¤Ä¥æ¡¼¥¶¡¼¤ò¥×¥í¥Ó¥¸¥ç¥Ë¥ó¥°¤·¤¿¤ê¡¢¤½¤Î¥æ¡¼¥¶¡¼¤Ë¥¢¥¯¥»¥¹¤·¤¿¤ê¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£
CVE-2024-6800¤Î±Æ¶Á¤ò¼õ¤±¤ë¥Ð¡¼¥¸¥ç¥ó¤Ï°Ê²¼¤ÎÄ̤ꡣ
¥Ð¡¼¥¸¥ç¥ó3.13.0¤«¤é3.13.2
¥Ð¡¼¥¸¥ç¥ó3.12.0¤«¤é3.12.7
¥Ð¡¼¥¸¥ç¥ó3.11.0¤«¤é3.11.13
¥Ð¡¼¥¸¥ç¥ó3.10.0¤«¤é3.10.15
¤½¤ì¤¾¤ì¡¢¥Ð¡¼¥¸¥ç¥ó3.13.3¡¢3.12.8¡¢3.11.14¡¢3.10.16¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤Ç±Æ¶Á¤ò²óÈò¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
¡ûÃæÄøÅ٤ο¼¹ïÅÙ¤Î2·ï¤ÎÀȼåÀ
GitHub¤Ç¤Ï¡¢¤³¤Î¥ê¥ê¡¼¥¹¤Ç¿¼¹ïÅÙ"Medium"¡ÊÃæÄøÅ١ˤËʬÎव¤ì¤¿¼¡¤Î2·ï¤ÎÀȼåÀ¤â½¤Àµ¤·¤Æ¤¤¤ë¡£
CVE-2024-7711: ǧ¾Ú¤ÎÉÔ¶ñ¹ç¤Ë¤è¤ê¡¢¥Ñ¥Ö¥ê¥Ã¥¯¥ê¥Ý¥¸¥È¥êÆâ¤ÎǤ°Õ¤ÎIssue¤Î¥¿¥¤¥È¥ë¡¢Ã´Åö¼Ô¡¢¥é¥Ù¥ë¤òÉÔÀµ¤ËÊѹ¹¤Ç¤¤ëÀȼåÀ
CVE-2024-6337: ǧ¾Ú¤ÎÉÔ¶ñ¹ç¤Ë¤è¤ê¡¢contents:read ¤ª¤è¤Ó pull request:write ¤Î¸¢¸Â¤Î¤ß¤ò»ý¤ÄGitHub App¤ò»ÈÍѤ·¤Æ¥×¥é¥¤¥Ù¡¼¥È¥ê¥Ý¥¸¥È¥êÆâ¤ÎIssue¤ÎÃæ¿È¤òÆɤ߼è¤ì¤ëÀȼåÀ
GitHub¤Ç¤Ï¡¢¥æ¡¼¥¶¡¼¤òÀøºßŪ¤Ê¥»¥¥å¥ê¥Æ¥£¤Î¶¼°Ò¤«¤éÊݸ¤ë¤¿¤á¤Ë¡¢GitHub Enterprise Server¤òºÇ¿·¥Ð¡¼¥¸¥ç¥ó¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£
¾ÜºÙ¤Ï°Ê²¼¤Î¥ê¥ê¡¼¥¹¥Î¡¼¥È¤Ë¤Þ¤È¤á¤é¤ì¤Æ¤¤¤ë¡£
Release notes - GitHub Enterprise Server 3.13 Docs
¡ûSAMLǧ¾Ú¤Ë¤ª¤±¤ë½ÅÂç¤ÊÀȼåÀ
GitHub Enterpise Server¤Ï¡¢GitHub¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤Î¥»¥ë¥Õ¥Û¥¹¥ÈÈǤǤ¢¤ê¡¢¥ª¥ó¥×¥ì¥¹´Ä¶¤ÇGitHub¤ÈƱ¤¸Git¥ê¥Ý¥¸¥È¥ê¡¼´Ä¶¤òŸ³«¤Ç¤¤ë¡£º£²ó¤Î¥ê¥ê¡¼¥¹¤Ç½¤Àµ¤µ¤ì¤¿ºÇ¤â¿¼¹ï¤ÊÀȼåÀ¤Ï¡ÖCVE-2024-6800¡×¤È¤·¤Æ¼±Ê̤µ¤ì¤Æ¤ª¤ê¡¢CVSS v3¤Î¥Ù¡¼¥¹¥¹¥³¥¢¤Ï9.5¤È¤Ê¤Ã¤Æ¤¤¤ë¡£
¥ê¥ê¡¼¥¹¥Î¡¼¥È¤Ë¤è¤ì¤Ð¡¢¤³¤ÎÀȼåÀ¤ÏÆÃÄê¤Î´Ä¶¤ÇSAMLǧ¾Ú¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ë±Æ¶Á¤ò¼õ¤±¤ë²ÄǽÀ¤¬¤¢¤ë¤È¤¤¤¦¡£É¸Åª¤ÎGitHub Enterprise Server¤ËÂФ·¤ÆľÀܥͥåȥ¥¯¥¢¥¯¥»¥¹¸¢¸Â¤ò»ý¤Ä¹¶·â¼Ô¤Ï¡¢SAML±þÅú¤òµ¶Â¤¤¹¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢´ÉÍý¼Ô¸¢¸Â¤ò»ý¤Ä¥æ¡¼¥¶¡¼¤ò¥×¥í¥Ó¥¸¥ç¥Ë¥ó¥°¤·¤¿¤ê¡¢¤½¤Î¥æ¡¼¥¶¡¼¤Ë¥¢¥¯¥»¥¹¤·¤¿¤ê¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£
CVE-2024-6800¤Î±Æ¶Á¤ò¼õ¤±¤ë¥Ð¡¼¥¸¥ç¥ó¤Ï°Ê²¼¤ÎÄ̤ꡣ
¥Ð¡¼¥¸¥ç¥ó3.13.0¤«¤é3.13.2
¥Ð¡¼¥¸¥ç¥ó3.12.0¤«¤é3.12.7
¥Ð¡¼¥¸¥ç¥ó3.11.0¤«¤é3.11.13
¥Ð¡¼¥¸¥ç¥ó3.10.0¤«¤é3.10.15
¤½¤ì¤¾¤ì¡¢¥Ð¡¼¥¸¥ç¥ó3.13.3¡¢3.12.8¡¢3.11.14¡¢3.10.16¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤Ç±Æ¶Á¤ò²óÈò¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
¡ûÃæÄøÅ٤ο¼¹ïÅÙ¤Î2·ï¤ÎÀȼåÀ
GitHub¤Ç¤Ï¡¢¤³¤Î¥ê¥ê¡¼¥¹¤Ç¿¼¹ïÅÙ"Medium"¡ÊÃæÄøÅ١ˤËʬÎव¤ì¤¿¼¡¤Î2·ï¤ÎÀȼåÀ¤â½¤Àµ¤·¤Æ¤¤¤ë¡£
CVE-2024-7711: ǧ¾Ú¤ÎÉÔ¶ñ¹ç¤Ë¤è¤ê¡¢¥Ñ¥Ö¥ê¥Ã¥¯¥ê¥Ý¥¸¥È¥êÆâ¤ÎǤ°Õ¤ÎIssue¤Î¥¿¥¤¥È¥ë¡¢Ã´Åö¼Ô¡¢¥é¥Ù¥ë¤òÉÔÀµ¤ËÊѹ¹¤Ç¤¤ëÀȼåÀ
CVE-2024-6337: ǧ¾Ú¤ÎÉÔ¶ñ¹ç¤Ë¤è¤ê¡¢contents:read ¤ª¤è¤Ó pull request:write ¤Î¸¢¸Â¤Î¤ß¤ò»ý¤ÄGitHub App¤ò»ÈÍѤ·¤Æ¥×¥é¥¤¥Ù¡¼¥È¥ê¥Ý¥¸¥È¥êÆâ¤ÎIssue¤ÎÃæ¿È¤òÆɤ߼è¤ì¤ëÀȼåÀ
GitHub¤Ç¤Ï¡¢¥æ¡¼¥¶¡¼¤òÀøºßŪ¤Ê¥»¥¥å¥ê¥Æ¥£¤Î¶¼°Ò¤«¤éÊݸ¤ë¤¿¤á¤Ë¡¢GitHub Enterprise Server¤òºÇ¿·¥Ð¡¼¥¸¥ç¥ó¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£
