Alert GCSA-25067 - Aggiornamento di sicurezza per GitLab
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25067
Data: 22 Maggio 2025
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 18.0.1, 17.11.3, e 17.10.7 di
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Denial of Service (DoS)
Elusione delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni:
GitLab CE e 18.0.1, 17.11.3, e 17.10.7
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4979
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaC730Q0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCHD4AnRqiCCrfkHSuBBTs1LVWy82nlE9rAJ9or4j0/OeI
gs5xz9lgBJGYxC8TGA==
=EqF8
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25067
Data: 22 Maggio 2025
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 18.0.1, 17.11.3, e 17.10.7 di
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Denial of Service (DoS)
Elusione delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni:
GitLab CE e 18.0.1, 17.11.3, e 17.10.7
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4979
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaC730Q0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCHD4AnRqiCCrfkHSuBBTs1LVWy82nlE9rAJ9or4j0/OeI
gs5xz9lgBJGYxC8TGA==
=EqF8
-----END PGP SIGNATURE-----