Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
git-lfs-3.7.1-4.el10_2.aarch64.rpm |
c561f0819a132561e9c3b82228db46ea8dd92b2e1c75cbc73673f3fea7b61cf9 |
| ppc64le |
git-lfs-3.7.1-4.el10_2.ppc64le.rpm |
a5d19f601742c3499244af9f5221bbf94b6b102e85fb70cbbbb958b13bb58166 |
| s390x |
git-lfs-3.7.1-4.el10_2.s390x.rpm |
35d62d28820cde544a2048e78eab5c687648c2e7aa147c2fab18015bb09b62be |
| x86_64 |
git-lfs-3.7.1-4.el10_2.x86_64.rpm |
ce94d6594cbfc1d2fce8cb89fea5f278c0221705f9759bdf78ac06efdff77407 |
| x86_64_v2 |
git-lfs-3.7.1-4.el10_2.x86_64_v2.rpm |
6f952bb274fbbf2a2348d8534cc78798af01a689ccffbf7551a1e696d53b827b |
