[ALSA-2026:4164] Important: git-lfs security update
Type:
security
Severity:
important
Release date:
2026-03-11
Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 git-lfs-3.6.1-7.el10_1.aarch64.rpm 8449ecace143113700df95d4cbd8fc1457360dfb0705b194a82e3fdbafc2cf90
ppc64le git-lfs-3.6.1-7.el10_1.ppc64le.rpm 551e7140cfdf0773560f416010b7bba324af969572b51b7f908bd5924ce46ff1
s390x git-lfs-3.6.1-7.el10_1.s390x.rpm 3bf48b3dcca7aa31a6e8a81fca0827be494203bbce9c9276975b41babe0aadc9
x86_64 git-lfs-3.6.1-7.el10_1.x86_64.rpm ce2ee1affdec70b4e2220d650e492670eae8306aa512faf0d3112752b6c68fc2
x86_64_v2 git-lfs-3.6.1-7.el10_1.x86_64_v2.rpm 99e08f815a4653e9f1abbdde2388bc644a418a0349a4ed4202eebdc099df8c1a
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.