ALSA-2025:23745

[ALSA-2025:23745] Important: git-lfs security update

Type:

security

Severity:

important

Release date:

2025-12-22

Description:

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.  

Security Fix(es):  

  * git-lfs: Git LFS may write to arbitrary files via crafted symlinks (CVE-2025-26625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-lfs-3.4.1-6.el8_10.aarch64.rpm	1d1dfe3d5eb2619c2d10a8e6547c42d410a21691d77007d9923a2d74ad014ed4
ppc64le	git-lfs-3.4.1-6.el8_10.ppc64le.rpm	2e738cf432859766611ed7f659b0511915735d71220b979bb73bc5f9000a70f9
s390x	git-lfs-3.4.1-6.el8_10.s390x.rpm	378705bb1440d70cee61d3fb9b1ea8dc8fd150337804d1c1b22b757de047d3ab
x86_64	git-lfs-3.4.1-6.el8_10.x86_64.rpm	d9aa280eaeaa4174421df8e5f04c62607662e223e49374cf620a2c9c71853751

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.