Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
git-lfs-3.4.1-10.el8_10.aarch64.rpm |
044b1456b7457660a7928ff43a84441094555f88abfc57320607a9a24fa7e635 |
| ppc64le |
git-lfs-3.4.1-10.el8_10.ppc64le.rpm |
a7c4bd6ce8133e7dab6d6eabdc16bd8e5202655a1fe21d173637a03046743ffd |
| s390x |
git-lfs-3.4.1-10.el8_10.s390x.rpm |
ea823ae08d389d197771aac180143e0c492d710e6714cc190c788bc26441967c |
| x86_64 |
git-lfs-3.4.1-10.el8_10.x86_64.rpm |
26548d35b47c8f90480b157fa5faa163ced450acc19eb2a6dde92b32db62f8b8 |
