ALSA-2026:30853

[ALSA-2026:30853] Important: git-lfs security update

Type:

security

Severity:

important

Release date:

2026-06-29

Description:

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.  

Security Fix(es):  

  * golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-lfs-3.4.1-11.el8_10.aarch64.rpm	0d58f6a277803d9bab0cd6f3276ae2ed12ca74d794ca4d174f126c09622319ee
ppc64le	git-lfs-3.4.1-11.el8_10.ppc64le.rpm	e68beef68c9ea8361018cdd9345315c089bda28f97b066cf1c7eb8ff23a9d85b
s390x	git-lfs-3.4.1-11.el8_10.s390x.rpm	dbe543d1a17f378e6da8a3266beb76f617eaa4483658b25471b214e2bd27e7fa
x86_64	git-lfs-3.4.1-11.el8_10.x86_64.rpm	47c19eb05d0506534058dff71b26e891b3b57ac4e1ad484629fd86ea19fff507

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.