[ALSA-2026:3985] Important: git-lfs security update
Type:
security
Severity:
important
Release date:
2026-03-13
Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 git-lfs-3.4.1-8.el8_10.aarch64.rpm 7985b79c77ad99f950eb178ddd16bd58f0c98a6073642da6fa7399cd83d0c518
ppc64le git-lfs-3.4.1-8.el8_10.ppc64le.rpm f7cf2fc9fe1091d9918ba7f1d31ad7c38c165be3dd5f7d87ddc53c05d3f94501
s390x git-lfs-3.4.1-8.el8_10.s390x.rpm ebaf72e89e21fbabae40653d114cb3fb42e41ac5a62ffeafaa583d92cec496b9
x86_64 git-lfs-3.4.1-8.el8_10.x86_64.rpm ad3398009d739df5d4488163672583465062c22f4cf376fb02ecf03ca8cfb986
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.