ALSA-2025:9106

[ALSA-2025:9106] Moderate: git-lfs security update

Type:

security

Severity:

moderate

Release date:

2025-07-02

Description:

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.  

Security Fix(es):  

  * net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-lfs-3.6.1-2.el9_6.aarch64.rpm	ec6bcc181532f3e608d131733fd3738cfd6e1fa78fcaddf72fc97f076ecf7546
ppc64le	git-lfs-3.6.1-2.el9_6.ppc64le.rpm	2e4a163cdc749d4ddc2025429db1d13d1a62d5fa1542ba35de42c87525ed5028
s390x	git-lfs-3.6.1-2.el9_6.s390x.rpm	ad4f86d32773f871d7079f468bfcdfc391737bdba416dfc79f4ad9c2b3eec9fb
x86_64	git-lfs-3.6.1-2.el9_6.x86_64.rpm	ddfa71b90323ecfd3d78727fd62655ea004693b2144603562df7cda3a6535fa7

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.