ALSA-2026:14200

[ALSA-2026:14200] Important: git-lfs security update

Type:

security

Severity:

important

Release date:

2026-05-06

Description:

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.  

Security Fix(es):  

  * golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
  * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
  * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-lfs-3.6.1-8.el9_7.1.aarch64.rpm	963dd6c7e8215f1c7aa9552f2c48ea4dbb8cbaf4a9c5ff148f8da708e759748c
ppc64le	git-lfs-3.6.1-8.el9_7.1.ppc64le.rpm	d277164e0c942692db4f1dd28af1f98d546578d84f5f1b2ec8442535a8d656ca
s390x	git-lfs-3.6.1-8.el9_7.1.s390x.rpm	e9d7cf96751db2be644595a4c1b19614e7f19823192b3ff8b30140dbccc3fe73
x86_64	git-lfs-3.6.1-8.el9_7.1.x86_64.rpm	90a8511e8f280460d6f2ea916e499d1bc0c47b89e9b6c6519e2b202a6dc9bc39

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.