Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
git-lfs-3.7.1-4.el9_8.aarch64.rpm |
42dcf17af56bca2730da11d2389cb3cd30a0d4b98de6f00a4a11739d8170d338 |
| ppc64le |
git-lfs-3.7.1-4.el9_8.ppc64le.rpm |
a73a1b6dc0a1b322865ff1268783bbd2632921177163824c03669733b245ea5d |
| s390x |
git-lfs-3.7.1-4.el9_8.s390x.rpm |
2ec8d17f9b10f72ae4461982a3684513cabe088ee0557c46b9ff7e5bd0eeaf41 |
| x86_64 |
git-lfs-3.7.1-4.el9_8.x86_64.rpm |
44e4f9d716c29ab5360854fdc68cd8cfc3079f244bbbc3c4477f07f5640faa89 |
