[ALSA-2026:3928] Important: git-lfs security update
Type:
security
Severity:
important
Release date:
2026-03-06
Description:
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 git-lfs-3.6.1-7.el9_7.aarch64.rpm b5f88d029ebe3d87e66f61c4477deea65c8e3969f90d54d6c14afbe3aee36485
ppc64le git-lfs-3.6.1-7.el9_7.ppc64le.rpm 6680cc17ad7edf09718679406022bc7b3fcdf7838dfe477bf5b775676dfc5dc4
s390x git-lfs-3.6.1-7.el9_7.s390x.rpm 3ac814d0f7039486235d4ed14281bda7484804dd3649d1a83accac8be42e875a
x86_64 git-lfs-3.6.1-7.el9_7.x86_64.rpm e42fa651e413391a29e1d9dd315e527a5e2358f18f222270cf558b8c55ad3a51
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.