Issued:: 2025-12-22
Updated:: 2025-12-22

RHSA-2025:23744 - Security Advisory

Overview
Updated Packages

Synopsis

Important: git-lfs security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git-lfs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

git-lfs: Git LFS may write to arbitrary files via crafted symlinks (CVE-2025-26625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x

Fixes

BZ - 2404720 - CVE-2025-26625 git-lfs: Git LFS may write to arbitrary files via crafted symlinks

CVEs

CVE-2025-26625

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
x86_64
git-lfs-3.6.1-4.el9_7.x86_64.rpm	SHA-256: 9fa047ddae41b79f31642679a80a2c00951d94b015b2370e0a5f2890d28ebcc7
git-lfs-debuginfo-3.6.1-4.el9_7.x86_64.rpm	SHA-256: bd7402754fbc18d44c87001d15c44c6cfa736d23ff93403fa18113d24bdda6d0
git-lfs-debugsource-3.6.1-4.el9_7.x86_64.rpm	SHA-256: b75424c2504ee3c0fba2c3a0e5d2dd09eceac27c078278e6c201dc7b50ead549

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
x86_64
git-lfs-3.6.1-4.el9_7.x86_64.rpm	SHA-256: 9fa047ddae41b79f31642679a80a2c00951d94b015b2370e0a5f2890d28ebcc7
git-lfs-debuginfo-3.6.1-4.el9_7.x86_64.rpm	SHA-256: bd7402754fbc18d44c87001d15c44c6cfa736d23ff93403fa18113d24bdda6d0
git-lfs-debugsource-3.6.1-4.el9_7.x86_64.rpm	SHA-256: b75424c2504ee3c0fba2c3a0e5d2dd09eceac27c078278e6c201dc7b50ead549

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
s390x
git-lfs-3.6.1-4.el9_7.s390x.rpm	SHA-256: 793f20e1e0aad939db561cce82a7b521e1e99191ebc9f25d074d3738cf781e2a
git-lfs-debuginfo-3.6.1-4.el9_7.s390x.rpm	SHA-256: ef876e2cf183e0b56a07ffa528d9ede86aed42ae04843c084fa553d3e159d9b0
git-lfs-debugsource-3.6.1-4.el9_7.s390x.rpm	SHA-256: 97b72364983a5dda157b2d1605df21ab677a19d42a71c73b167aaaa4287d3545

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
s390x
git-lfs-3.6.1-4.el9_7.s390x.rpm	SHA-256: 793f20e1e0aad939db561cce82a7b521e1e99191ebc9f25d074d3738cf781e2a
git-lfs-debuginfo-3.6.1-4.el9_7.s390x.rpm	SHA-256: ef876e2cf183e0b56a07ffa528d9ede86aed42ae04843c084fa553d3e159d9b0
git-lfs-debugsource-3.6.1-4.el9_7.s390x.rpm	SHA-256: 97b72364983a5dda157b2d1605df21ab677a19d42a71c73b167aaaa4287d3545

Red Hat Enterprise Linux for Power, little endian 9

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
ppc64le
git-lfs-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 92b163c9f687faa7e1d4dcccf57a0102b70849919b77e996cbf1a0a0ac8a9f97
git-lfs-debuginfo-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 413e895c281486bdb2a708b86ef04ca72dfc6f3c30243abb1f67c5cff326cd03
git-lfs-debugsource-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 2edb8736f291ff1bd3c1170ed34258fdbca4d153b720ae3203f8734171256789

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
ppc64le
git-lfs-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 92b163c9f687faa7e1d4dcccf57a0102b70849919b77e996cbf1a0a0ac8a9f97
git-lfs-debuginfo-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 413e895c281486bdb2a708b86ef04ca72dfc6f3c30243abb1f67c5cff326cd03
git-lfs-debugsource-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 2edb8736f291ff1bd3c1170ed34258fdbca4d153b720ae3203f8734171256789

Red Hat Enterprise Linux for ARM 64 9

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
aarch64
git-lfs-3.6.1-4.el9_7.aarch64.rpm	SHA-256: d577b61cfcbe1186c32ce0edcf4b0def1341df53109c9ec3e1901d6bb742f04d
git-lfs-debuginfo-3.6.1-4.el9_7.aarch64.rpm	SHA-256: 37b0d22e428dbf80a12d3312323eaf3e6ab0b282ed1f726f067c42050917fda9
git-lfs-debugsource-3.6.1-4.el9_7.aarch64.rpm	SHA-256: 7ee96d35ef58b3bee8da14f55644d456b345509041743c67439629d4242c1132

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
aarch64
git-lfs-3.6.1-4.el9_7.aarch64.rpm	SHA-256: d577b61cfcbe1186c32ce0edcf4b0def1341df53109c9ec3e1901d6bb742f04d
git-lfs-debuginfo-3.6.1-4.el9_7.aarch64.rpm	SHA-256: 37b0d22e428dbf80a12d3312323eaf3e6ab0b282ed1f726f067c42050917fda9
git-lfs-debugsource-3.6.1-4.el9_7.aarch64.rpm	SHA-256: 7ee96d35ef58b3bee8da14f55644d456b345509041743c67439629d4242c1132

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
ppc64le
git-lfs-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 92b163c9f687faa7e1d4dcccf57a0102b70849919b77e996cbf1a0a0ac8a9f97
git-lfs-debuginfo-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 413e895c281486bdb2a708b86ef04ca72dfc6f3c30243abb1f67c5cff326cd03
git-lfs-debugsource-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 2edb8736f291ff1bd3c1170ed34258fdbca4d153b720ae3203f8734171256789

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
x86_64
git-lfs-3.6.1-4.el9_7.x86_64.rpm	SHA-256: 9fa047ddae41b79f31642679a80a2c00951d94b015b2370e0a5f2890d28ebcc7
git-lfs-debuginfo-3.6.1-4.el9_7.x86_64.rpm	SHA-256: bd7402754fbc18d44c87001d15c44c6cfa736d23ff93403fa18113d24bdda6d0
git-lfs-debugsource-3.6.1-4.el9_7.x86_64.rpm	SHA-256: b75424c2504ee3c0fba2c3a0e5d2dd09eceac27c078278e6c201dc7b50ead549

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
aarch64
git-lfs-3.6.1-4.el9_7.aarch64.rpm	SHA-256: d577b61cfcbe1186c32ce0edcf4b0def1341df53109c9ec3e1901d6bb742f04d
git-lfs-debuginfo-3.6.1-4.el9_7.aarch64.rpm	SHA-256: 37b0d22e428dbf80a12d3312323eaf3e6ab0b282ed1f726f067c42050917fda9
git-lfs-debugsource-3.6.1-4.el9_7.aarch64.rpm	SHA-256: 7ee96d35ef58b3bee8da14f55644d456b345509041743c67439629d4242c1132

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
s390x
git-lfs-3.6.1-4.el9_7.s390x.rpm	SHA-256: 793f20e1e0aad939db561cce82a7b521e1e99191ebc9f25d074d3738cf781e2a
git-lfs-debuginfo-3.6.1-4.el9_7.s390x.rpm	SHA-256: ef876e2cf183e0b56a07ffa528d9ede86aed42ae04843c084fa553d3e159d9b0
git-lfs-debugsource-3.6.1-4.el9_7.s390x.rpm	SHA-256: 97b72364983a5dda157b2d1605df21ab677a19d42a71c73b167aaaa4287d3545

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
x86_64
git-lfs-3.6.1-4.el9_7.x86_64.rpm	SHA-256: 9fa047ddae41b79f31642679a80a2c00951d94b015b2370e0a5f2890d28ebcc7
git-lfs-debuginfo-3.6.1-4.el9_7.x86_64.rpm	SHA-256: bd7402754fbc18d44c87001d15c44c6cfa736d23ff93403fa18113d24bdda6d0
git-lfs-debugsource-3.6.1-4.el9_7.x86_64.rpm	SHA-256: b75424c2504ee3c0fba2c3a0e5d2dd09eceac27c078278e6c201dc7b50ead549

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
aarch64
git-lfs-3.6.1-4.el9_7.aarch64.rpm	SHA-256: d577b61cfcbe1186c32ce0edcf4b0def1341df53109c9ec3e1901d6bb742f04d
git-lfs-debuginfo-3.6.1-4.el9_7.aarch64.rpm	SHA-256: 37b0d22e428dbf80a12d3312323eaf3e6ab0b282ed1f726f067c42050917fda9
git-lfs-debugsource-3.6.1-4.el9_7.aarch64.rpm	SHA-256: 7ee96d35ef58b3bee8da14f55644d456b345509041743c67439629d4242c1132

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
ppc64le
git-lfs-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 92b163c9f687faa7e1d4dcccf57a0102b70849919b77e996cbf1a0a0ac8a9f97
git-lfs-debuginfo-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 413e895c281486bdb2a708b86ef04ca72dfc6f3c30243abb1f67c5cff326cd03
git-lfs-debugsource-3.6.1-4.el9_7.ppc64le.rpm	SHA-256: 2edb8736f291ff1bd3c1170ed34258fdbca4d153b720ae3203f8734171256789

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8

SRPM
git-lfs-3.6.1-4.el9_7.src.rpm	SHA-256: fb33bec8a2ac78a56acc9f41a05669f3433df684ac00056f2f08a18c6d638a00
s390x
git-lfs-3.6.1-4.el9_7.s390x.rpm	SHA-256: 793f20e1e0aad939db561cce82a7b521e1e99191ebc9f25d074d3738cf781e2a
git-lfs-debuginfo-3.6.1-4.el9_7.s390x.rpm	SHA-256: ef876e2cf183e0b56a07ffa528d9ede86aed42ae04843c084fa553d3e159d9b0
git-lfs-debugsource-3.6.1-4.el9_7.s390x.rpm	SHA-256: 97b72364983a5dda157b2d1605df21ab677a19d42a71c73b167aaaa4287d3545

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation