Red Hat Product Errata RHSA-2026:10712 - Security Advisory
Issued:
2026-04-27
Updated:
2026-04-27

RHSA-2026:10712 - Security Advisory

Synopsis

Important: git-lfs security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git-lfs is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

  • net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

  • BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
x86_64
git-lfs-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 84398f9d1c0eab2cf583d853bd7ac76810a211c92ed68411952784b7c60bb223
git-lfs-debuginfo-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: ea49794d173fd513f976f4e2fc04eb8b42be766f9a28f0ca08344ce3cc88e0ae
git-lfs-debugsource-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 5cd4bc66884108914b8053241f92883d9a5b6f1e22f680612ad543af96d5efb5

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
x86_64
git-lfs-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 84398f9d1c0eab2cf583d853bd7ac76810a211c92ed68411952784b7c60bb223
git-lfs-debuginfo-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: ea49794d173fd513f976f4e2fc04eb8b42be766f9a28f0ca08344ce3cc88e0ae
git-lfs-debugsource-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 5cd4bc66884108914b8053241f92883d9a5b6f1e22f680612ad543af96d5efb5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
s390x
git-lfs-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 9fd509a4c67030e78c49bd4cd78884181c8f2999c175bb4f1db87a46f5f1afbb
git-lfs-debuginfo-3.4.1-4.el9_4.5.s390x.rpm SHA-256: f7ccbe73683217620ea0ef5174d36c5f61eda58f4465ce3518c6c72cab8a9b5c
git-lfs-debugsource-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 27fd910c08e06b8839f1bca42ef0116783b5dbc87d613f5c3cb44cda2b832ae9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
ppc64le
git-lfs-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: fe39574143aef0eaeb15423d0f0edcaaf314bf56f9e4d881be43c6f965a0bcd0
git-lfs-debuginfo-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: ec2ebb26ecb484acc452b64fdad7369299f0db4644ccebaebce5f0de0ed45c6d
git-lfs-debugsource-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: 1f1f43cc21376da299d1536b2f3e6bd6cb80b6a60036bf02e96e12bba78c17d2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
aarch64
git-lfs-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: ba7cafcca8b2b61688523e5e663b6ad8e6114419fbbdc0b79e559da2f0d6b908
git-lfs-debuginfo-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 85a7decafb29fdad0ee4d89ea679109f1a8c66fe263cbb14ebd79a8c177d0aa8
git-lfs-debugsource-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 254c1ff48cb70c3b930ddfedbf00a32145e5feada1e2709127807ccbc6b02ce2

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
ppc64le
git-lfs-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: fe39574143aef0eaeb15423d0f0edcaaf314bf56f9e4d881be43c6f965a0bcd0
git-lfs-debuginfo-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: ec2ebb26ecb484acc452b64fdad7369299f0db4644ccebaebce5f0de0ed45c6d
git-lfs-debugsource-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: 1f1f43cc21376da299d1536b2f3e6bd6cb80b6a60036bf02e96e12bba78c17d2

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
x86_64
git-lfs-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 84398f9d1c0eab2cf583d853bd7ac76810a211c92ed68411952784b7c60bb223
git-lfs-debuginfo-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: ea49794d173fd513f976f4e2fc04eb8b42be766f9a28f0ca08344ce3cc88e0ae
git-lfs-debugsource-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 5cd4bc66884108914b8053241f92883d9a5b6f1e22f680612ad543af96d5efb5

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
aarch64
git-lfs-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: ba7cafcca8b2b61688523e5e663b6ad8e6114419fbbdc0b79e559da2f0d6b908
git-lfs-debuginfo-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 85a7decafb29fdad0ee4d89ea679109f1a8c66fe263cbb14ebd79a8c177d0aa8
git-lfs-debugsource-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 254c1ff48cb70c3b930ddfedbf00a32145e5feada1e2709127807ccbc6b02ce2

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
s390x
git-lfs-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 9fd509a4c67030e78c49bd4cd78884181c8f2999c175bb4f1db87a46f5f1afbb
git-lfs-debuginfo-3.4.1-4.el9_4.5.s390x.rpm SHA-256: f7ccbe73683217620ea0ef5174d36c5f61eda58f4465ce3518c6c72cab8a9b5c
git-lfs-debugsource-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 27fd910c08e06b8839f1bca42ef0116783b5dbc87d613f5c3cb44cda2b832ae9

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
x86_64
git-lfs-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 84398f9d1c0eab2cf583d853bd7ac76810a211c92ed68411952784b7c60bb223
git-lfs-debuginfo-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: ea49794d173fd513f976f4e2fc04eb8b42be766f9a28f0ca08344ce3cc88e0ae
git-lfs-debugsource-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 5cd4bc66884108914b8053241f92883d9a5b6f1e22f680612ad543af96d5efb5

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
aarch64
git-lfs-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: ba7cafcca8b2b61688523e5e663b6ad8e6114419fbbdc0b79e559da2f0d6b908
git-lfs-debuginfo-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 85a7decafb29fdad0ee4d89ea679109f1a8c66fe263cbb14ebd79a8c177d0aa8
git-lfs-debugsource-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 254c1ff48cb70c3b930ddfedbf00a32145e5feada1e2709127807ccbc6b02ce2

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
ppc64le
git-lfs-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: fe39574143aef0eaeb15423d0f0edcaaf314bf56f9e4d881be43c6f965a0bcd0
git-lfs-debuginfo-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: ec2ebb26ecb484acc452b64fdad7369299f0db4644ccebaebce5f0de0ed45c6d
git-lfs-debugsource-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: 1f1f43cc21376da299d1536b2f3e6bd6cb80b6a60036bf02e96e12bba78c17d2

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf
s390x
git-lfs-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 9fd509a4c67030e78c49bd4cd78884181c8f2999c175bb4f1db87a46f5f1afbb
git-lfs-debuginfo-3.4.1-4.el9_4.5.s390x.rpm SHA-256: f7ccbe73683217620ea0ef5174d36c5f61eda58f4465ce3518c6c72cab8a9b5c
git-lfs-debugsource-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 27fd910c08e06b8839f1bca42ef0116783b5dbc87d613f5c3cb44cda2b832ae9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.