Issued:: 2026-06-29
Updated:: 2026-06-29

RHSA-2026:30855 - Security Advisory

Overview
Updated Packages

Synopsis

Important: git-lfs security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git-lfs is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 10 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
Red Hat Enterprise Linux for IBM z Systems 10 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
Red Hat Enterprise Linux for Power, little endian 10 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
Red Hat Enterprise Linux for ARM 64 10 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x

Fixes

BZ - 2480756 - CVE-2026-39821 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

CVEs

CVE-2026-39821

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 10

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
x86_64
git-lfs-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: d23550fea7a4632cc8de3e7c10ffd64e350417151bde2db55f3002924d448ae6
git-lfs-debuginfo-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: 7c617cee8c0dc59f4cca852c8499d803028077b68c3167a117aa7ba1fc754582
git-lfs-debugsource-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: 710f20d324e76b214121c29afda80ca11d2ebae57e9df7ba652264939981d860

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
x86_64
git-lfs-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: d23550fea7a4632cc8de3e7c10ffd64e350417151bde2db55f3002924d448ae6
git-lfs-debuginfo-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: 7c617cee8c0dc59f4cca852c8499d803028077b68c3167a117aa7ba1fc754582
git-lfs-debugsource-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: 710f20d324e76b214121c29afda80ca11d2ebae57e9df7ba652264939981d860

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
s390x
git-lfs-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 3dd1611d3ce3b5d685e0c61fe57b27f1708873294d7ac42d285cad55c7fe11c1
git-lfs-debuginfo-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 956a4762f4453f1b5492581e6379d31ba6f988a4fab0cb44fc71bb2832fad865
git-lfs-debugsource-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 79fa8a94e3db16ed3debfa0bf3c762050bfe9ba366ac04ebb05e212e147c71e6

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
s390x
git-lfs-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 3dd1611d3ce3b5d685e0c61fe57b27f1708873294d7ac42d285cad55c7fe11c1
git-lfs-debuginfo-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 956a4762f4453f1b5492581e6379d31ba6f988a4fab0cb44fc71bb2832fad865
git-lfs-debugsource-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 79fa8a94e3db16ed3debfa0bf3c762050bfe9ba366ac04ebb05e212e147c71e6

Red Hat Enterprise Linux for Power, little endian 10

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
ppc64le
git-lfs-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: f05727ccd0c1944b2506e69e7f0948fcef144b45675ba7da2edcaa1bc901f927
git-lfs-debuginfo-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: f324966facd8f2d22d65e9287c81ce5758f8bedf29aca575ed65b36ec4808b0f
git-lfs-debugsource-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: 16c8e4bf793c1a83cd12b42080a593a5c318eafaa6e7133150173bd3f3288789

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
ppc64le
git-lfs-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: f05727ccd0c1944b2506e69e7f0948fcef144b45675ba7da2edcaa1bc901f927
git-lfs-debuginfo-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: f324966facd8f2d22d65e9287c81ce5758f8bedf29aca575ed65b36ec4808b0f
git-lfs-debugsource-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: 16c8e4bf793c1a83cd12b42080a593a5c318eafaa6e7133150173bd3f3288789

Red Hat Enterprise Linux for ARM 64 10

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
aarch64
git-lfs-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: 5148919d800a3119159d089a506a0358d09e63a2186ceee777e0165a280e1f26
git-lfs-debuginfo-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: 87118507cba92fa8f3e16dcb4d9d30c763a111bd93cb4e51e853f383b732160c
git-lfs-debugsource-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: f35384973482b015a6adae45805d8a7311ce7770632da9d06afff97e2b1717be

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
aarch64
git-lfs-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: 5148919d800a3119159d089a506a0358d09e63a2186ceee777e0165a280e1f26
git-lfs-debuginfo-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: 87118507cba92fa8f3e16dcb4d9d30c763a111bd93cb4e51e853f383b732160c
git-lfs-debugsource-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: f35384973482b015a6adae45805d8a7311ce7770632da9d06afff97e2b1717be

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
aarch64
git-lfs-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: 5148919d800a3119159d089a506a0358d09e63a2186ceee777e0165a280e1f26
git-lfs-debuginfo-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: 87118507cba92fa8f3e16dcb4d9d30c763a111bd93cb4e51e853f383b732160c
git-lfs-debugsource-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: f35384973482b015a6adae45805d8a7311ce7770632da9d06afff97e2b1717be

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
s390x
git-lfs-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 3dd1611d3ce3b5d685e0c61fe57b27f1708873294d7ac42d285cad55c7fe11c1
git-lfs-debuginfo-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 956a4762f4453f1b5492581e6379d31ba6f988a4fab0cb44fc71bb2832fad865
git-lfs-debugsource-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 79fa8a94e3db16ed3debfa0bf3c762050bfe9ba366ac04ebb05e212e147c71e6

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
ppc64le
git-lfs-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: f05727ccd0c1944b2506e69e7f0948fcef144b45675ba7da2edcaa1bc901f927
git-lfs-debuginfo-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: f324966facd8f2d22d65e9287c81ce5758f8bedf29aca575ed65b36ec4808b0f
git-lfs-debugsource-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: 16c8e4bf793c1a83cd12b42080a593a5c318eafaa6e7133150173bd3f3288789

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
x86_64
git-lfs-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: d23550fea7a4632cc8de3e7c10ffd64e350417151bde2db55f3002924d448ae6
git-lfs-debuginfo-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: 7c617cee8c0dc59f4cca852c8499d803028077b68c3167a117aa7ba1fc754582
git-lfs-debugsource-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: 710f20d324e76b214121c29afda80ca11d2ebae57e9df7ba652264939981d860

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
x86_64
git-lfs-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: d23550fea7a4632cc8de3e7c10ffd64e350417151bde2db55f3002924d448ae6
git-lfs-debuginfo-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: 7c617cee8c0dc59f4cca852c8499d803028077b68c3167a117aa7ba1fc754582
git-lfs-debugsource-3.7.1-5.el10_2.5.x86_64.rpm	SHA-256: 710f20d324e76b214121c29afda80ca11d2ebae57e9df7ba652264939981d860

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
aarch64
git-lfs-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: 5148919d800a3119159d089a506a0358d09e63a2186ceee777e0165a280e1f26
git-lfs-debuginfo-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: 87118507cba92fa8f3e16dcb4d9d30c763a111bd93cb4e51e853f383b732160c
git-lfs-debugsource-3.7.1-5.el10_2.5.aarch64.rpm	SHA-256: f35384973482b015a6adae45805d8a7311ce7770632da9d06afff97e2b1717be

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
ppc64le
git-lfs-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: f05727ccd0c1944b2506e69e7f0948fcef144b45675ba7da2edcaa1bc901f927
git-lfs-debuginfo-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: f324966facd8f2d22d65e9287c81ce5758f8bedf29aca575ed65b36ec4808b0f
git-lfs-debugsource-3.7.1-5.el10_2.5.ppc64le.rpm	SHA-256: 16c8e4bf793c1a83cd12b42080a593a5c318eafaa6e7133150173bd3f3288789

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2

SRPM
git-lfs-3.7.1-5.el10_2.5.src.rpm	SHA-256: 618962151213227bd569d78eff65a1d559e373e29503e38597d282cc8f314435
s390x
git-lfs-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 3dd1611d3ce3b5d685e0c61fe57b27f1708873294d7ac42d285cad55c7fe11c1
git-lfs-debuginfo-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 956a4762f4453f1b5492581e6379d31ba6f988a4fab0cb44fc71bb2832fad865
git-lfs-debugsource-3.7.1-5.el10_2.5.s390x.rpm	SHA-256: 79fa8a94e3db16ed3debfa0bf3c762050bfe9ba366ac04ebb05e212e147c71e6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation