509 matches found
CLSA-2026-1776336504 git-lfs: Fix of CVE-2026-25679
Rebuild with Go 1.25.8 to fix Go standard library CVE - CVE-2026-25679: reject invalid IPv6 host literals in net/url.Parse to prevent URL validation bypass...
AlmaLinux 10 : git-lfs (ALSA-2026:7005)
The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:7005 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the AlmaLinux...
MiracleLinux 9 : git-lfs-3.6.1-8.el9_7 (AXSA:2026-420:04)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-420:04 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the MiracleLinu...
RHSA-2026:7259 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
RockyLinux 10 : git-lfs (RLSA-2026:7005)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7005 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...
RHSA-2026:7005 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Oracle Linux 9 : git-lfs (ELSA-2026-7259)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-7259 advisory. 3.6.1-8 - Rebuild with new Golang - Resolves: RHEL-158724 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
git-lfs security update
3.6.1-8 - Rebuild with new Golang - Resolves: RHEL-158724...
Oracle Linux 10 : git-lfs (ELSA-2026-7005)
The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-7005 advisory. 3.6.1-8 - Rebuild with new Golang Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...
CLEANSTART-2026-MF20926 Security fixes for CVE-2021-38561, CVE-2022-27191, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 3.1.2-r3, 3.1.2-r4, 3.7.0-r0, 3.7.0-r2
Multiple security vulnerabilities affect the git-lfs-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-006282)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006282 advisory. Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-006283)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006283 advisory. Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of...
AlmaLinux 8 : git-lfs (ALSA-2026:3985)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:3985 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...
CLSA-2026-1773314910 git-lfs: Fix of 3 CVEs
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys...
MiracleLinux 8 : git-lfs-3.4.1-8.el8_10 (AXSA:2026-288:03)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-288:03 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...
AlmaLinux 10 : git-lfs (ALSA-2026:4164)
The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:4164 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...
Oracle Linux 10 : git-lfs (ELSA-2026-4164)
The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-4164 advisory. 3.6.1-7 - Rebuild with new Golang 3.6.1-6 - Rebuild with new Golang 3.6.1-5 - Rebuild with new Golang Tenable has extracted the preceding description...
RLSA-2026:3985 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726...
RHSA-2026:4164 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Oracle Linux 8 : git-lfs (ELSA-2026-3985)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-3985 advisory. 3.4.1-8 - Rebuild with new Golang - Resolves: RHEL-146094, RHEL-149269 Tenable has extracted the preceding description block directly from the Oracle...