Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Git Large File Storage update fixes security risks
ALSA-2026:4164
Summary
Git's Large File Storage feature has received security updates to prevent denial of service attacks and protect against memory exhaustion. These updates are essential to ensure the secure storage and sharing of large files. Update your Git installation to the latest version to ensure you have the latest security patches.
What to do
- Update almalinux git-lfs to version 3.6.1-7.el10_1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| almalinux | git-lfs | <= 3.6.1-7.el10_1 | 3.6.1-7.el10_1 |
Original title
Important: git-lfs security update
Original description
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- https://access.redhat.com/errata/RHSA-2026:4164 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-68121 Third Party Advisory
- https://bugzilla.redhat.com/2418462 Third Party Advisory
- https://bugzilla.redhat.com/2434432 Third Party Advisory
- https://bugzilla.redhat.com/2437111 Third Party Advisory
- https://errata.almalinux.org/10/ALSA-2026-4164.html Vendor Advisory
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026