Red Hat Product Errata RHSA-2026:9434 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9434 - Security Advisory Overview Updated Packages Synopsis Important: git-lfs security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 x86_64 git-lfs-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 0a758284268b7264a7bf17d4b85e24d8cd751a28ab1204d303abb7e61004680b git-lfs-debuginfo-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 3631de0e4cda2c245966f56f8a2a9966ffd0cebacb2110ae7028b61c781b066c git-lfs-debugsource-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 1c0f486cb060820bde360d9e6d13e86e0b547f6c0fc3996597583cb307f0c60c Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 ppc64le git-lfs-3.2.0-2.el9_2.6.ppc64le.rpm SHA-256: 1fc908004b42ee1adde046b0274fd669ac3d233409ddbd79b370e67d82724dce git-lfs-debuginfo-3.2.0-2.el9_2.6.ppc64le.rpm SHA-256: 4b8cdb30f2d7a3a43805420b95ace0b8cd651c9f9dff8949e1f1480305accea1 git-lfs-debugsource-3.2.0-2.el9_2.6.ppc64le.rpm SHA-256: 2e3452ea7d1d811d7a73556c8531e491c7561aa7f0a22d7a949d0f6f5b8e8908 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 x86_64 git-lfs-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 0a758284268b7264a7bf17d4b85e24d8cd751a28ab1204d303abb7e61004680b git-lfs-debuginfo-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 3631de0e4cda2c245966f56f8a2a9966ffd0cebacb2110ae7028b61c781b066c git-lfs-debugsource-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 1c0f486cb060820bde360d9e6d13e86e0b547f6c0fc3996597583cb307f0c60c Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 aarch64 git-lfs-3.2.0-2.el9_2.6.aarch64.rpm SHA-256: 4cdfe2a2e753a7d4dd8e985a5f5cf4c577bb9a22e71590d31430b7b8e3c7697f git-lfs-debuginfo-3.2.0-2.el9_2.6.aarch64.rpm SHA-256: ca6cd0e5cebcd9035361d9c049660a4ba99cab9949b6cd8b97e5cebc3252d6f9 git-lfs-debugsource-3.2.0-2.el9_2.6.aarch64.rpm SHA-256: d4acb483680b7a501f2a5fed041f93f4864d03ac9f659619d2f681f5d78150ee Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 s390x git-lfs-3.2.0-2.el9_2.6.s390x.rpm SHA-256: 33b50362dd2015e9c8d37b77c12e9e231b7a6d55718ad9bf061d2402570a6b44 git-lfs-debuginfo-3.2.0-2.el9_2.6.s390x.rpm SHA-256: 4fd3eb95a012c85767dfe5d1b2bc458260102ffdf8b6de2aed52ed8ec645679e git-lfs-debugsource-3.2.0-2.el9_2.6.s390x.rpm SHA-256: 12a89f4d874de8eeb11ec9fe4bf7833da4ae0cb8e4724fc459832224b27e241b Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 x86_64 git-lfs-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 0a758284268b7264a7bf17d4b85e24d8cd751a28ab1204d303abb7e61004680b git-lfs-debuginfo-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 3631de0e4cda2c245966f56f8a2a9966ffd0cebacb2110ae7028b61c781b066c git-lfs-debugsource-3.2.0-2.el9_2.6.x86_64.rpm SHA-256: 1c0f486cb060820bde360d9e6d13e86e0b547f6c0fc3996597583cb307f0c60c Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 aarch64 git-lfs-3.2.0-2.el9_2.6.aarch64.rpm SHA-256: 4cdfe2a2e753a7d4dd8e985a5f5cf4c577bb9a22e71590d31430b7b8e3c7697f git-lfs-debuginfo-3.2.0-2.el9_2.6.aarch64.rpm SHA-256: ca6cd0e5cebcd9035361d9c049660a4ba99cab9949b6cd8b97e5cebc3252d6f9 git-lfs-debugsource-3.2.0-2.el9_2.6.aarch64.rpm SHA-256: d4acb483680b7a501f2a5fed041f93f4864d03ac9f659619d2f681f5d78150ee Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 ppc64le git-lfs-3.2.0-2.el9_2.6.ppc64le.rpm SHA-256: 1fc908004b42ee1adde046b0274fd669ac3d233409ddbd79b370e67d82724dce git-lfs-debuginfo-3.2.0-2.el9_2.6.ppc64le.rpm SHA-256: 4b8cdb30f2d7a3a43805420b95ace0b8cd651c9f9dff8949e1f1480305accea1 git-lfs-debugsource-3.2.0-2.el9_2.6.ppc64le.rpm SHA-256: 2e3452ea7d1d811d7a73556c8531e491c7561aa7f0a22d7a949d0f6f5b8e8908 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM git-lfs-3.2.0-2.el9_2.6.src.rpm SHA-256: a9b9e66971d91a91c5b8c1006cbdfaaccf3b4c30e24ce3ba554fff2474873e73 s390x git-lfs-3.2.0-2.el9_2.6.s390x.rpm SHA-256: 33b50362dd2015e9c8d37b77c12e9e231b7a6d55718ad9bf061d2402570a6b44 git-lfs-debuginfo-3.2.0-2.el9_2.6.s390x.rpm SHA-256: 4fd3eb95a012c85767dfe5d1b2bc458260102ffdf8b6de2aed52ed8ec645679e git-lfs-debugsource-3.2.0-2.el9_2.6.s390x.rpm SHA-256: 12a89f4d874de8eeb11ec9fe4bf7833da4ae0cb8e4724fc459832224b27e241b The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .