Red Hat Product Errata RHSA-2026:9436 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9436 - Security Advisory Overview Updated Packages Synopsis Important: git-lfs security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for git-lfs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM git-lfs-2.13.3-5.el9_0.7.src.rpm SHA-256: bf9b0439353d36911aa6fa5301b34b94a88e1b3b96d969da20ffcd1c6dbdef22 ppc64le git-lfs-2.13.3-5.el9_0.7.ppc64le.rpm SHA-256: ca42bb73d5099643e46d33cec90a4025362f4feca233184ffbf7896c3068680c git-lfs-debuginfo-2.13.3-5.el9_0.7.ppc64le.rpm SHA-256: c5350b9a2ee4f599daac14a82b7dcddfc18841223c7f30bc0edb1d232fc589de git-lfs-debugsource-2.13.3-5.el9_0.7.ppc64le.rpm SHA-256: 48352f5910c631d06b7533bb4dbd2748ad8cbcc440858ff162c5a15e80a58e5f Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM git-lfs-2.13.3-5.el9_0.7.src.rpm SHA-256: bf9b0439353d36911aa6fa5301b34b94a88e1b3b96d969da20ffcd1c6dbdef22 x86_64 git-lfs-2.13.3-5.el9_0.7.x86_64.rpm SHA-256: 057586c284026e01963c2e07b792af6f5ab51f707c3ce2316b1dbb84c52a8a10 git-lfs-debuginfo-2.13.3-5.el9_0.7.x86_64.rpm SHA-256: d3403c8842a1eafcd1304932d518cb3737f3019e02e5591a5388baeb0cb7863c git-lfs-debugsource-2.13.3-5.el9_0.7.x86_64.rpm SHA-256: 9ef448c563c2acadd248683bca4d069c13fa943caf8831701986c73ebbda3892 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM git-lfs-2.13.3-5.el9_0.7.src.rpm SHA-256: bf9b0439353d36911aa6fa5301b34b94a88e1b3b96d969da20ffcd1c6dbdef22 aarch64 git-lfs-2.13.3-5.el9_0.7.aarch64.rpm SHA-256: 2903709710dcb4b45844fc07c7aab29d45b913375b447577040bd5d1ae156074 git-lfs-debuginfo-2.13.3-5.el9_0.7.aarch64.rpm SHA-256: 979e8f38598ee959cb2d50f925ff7390f4aca5d2b79532e7ae8b234bc62c8e2f git-lfs-debugsource-2.13.3-5.el9_0.7.aarch64.rpm SHA-256: 8f5211b9f780e8dcddbba9e75e5ff1394106c83abb2e030937308cc22730ec24 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM git-lfs-2.13.3-5.el9_0.7.src.rpm SHA-256: bf9b0439353d36911aa6fa5301b34b94a88e1b3b96d969da20ffcd1c6dbdef22 s390x git-lfs-2.13.3-5.el9_0.7.s390x.rpm SHA-256: caca0f3d05f51d89c4e68a91180d8efb0c77d7a3d40cec4660fbfb5a63b9e158 git-lfs-debuginfo-2.13.3-5.el9_0.7.s390x.rpm SHA-256: c14084f128000e834cdc55594f4a7d42b0d6a7b1d3ae71ac678b263c2e24de6d git-lfs-debugsource-2.13.3-5.el9_0.7.s390x.rpm SHA-256: 6897d45271f1a96a6544e88d261750bb635de710ed5d6ab09c7d14bf70bd7f9a The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .