Red Hat Product Errata RHSA-2026:10712 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:10712 - Security Advisory Overview Updated Packages Synopsis Important: git-lfs security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for git-lfs is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf x86_64 git-lfs-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 84398f9d1c0eab2cf583d853bd7ac76810a211c92ed68411952784b7c60bb223 git-lfs-debuginfo-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: ea49794d173fd513f976f4e2fc04eb8b42be766f9a28f0ca08344ce3cc88e0ae git-lfs-debugsource-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 5cd4bc66884108914b8053241f92883d9a5b6f1e22f680612ad543af96d5efb5 Red Hat Enterprise Linux Server - AUS 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf x86_64 git-lfs-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 84398f9d1c0eab2cf583d853bd7ac76810a211c92ed68411952784b7c60bb223 git-lfs-debuginfo-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: ea49794d173fd513f976f4e2fc04eb8b42be766f9a28f0ca08344ce3cc88e0ae git-lfs-debugsource-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 5cd4bc66884108914b8053241f92883d9a5b6f1e22f680612ad543af96d5efb5 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf s390x git-lfs-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 9fd509a4c67030e78c49bd4cd78884181c8f2999c175bb4f1db87a46f5f1afbb git-lfs-debuginfo-3.4.1-4.el9_4.5.s390x.rpm SHA-256: f7ccbe73683217620ea0ef5174d36c5f61eda58f4465ce3518c6c72cab8a9b5c git-lfs-debugsource-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 27fd910c08e06b8839f1bca42ef0116783b5dbc87d613f5c3cb44cda2b832ae9 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf ppc64le git-lfs-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: fe39574143aef0eaeb15423d0f0edcaaf314bf56f9e4d881be43c6f965a0bcd0 git-lfs-debuginfo-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: ec2ebb26ecb484acc452b64fdad7369299f0db4644ccebaebce5f0de0ed45c6d git-lfs-debugsource-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: 1f1f43cc21376da299d1536b2f3e6bd6cb80b6a60036bf02e96e12bba78c17d2 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf aarch64 git-lfs-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: ba7cafcca8b2b61688523e5e663b6ad8e6114419fbbdc0b79e559da2f0d6b908 git-lfs-debuginfo-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 85a7decafb29fdad0ee4d89ea679109f1a8c66fe263cbb14ebd79a8c177d0aa8 git-lfs-debugsource-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 254c1ff48cb70c3b930ddfedbf00a32145e5feada1e2709127807ccbc6b02ce2 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf ppc64le git-lfs-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: fe39574143aef0eaeb15423d0f0edcaaf314bf56f9e4d881be43c6f965a0bcd0 git-lfs-debuginfo-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: ec2ebb26ecb484acc452b64fdad7369299f0db4644ccebaebce5f0de0ed45c6d git-lfs-debugsource-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: 1f1f43cc21376da299d1536b2f3e6bd6cb80b6a60036bf02e96e12bba78c17d2 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf x86_64 git-lfs-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 84398f9d1c0eab2cf583d853bd7ac76810a211c92ed68411952784b7c60bb223 git-lfs-debuginfo-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: ea49794d173fd513f976f4e2fc04eb8b42be766f9a28f0ca08344ce3cc88e0ae git-lfs-debugsource-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 5cd4bc66884108914b8053241f92883d9a5b6f1e22f680612ad543af96d5efb5 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf aarch64 git-lfs-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: ba7cafcca8b2b61688523e5e663b6ad8e6114419fbbdc0b79e559da2f0d6b908 git-lfs-debuginfo-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 85a7decafb29fdad0ee4d89ea679109f1a8c66fe263cbb14ebd79a8c177d0aa8 git-lfs-debugsource-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 254c1ff48cb70c3b930ddfedbf00a32145e5feada1e2709127807ccbc6b02ce2 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf s390x git-lfs-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 9fd509a4c67030e78c49bd4cd78884181c8f2999c175bb4f1db87a46f5f1afbb git-lfs-debuginfo-3.4.1-4.el9_4.5.s390x.rpm SHA-256: f7ccbe73683217620ea0ef5174d36c5f61eda58f4465ce3518c6c72cab8a9b5c git-lfs-debugsource-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 27fd910c08e06b8839f1bca42ef0116783b5dbc87d613f5c3cb44cda2b832ae9 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf x86_64 git-lfs-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 84398f9d1c0eab2cf583d853bd7ac76810a211c92ed68411952784b7c60bb223 git-lfs-debuginfo-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: ea49794d173fd513f976f4e2fc04eb8b42be766f9a28f0ca08344ce3cc88e0ae git-lfs-debugsource-3.4.1-4.el9_4.5.x86_64.rpm SHA-256: 5cd4bc66884108914b8053241f92883d9a5b6f1e22f680612ad543af96d5efb5 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf aarch64 git-lfs-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: ba7cafcca8b2b61688523e5e663b6ad8e6114419fbbdc0b79e559da2f0d6b908 git-lfs-debuginfo-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 85a7decafb29fdad0ee4d89ea679109f1a8c66fe263cbb14ebd79a8c177d0aa8 git-lfs-debugsource-3.4.1-4.el9_4.5.aarch64.rpm SHA-256: 254c1ff48cb70c3b930ddfedbf00a32145e5feada1e2709127807ccbc6b02ce2 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf ppc64le git-lfs-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: fe39574143aef0eaeb15423d0f0edcaaf314bf56f9e4d881be43c6f965a0bcd0 git-lfs-debuginfo-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: ec2ebb26ecb484acc452b64fdad7369299f0db4644ccebaebce5f0de0ed45c6d git-lfs-debugsource-3.4.1-4.el9_4.5.ppc64le.rpm SHA-256: 1f1f43cc21376da299d1536b2f3e6bd6cb80b6a60036bf02e96e12bba78c17d2 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 SRPM git-lfs-3.4.1-4.el9_4.5.src.rpm SHA-256: b4877339f7adfd2b5f869acdda5f52b5b62542bce9f7b9cd38f7f0815fbc7bcf s390x git-lfs-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 9fd509a4c67030e78c49bd4cd78884181c8f2999c175bb4f1db87a46f5f1afbb git-lfs-debuginfo-3.4.1-4.el9_4.5.s390x.rpm SHA-256: f7ccbe73683217620ea0ef5174d36c5f61eda58f4465ce3518c6c72cab8a9b5c git-lfs-debugsource-3.4.1-4.el9_4.5.s390x.rpm SHA-256: 27fd910c08e06b8839f1bca42ef0116783b5dbc87d613f5c3cb44cda2b832ae9 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .