Red Hat Product Errata RHSA-2026:20581 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20581 - Security Advisory Overview Updated Packages Synopsis Important: git-lfs security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM git-lfs-2.13.3-3.el8_4.5.src.rpm SHA-256: 225b28a80c04b2b74c29596aff2a1fd8fd34865be50268822fc9be2d354d3776 x86_64 git-lfs-2.13.3-3.el8_4.5.x86_64.rpm SHA-256: 33b61e0eb4c9cf014855148559476979fd820cf694fc33040b5b34521ff0c1f0 git-lfs-debuginfo-2.13.3-3.el8_4.5.x86_64.rpm SHA-256: 9018cf35efece2c61fb797f4a2f5a9e2aa06d81f55f76cecd4a5d248de7e8752 git-lfs-debugsource-2.13.3-3.el8_4.5.x86_64.rpm SHA-256: 09ec213c9789c9196d3b7446a0bf1196d503cb1ac2c86ac4b4f4e9392c77f527 Red Hat Enterprise Linux Server - AUS 8.4 SRPM git-lfs-2.13.3-3.el8_4.5.src.rpm SHA-256: 225b28a80c04b2b74c29596aff2a1fd8fd34865be50268822fc9be2d354d3776 x86_64 git-lfs-2.13.3-3.el8_4.5.x86_64.rpm SHA-256: 33b61e0eb4c9cf014855148559476979fd820cf694fc33040b5b34521ff0c1f0 git-lfs-debuginfo-2.13.3-3.el8_4.5.x86_64.rpm SHA-256: 9018cf35efece2c61fb797f4a2f5a9e2aa06d81f55f76cecd4a5d248de7e8752 git-lfs-debugsource-2.13.3-3.el8_4.5.x86_64.rpm SHA-256: 09ec213c9789c9196d3b7446a0bf1196d503cb1ac2c86ac4b4f4e9392c77f527 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .