ELSA-2026-30854 - git-lfs security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2026-06-29 |
Description
[3.7.1-4.1]
- Fix CVE-2026-39821: vendored golang.org/x/net/idna ToUnicode
incorrectly accepting all-ASCII xn-- labels
- Resolves: RHEL-183797
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle Linux 9 (aarch64) | git-lfs-3.7.1-4.el9_8.1.src.rpm | 79cc6e3616fe0523edaf363adee697b9854435280922478b45cafc722e200be6 | - | ol9_aarch64_appstream |
| git-lfs-3.7.1-4.el9_8.1.aarch64.rpm | 1c5002b6c30f75bdb677766452c0de68c413027a6871dcb4c668b06463a39e5d | - | ol9_aarch64_appstream |
|
| Oracle Linux 9 (x86_64) | git-lfs-3.7.1-4.el9_8.1.src.rpm | 79cc6e3616fe0523edaf363adee697b9854435280922478b45cafc722e200be6 | - | ol9_x86_64_appstream |
| git-lfs-3.7.1-4.el9_8.1.x86_64.rpm | cc967585048c84e0f1e3421b1f1f1e06c39d470353c8bf4622245e0d5ca4a999 | - | ol9_x86_64_appstream |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
