git-lfs-3.6.1-2.el9_6

エラータID: AXSA:2025-10545:05

Release date: 
Tuesday, July 22, 2025 - 17:52
Subject: 
git-lfs-3.6.1-2.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

* net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Solution: 

Update packages.

CVEs: 
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Additional Info: 

N/A

Download: 

SRPMS
  1. git-lfs-3.6.1-2.el9_6.src.rpm
    MD5: cfc9f3008718540bf40aa38385ab077a
    SHA-256: 519dcfe0281e0af4ca2b2e2863541dac75d78fbb0a7ebb757fd6d38f4c229100
    Size: 3.45 MB

Asianux Server 9 for x86_64
  1. git-lfs-3.6.1-2.el9_6.x86_64.rpm
    MD5: 3a5a98e6b36dab6a8a42484f328519a2
    SHA-256: 61905caa98fb4635063ee1c2936e27c2dd849c46a8921532123d2641b0137696
    Size: 4.46 MB