git-lfs-3.4.1-7.el8_10

エラータID: AXSA:2026-164:01

Release date: 
Thursday, February 12, 2026 - 14:06
Subject: 
git-lfs-3.4.1-7.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-61729
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Solution: 

Update packages.

CVEs: 
CVE-2025-61729
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Additional Info: 

N/A

Download: 

SRPMS
  1. git-lfs-3.4.1-7.el8_10.src.rpm
    MD5: 5118af77530b2653d7d8acae41a00cd6
    SHA-256: 4ae014e03bdb55b34d65e2e297a03eaca586cff7a67c5eecd832fc8584b84b40
    Size: 3.46 MB

Asianux Server 8 for x86_64
  1. git-lfs-3.4.1-7.el8_10.x86_64.rpm
    MD5: 4822da9e2e1afd29f7a7e0e2e445fb07
    SHA-256: 2773e9bd478f00bb45304b4e129a43e05c097ddc4767c7b63d381228f15fc020
    Size: 4.72 MB