git-lfs-3.4.1-11.el8_10

エラータID: AXSA:2026-1139:07

Release date: 
Wednesday, July 1, 2026 - 11:01
Subject: 
git-lfs-3.4.1-11.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. git-lfs-3.4.1-11.el8_10.src.rpm
    MD5: 04430afa3df331d35bf6773c28db8ff8
    SHA-256: d5f555606f6b90d91f138cbc9f189a651e00208ead15a198646be7821a5a88cb
    Size: 3.46 MB

Asianux Server 8 for x86_64
  1. git-lfs-3.4.1-11.el8_10.x86_64.rpm
    MD5: 94f70552269f185d3814d3495cd27c42
    SHA-256: 596c5bcac228f74039e67aa76983b51d0ed41f421ea10de3fe083c12506a7f04
    Size: 4.73 MB