Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: git-lfs Important Security Updates for CVEs 2025-5872b9ec46

fedora
Calendar Grey October 29, 2025
Dist Fedora Esm H88
Fedora 41: git-lfs update fixes multiple issues including HTTP Proxy bypass and CrossOriginProtection. Install promptly.
Update to latest version (#2404637) Fix CVE-2025-22870, CVE-2025-47910, CVE-2025-47906, CVE-2025-26625

Summary

Git Large File Storage (LFS) replaces large files such as audio samples,

videos, datasets, and graphics with text pointers inside Git, while

storing the file contents on a remote server.

Update Information:

Update to latest version (#2404637) Fix CVE-2025-22870, CVE-2025-47910, CVE-2025-47906, CVE-2025-26625

Topics%20covered

Topics Covered

security advisory fedora remote access important authorization git-lfs

Change Log

* Mon Oct 20 2025 Elliott Sales de Andrade - 3.7.1-1 - Update to latest version (#2404637)

References


[ 1 ] Bug #2352168 - CVE-2025-22870 git-lfs: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2352168 [ 2 ] Bug #2398435 - CVE-2025-47910 git-lfs: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398435 [ 3 ] Bug #2399097 - CVE-2025-47906 git-lfs: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399097 [ 4 ] Bug #2404637 - git-lfs-3.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2404637 [ 5 ] Bug #2404743 - CVE-2025-26625 git-lfs: Git LFS may write to arbitrary files via crafted symlinks [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2404743

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5872b9ec46' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: git-lfs
Product: Fedora 41
Version: 3.7.1
Release: 1.fc41
URL: https://git-lfs.com/
Summary: Git extension for versioning large files

Topics%20covered

Topics Covered

security advisory fedora remote access important authorization git-lfs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here