Oracle Linux git-lfs Vulnerability Advisory for Versions 8 and 9

Oracle Linux git-lfs Vulnerability Advisory for Versions 8 and 9

First seen 1 Jul 2026, 10:45 UTC Linuxsecurity 83% similarity 57.8
Share:

Article Content

Browse articles
ThreatCluster

Oracle has released important security advisories for git-lfs affecting Oracle Linux 8 and 9. Both advisories address CVE-2026-39821, which was published on May 22, 2026. The vulnerability involves the vendored golang.org/x/net/idna ToUnicode function incorrectly accepting all-ASCII xn-- labels. This flaw can potentially allow unauthorized remote access. Oracle Linux 9 received a direct fix, while Oracle Linux 8 received a backported patch. The advisories highlight the importance of updating to the latest versions to mitigate potential risks. Users are encouraged to apply the patches promptly to secure their systems.

Key Points: • CVE-2026-39821 affects both Oracle Linux 8 and 9, allowing unauthorized remote access. • Oracle Linux 9 received a direct fix, while Oracle Linux 8 received a backported patch. • Users are urged to update their systems promptly to mitigate risks associated with this vulnerability.

ThreatCluster AI

Timeline

2026-05-22
CVE-2026-39821 published
CVE-2026-39821 details a vulnerability in golang.org/x/net/idna that affects multiple systems.
Linuxsecurity
2026-06-30
Oracle Linux 8 advisory released
Oracle released ELSA-2026-30853 for Linux 8, addressing CVE-2026-39821 with a backported fix.
Linuxsecurity
2026-07-01
Oracle Linux 9 advisory released
Oracle released ELSA-2026-30854 for Linux 9, providing a direct fix for CVE-2026-39821.
Linuxsecurity

Community

Browse all →