Updated gvfs packages fix security vulnerabilities

Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses. CVE-2026-28295 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths. CVE-2026-28296...

CVE-2026-31519

A flaw was found in the Linux kernel's Btrfs filesystem. A race condition, a situation where the outcome depends on the sequence or timing of uncontrollable events, can occur during the creation and cleanup of subvolumes. This can result in a valid subvolume being incorrectly marked as a broken...

CVE-2026-31514

A flaw was found in the Linux kernel's erofs filesystem component. When an input/output I/O request for a file-backed mount is interrupted by a SIGKILL signal, the system incorrectly marks unused data blocks as up-to-date. This can lead to data integrity issues or the potential disclosure of stal...

RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks

Missing Admin Auth on Notification Target Endpoints in RustFS Finding Summary All four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any admin-action...

CVE-2026-31496

A flaw was found in the Linux kernel's netfilter subsystem. This vulnerability allows a local user to potentially access or view network connection tracking expectations nfconntrackexpect from other network namespaces netns via the /proc filesystem. This could lead to information disclosure or a...

CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

uutils coreutils has a Link Following issue

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

GHSA-957R-R8GC-VV3H uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

uutils coreutils has a Link Following Issue Via rm Utility

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

uutils coreutils allows users to bypass the --preserve-root safety mechanism

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

CVE-2026-31455

A flaw was found in the Linux kernel's XFS file system. During the unmount process, the system attempts to flush data while background cleanup and inode garbage collection inodegc operations are still active. This improper synchronization can lead to data integrity issues or system instability, a...

CVE-2026-31453

A flaw was found in the Linux kernel's XFS filesystem. This vulnerability arises when log items are accessed after their memory has been freed, specifically during certain push callbacks if the Allocation Information List AIL lock is released. This memory corruption can lead to a system crash,...

CVE-2026-31452

A flaw was found in the Linux kernel's ext4 filesystem. A local user could exploit a vulnerability where the truncate function, when used to expand a file beyond its inline data capacity, fails to properly convert the file to extent-based storage. This inconsistency can lead to a kernel crash BUG...

CVE-2026-31451

A flaw was found in the Linux kernel's ext4 filesystem. When processing inline data, if the data size exceeded the expected page size, it could lead to a kernel panic. This issue could be triggered by a local user with access to a specially crafted or corrupted ext4 filesystem, resulting in a...

CVE-2026-31449

A flaw was found in the Linux kernel's ext4 filesystem. A local attacker could exploit this vulnerability by providing a specially crafted or corrupted on-disk extent header. This could cause an out-of-bounds read in memory, potentially leading to information disclosure or a system crash Denial o...

CVE-2026-31446

A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability, a use-after-free, occurs due to a timing issue when the updatesuperwork function attempts to access memory that has already been released during a filesystem unmount operation. A local attacker could potentially exploit...

CVE-2026-31448

A flaw was found in the Linux kernel's ext4 filesystem. When creating a directory or node, if an extent insertion fails, the system may not properly clear residual data. This can lead to a situation where both directory and extended attribute xattr blocks simultaneously use the same memory buffer...

CVE-2026-35338

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

CVE-2026-31438

A flaw was found in the Linux kernel's netfs component. When a process crashes and the kernel attempts to write a core dump to a 9P filesystem, the netfslimititer function does not properly handle ITERKVEC iterators. This oversight can lead to a kernel BUG, resulting in a system crash and a Denia...