Updated gvfs packages fix security vulnerabilities

Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses. CVE-2026-28295 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths. CVE-2026-28296...

SUSE-SU-2026:20988-1 Security update for gnome-online-accounts, gvfs

This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRL...

DLA-4513-1 gvfs - security update

Bulletin has no description...

SUSE-SU-2026:0916-1 Security update for gvfs

This update for gvfs fixes the following issues: - CVE-2026-28295: fixed by using control connection address for PASV data bsc1258953. - CVE-2026-28296: fixed by rejecting paths containing CR/LF characters bsc1258954...

SUSE CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

CVE-2026-28295 Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

gvfs 注入漏洞

GVFS is a GNOME open-source virtual file system. GVFS has a vulnerability that stems from insufficient validation of file path inputs containing carriage return sequences, which could lead to the execution of arbitrary code or other serious issues...

gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

The vulnerability of the daemon/gvfsbackendadmin.c component of the GVFS subsystem in GNOME desktop environments on Linux operating systems allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.

The vulnerability of the daemon/gvfsbackendadmin.c component in the GVFS subsystem of GNOME desktop environments on Linux operating systems arises from the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability allows an attacker to compromise...

The vulnerability of the daemon/gvfsbackendadmin.c component of the GVFS subsystem in GNOME desktop environments on Linux operating systems allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.

The vulnerability of the daemon/gvfsbackendadmin.c component in the GVFS subsystem of GNOME desktop environments on Linux operating systems is related to permission handling errors. Exploiting this vulnerability allows an attacker to compromise the integrity, confidentiality, and accessibility of...

UBUNTU-CVE-2019-12447

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used...

CVE-2004-0494

Multiple extfs backend scripts for GNOME virtual file system VFS before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI...

FreeBSD : gnomevfs -- unsafe URI handling (60)

The following package needs to be updated: gnomevfs2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg7884d56ff7a111d89837000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

CVE-2004-0494

Multiple extfs backend scripts for GNOME virtual file system VFS before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI...

security flaw

Multiple extfs backend scripts for GNOME virtual file system VFS before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI...