4 matches found
Updated gvfs packages fix security vulnerabilities
Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses. CVE-2026-28295 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths. CVE-2026-28296...
SUSE-SU-2026:20988-1 Security update for gnome-online-accounts, gvfs
This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRL...
DLA-4513-1 gvfs - security update
Bulletin has no description...
CVE-2026-28295 Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...