Описание
Security update for gvfs
This update for gvfs fixes the following issues:
- CVE-2026-28295: Fix ftp use control connection address for PASV data (bsc#1258953).
- CVE-2026-28296: Fix ftp reject paths containing CR/LF characters (bsc#1258954).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
gvfs-1.48.2-150400.4.9.1
gvfs-backend-afc-1.48.2-150400.4.9.1
gvfs-backend-samba-1.48.2-150400.4.9.1
gvfs-backends-1.48.2-150400.4.9.1
gvfs-devel-1.48.2-150400.4.9.1
gvfs-fuse-1.48.2-150400.4.9.1
gvfs-lang-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
gvfs-1.48.2-150400.4.9.1
gvfs-backend-afc-1.48.2-150400.4.9.1
gvfs-backend-samba-1.48.2-150400.4.9.1
gvfs-backends-1.48.2-150400.4.9.1
gvfs-devel-1.48.2-150400.4.9.1
gvfs-fuse-1.48.2-150400.4.9.1
gvfs-lang-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
gvfs-1.48.2-150400.4.9.1
gvfs-backend-afc-1.48.2-150400.4.9.1
gvfs-backend-samba-1.48.2-150400.4.9.1
gvfs-backends-1.48.2-150400.4.9.1
gvfs-devel-1.48.2-150400.4.9.1
gvfs-fuse-1.48.2-150400.4.9.1
gvfs-lang-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
gvfs-1.48.2-150400.4.9.1
gvfs-backend-afc-1.48.2-150400.4.9.1
gvfs-backend-samba-1.48.2-150400.4.9.1
gvfs-backends-1.48.2-150400.4.9.1
gvfs-devel-1.48.2-150400.4.9.1
gvfs-fuse-1.48.2-150400.4.9.1
gvfs-lang-1.48.2-150400.4.9.1
SUSE Linux Enterprise Server 15 SP4-LTSS
gvfs-1.48.2-150400.4.9.1
gvfs-backend-afc-1.48.2-150400.4.9.1
gvfs-backend-samba-1.48.2-150400.4.9.1
gvfs-backends-1.48.2-150400.4.9.1
gvfs-devel-1.48.2-150400.4.9.1
gvfs-fuse-1.48.2-150400.4.9.1
gvfs-lang-1.48.2-150400.4.9.1
SUSE Linux Enterprise Server 15 SP5-LTSS
gvfs-1.48.2-150400.4.9.1
gvfs-backend-afc-1.48.2-150400.4.9.1
gvfs-backend-samba-1.48.2-150400.4.9.1
gvfs-backends-1.48.2-150400.4.9.1
gvfs-devel-1.48.2-150400.4.9.1
gvfs-fuse-1.48.2-150400.4.9.1
gvfs-lang-1.48.2-150400.4.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
gvfs-1.48.2-150400.4.9.1
gvfs-backend-afc-1.48.2-150400.4.9.1
gvfs-backend-samba-1.48.2-150400.4.9.1
gvfs-backends-1.48.2-150400.4.9.1
gvfs-devel-1.48.2-150400.4.9.1
gvfs-fuse-1.48.2-150400.4.9.1
gvfs-lang-1.48.2-150400.4.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
gvfs-1.48.2-150400.4.9.1
gvfs-backend-afc-1.48.2-150400.4.9.1
gvfs-backend-samba-1.48.2-150400.4.9.1
gvfs-backends-1.48.2-150400.4.9.1
gvfs-devel-1.48.2-150400.4.9.1
gvfs-fuse-1.48.2-150400.4.9.1
gvfs-lang-1.48.2-150400.4.9.1
Ссылки
- Link for SUSE-SU-2026:0923-1
- E-Mail link for SUSE-SU-2026:0923-1
- SUSE Security Ratings
- SUSE Bug 1258953
- SUSE Bug 1258954
- SUSE CVE CVE-2026-28295 page
- SUSE CVE CVE-2026-28296 page
Описание
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvfs-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvfs-backend-afc-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvfs-backend-samba-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvfs-backends-1.48.2-150400.4.9.1
Ссылки
- CVE-2026-28295
- SUSE Bug 1258953
Описание
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvfs-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvfs-backend-afc-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvfs-backend-samba-1.48.2-150400.4.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvfs-backends-1.48.2-150400.4.9.1
Ссылки
- CVE-2026-28296
- SUSE Bug 1258954