Updated gvfs packages fix security vulnerabilities
Publication date: 22 Apr 2026Modification date: 22 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-28295 , CVE-2026-28296
Description
Gvfs: gvfs ftp backend: information disclosure via untrusted pasv
responses. (CVE-2026-28295)
Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf
sequences in file paths. (CVE-2026-28296)
References
- https://bugs.mageia.org/show_bug.cgi?id=35171
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HQU2RBFHWZPMIUYTLU72VSQUTNQ2MUIK/
- https://ubuntu.com/security/notices/USN-8114-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28295
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28296
SRPMS
9/core
- gvfs-1.50.4-1.1.mga9