UbuntuUpdates.org

Package "gvfs-common"

Name: gvfs-common

Description:

userspace virtual filesystem - common data files
Latest version: 1.48.2-0ubuntu1.1
Release: jammy (22.04)
Level: updates
Repository: main
Head package: gvfs
Homepage: https://wiki.gnome.org/Projects/gvfs

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gvfs-common"

All arch deb package
APT INSTALL

Other versions of "gvfs-common" in Jammy

Repository Area Version
base main 1.48.1-4
security main 1.48.2-0ubuntu1.1

Changelog

Version: 1.48.2-0ubuntu1.1 2026-03-24 02:08:00 UTC

  gvfs (1.48.2-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: open port probe via FTP backend
    - debian/patches/CVE-2026-28295.patch: use control connection address
      for PASV data in daemon/gvfsbackendftp.c, daemon/gvfsbackendftp.h,
      daemon/gvfsftptask.c.
    - CVE-2026-28295
  * SECURITY UPDATE: arbitrary FTP command injection via CRLF
    - debian/patches/CVE-2026-28296.patch: reject paths containing CR/LF
      characters in daemon/gvfsbackendftp.c, daemon/gvfsftpfile.c,
      daemon/gvfsftpfile.h.
    - CVE-2026-28296

 -- Marc Deslauriers <email address hidden> Wed, 18 Mar 2026 12:17:40 -0400
Source diff to previous version
CVE-2026-28295 A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its
CVE-2026-28296 A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file pat

Version: 1.48.2-0ubuntu1 2022-06-21 23:06:25 UTC

  gvfs (1.48.2-0ubuntu1) jammy; urgency=medium

  * New upstream release (LP: #1977467)

 -- Jeremy Bicha <email address hidden> Fri, 03 Jun 2022 14:53:45 -0400
1977467 Update gvfs to 1.48.2


About   -   Send Feedback to @ubuntu_updates