OESA-2026-2571
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2571
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2571.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-2571
- Upstream
- Published
- 2026-06-05T15:48:51Z
- Modified
- 2026-06-05T16:00:40.175702306Z
- Summary
- gvfs security update
- Details
-
Gvfs is a userspace virtual filesystem implementation for GIO (a library available in GLib). It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage.
Security Fix(es):
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.(CVE-2026-28296)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:24.03-LTS-SP3 / gvfs
Package
- Name
- gvfs
- Purl
- pkg:rpm/openEuler/gvfs&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.50.2-9.oe2403sp3
Ecosystem specific
{
"x86_64": [
"gvfs-1.50.2-9.oe2403sp3.x86_64.rpm",
"gvfs-client-1.50.2-9.oe2403sp3.x86_64.rpm",
"gvfs-debuginfo-1.50.2-9.oe2403sp3.x86_64.rpm",
"gvfs-debugsource-1.50.2-9.oe2403sp3.x86_64.rpm",
"gvfs-devel-1.50.2-9.oe2403sp3.x86_64.rpm"
],
"src": [
"gvfs-1.50.2-9.oe2403sp3.src.rpm"
],
"noarch": [
"gvfs-help-1.50.2-9.oe2403sp3.noarch.rpm"
],
"aarch64": [
"gvfs-1.50.2-9.oe2403sp3.aarch64.rpm",
"gvfs-client-1.50.2-9.oe2403sp3.aarch64.rpm",
"gvfs-debuginfo-1.50.2-9.oe2403sp3.aarch64.rpm",
"gvfs-debugsource-1.50.2-9.oe2403sp3.aarch64.rpm",
"gvfs-devel-1.50.2-9.oe2403sp3.aarch64.rpm"
]
}