USN-8114-1
- Source
- https://ubuntu.com/security/notices/USN-8114-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8114-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8114-1
- Upstream
- Related
- Published
- 2026-03-23T12:53:19Z
- Modified
- 2026-04-24T10:11:09.892535Z
- Summary
- gvfs vulnerabilities
- Details
-
It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. (CVE-2026-28295)
It was discovered that the GVfs FTP backend incorrectly handled crafted file paths. A remote attacker could use this issue to terminate or inject arbitrary FTP commands, or possibly execute arbitrary code. (CVE-2026-28296)
- References
Affected packages
Ubuntu:22.04:LTS / gvfs
Package
- Name
- gvfs
- Purl
- pkg:deb/ubuntu/gvfs@1.48.2-0ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.48.2-0ubuntu1.1
Affected versions
1.*
1.47.91-1ubuntu1
1.48.1-2ubuntu2
1.48.1-2ubuntu3
1.48.1-2ubuntu5
1.48.1-3
1.48.1-4
1.48.2-0ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gvfs",
"binary_version": "1.48.2-0ubuntu1.1"
},
{
"binary_name": "gvfs-backends",
"binary_version": "1.48.2-0ubuntu1.1"
},
{
"binary_name": "gvfs-common",
"binary_version": "1.48.2-0ubuntu1.1"
},
{
"binary_name": "gvfs-daemons",
"binary_version": "1.48.2-0ubuntu1.1"
},
{
"binary_name": "gvfs-fuse",
"binary_version": "1.48.2-0ubuntu1.1"
},
{
"binary_name": "gvfs-libs",
"binary_version": "1.48.2-0ubuntu1.1"
}
],
"availability": "No subscription required"
}
Ubuntu:24.04:LTS / gvfs
Package
- Name
- gvfs
- Purl
- pkg:deb/ubuntu/gvfs@1.54.4-0ubuntu1~24.04.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.54.4-0ubuntu1~24.04.2
Affected versions
1.*
1.52.0-1
1.52.1-1build1
1.52.2-1
1.53.90-2
1.54.0-1build1
1.54.0-1build2
1.54.0-1build3
1.54.0-1ubuntu2
1.54.4-0ubuntu1~24.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gvfs",
"binary_version": "1.54.4-0ubuntu1~24.04.2"
},
{
"binary_name": "gvfs-backends",
"binary_version": "1.54.4-0ubuntu1~24.04.2"
},
{
"binary_name": "gvfs-common",
"binary_version": "1.54.4-0ubuntu1~24.04.2"
},
{
"binary_name": "gvfs-daemons",
"binary_version": "1.54.4-0ubuntu1~24.04.2"
},
{
"binary_name": "gvfs-fuse",
"binary_version": "1.54.4-0ubuntu1~24.04.2"
},
{
"binary_name": "gvfs-libs",
"binary_version": "1.54.4-0ubuntu1~24.04.2"
}
],
"availability": "No subscription required"
}
Ubuntu:25.10 / gvfs
Package
- Name
- gvfs
- Purl
- pkg:deb/ubuntu/gvfs@1.57.2-2ubuntu5.1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.57.2-2ubuntu5.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gvfs",
"binary_version": "1.57.2-2ubuntu5.1"
},
{
"binary_name": "gvfs-backends",
"binary_version": "1.57.2-2ubuntu5.1"
},
{
"binary_name": "gvfs-common",
"binary_version": "1.57.2-2ubuntu5.1"
},
{
"binary_name": "gvfs-daemons",
"binary_version": "1.57.2-2ubuntu5.1"
},
{
"binary_name": "gvfs-fuse",
"binary_version": "1.57.2-2ubuntu5.1"
},
{
"binary_name": "gvfs-libs",
"binary_version": "1.57.2-2ubuntu5.1"
}
],
"availability": "No subscription required"
}