Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorySuSEimportant

SUSE BCI 16.0 gnome-online-accounts Important FTP Issues 2026-20988-1

An update that solves two vulnerabilities can now be installed.. # Security update for gnome-online-accounts, gvfs Announcement ID: SUSE-SU-2026:20988-1 Release Date: 2026-03-31T09:11:58Z Rating: important References: * bsc#1258953 * bsc#1258954 Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: * CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953). * CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths (bsc#1258954). Changelog: Update to version 1.59.90: * client: Fix use-after-free when creating async proxy failed * udisks2: Emit changed signals from update_all() * daemon: Fix race on subscribers list when on thread * ftp: Validate fe_size when parsing symlink target * ftp: Check localtime() return value before use * gphoto2: Use g_try_realloc() instead of g_realloc() * cdda: Reject path traversal in mount URI host * client: Fail when URI has invalid UTF-8 chars * udisks2: Fix memory corruption with duplicate mount paths * build: Update GOA dependency to > 3.57.0 * Some other fixes * ftp: Use control connection address for PASV data. *ftp: Reject paths containing CR/LF characters Update to version 1.59.1: * mtp: replace Android extension checks with capability checks * dav: Add X-OC-Mtime header on push to preserve last modified time * udisks2: Use hash tables in the volume monitor to improve performance * onedrive: Check for identity instead of presentation identity * build: Disable google option and mark as deprecated Update to version 1.58.2: * ftp: Use control connection address for PASV data * ftp: Reject paths containing CR/LF characters Update to version 1.58.1: * cdda: Fix duration of last track for some media * build: Fix build when google option is disabled * Fix various memory leaks * Updated translations. Update to version 1.58.0: * mtp: Allow cancelling ongoing folder enumerations * wsdd: Use socket-activated service if available * onedrive: Set emblem for remote data * fix: Add file rename support in MTP backend move operation * mtp: Fix -Wmaybe-uninitialized warning in pad_file * fuse: use fuse_(un)set_feature_flag for libfuse 3.17+ * smbbrowse: Purge server cache for next auth try * metatree: Open files with O_CLOEXEC * cdda: Fix incorrect track duration for 99-track CDs * metadata: Fix journal file permissions inconsistency * dav: recognize 308 Permanent Redirect Changes for gnome-online-accounts: Update to version 3.58.0: * SMTP server without password cannot be configured * Remove unneeded SMTP password escaping * build: Disable google provider Files feature * MS365: Fix mail address and name * Google: Set mail name to presentation identity * Updated translations. Update to version 3.57.1: * Default Microsoft 365 client is unverified * Microsoft 365: Make use of email for id * goadaemon: Allow manage system notifications * goamsgraphprovider: bump credentials generation * goaprovider: Allow to disable, instead of enable, selected providers Changes from version 3.57.0: * Support for saving a Kerberos password to the keychain after the firstlogin * changing expired kerberos password is not supported. * Provided Files URI does not override undiscovered endpoint * DAV client rejects 204 status in OPTIONS request handler * Include emblem-default-symbolic.svg * Connecting a Runbox CardDAV/CalDAV account hangs/freezes after sign in * i81n: fix translatable string * goaimapsmptprovider: fix accounts without SMTP or authentication-less SMTP * build: only install icons for the goabackend build * build: don't require goabackend to build documentation * ci: test the build without gtk4 * DAV-client: Added short path for SOGo Update to version 3.56.4: * Bugs fixed: * Unclear which part of "IMAP+SMTP" account test failed * Adding nextcloud account which has a subfolder does not work * goadaemon: Handle broken account configs Update to version 3.56.3: * Add DAV detection and configuration for SOGo * DAV discovery fails when certain SRV lookups fail Update to version 3.56.1: * Support for saving a Kerberos password after the first login * Changing expired kerberos password is not supported * Provided Files URI does not override undiscovered endpoint * DAV client rejects 204 status in OPTIONS request handler Update to version 3.56.0: * Code style and logging cleanups * Updated translations Update to version 3.55.2: * goaoauth2provider: improve error handling for auth/token endpoints Update to version 3.55.1: * Support Webflow authentication for Nextcloud * Rename dconf key in gnome-online-accounts settings * "Account Name" GUI field is a bit ambiguous * Failed to generate a new POT file for the user interface of "gnome-online- accounts" (domain: "po") and some missing files from POTFILES.in Update to version 3.55.0: * Add progress spinner for OAuth2 dialogs * Remove Windows Live! option * Improve goa_oauth2_provider_ensure_credentials_sync * Authentication failure in goa IMAP accounts * Missing files from POTFILES.in * WebDAV not detected for mail.ru * goaoauth2provider: fixtask chaining for subclasses * Always lowercase domains when looking up base * goadavclient: check Nextcloud fallback last * goabackend: add a composite widget for authflow links * goadavclient: fix the mailbox.org preconfig Update to version 3.54.5: * Adding GOA account fails with sonic.net IMAP service * Cannot add a ProtonMail bridge with IMAP + TLS * Nextcloud login does not work anymore due to OPTIONS /login request * Linked online accounts no longer work * Invalid URI when adding Google account * goamsgraphprovider: ensure a valid PresentationIdentity * goadaemon: complete GTasks to avoid a scary debug warning ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-469=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * gvfs-debuginfo-1.59.90-160000.1.1 * gvfs-fuse-debuginfo-1.59.90-160000.1.1 * gnome-online-accounts-debuginfo-3.58.0-160000.1.1 * gvfs-debugsource-1.59.90-160000.1.1 * typelib-1_0-Goa-1_0-3.58.0-160000.1.1 * gvfs-backends-1.59.90-160000.1.1 * gvfs-fuse-1.59.90-160000.1.1 * gnome-online-accounts-debugsource-3.58.0-160000.1.1 * libgoa-backend-1_0-2-3.58.0-160000.1.1 * libgoa-backend-1_0-2-debuginfo-3.58.0-160000.1.1 * gvfs-1.59.90-160000.1.1 * gvfs-backends-debuginfo-1.59.90-160000.1.1 * libgoa-1_0-0-3.58.0-160000.1.1 * libgoa-1_0-0-debuginfo-3.58.0-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * gvfs-lang-1.59.90-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html * https://bugzilla.suse.com/show_bug.cgi?id=1258953 * https://bugzilla.suse.com/show_bug.cgi?id=1258954 . This update addresses important vulnerabilities ingnome-online-accounts and gvfs for SUSE systems, improving security.. SUSE gnome-online-accounts gvfs issues security update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 09, 2026 Important SuSE
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticalcode execution

Debian 11 gvfs Critical FTP Command Injection and Network Probing Advisory

Codean Labs found that gvfs, a virtual filesystem implementation, was affected by multiple vulnerabililies including FTP bounce attack which could lead to probing open ports on client network and improper CRLF validation which could allow an attacker to inject arbitrary FTP commands.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4513-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andreas Henriksson March 28, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : gvfs Version : 1.46.2-2+deb11u1 CVE ID : CVE-2026-28295 CVE-2026-28296 Debian Bug : 1129285 1129286 Codean Labs found that gvfs, a virtual filesystem implementation, was affected by multiple vulnerabililies including FTP bounce attack which could lead to probing open ports on client network and improper CRLF validation which could allow an attacker to inject arbitrary FTP commands. CVE-2026-28295 A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network. CVE-2026-28296 A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts. For Debian 11 bullseye, these problems have been fixed in version 1.46.2-2+deb11u1. We recommend that you upgrade your gvfs packages. For the detailed security status of gvfs please refer to itssecurity tracker page at: https://security-tracker.debian.org/tracker/gvfs Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities found in gvfs could allow remote attackers to execute FTP command injections and probe networks.. gvfs vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 28, 2026 Critical Debian LTS
Banner 4 1028x280 1708121825 1771600306
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorySuSEimportant

SUSE 15 SP6 gvfs Important FTP Command Injection Advisory 2026-0960-1

An update that solves two vulnerabilities can now be installed.. # Security update for gvfs Announcement ID: SUSE-SU-2026:0960-1 Release Date: 2026-03-23T08:51:00Z Rating: important References: * bsc#1258953 * bsc#1258954 Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for gvfs fixes the following issues: * CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953). * CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths (bsc#1258954). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-960=1 openSUSE-SLE-15.6-2026-960=1 * Desktop Applications Module 15-SP7 zypper in -t patchSUSE-SLE-Module-Desktop-Applications-15-SP7-2026-960=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-960=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-960=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-goa-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-goa-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * gvfs-32bit-debuginfo-1.52.2-150600.3.3.1 * gvfs-32bit-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * gvfs-64bit-debuginfo-1.52.2-150600.3.3.1 * gvfs-64bit-1.52.2-150600.3.3.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * Desktop Applications Module 15-SP7 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390xx86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html * https://bugzilla.suse.com/show_bug.cgi?id=1258953 * https://bugzilla.suse.com/show_bug.cgi?id=1258954 . This advisory details important updates for gvfs addressing critical FTP security issues.. SUSE updates, gvfs security, Linux issue resolutions. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 23, 2026 Important SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryimportantpatch management

openSUSE Leap 15.6 gvfs Important FTP Injection Issues SUSE-SU-2026-0960-1

An update that solves two vulnerabilities can now be installed.. # Security update for gvfs Announcement ID: SUSE-SU-2026:0960-1 Release Date: 2026-03-23T08:51:00Z Rating: important References: * bsc#1258953 * bsc#1258954 Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for gvfs fixes the following issues: * CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953). * CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths (bsc#1258954). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-960=1 openSUSE-SLE-15.6-2026-960=1 * Desktop Applications Module 15-SP7 zypper in -t patchSUSE-SLE-Module-Desktop-Applications-15-SP7-2026-960=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-960=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-960=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-goa-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-goa-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * gvfs-32bit-debuginfo-1.52.2-150600.3.3.1 * gvfs-32bit-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * gvfs-64bit-debuginfo-1.52.2-150600.3.3.1 * gvfs-64bit-1.52.2-150600.3.3.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * Desktop Applications Module 15-SP7 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390xx86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html * https://bugzilla.suse.com/show_bug.cgi?id=1258953 * https://bugzilla.suse.com/show_bug.cgi?id=1258954 . Update for gvfs resolves two issues related to information disclosure and command injection. Important patch for openSUSE users.. openSUSE gvfs security patch information disclosure FTP. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 23, 2026 Important OpenSUSE
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here