Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:0771

Опубликовано: 20 янв. 2026
Источник: rocky
Оценка: Important

Описание

Important: gpsd-minimal security update

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. The Rocky Enterprise Software Foundation support for this package is limited. See https://access.redhat.com/support/policy/gpsd-support for more details.

Security Fix(es):

  • gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing (CVE-2025-67269)

  • gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling (CVE-2025-67268)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
gpsd-minimalx86_641.el9_7.1gpsd-minimal-3.26.1-1.el9_7.1.x86_64.rpm
gpsd-minimal-clientsx86_641.el9_7.1gpsd-minimal-clients-3.26.1-1.el9_7.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-67268
CVE-2025-67269

Ссылки на источники

Исправления

Связанные уязвимости

rocky логотип

RLSA-2026:0770

rocky
17 дней назад

Important: gpsd security update

oracle-oval логотип

ELSA-2026-0771

oracle-oval
19 дней назад

ELSA-2026-0771: gpsd-minimal security update (IMPORTANT)

oracle-oval логотип

ELSA-2026-0770

oracle-oval
19 дней назад

ELSA-2026-0770: gpsd security update (IMPORTANT)

ubuntu логотип

CVE-2025-67269

CVSS3: 7.5
ubuntu
около 1 месяца назад

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

nvd логотип

CVE-2025-67269

CVSS3: 7.5
nvd
около 1 месяца назад

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.