[ubuntu/resolute-proposed] gpsd 3.27.5-0.1 (Accepted)
Jeremy Bícha
jbicha at ubuntu.com
Thu Jan 22 00:55:25 UTC 2026
gpsd (3.27.5-0.1) unstable; urgency=medium
* Non-maintainer upload
* New upstream version
* Fix CVE-2025-67268 (Closes: #1124800).
gpsd contains a heap-based out-of-bounds write
vulnerability in the drivers/driver_nmea2000.c file.
The hnd_129540 function, which handles NMEA2000 PGN 129540
(GNSS Satellites in View) packets, fails to validate the
user-supplied satellite count against the size of the skyview
array (184 elements). This allows an attacker to write beyond
the bounds of the array by providing a satellite count up
to 255, leading to memory corruption, Denial of Service (DoS),
and potentially arbitrary code execution.
* Fix CVE-2025-67269 (Closes: #1124799).
An integer underflow vulnerability exists in the `nextstate()`
function in `gpsd/packet.c`.
When parsing a NAVCOM packet, the payload length is calculated
using `lexer->length = (size_t)c - 4` without checking if
the input byte `c` is less than 4. This results in an unsigned
integer underflow, setting `lexer->length` to a very large value
(near `SIZE_MAX`). The parser then enters a loop attempting to
consume this massive number of bytes, causing 100% CPU utilization
and a Denial of Service (DoS) condition.
Date: 2026-01-19 22:31:58.717717+00:00
Changed-By: Boian Bonev <bbonev at ipacct.com>
Signed-By: Jeremy Bícha <jbicha at ubuntu.com>
https://launchpad.net/ubuntu/+source/gpsd/3.27.5-0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list