Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: gpsd Critical Buffer Overflow & DoS CVE-2025-67268 Advisory

fedora
Calendar Grey January 20, 2026
Dist Fedora Esm H88
Critical security fixes for gpsd in Fedora 42 addressing multiple vulnerabilities including buffer overflows.
Security fixes for CVE-2025-67268 and CVE-2025-67269.

Summary

gpsd is a service daemon that mediates access to a GPS sensor

connected to the host computer by serial or USB interface, making its

data on the location/course/velocity of the sensor available to be

queried on TCP port 2947 of the host computer. With gpsd, multiple

GPS client applications (such as navigational and war-driving software)

can share access to a GPS without contention or loss of data. Also,

gpsd responds to queries with a format that is substantially easier to

parse than NMEA 0183.

Update Information:

Security fixes for CVE-2025-67268 and CVE-2025-67269.

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow CVE gpsd

Change Log

* Mon Jan 12 2026 Miroslav Lichvar - 1:3.25-17 - fix buffer overflow in NMEA2000 driver (CVE-2025-67268) - fix integer underflow in handling of Navcom packets (CVE-2025-67269)

References


[ 1 ] Bug #2426827 - CVE-2025-67269 gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2426827 [ 2 ] Bug #2426828 - CVE-2025-67269 gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2426828 [ 3 ] Bug #2426932 - CVE-2025-67268 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2426932 [ 4 ] Bug #2426933 - CVE-2025-67268 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2426933

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a1552b48c3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gpsd
Product: Fedora 42
Version: 3.25
Release: 17.fc42
URL: https://gpsd.gitlab.io/gpsd/index.html
Summary: Service daemon for mediating access to a GPS

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow CVE gpsd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here