Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
203
security advisorycriticalDoS attackMageia 9 gpsd Critical DoS Heap Overflow Vulnerability MGASA-2026-0028
MGASA-2026-0028 - Updated gpsd packages fix security vulnerabilities. MGASA-2026-0028 - Updated gpsd packages fix security vulnerabilities Publication date: 30 Jan 2026 URL: https://advisories.mageia.org/MGASA-2026-0028.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-67268, CVE-2025-67269 Description: gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution. (CVE-2025-67268) An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer-> length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer-> length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. (CVE-2025-67269) References: - https://bugs.mageia.org/show_bug.cgi?id=34959 - https://ubuntu.com/security/notices/USN-7948-1 - https://www.cve.org/CVERecord?id=CVE-2025-67268 - https://www.cve.org/CVERecord?id=CVE-2025-67269 SRPMS: - 9/core/gpsd-3.25-1.1.mga9 . Updated gpsd packages for Mageia fix critical vulnerabilities and prevent potential DoS attacks.. Mageia gpsd security advisory heap overflow DoS. . Severity: Critical. LinuxSecurity.com Team
Jan 30, 2026
•Critical
Mageia
217
security advisorybuffer overflowimportantOracle Linux 10: gpsd Important Buff Overflow CVE-2025-67268 ELSA-2026-0770
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-0770 http://linux.oracle.com/errata/ELSA-2026-0770.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: gpsd-3.26.1-1.0.1.el10_1.1.x86_64.rpm gpsd-clients-3.26.1-1.0.1.el10_1.1.x86_64.rpm python3-gpsd-3.26.1-1.0.1.el10_1.1.x86_64.rpm aarch64: gpsd-3.26.1-1.0.1.el10_1.1.aarch64.rpm gpsd-clients-3.26.1-1.0.1.el10_1.1.aarch64.rpm python3-gpsd-3.26.1-1.0.1.el10_1.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/gpsd-3.26.1-1.0.1.el10_1.1.src.rpm Related CVEs: CVE-2025-67268 CVE-2025-67269 Description of changes: [1:3.26.1-1.0.1.el10_1.1] - Replace upstream reference [Orabug: 37033219] [1:3.26.1-1.el10_1.1] - fix buffer overflow in NMEA2000 driver (CVE-2025-67268) - fix integer underflow in handling of Navcom packets (CVE-2025-67269) _______________________________________________ El-errata mailing list
Jan 21, 2026
•Important
Oracle
89
security advisorydenial of servicefedoraFedora 42: gpsd Critical Buffer Overflow & DoS CVE-2025-67268 Advisory
Security fixes for CVE-2025-67268 and CVE-2025-67269.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a1552b48c3 2026-01-20 01:37:20.162017+00:00 -------------------------------------------------------------------------------- Name : gpsd Product : Fedora 42 Version : 3.25 Release : 17.fc42 URL : https://gpsd.gitlab.io/gpsd/index.html Summary : Service daemon for mediating access to a GPS Description : gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications (such as navigational and war-driving software) can share access to a GPS without contention or loss of data. Also, gpsd responds to queries with a format that is substantially easier to parse than NMEA 0183. -------------------------------------------------------------------------------- Update Information: Security fixes for CVE-2025-67268 and CVE-2025-67269. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 12 2026 Miroslav Lichvar - 1:3.25-17 - fix buffer overflow in NMEA2000 driver (CVE-2025-67268) - fix integer underflow in handling of Navcom packets (CVE-2025-67269) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2426827 - CVE-2025-67269 gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2426827 [ 2 ] Bug #2426828 - CVE-2025-67269 gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2426828 [ 3 ] Bug #2426932 - CVE-2025-67268 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write inNMEA2000 packet handling [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2426932 [ 4 ] Bug #2426933 - CVE-2025-67268 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2426933 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a1552b48c3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 20, 2026
•Critical
Fedora
197
security advisorycriticalheap corruptionDebian 11: gpsd Critical DoS Heap Issue DLA-4441-1 CVE-2025-67268
Multiple vulnerabilities were fixed in gpsd a service daemon that monitors one or more GNSS (GPS) or AIS receivers attached to a host computer through serial or USB ports. CVE-2025-67268 gpsd contains a heap-based out-of-bounds write. From: Bastien Roucari��s To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 4441-1] gpsd security update Debian LTS Advisory DLA-4441-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucari��s January 19, 2026 https://wiki.debian.org/LTS Package : gpsd Version : 3.22-4+deb11u1 CVE ID : CVE-2025-67268 CVE-2025-67269 Debian Bug : 1124799 1124800 Multiple vulnerabilities were fixed in gpsd a service daemon that monitors one or more GNSS (GPS) or AIS receivers attached to a host computer through serial or USB ports. CVE-2025-67268 gpsd contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution. CVE-2025-67269 An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c`. When parsing a NAVCOM packet, the payload length is calculated using `lexer-> length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer-> length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. For Debian 11 bullseye,these problems have been fixed in version 3.22-4+deb11u1. We recommend that you upgrade your gpsd packages. For the detailed security status of gpsd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/gpsd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Critical security update for gpsd on Debian LTS addressing multiple vulnerabilities including DoS risks and heap corruption.. gpsd security update, Debian LTS advisory, heap corruption fix, Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Jan 19, 2026
•Critical
Debian LTS
89
security advisorydenial of servicefedoraFedora 43 gpsd Security Fixes CVE-2025-67268 Denial of Service
Security fixes for CVE-2025-67268 and CVE-2025-67269.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2ca69451b9 2026-01-15 01:11:51.080180+00:00 -------------------------------------------------------------------------------- Name : gpsd Product : Fedora 43 Version : 3.26.1 Release : 6.fc43 URL : https://gpsd.gitlab.io/gpsd/index.html Summary : Service daemon for mediating access to a GPS Description : gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications (such as navigational and war-driving software) can share access to a GPS without contention or loss of data. Also, gpsd responds to queries with a format that is substantially easier to parse than NMEA 0183. -------------------------------------------------------------------------------- Update Information: Security fixes for CVE-2025-67268 and CVE-2025-67269. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 12 2026 Miroslav Lichvar - 1:3.26.1-6 - fix buffer overflow in NMEA2000 driver (CVE-2025-67268) - fix integer underflow in handling of Navcom packets (CVE-2025-67269) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2426827 - CVE-2025-67269 gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2426827 [ 2 ] Bug #2426828 - CVE-2025-67269 gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2426828 [ 3 ] Bug #2426932 - CVE-2025-67268 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds writein NMEA2000 packet handling [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2426932 [ 4 ] Bug #2426933 - CVE-2025-67268 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2426933 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2ca69451b9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 15, 2026
•Critical
Fedora
172
security advisorydenial of servicecriticalUbuntu 25.10: GPSd Critical Denial of Service Vulnerability USN-7948-1
Several security issues were fixed in GPSd.. ========================================================================== Ubuntu Security Notice USN-7948-1 January 08, 2026 gpsd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in GPSd. Software Description: - gpsd: Global Positioning System Details: It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-67268) It was discovered that GPSd incorrectly handled processing NAVCOM packets. An attacker could possibly use this issue to cause GPSd to consume resources, resulting in a denial of service. (CVE-2025-67269) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 gpsd 3.25-5ubuntu1.25.10.1 libgps30t64 3.25-5ubuntu1.25.10.1 Ubuntu 25.04 gpsd 3.25-5ubuntu1.25.04.1 libgps30t64 3.25-5ubuntu1.25.04.1 Ubuntu 24.04 LTS gpsd 3.25-3ubuntu3.2 libgps30t64 3.25-3ubuntu3.2 Ubuntu 22.04 LTS gpsd 3.22-4ubuntu2.1 libgps28 3.22-4ubuntu2.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7948-1 CVE-2025-67268, CVE-2025-67269 Package Information: https://launchpad.net/ubuntu/+source/gpsd/3.25-5ubuntu1.25.10.1 https://launchpad.net/ubuntu/+source/gpsd/3.25-5ubuntu1.25.04.1 https://launchpad.net/ubuntu/+source/gpsd/3.25-3ubuntu3.2 https://launchpad.net/ubuntu/+source/gpsd/3.22-4ubuntu2.1 . Several critical security issues inGPSd fixed for multiple Ubuntu versions to prevent DoS attacks and code execution.. GPSd Vulnerability, Ubuntu Security Fix, GPSd DoS, NMEA2000 Issue, GPSd Update. . Severity: Critical. LinuxSecurity.com Team
Jan 08, 2026
•Critical
Ubuntu
202
security advisorymoderateOpenSUSEopenSUSE Tumbleweed: gpsd Security Advisory CVEs 2025-67268, 2025-67269
An update that solves 2 vulnerabilities can now be installed.. # gpsd-3.27.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10008-1 Rating: moderate Cross-References: * CVE-2025-67268 * CVE-2025-67269 Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the gpsd-3.27.3-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * gpsd 3.27.3-1.1 * gpsd-clients 3.27.3-1.1 * gpsd-devel 3.27.3-1.1 * gpsd-qt6-devel 3.27.3-1.1 * libQgpsmm32 3.27.3-1.1 * libgps32 3.27.3-1.1 * python3-gpsd 3.27.3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67268.html * https://www.suse.com/security/cve/CVE-2025-67269.html . openSUSE Tumbleweed update for gpsd addresses two moderate vulnerabilities to enhance security.. moderate update, gpsd application, openSUSE security, security issues, package list. . LinuxSecurity.com Team
Jan 07, 2026
OpenSUSE
197
security advisorybuffer overflowsoftware updateDebian: DLA-2795-1 Critical: Gpsd Remote Code Execution Risk
A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON inputs. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2795-1
Oct 29, 2021
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!