A denial of service flaw was found in the way NMEA0183 driver packet parser of gpsd, a service daemon for mediating access to a GPS, processed certain malformed packets. A remote attacker could provide a specially-crafted device input that, when processed would lead to gpsd's packet parser crash (gpsd daemon termination). References: [1] http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html Relevant upstream patch: [2] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
This issue affects the versions of the gpsd package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Created gpsd tracking bugs for this issue Affects: fedora-all [bug 958719]
CVE Request: http://www.openwall.com/lists/oss-security/2013/05/02/7
Assigned CVE as per http://seclists.org/oss-sec/2013/q2/268
Jan, please see: https://bugs.mageia.org/show_bug.cgi?id=9969#c2
Together with the DoS in NMEA driver, upstream corrected also one potential crash in AIS driver: http://openwall.com/lists/oss-security/2013/05/03/3 Relevant upstream patch: http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f
(In reply to comment #5) > Jan, please see: > > https://bugs.mageia.org/show_bug.cgi?id=9969#c2 Thanks, Oden. Replied.
Eric clarified the problem was in NMEA0183: http://openwall.com/lists/oss-security/2013/05/08/1
gpsd-3.9-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
gpsd-3.9-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.