From f70a1bfc721336d4fc7dfb711c2f518a6b18cf16 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 30 Sep 2020 17:27:54 +0100 Subject: gentoo resync : 30.09.2020 --- metadata/glsa/glsa-202009-17.xml | 48 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 metadata/glsa/glsa-202009-17.xml (limited to 'metadata/glsa/glsa-202009-17.xml') diff --git a/metadata/glsa/glsa-202009-17.xml b/metadata/glsa/glsa-202009-17.xml new file mode 100644 index 000000000000..408f401fbb95 --- /dev/null +++ b/metadata/glsa/glsa-202009-17.xml @@ -0,0 +1,48 @@ + + + + gpsd: Arbitrary code execution + A vulnerability in gpsd could allow remote code execution. + gpsd + 2020-09-29 + 2020-09-29 + 743766 + remote + + + 3.18 + 3.18 + + + +

gpsd is a GPS daemon and library for USB/serial GPS devices and + GPS/mapping clients. +

+ + +

A stack-based buffer overflow was discovered in gpsd on port 2947/TCP or + crafted JSON inputs. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All gpsd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-geosciences/gpsd-3.18" + + + + CVE-2018-17937 + + sam_c + sam_c + -- cgit v1.2.3