Two vulnerabilities were reported [1],[2] in gypsy, a GPS multiplexing daemon.
The first is that it reads arbitrary files as the root user on behalf of a regular user (CVE-2011-0523). The second is that there is a buffer overflow in nmea device input handling which could potentially lead to privilege escalation (CVE-2011-0524). Both issues have been reported upstream [3], however there has been no response (the Ubuntu bug indicates upstream was noticed 20101214 with no response. There is also a SUSE bug [4] with some further information.
Two vulnerabilities were reported [1],[2] in gypsy, a GPS multiplexing daemon.
The first is that it reads arbitrary files as the root user on behalf of a regular user (CVE-2011-0523). The second is that there is a buffer overflow in nmea device input handling which could potentially lead to privilege escalation (CVE-2011-0524). Both issues have been reported upstream [3], however there has been no response (the Ubuntu bug indicates upstream was noticed 20101214 with no response. There is also a SUSE bug [4] with some further information.
[1] http:// article. gmane.org/ gmane.comp. security. oss.general/ 4124 /bugs.launchpad .net/ubuntu/ +source/ gypsy/+ bug/690323 /bugs.freedeskt op.org/ show_bug. cgi?id= 33431 /bugzilla. novell. com/show_ bug.cgi? id=666839# c3
[2] https:/
[3] https:/
[4] https:/