Ubuntu
gypsy package

  1. Bug #690323
  2. Comment #52

Comment 52 for bug 690323

Revision history for this message
In , Vincent (vincent-redhat-bugs) wrote :

Two vulnerabilities were reported [1],[2] in gypsy, a GPS multiplexing daemon.

The first is that it reads arbitrary files as the root user on behalf of a regular user (CVE-2011-0523). The second is that there is a buffer overflow in nmea device input handling which could potentially lead to privilege escalation (CVE-2011-0524). Both issues have been reported upstream [3], however there has been no response (the Ubuntu bug indicates upstream was noticed 20101214 with no response. There is also a SUSE bug [4] with some further information.

[1] http://article.gmane.org/gmane.comp.security.oss.general/4124
[2] https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323
[3] https://bugs.freedesktop.org/show_bug.cgi?id=33431
[4] https://bugzilla.novell.com/show_bug.cgi?id=666839#c3