ALSA-2026:0771

See a problem?

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:0771.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2026:0771

Related

Published

2026-01-19T00:00:00Z

Modified

2026-02-04T03:10:49.322773Z

Summary

Important: gpsd-minimal security update

Details

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. The AlmaLinux support for this package is limited. See https://access.AlmaLinux.com/support/policy/gpsd-support for more details.

Security Fix(es):

gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing (CVE-2025-67269)
gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling (CVE-2025-67268)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / gpsd-minimal

Package

Name: gpsd-minimal
Purl: pkg:rpm/almalinux/gpsd-minimal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.26.1-1.el9_7.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:0771.json"

AlmaLinux:9 / gpsd-minimal-clients

Package

Name: gpsd-minimal-clients
Purl: pkg:rpm/almalinux/gpsd-minimal-clients

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.26.1-1.el9_7.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:0771.json"