ALSA-2026:0770

[ALSA-2026:0770] Important: gpsd security update

Type:

security

Severity:

important

Release date:

2026-01-21

Description:

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications (such as navigational and war-driving software) can share access to a GPS without contention or loss of data. Also, gpsd responds to queries with a format that is substantially easier to parse than NMEA 0183.  

Security Fix(es):  

  * gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing (CVE-2025-67269)
  * gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling (CVE-2025-67268)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	gpsd-3.26.1-1.el10_1.1.aarch64.rpm	190a883d2462b30c0432c207dcbc1101251a335b98910f366bf30c2f4f05ae21
aarch64	gpsd-clients-3.26.1-1.el10_1.1.aarch64.rpm	68d793c7d64fc6d411cbc24035d04cec6d792043812c2bf647d2191a889f39af
aarch64	python3-gpsd-3.26.1-1.el10_1.1.aarch64.rpm	c08b551ba17532cb165fffc6a75127ffb175ce666a9f7c515f355251d39733e6
ppc64le	gpsd-3.26.1-1.el10_1.1.ppc64le.rpm	1e7f2990b6a1022debce5ae62350f509b12c258ddfe45fe942597aa13395a73e
ppc64le	gpsd-clients-3.26.1-1.el10_1.1.ppc64le.rpm	3b3f3746b6bb21ac4ec7b808842e646ab6e19773f576c245eb2bce2ad37aef65
ppc64le	python3-gpsd-3.26.1-1.el10_1.1.ppc64le.rpm	93774b7b9dcd65808011b552a9b1b641e14b208b428ca9440b16cddd5ed1f97f
s390x	python3-gpsd-3.26.1-1.el10_1.1.s390x.rpm	8366760c66188effe90f65035fbf10e304de803a2b0a78e57dec2ca7906f2f7c
s390x	gpsd-3.26.1-1.el10_1.1.s390x.rpm	848f16322fc546050196f4beea510343628d45aa86de96e81ef5767321350ee4
s390x	gpsd-clients-3.26.1-1.el10_1.1.s390x.rpm	b47d6a1835155bbea22f5a1821fc6d54c132b3b6be471f7939e80a5606c07211
x86_64	gpsd-3.26.1-1.el10_1.1.x86_64.rpm	764196cefac9edb649c279e9509f4f771253aad23af1fb11a63c5e02a2312434
x86_64	gpsd-clients-3.26.1-1.el10_1.1.x86_64.rpm	ed64697fe051956eba6f70a2b829ba106598af6a01d69d88abbb4ed7cc821fb1
x86_64	python3-gpsd-3.26.1-1.el10_1.1.x86_64.rpm	f170195cc084ca915e8ef5ec9495e04fae10d5bac7c1f5ebf57f0ec603180671
x86_64_v2	gpsd-clients-3.26.1-1.el10_1.1.x86_64_v2.rpm	3d6cfdea93a13a247b74e360bfebc6b217124bc550e7660e2ce88b87d252c792
x86_64_v2	gpsd-3.26.1-1.el10_1.1.x86_64_v2.rpm	6f064b66cdf2592c4cb8676d3215d07d372c9faaf033c4e030a0a09c4cb70c1d
x86_64_v2	python3-gpsd-3.26.1-1.el10_1.1.x86_64_v2.rpm	a7c51840ba5269d9b9bca26f65ff7f0e772e2426e525e40b8ca3d63ed9dcbb83

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.