A vulnerability in gpsd could allow remote code execution.
|Package||sci-geosciences/gpsd on all architectures|
|Affected versions||< 3.18|
|Unaffected versions||>= 3.18|
gpsd is a GPS daemon and library for USB/serial GPS devices and GPS/mapping clients.
A stack-based buffer overflow was discovered in gpsd on port 2947/TCP or crafted JSON inputs.
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time.
All gpsd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sci-geosciences/gpsd-3.18"
September 29, 2020
September 29, 2020: 1