gpsd: CVE-2013-2038

Debian Bug report logs - #706665
gpsd: CVE-2013-2038

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: gpsd: CVE-2013-2038

Date: Fri, 03 May 2013 06:41:46 +0200

Source: gpsd
Severity: important
Tags: security patch

Hi,

the following vulnerability was published for gpsd.

CVE-2013-2038[0]:
DoS (packet parser crash) in the AIS driver when processing malformed packet

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Patches referenced by upstream developer and detailed explanation can be
found at [1,2,3].

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2038
    http://security-tracker.debian.org/tracker/CVE-2013-2038
[1] http://marc.info/?l=oss-security&m=136753549732442&w=2
[2] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
[3] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f

Please adjust the affected versions in the BTS as needed.

@Bernd: I have not (yet) further investigated, only looked at current
code to see if above match.

Regards,
Salvatore

Message #12 received at 706665@bugs.debian.org (full text, mbox, reply):

From: Bernd Zeimetz <bernd@bzed.de>

To: Salvatore Bonaccorso <carnil@debian.org>, 706665@bugs.debian.org

Subject: Re: Bug#706665: gpsd: CVE-2013-2038

Date: Fri, 03 May 2013 20:50:52 +0200

Hi,

> the following vulnerability was published for gpsd.
> 
> CVE-2013-2038[0]:
> DoS (packet parser crash) in the AIS driver when processing malformed packet

interesting as there is also a second way to make gpsd crash, although that
would require a pretty buggy NMEA string. If you look at the

> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> Patches referenced by upstream developer and detailed explanation can be
> found at [1,2,3].
> 
> For further information see:
> 
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2038
>     http://security-tracker.debian.org/tracker/CVE-2013-2038
> [1] http://marc.info/?l=oss-security&m=136753549732442&w=2
> [2] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
> [3] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f
> 
> Please adjust the affected versions in the BTS as needed.
> 
> @Bernd: I have not (yet) further investigated, only looked at current
> code to see if above match.

Already looked into it, and I've prepared a fixed upload already. But I don't
think the bug is bad enough to require a security upload or fix in wheezy before
the release. I'll upload it to unstable and see if the release team picks it up
for wheezy, otherwise it will be fine to have it in the first point-release.

Cheers,

Bernd

> 
> Regards,
> Salvatore


-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Message #17 received at 706665-close@bugs.debian.org (full text, mbox, reply):

From: Bernd Zeimetz <bzed@debian.org>

To: 706665-close@bugs.debian.org

Subject: Bug#706665: fixed in gpsd 3.6-5

Date: Fri, 03 May 2013 19:47:38 +0000

Source: gpsd
Source-Version: 3.6-5

We believe that the bug you reported is fixed in the latest version of
gpsd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 706665@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernd Zeimetz <bzed@debian.org> (supplier of updated gpsd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 May 2013 20:57:35 +0200
Source: gpsd
Binary: gpsd gpsd-dbg gpsd-clients python-gps libgps20 libgps-dev libqgpsmm20 libqgpsmm-dev
Architecture: source amd64
Version: 3.6-5
Distribution: unstable
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bernd Zeimetz <bzed@debian.org>
Description: 
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-dbg   - Global Positioning System - debugging symbols
 libgps-dev - Global Positioning System - development files
 libgps20   - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm20 - Global Positioning System - Qt wrapper for libgps
 python-gps - Global Positioning System - Python libraries
Closes: 706665
Changes: 
 gpsd (3.6-5) unstable; urgency=medium
 .
   * [818fb0a6] Fixing two security bugs in gpsd
     - one triggered by malformed NMEA packets, making gpsd crash
     - the other one is a possible DOS in the AIS parser,
       CVE-2013-2038
     Thanks to Salvatore Bonaccorso (Closes: #706665)
Checksums-Sha1: 
 244e3d819748b226eb5d67eb41b20514a721022c 2455 gpsd_3.6-5.dsc
 614316b256036bac4c0fd9c8d2affb820d5cacf7 75672 gpsd_3.6-5.diff.gz
 fc6cc87776d87f0951c423fc14f53eec60fb0110 109306 gpsd_3.6-5_amd64.deb
 d1f8c35140bf163c360b819fa1246ef9e70f5f7f 1383234 gpsd-dbg_3.6-5_amd64.deb
 c976493ea032abd021c0a008bfb14b60d674fc50 141744 gpsd-clients_3.6-5_amd64.deb
 f779d648ed975b95c55b0e93956006a1660e0a13 130082 python-gps_3.6-5_amd64.deb
 4ef3b9fd96e60815cb08e97247088765d6e16e89 227704 libgps20_3.6-5_amd64.deb
 5559af73b32126d758bcce7eb8f6412e90ce3f97 142798 libgps-dev_3.6-5_amd64.deb
 18a0996a8cde461d587a66b82ec72234fe9ef403 90550 libqgpsmm20_3.6-5_amd64.deb
 12c5f1bdc7671943086ef50961abfe8f4944ad1a 40744 libqgpsmm-dev_3.6-5_amd64.deb
Checksums-Sha256: 
 66f3a0e58bc0c490b8fab3a7f3c929e15f6252858b92d28bf92e53ec6a489cef 2455 gpsd_3.6-5.dsc
 d9266ea37bc297d6630bc8ca872b4a879072fa1f36981f4a2556c0937f31c80b 75672 gpsd_3.6-5.diff.gz
 bc811209d92cb0f657d9877dd5bab24badadfac9da0ba063c0c40079dd44b7ba 109306 gpsd_3.6-5_amd64.deb
 42348340033e6cb73db1359b046064a7ae0e4711edb44fb636234937e24a0957 1383234 gpsd-dbg_3.6-5_amd64.deb
 6d5f98cd8c32e0277ab2e7840921e23a8d04b822dd7d6d533bc366f1b4a5de2c 141744 gpsd-clients_3.6-5_amd64.deb
 5b29776ceb8fbccd58558b3a7768cb1465ff302aa1a4bf0a054c2296113c004c 130082 python-gps_3.6-5_amd64.deb
 561ebcf64ae3dd2d860547946d5a428d8f69e0c7968172fd3ccb72df2fb86cf3 227704 libgps20_3.6-5_amd64.deb
 94e7ef5bded03ab756fa3f25d715289cb22d93dede7895baf214f5751b135f26 142798 libgps-dev_3.6-5_amd64.deb
 afbf9b5ec49e4192ddb7369b331e7b9046d573b0cb7083df7dacba3a8541d908 90550 libqgpsmm20_3.6-5_amd64.deb
 55e362b2b3544f996a4f7b73a827e9a9a14174c67f72ee890430068c8c65ed4e 40744 libqgpsmm-dev_3.6-5_amd64.deb
Files: 
 5bf8cdd01d59a430ceef968931ec9658 2455 misc optional gpsd_3.6-5.dsc
 2442af84ebc18b75fd029a7dbfafeadb 75672 misc optional gpsd_3.6-5.diff.gz
 761c7cca0171daebce42e08194a462b5 109306 misc optional gpsd_3.6-5_amd64.deb
 47285d554c325db648358898e5419c4a 1383234 debug extra gpsd-dbg_3.6-5_amd64.deb
 62b956e3320b9abad18ee32bf77c2ec1 141744 misc optional gpsd-clients_3.6-5_amd64.deb
 684d360b8ce1836a24717a0c1c75c9ed 130082 python optional python-gps_3.6-5_amd64.deb
 c1788a79266faca8c652327be3654ad8 227704 libs optional libgps20_3.6-5_amd64.deb
 b433499243751dac7423f2cbf1548102 142798 libdevel optional libgps-dev_3.6-5_amd64.deb
 13f1dbccc34f9064e0de776ba530571a 90550 libs optional libqgpsmm20_3.6-5_amd64.deb
 bf8e13617ef3419f5082991403c65cb4 40744 libdevel optional libqgpsmm-dev_3.6-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRhBBDAAoJEOs2Fxpv+UNfJ4YP/RdMKOzf9WG1vcA0qfElJmNV
MOljusd+OCuMVHcjYNt126X5RFvx4Hmauwy7RLjbdQy5PPrJxrJNdbc2knStVmh5
3iPOPAE7jMenYh4MKQlESd2xxeiKYT2InNmAuJolV//caH7N/OlAKwdW0bGSuUEk
pNhB0h4cWO1mZWj/29VgkvQM4WCfXzbJUQNonIaqNPgYd1bSo6XudbE90t38VtKM
r3JefnybC0QSZjUTLs48lYEGefzh0gsRrTn7yjUSzzKLk6/nOfJUSrzpv4QEHofP
suvMM3FlULXq8squraaRSGjamllg9DdDoT7t6OPkZKenb4SCkt5jtOY6TTEQeYiC
5F+S6eextgBwYo56SapGX9jkgUg0ubVeGHbYD1n2aJ4e59kJhBGsAwB9ATcq4yLE
3k3fKwY87E74m5f55ywAzScySvdiWnXCi8YkDYnDGG3frtlVhqOPKSv8J8KU6jo+
W1Y4afZ8v1hpexZVhEw0IiyATxUbgc0+n33NcoKrkr97BfmfCUINcAI4NUNsKJrN
HQvTMFU8DuPzSkaFh/Me4dM6vKEjfL2wsJmlCdVVByX50YBjEC7asPY4h9pAVQeP
XqruR3KibI6rpQ3/cUtd1so+kgnpK2WaVAI4A7lW21Rd6ZY4tJ5asGQy9lsdheYZ
WJs85KERrKbjqfRoJjgh
=1HDd
-----END PGP SIGNATURE-----

Message #22 received at 706665@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Bernd Zeimetz <bernd@bzed.de>

Cc: 706665@bugs.debian.org

Subject: Re: Bug#706665: gpsd: CVE-2013-2038

Date: Fri, 3 May 2013 22:16:37 +0200

Hi Bernd

On Fri, May 03, 2013 at 08:50:52PM +0200, Bernd Zeimetz wrote:
> Hi,
> 
> > the following vulnerability was published for gpsd.
> > 
> > CVE-2013-2038[0]:
> > DoS (packet parser crash) in the AIS driver when processing malformed packet
> 
> interesting as there is also a second way to make gpsd crash, although that
> would require a pretty buggy NMEA string. If you look at the

Looks there is a missing part here, but I think I understood, that
there where two ways mentioned to make gpsd crash.

> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> > 
> > Patches referenced by upstream developer and detailed explanation can be
> > found at [1,2,3].
> > 
> > For further information see:
> > 
> > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2038
> >     http://security-tracker.debian.org/tracker/CVE-2013-2038
> > [1] http://marc.info/?l=oss-security&m=136753549732442&w=2
> > [2] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
> > [3] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f
> > 
> > Please adjust the affected versions in the BTS as needed.
> > 
> > @Bernd: I have not (yet) further investigated, only looked at current
> > code to see if above match.
> 
> Already looked into it, and I've prepared a fixed upload already. But I don't
> think the bug is bad enough to require a security upload or fix in wheezy before
> the release. I'll upload it to unstable and see if the release team picks it up
> for wheezy, otherwise it will be fine to have it in the first point-release.

Thank you have seen the upload and marked accordingly in the
security-tracker. It's unfortunately already to late to ask for an
unblock. But I agree, it would be enought to fix this for wheezy and
squeeze trough s-p-u, and o-p-u.

Thank you for your quick reply!

Regards,
Salvatore

Message #27 received at 706665@bugs.debian.org (full text, mbox, reply):

From: Bernd Zeimetz <bernd@bzed.de>

To: 706665@bugs.debian.org

Cc: control@bugs.debian.org

Subject: [gpsd/master] Fixing two security bugs in gpsd

Date: Fri, 3 May 2013 22:18:44 +0200 (CEST)

tag 706665 pending
thanks

Date: Fri May 3 20:56:39 2013 +0200
Author: Bernd Zeimetz <bernd@bzed.de>
Commit ID: 818fb0a6210e96ff72e3a2557d2707ddf05fe07b
Commit URL: http://git.recluse.de/?p=debian/pkg-gpsd.git;a=commitdiff;h=818fb0a6210e96ff72e3a2557d2707ddf05fe07b
Patch URL: http://git.recluse.de/?p=debian/pkg-gpsd.git;a=commitdiff_plain;h=818fb0a6210e96ff72e3a2557d2707ddf05fe07b

    Fixing two security bugs in gpsd

    - one triggered by malformed NMEA packets, making gpsd crash
    - the other one is a possible DOS in the AIS parser,
      CVE-2013-2038

    Closes: #706665
    Thanks: Salvatore Bonaccorso
      

Message #34 received at 706665-close@bugs.debian.org (full text, mbox, reply):

From: Bernd Zeimetz <bzed@debian.org>

To: 706665-close@bugs.debian.org

Subject: Bug#706665: fixed in gpsd 3.6-4+deb7u1

Date: Wed, 15 May 2013 15:47:43 +0000

Source: gpsd
Source-Version: 3.6-4+deb7u1

We believe that the bug you reported is fixed in the latest version of
gpsd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 706665@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernd Zeimetz <bzed@debian.org> (supplier of updated gpsd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 May 2013 20:57:35 +0200
Source: gpsd
Binary: gpsd gpsd-dbg gpsd-clients python-gps libgps20 libgps-dev libqgpsmm20 libqgpsmm-dev
Architecture: source amd64
Version: 3.6-4+deb7u1
Distribution: wheezy
Urgency: low
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bernd Zeimetz <bzed@debian.org>
Description: 
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-dbg   - Global Positioning System - debugging symbols
 libgps-dev - Global Positioning System - development files
 libgps20   - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm20 - Global Positioning System - Qt wrapper for libgps
 python-gps - Global Positioning System - Python libraries
Closes: 706665
Changes: 
 gpsd (3.6-4+deb7u1) wheezy; urgency=low
 .
   * [818fb0a6] Fixing two security bugs in gpsd
     - one triggered by malformed NMEA packets, making gpsd crash
     - the other one is a possible DOS in the AIS parser,
       CVE-2013-2038
     Thanks to Salvatore Bonaccorso (Closes: #706665)
Checksums-Sha1: 
 0e15fd0c55cd0d3aa546ad4fbcc7289fd2fc4a7f 2483 gpsd_3.6-4+deb7u1.dsc
 c6aaeccd852f513471598544138784b926f8a09d 75680 gpsd_3.6-4+deb7u1.diff.gz
 834969f674c8be7f58697b2831891ce717e5853e 109324 gpsd_3.6-4+deb7u1_amd64.deb
 a2219a3cdc6ee61f1c7067523641be938f9f8392 1382778 gpsd-dbg_3.6-4+deb7u1_amd64.deb
 ccb9c14be48db328d4cad06c9521befa4016e4ae 141766 gpsd-clients_3.6-4+deb7u1_amd64.deb
 20372600298a143576f0e3463396bd2029a2568a 130074 python-gps_3.6-4+deb7u1_amd64.deb
 fad92fa24611b773f32490ff609e3d3b9fce2454 227724 libgps20_3.6-4+deb7u1_amd64.deb
 3ab059692141a6973b2cb25436bb93ee6c38f0f5 142804 libgps-dev_3.6-4+deb7u1_amd64.deb
 b4d0d4738b462121dec7a92accac6f7ec6e82514 90584 libqgpsmm20_3.6-4+deb7u1_amd64.deb
 5ee2a0b23ea6371782bf76a0b86b9cf2adb215d4 40760 libqgpsmm-dev_3.6-4+deb7u1_amd64.deb
Checksums-Sha256: 
 d395d1c6ab311059ac7192299505d56dcc066cf7509a0e4af443c648ea630dcd 2483 gpsd_3.6-4+deb7u1.dsc
 0d5b62e6f5745aa9e136be6702c65e4f7b616b69e63af1db9d523cfa0bb092d2 75680 gpsd_3.6-4+deb7u1.diff.gz
 3826913a7514717eed66c97cbf5be3a18537dd78b5354e1d920fcdac46a34c95 109324 gpsd_3.6-4+deb7u1_amd64.deb
 9fec097dae8f32eca853fc9f3d35bf9f63ffb1c7404ddc39dd8302b4ef9e3ceb 1382778 gpsd-dbg_3.6-4+deb7u1_amd64.deb
 dd04caa04b32240a3922845c51028416f0b46ad74f304a0c010c0775ac7b17cc 141766 gpsd-clients_3.6-4+deb7u1_amd64.deb
 754349d6801cfd29d2dba9dbeb4dca354176883be065e642b564035d90be1f96 130074 python-gps_3.6-4+deb7u1_amd64.deb
 6e3ecd274e3c6a1c67f857ab84565c62c3e2f02d4c396f70759f5414ca563eae 227724 libgps20_3.6-4+deb7u1_amd64.deb
 385b0bbb5bfdd64e3d337c317bb95d2ad787ca4fa5a94ecf7bce79ea125bd40e 142804 libgps-dev_3.6-4+deb7u1_amd64.deb
 a922ed2f8814308cbcbd03c40e1e1e5a1541cf526a3a05b8539f1875c08856c1 90584 libqgpsmm20_3.6-4+deb7u1_amd64.deb
 a1f86e21872ca4a2e079856954e1905304df6e754ae6298e30bcbf1f41abd58d 40760 libqgpsmm-dev_3.6-4+deb7u1_amd64.deb
Files: 
 2c7c8d593cc2cdecc13f7213de9f9a7d 2483 misc optional gpsd_3.6-4+deb7u1.dsc
 37621da51c76231dafe19ee3117b3c19 75680 misc optional gpsd_3.6-4+deb7u1.diff.gz
 133df45d5d6522672488095b3ac76ab3 109324 misc optional gpsd_3.6-4+deb7u1_amd64.deb
 d3ccd19a154a970d9100a599212e899d 1382778 debug extra gpsd-dbg_3.6-4+deb7u1_amd64.deb
 ef33186d5c57894a8c97ccb92a946f6d 141766 misc optional gpsd-clients_3.6-4+deb7u1_amd64.deb
 6219361dd48a45549fd2bf73c1396c54 130074 python optional python-gps_3.6-4+deb7u1_amd64.deb
 4583cd8d917c5d8c4f67ea180736bb1b 227724 libs optional libgps20_3.6-4+deb7u1_amd64.deb
 f23291dfb620eb7bd787aac5e195d2a8 142804 libdevel optional libgps-dev_3.6-4+deb7u1_amd64.deb
 adef27a9478e2c1b8dbf27d865889471 90584 libs optional libqgpsmm20_3.6-4+deb7u1_amd64.deb
 9061b4a16210af77e7fca1486fa59709 40760 libdevel optional libqgpsmm-dev_3.6-4+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRkqa2AAoJEOs2Fxpv+UNfeUAP/2ABrM8oYDq0clQ5LamyImT3
HqxOPFQIPhFcpfpugBliWJfXaQwjyuAU2fe05aXuIPEzVb8EgmhpamQJ3KxIn65W
dSZy609/DW4XJaZNOx+HNbkfEXTzFqykl7OJEgHaynK6z5Yq5eISEqXoh65i2tIa
2L+HnK2kvHI9VCOPIpoVFAcw5TkbArNMifpaPADMvKwQODUaT7ifiwDoXeoRy3ze
5sHy2eFJv2Jq1Z+N4nNJGhf1N9DB8TOwM/efpwWwUeRNSkdd7yxKfUMB9yepLpBZ
zyzk4dhMeEpuusAaO7I+uCiz2hxXYpaEdrnDuy0q5wETdXS73wQeN/X57czqBfc5
JuuZhaotzSHq8KtBtpkf1+tYcF3dC84kOwWlEtUs38qhlUYxcsURbezpYyAfr14X
yU/mu7bVOvAl4e4LPVs0zGYNd1Lq9HYRXItIoB4y8zJb5yVAXUDZvH8/eEKaCEHK
b8rYDdkatkFiyvaX1cMoWPBBVUNaf5UeFx8/fv/1jHm9w0zOoCQZfitso0YWmUGY
r8QkII3z75dorOl25jOpdyfI3OGOJhTa3NNwZIziliNLVOtEsWg6Urt92hIh4tEa
NSWv6oIPimNnqm3NNgD2DtmHkbRS7BVDjOW/IWeyT86OwQE2IQYARic6Y9yM5Oc/
jJjM41TT4Ik0gbGUMGTh
=Unuv
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.