[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gpsd-users] Garmin 18X LVC and upcoming week rollover

From: Gary E. Miller
Subject: Re: [gpsd-users] Garmin 18X LVC and upcoming week rollover
Date: Tue, 19 Feb 2019 11:28:04 -0800

Yo Rich!

On Tue, 19 Feb 2019 11:01:39 -0800
Rich Wales <address@hidden> wrote:

> Replying to Gary E. Miller:
> > /3.18.1 is current. There are some CVE in 3.17, so watch your host
> > until you get 3.18.1/  
> I'm using the *gpsd* from the Ubuntu 18.04 LTS repository, and it's
> currently 3.17.  Is there a reliable PPA which I could add to my setup
> in order to get 3.18.1 without needing to build from sources?

I don't even know what a PPA is.  Building from source is trivial the
second time you do it.

> The computer with my GPS is an internal host on my home LAN, behind a
> firewall, not visible to the Internet.  I wouldn't consider it a good
> idea anyway to make the *gpsd* port reachable from the Internet at
> large, right?, except perhaps for a large company where it's no real
> security issue for people to know your ICBM coordinates.

The new gpsd CVE allow both remote and local escalation to root.  So
an ad banner in your browser can then use gpsd to get root.  No firewall
will help you.

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        address@hidden  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin

Attachment: pgp_8qw6zHwQC.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]