important: python-setuptools/wpa_supplicant security update
important
An update for python-setuptools/wpa_supplicant is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
python-setuptools:
wpa_supplicant:
Security Fix(es):
python-setuptools: A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.(CVE-2024-6345)
python-setuptools: bugfix
wpa_supplicant: A flaw was found in wpa_supplicant's implementation of PEAP. This issue may allow an attacker to skip the second phase of authentication when the target device has not been properly configured to verify the authentication server. By skipping the second phase of authentication, it’s easier for an attacker to create a rogue clone of a trusted WiFi network to trick the victim into connecting, all without knowing their password.(CVE-2023-52160)
wpa_supplicant: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.