important: webkitgtk/wpa_supplicant security update
important
An update for webkitgtk/wpa_supplicant is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
webkitgtk:
wpa_supplicant:
Security Fix(es):
webkitgtk: A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds write due to improper checks to prevent unauthorized actions, causing a break out of Web Content sandbox.(CVE-2025-24201)
webkitgtk: bugfix
wpa_supplicant: A flaw was found in the IEEE 802.11 standard. This vulnerability possibly allows an adversary to trick a victim into connecting to an unintended or untrusted network because the SSID is not always used to derive the pairwise master key or session keys and because there is not a protected exchange of an SSID during a 4-way handshake.(CVE-2023-52424)
wpa_supplicant: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.06B7.