========================================================================== Ubuntu Security Notice USN-7762-1 September 23, 2025
python-pip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in pip. Software Description: - python-pip: Python package installer Details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. This update addresses the issue in the Requests module bundled into pip in Ubuntu 22.04 LTS. (CVE-2023-32681) It was discovered that urllib3 didn't strip HTTP body on status code 303 redirects under certain circumstances. A remote attacker could possibly use this issue to obtain sensitive information. This update addresses the issue in the urllib3 module bundled into pip in Ubuntu 24.04 LTS. (CVE-2023-45803) Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service. This update addresses the issue in the idna module bundled into pip in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3651) Juho Forsén discovered that Requests did not correctly parse URLs. A remote attacker could possibly use this issue to leak sensitive information. This update addresses the issue in the Requests module bundled into pip in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2024-47081) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-pip 25.0+dfsg-1ubuntu0.2 python3-pip-whl 25.0+dfsg-1ubuntu0.2 Ubuntu 24.04 LTS python3-pip 24.0+dfsg-1ubuntu1.3 python3-pip-whl 24.0+dfsg-1ubuntu1.3 Ubuntu 22.04 LTS python3-pip 22.0.2+dfsg-1ubuntu0.7 python3-pip-whl 22.0.2+dfsg-1ubuntu0.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7762-1 CVE-2023-32681, CVE-2023-45803, CVE-2024-3651, CVE-2024-47081, https://launchpad.net/bugs/2031880 Package Information: https://launchpad.net/ubuntu/+source/python-pip/25.0+dfsg-1ubuntu0.2 https://launchpad.net/ubuntu/+source/python-pip/24.0+dfsg-1ubuntu1.3 https://launchpad.net/ubuntu/+source/python-pip/22.0.2+dfsg-1ubuntu0.7
signature.asc
Description: OpenPGP digital signature
