Packages
- python-pip - Python package installer
Details
Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly
leaked Proxy-Authorization headers. A remote attacker could possibly use
this issue to obtain sensitive information. This update addresses the issue
in the Requests module bundled into pip in Ubuntu 22.04 LTS.
(CVE-2023-32681)
It was discovered that urllib3 didn't strip HTTP body on status code
303 redirects under certain circumstances. A remote attacker could
possibly use this issue to obtain sensitive information. This update
addresses the issue in the urllib3 module bundled into pip in Ubuntu
24.04 LTS. (CVE-2023-45803)
Guido Vranken discovered that idna did not properly manage certain inputs,
which could lead to significant resource consumption. An attacker could
possibly use this issue to cause a denial of service. This update addresses
the issue in the idna module...
Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly
leaked Proxy-Authorization headers. A remote attacker could possibly use
this issue to obtain sensitive information. This update addresses the issue
in the Requests module bundled into pip in Ubuntu 22.04 LTS.
(CVE-2023-32681)
It was discovered that urllib3 didn't strip HTTP body on status code
303 redirects under certain circumstances. A remote attacker could
possibly use this issue to obtain sensitive information. This update
addresses the issue in the urllib3 module bundled into pip in Ubuntu
24.04 LTS. (CVE-2023-45803)
Guido Vranken discovered that idna did not properly manage certain inputs,
which could lead to significant resource consumption. An attacker could
possibly use this issue to cause a denial of service. This update addresses
the issue in the idna module bundled into pip in Ubuntu 22.04 LTS and
Ubuntu 24.04 LTS. (CVE-2024-3651)
Juho Forsén discovered that Requests did not correctly parse URLs. A
remote attacker could possibly use this issue to leak sensitive
information. This update addresses the issue in the Requests module bundled
into pip in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04.
(CVE-2024-47081)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.04 plucky | python3-pip – 25.0+dfsg-1ubuntu0.2 | ||
| python3-pip-whl – 25.0+dfsg-1ubuntu0.2 | |||
| 24.04 noble | python3-pip – 24.0+dfsg-1ubuntu1.3 | ||
| python3-pip-whl – 24.0+dfsg-1ubuntu1.3 | |||
| 22.04 jammy | python3-pip – 22.0.2+dfsg-1ubuntu0.7 | ||
| python3-pip-whl – 22.0.2+dfsg-1ubuntu0.7 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.