Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: PyPy Critical Path Traversal Fixes (FEDORA-2025-9b8da6ad7e)

fedora
Calendar Grey July 20, 2025
Dist Fedora Esm H88
Urgent security advisory for PyPy on Fedora 41 addresses critical vulnerabilities. Update packages to ensure system integrity and safety.
Update to 7.3.20 Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 (in pip and setuptools wheels)

Summary

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU

architectures, and various optimized implementations of the standard types

(strings, dictionaries, etc)

This build of PyPy has JIT-compilation enabled.

Update Information:

Update to 7.3.20 Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 (in pip and setuptools wheels)

Topics%20covered

Topics Covered

security advisory fedora critical path traversal authorization issue redirection

Change Log

* Thu Jul 10 2025 Charalampos Stratakis - 7.3.20-1 - Update to 7.3.20 - Fixes: rhbz#2376234 * Thu Jul 10 2025 Charalampos Stratakis - 7.3.19-2 - Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 - Fixes: rhbz#2367430, rhbz#2372476, rhbz#2373817

References


[ 1 ] Bug #2367430 - CVE-2025-47273 pypy: Path Traversal Vulnerability in setuptools PackageIndex [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2367430 [ 2 ] Bug #2372476 - CVE-2024-47081 pypy: Requests vulnerable to .netrc credentials leak via malicious URLs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2372476 [ 3 ] Bug #2373817 - CVE-2025-50181 pypy: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2373817 [ 4 ] Bug #2376234 - pypy-7.3.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=2376234

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9b8da6ad7e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: pypy
Product: Fedora 41
Version: 7.3.20
Release: 2.fc41
URL: https://pypy.org/
Summary: Python implementation with a Just-In-Time compiler

Topics%20covered

Topics Covered

security advisory fedora critical path traversal authorization issue redirection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here