Ubuntu 24.10: USN-7084-2 moderate: python-pip sensitive data leak
ubuntu
October 30, 2024
urllib3 could leak sensitive information.
Summary
urllib3 could leak sensitive information.
Software Description:
- python-pip: Python package installer
Details:
USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn't strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 python3-pip 24.2+dfsg-1ubuntu0.1 python3-pip-whl 24.2+dfsg-1ubuntu0.1 Ubuntu 24.04 LTS python3-pip 24.0+dfsg-1ubuntu1.1 python3-pip-whl 24.0+dfsg-1ubuntu1.1 Ubuntu 22.04 LTS python3-pip 22.0.2+dfsg-1ubuntu0.5 python3-pip-whl 22.0.2+dfsg-1ubuntu0.5 Ubuntu 20.04 LTS python-pip-whl 20.0.2-5ubuntu1.11 python3-pip 20.0.2-5ubuntu1.11 Ubuntu 18.04 LTS python-pip 9.0.1-2.3~ubuntu1.18.04.8+esm6 Available with Ubuntu Pro python-pip-whl 9.0.1-2.3~ubuntu1.18.04.8+esm6 Available with Ubuntu Pro python3-pip 9.0.1-2.3~ubuntu1.18.04.8+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS python-pip 8.1.1-2ubuntu0.6+esm10 Available with Ubuntu Pro python-pip-whl 8.1.1-2ubuntu0.6+esm10 Available with Ubuntu Pro python3-pip 8.1.1-2ubuntu0.6+esm10 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7084-2
https://ubuntu.com/security/notices/USN-7084-1
CVE-2024-37891
PREVIOUS
NEXT
Ubuntu Security Notice USN-7084-2
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!