Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 25.04: pip Critical Security Flaws Vulnerability USN-7762-1

ubuntu
Calendar Grey September 23, 2025
Dist Ubuntu Esm H88
Tackle urgent vulnerabilities in pip impacting Ubuntu distributions. Safeguard against information breaches and operational outages immediately!
Several security issues were fixed in pip.

Summary

Several security issues were fixed in pip.

Software Description:

- python-pip: Python package installer

Details:

Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly

leaked Proxy-Authorization headers. A remote attacker could possibly use

this issue to obtain sensitive information. This update addresses the issue

in the Requests module bundled into pip in Ubuntu 22.04 LTS.

(CVE-2023-32681)

It was discovered that urllib3 didn't strip HTTP body on status code

303 redirects under certain circumstances. A remote attacker could

possibly use this issue to obtain sensitive information. This update

addresses the issue in the urllib3 module bundled into pip in Ubuntu

24.04 LTS. (CVE-2023-45803)

Guido Vranken discovered that idna did not properly manage certain inputs,

which could lead to significant resource consumption. An attacker could

possibly use this issue to cause a denial of service. This update addresses

the issue in the idna module bundled into pip in Ubuntu...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  python3-pip                     25.0+dfsg-1ubuntu0.2
  python3-pip-whl                 25.0+dfsg-1ubuntu0.2

Ubuntu 24.04 LTS
  python3-pip                     24.0+dfsg-1ubuntu1.3
  python3-pip-whl                 24.0+dfsg-1ubuntu1.3

Ubuntu 22.04 LTS
  python3-pip                     22.0.2+dfsg-1ubuntu0.7
  python3-pip-whl                 22.0.2+dfsg-1ubuntu0.7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7762-1

CVE-2023-32681, CVE-2023-45803, CVE-2024-3651, CVE-2024-47081,

https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/2031880

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7762-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here