USN-7762-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7762-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7762-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7762-1
Upstream
Related
Published
2025-09-23T12:23:43.817105Z
Modified
2025-09-25T04:49:53.669484Z
Summary
python-pip vulnerabilities
Details

Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. This update addresses the issue in the Requests module bundled into pip in Ubuntu 22.04 LTS. (CVE-2023-32681)

It was discovered that urllib3 didn't strip HTTP body on status code 303 redirects under certain circumstances. A remote attacker could possibly use this issue to obtain sensitive information. This update addresses the issue in the urllib3 module bundled into pip in Ubuntu 24.04 LTS. (CVE-2023-45803)

Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service. This update addresses the issue in the idna module bundled into pip in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3651)

Juho Forsén discovered that Requests did not correctly parse URLs. A remote attacker could possibly use this issue to leak sensitive information. This update addresses the issue in the Requests module bundled into pip in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2024-47081)

References

Affected packages

Ubuntu:22.04:LTS / python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip@22.0.2+dfsg-1ubuntu0.7?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
22.0.2+dfsg-1ubuntu0.7

Affected versions

20.*

20.3.4-4

21.*

21.3.1+dfsg-3

22.*

22.0.2+dfsg-1
22.0.2+dfsg-1ubuntu0.1
22.0.2+dfsg-1ubuntu0.2
22.0.2+dfsg-1ubuntu0.3
22.0.2+dfsg-1ubuntu0.4
22.0.2+dfsg-1ubuntu0.5
22.0.2+dfsg-1ubuntu0.6

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-pip",
            "binary_version": "22.0.2+dfsg-1ubuntu0.7"
        },
        {
            "binary_name": "python3-pip-whl",
            "binary_version": "22.0.2+dfsg-1ubuntu0.7"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:24.04:LTS / python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip@24.0+dfsg-1ubuntu1.3?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0+dfsg-1ubuntu1.3

Affected versions

23.*

23.2+dfsg-1
23.3+dfsg-1

24.*

24.0+dfsg-1
24.0+dfsg-1ubuntu1
24.0+dfsg-1ubuntu1.1
24.0+dfsg-1ubuntu1.2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-pip",
            "binary_version": "24.0+dfsg-1ubuntu1.3"
        },
        {
            "binary_name": "python3-pip-whl",
            "binary_version": "24.0+dfsg-1ubuntu1.3"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:25.04 / python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip@25.0+dfsg-1ubuntu0.2?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.0+dfsg-1ubuntu0.2

Affected versions

24.*

24.2+dfsg-1
24.2+dfsg-1ubuntu0.1
24.3.1+dfsg-1

25.*

25.0+dfsg-1
25.0+dfsg-1ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-pip",
            "binary_version": "25.0+dfsg-1ubuntu0.2"
        },
        {
            "binary_name": "python3-pip-whl",
            "binary_version": "25.0+dfsg-1ubuntu0.2"
        }
    ],
    "availability": "No subscription required"
}