==========================================================================
Ubuntu Security Notice USN-7599-2
June 26, 2025

python-pip vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

pip could be made to expose sensitive information over the network.

Software Description:
- python-pip: Python package installer

Details:

USN-7599-1 fixed vulnerabilities in python-urllib3. This update provides
the corresponding update for python-pip for CVE-2025-50181.

Original advisory details:

Jacob Sandum discovered that urllib3 handled redirects even when they were
explicitly disabled while using the PoolManager. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2025-50181)

Illia Volochii discovered that urllib3 incorrectly handled retry and
redirect parameters when using Node.js. An attacker could possibly use this
issue to obtain sensitive information. This issue only affected Ubuntu
25.04. (CVE-2025-50182)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  python3-pip                     25.0+dfsg-1ubuntu0.1

Ubuntu 24.10
  python3-pip                     24.2+dfsg-1ubuntu0.2

Ubuntu 24.04 LTS
  python3-pip                     24.0+dfsg-1ubuntu1.2

Ubuntu 22.04 LTS
  python3-pip                     22.0.2+dfsg-1ubuntu0.6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7599-2
  https://ubuntu.com/security/notices/USN-7599-2
  CVE-2025-50181

Package Information:
  https://launchpad.net/ubuntu/+source/python-pip/25.0+dfsg-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/python-pip/24.2+dfsg-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/python-pip/24.0+dfsg-1ubuntu1.2
  https://launchpad.net/ubuntu/+source/python-pip/22.0.2+dfsg-1ubuntu0.6