An update for python-pip is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2317 Final 1.0 1.0 2025-09-19 Initial 2025-09-19 2025-09-19 openEuler SA Tool V1.0 2025-09-19 python-pip security update An update for python-pip is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3 pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-/bash_completion.d}) Name: python-pip Version: 23.3.1 Release: 3 Summary: A tool for installing and managing Python packages License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL: http://www.pip-installer.org Source0: Source1: pip.loongarch.conf BuildArch: noarch Patch1: remove-existing-dist-only-if-path-conflicts. Patch6000: dummy-certifi.patch Patch6001: backport-CVE-2023-45803-Made-body-stripped-from-HTTP-requests.patch Patch6002: backport-CVE-2024-37891-Strip-Proxy-Authorization-header-on-redirects.patch Security Fix(es): urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.(CVE-2025-50181) An update for python-pip is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium python-pip https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2317 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 python-pip-21.3.1-10.oe2203sp4.src.rpm python-pip-23.3.1-5.oe2403.src.rpm python-pip-23.3.1-5.oe2403sp1.src.rpm python-pip-23.3.1-5.oe2403sp2.src.rpm python-pip-20.2.2-11.oe2003sp4.src.rpm python-pip-21.3.1-10.oe2203sp3.src.rpm python-pip-help-21.3.1-10.oe2203sp4.noarch.rpm python-pip-wheel-21.3.1-10.oe2203sp4.noarch.rpm python3-pip-21.3.1-10.oe2203sp4.noarch.rpm python-pip-help-23.3.1-5.oe2403.noarch.rpm python-pip-wheel-23.3.1-5.oe2403.noarch.rpm python3-pip-23.3.1-5.oe2403.noarch.rpm python-pip-help-23.3.1-5.oe2403sp1.noarch.rpm python-pip-wheel-23.3.1-5.oe2403sp1.noarch.rpm python3-pip-23.3.1-5.oe2403sp1.noarch.rpm python-pip-help-23.3.1-5.oe2403sp2.noarch.rpm python-pip-wheel-23.3.1-5.oe2403sp2.noarch.rpm python3-pip-23.3.1-5.oe2403sp2.noarch.rpm python-pip-help-20.2.2-11.oe2003sp4.noarch.rpm python-pip-wheel-20.2.2-11.oe2003sp4.noarch.rpm python2-pip-20.2.2-11.oe2003sp4.noarch.rpm python3-pip-20.2.2-11.oe2003sp4.noarch.rpm python-pip-help-21.3.1-10.oe2203sp3.noarch.rpm python-pip-wheel-21.3.1-10.oe2203sp3.noarch.rpm python3-pip-21.3.1-10.oe2203sp3.noarch.rpm urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. 2025-09-19 CVE-2025-50181 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 Medium 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N python-pip security update 2025-09-19 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2317