网安资讯详情 - SecLens 情报雷达

USN-8344-3: pip vulnerability

来源： ubuntu_security_notice · 发布时间 2026-06-03 17:16 (UTC+08:00) · 抓取时间 2026-06-03 22:35 (UTC+08:00)

原文链接

摘要

A regression was fixed in pip.

正文

USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66471)

标签

• release:jammy
• release:noble
• release:resolute
• USN

扩展字段

{
  "cve_ids": [
    "CVE-2025-66471"
  ],
  "guid": "https://ubuntu.com/security/notices/USN-8344-3",
  "instructions": "In general, a standard system update will make all the necessary changes.",
  "raw_pub_date": "Wed, 03 Jun 2026 09:16:40 +0000",
  "release_packages": {
    "jammy": [
      {
        "description": "Python package installer",
        "is_source": true,
        "name": "python-pip",
        "version": "22.0.2+dfsg-1ubuntu0.7+esm3"
      },
      {
        "is_source": false,
        "is_visible": true,
        "name": "python3-pip",
        "pocket": "esm-apps",
        "source_link": "https://launchpad.net/ubuntu/+source/python-pip",
        "version": "22.0.2+dfsg-1ubuntu0.7+esm3",
        "version_link": null
      },
      {
        "is_source": false,
        "is_visible": true,
        "name": "python3-pip-whl",
        "pocket": "esm-apps",
        "source_link": "https://launchpad.net/ubuntu/+source/python-pip",
        "version": "22.0.2+dfsg-1ubuntu0.7+esm3",
        "version_link": null
      }
    ],
    "noble": [
      {
        "description": "Python package installer",
        "is_source": true,
        "name": "python-pip",
        "version": "24.0+dfsg-1ubuntu1.3+esm3"
      },
      {
        "is_source": false,
        "is_visible": true,
        "name": "python3-pip",
        "pocket": "esm-apps",
        "source_link": "https://launchpad.net/ubuntu/+source/python-pip",
        "version": "24.0+dfsg-1ubuntu1.3+esm3",
        "version_link": null
      },
      {
        "is_source": false,
        "is_visible": true,
        "name": "python3-pip-whl",
        "pocket": "esm-apps",
        "source_link": "https://launchpad.net/ubuntu/+source/python-pip",
        "version": "24.0+dfsg-1ubuntu1.3+esm3",
        "version_link": null
      }
    ],
    "resolute": [
      {
        "description": "Python package installer",
        "is_source": true,
        "name": "python-pip",
        "version": "25.1.1+dfsg-1ubuntu2+esm3"
      },
      {
        "is_source": false,
        "is_visible": true,
        "name": "python3-pip",
        "pocket": "esm-apps",
        "source_link": "https://launchpad.net/ubuntu/+source/python-pip",
        "version": "25.1.1+dfsg-1ubuntu2+esm3",
        "version_link": null
      },
      {
        "is_source": false,
        "is_visible": true,
        "name": "python3-pip-whl",
        "pocket": "esm-apps",
        "source_link": "https://launchpad.net/ubuntu/+source/python-pip",
        "version": "25.1.1+dfsg-1ubuntu2+esm3",
        "version_link": null
      }
    ]
  },
  "releases": [
    {
      "codename": "resolute",
      "support_tag": "LTS",
      "version": "26.04"
    },
    {
      "codename": "noble",
      "support_tag": "LTS",
      "version": "24.04"
    },
    {
      "codename": "jammy",
      "support_tag": "LTS",
      "version": "22.04"
    }
  ]
}