HCE3-SA-2025-0225 Moderate HCE 3.0 Security Fix(es): When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn_x27;t implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn_x27;t fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706. Note that this is a vulnerability in pip_x27;s fallback implementation of tar extraction for Python versions that don_x27;t implement PEP 706 and therefore are not secure to all vulnerabilities in the Python _x27;tarfile_x27; module. If you_x27;re using a Python version that implements PEP 706 then pip doesn_x27;t use the "vulnerable" fallback code. Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python >=3.9.17, >=3.10.12, >=3.11.4, or >=3.12), applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice. (CVE-2025-8869) urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. (CVE-2025-50181) Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one_x27;s Requests Session. (CVE-2024-47081) HCE 3.0 python3-pip-23.3.1-2.r6.hce3.noarch.rpm python-pip-help-23.3.1-2.r6.hce3.noarch.rpm python-pip-wheel-23.3.1-2.r6.hce3.noarch.rpm