Amazon Linux 2023 Security Advisory: ALAS2023-2026-1689
Advisory Released Date: 2026-05-15
Advisory Updated Date: 2026-05-15
Severity:
Important
Issue Overview:
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation. (CVE-2026-6357)
Affected Packages:
python-pip
Issue Correction:
Run dnf update python-pip --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1689 --releasever 2023.11.20260514 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
noarch:
python3-pip-wheel-21.3.1-2.amzn2023.0.19.noarch
python3-pip-21.3.1-2.amzn2023.0.19.noarch
src:
python-pip-21.3.1-2.amzn2023.0.19.src