Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42: conda-build 25.4.0 Critical Code Execution 2025-eb0eab6793

fedora
Calendar Grey December 17, 2025
Dist Fedora Esm H88
Update to conda-build 25.4.0 in Fedora 42 addresses critical issues including code execution and path traversal.
Update to 25.4.0

Summary

You can easily build your own packages for conda, and upload them to

anaconda.org, a free service for hosting packages for conda, as well as other

package managers. To build a package, create a recipe. See

https://github.com/conda-archive/conda-recipes for many example recipes, and

https://docs.conda.io/projects/conda-build/en/latest/index.html for documentation on how to build

recipes.

To upload to anaconda.org, create an account. Then, install the

anaconda-client and login

$ conda install anaconda-client

$ anaconda login

Then, after you build your recipe

$ conda build

you will be prompted to upload to anaconda.org.

To add your anaconda.org channel, or the channel of others to conda so that

conda install will find and install their packages, run

$ conda config --add channels https://conda.anaconda.org/username

(replacing username with the user name of the person whose channel you want to

add).

Update Information:

Update to 25.4.0

Topics%20covered

Topics Covered

security advisory fedora code execution path traversal supply chain conda-build

Change Log

* Mon Dec 8 2025 Orion Poplawski - 25.4.0-1 - Update to 25.4.0 (CVE-2025-32797, CVE-2025-32798, CVE-2025-32799, CVE-2025-32800)

References


[ 1 ] Bug #2373074 - CVE-2025-32797 conda-build: Conda-build Code Execution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373074 [ 2 ] Bug #2373086 - CVE-2025-32800 conda-build: Conda-build supply chain confusion [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373086 [ 3 ] Bug #2373088 - CVE-2025-32798 conda-build: Conda-build Code Execution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373088 [ 4 ] Bug #2373089 - CVE-2025-32799 conda-build: Conda-build Path Traversal [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373089

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-eb0eab6793' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: conda-build
Product: Fedora 42
Version: 25.4.0
Release: 1.fc42
URL: https://github.com/conda/conda-build
Summary: Commands and tools for building conda packages

Topics%20covered

Topics Covered

security advisory fedora code execution path traversal supply chain conda-build

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here