[SECURITY] Fedora 42 Update: conda-build-25.4.0-1.fc42

You can easily build your own packages for conda, and upload them to anaconda.org, a free service for hosting packages for conda, as well as other package managers. To build a package, create a recipe. See http://github.com/conda/conda-recipes for many example recipes, and...

Fedora 42 : conda-build (2025-eb0eab6793)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-eb0eab6793 advisory. Update to 25.4.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora: Security Advisory (FEDORA-2025-eb0eab6793)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-18461

Malicious code in bioql PyPI...

EUVD-2025-18458

Malicious code in bioql PyPI...

EUVD-2025-18459

Malicious code in bioql PyPI...

EUVD-2025-18460

Malicious code in bioql PyPI...

CVE-2025-32800

The Conda-build contains commands and tools to build Conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. This flaw allows an attacker to claim this namespace, upload arbitrary malicious code to the package, a...

CVE-2025-32798

The conda-build contains commands and tools to build conda packages. The conda-build recipe processing logic was found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embedded selectors in meta.yam...

CVE-2025-32799

The Conda-build contains commands and tools to build Conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. This flaw allows attackers to craft tar archives containing entries with...

CVE-2025-32799

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

CVE-2025-32800

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...

CVE-2025-32797

The Conda-build contains commands and tools to build Conda packages. Prior to version 25.3.1, The writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. This flaw allows attacker...

CVE-2025-32800

CVE-2025-32800 affects the Conda-build tool. Before version 25.3.0, its pyproject.toml lists the dependency conda-index , which is not published in PyPI. An attacker could claim the namespace and upload arbitrary/malicious code, enabling exploitation during a pip install when resolving dependenci...

CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...

CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...

CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

CVE-2025-32799

CVE-2025-32799 affects conda-build prior to 25.4.0, where tar entry path sanitization allows path traversal (Tarslip) in created/extracted archives. Attacks could overwrite files outside the extraction directory, potentially leading to privilege escalation or code execution. A fix is available in...