CVE-2025-32798 - Conda Build

Technical Topics
1

Hi team,

With regards to above CVE, I started updating my Conda environment following various online resources. I use community Anaconda distribution with some Python related workload running on it (Linux Host). I have not been successful to upgrade it using

conda update conda
conda update conda-build

During the upgrade, it fails and errors out with warnings such as below and the progress stalls.

The environment is inconsistent, please check the package plan carefully
The following packages are causing the inconsistency:

  • defaults/linux-64::brotli-bin==1.0.9=h5eee18b_7
  • defaults/linux-64::brotli==1.0.9=h5eee18b_7
  • defaults/linux-64::libwebp==1.2.4=h11a3e52_1
  • defaults/linux-64::brunsli==0.1=h2531618_0
  • defaults/linux-64::typing-extensions==4.7.1=py311h06a4308_0
  • defaults/noarch::importlib_metadata==6.0.0=hd3eb1b0_0
  • defaults/linux-64::qtwebkit==5.212=h4eab89a_4
  • defaults/noarch::argon2-cffi==21.3.0=pyhd3eb1b0_0
  • defaults/linux-64::jupyter_server==1.23.4=py311h06a4308_0
  • defaults/linux-64::huggingface_hub==0.15.1=py311h06a4308_0
  • defaults/linux-64::jupyter_server_fileid==0.9.0=py311h06a4308_0
  • defaults/linux-64::jupyterlab_server==2.22.0=py311h06a4308_0
  • defaults/linux-64::notebook-shim==0.2.2=py311h06a4308_0
  • defaults/noarch::pooch==1.4.0=pyhd3eb1b0_0
  • defaults/linux-64::jupyter_server_ydoc==0.8.0=py311h06a4308_1
  • defaults/linux-64::nbclassic==0.5.5=py311h06a4308_0
  • defaults/linux-64::conda-build==3.26.0=py311h06a4308_0
  • defaults/linux-64::notebook==6.5.4=py311h06a4308_1
  • defaults/linux-64::anaconda-navigator==2.4.2=py311h06a4308_0
  • defaults/linux-64::jupyterlab==3.6.3=py311h06a4308_0
  • defaults/linux-64::jupyter==1.0.0=py311h06a4308_8
  • defaults/linux-64::imagecodecs==2021.8.26=py311hb63acbb_2
  • defaults/linux-64::pytorch==2.0.1=cpu_py311h6d93b4c_0
  • defaults/linux-64::datasets==2.12.0=py311h06a4308_0
  • defaults/linux-64::panel==1.2.1=py311h06a4308_0
  • defaults/linux-64::transformers==4.29.2=py311h06a4308_0
  • defaults/linux-64::holoviews==1.17.0=py311h06a4308_0
  • defaults/linux-64::hvplot==0.8.4=py311h06a4308_0
  • defaults/linux-64::_anaconda_depends==2023.07=py311_1
  • defaults/linux-64::sqlalchemy==2.0.39=py311h00e1ef3_0
  • defaults/linux-64::pytables==3.10.1=py311h9d13977_0

What’s the easiest way to upgrade conda and conda build to

      conda version : 25.5.1
conda-build version : 25.5.0

to remediate above CVE.