OPENSUSE-SU-2026:10280-1 incus-6.22-1.1 on GA media

These are all security issues fixed in the incus-6.22-1.1 package on the GA media of openSUSE Tumbleweed...

GO-2026-4357 Incus container image templating arbitrary host file read and write in github.com/lxc/incus

Incus container image templating arbitrary host file read and write in github.com/lxc/incus...

GO-2026-4359 Incus container environment configuration newline injection in github.com/lxc/incus

Incus container environment configuration newline injection in github.com/lxc/incus...

PT-2026-6517

Incus container image templating arbitrary host file read and write in github.com/lxc/incus...

PT-2026-6518

Incus container environment configuration newline injection in github.com/lxc/incus...

[BSA-128] Security Update for incus

Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2026-23953 CVE-2026-23954 Two security issues were discovered in Incus, a system container and virtual machine manager, which could result the in execution of arbitrary commands via malformed...

Debian: Security Advisory (DSA-6109-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the 'incus' group can create an environment variable containing newlines, which can be used to add additional...

SUSE CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the 'incus' group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

[SECURITY] [DSA 6109-1] incus security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6109-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2026 https://www.debian.org/security/faq -...

Debian dsa-6109 : golang-github-lxc-incus-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6109 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6109-1 [email protected] https://www.debian.org/securit...

DSA-6109-1 incus - security update

Bulletin has no description...

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

UBUNTU-CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

EUVD-2026-3803

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954

Incus CVE-2026-23954 affects versions 6.21.0 and below. The issue arises when launching a container with a custom image (e.g., incus group member) using templating in metadata.yaml, where directory traversal or symbolic links in source/target paths are not checked, enabling host arbitrary file re...

CVE-2026-23954 Incus container image templating arbitrary host file read and write

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...