Debian alert DSA-6027-1 (incus)


From:
               Moritz Muehlenhoff <jmm@debian.org>
To:
               debian-security-announce@lists.debian.org
Subject:
               [SECURITY] [DSA 6027-1] incus security update
Date:
               Fri, 17 Oct 2025 13:18:38 +0000
Message-ID:
               <aPJCLiWXUAo5FnZd@seger.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6027-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 17, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : incus
CVE ID         : CVE-2025-54286 CVE-2025-54287 CVE-2025-54288
                 CVE-2025-54289 CVE-2025-54290 CVE-2025-54291
		 CVE-2025-54293

Multiple security issues were discovered in Incus, a system container
and virtual machine manager, which could result in file disclosure,
information disclosure, privilege escalation or cross-site request
forgery.

For the stable distribution (trixie), these problems have been fixed in
version 6.0.4-2+deb13u1.

We recommend that you upgrade your incus packages.

For the detailed security status of incus please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/incus

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjyQV4ACgkQEMKTtsN8
TjZL4g//bHpSsUyO4BFgtTa9kTKoVzRJpuknfo7ZVhvu81rqUbRdhef6CBaWE3v8
a1fb2oyAH4rrlecesawsoTBW2opUIdJ5OwosQ4ZlJMfe5v7Xlp8nP3SHoHupdWCD
C79vTIguglpReNeeFoPMNV0DD/uGoSEUiwUwn0UBTk5cyXEtnrDsJmLhXNTfG9Q7
p4XtPGwB97OtgNANlZF3XkEXBkoi25J5V1caMY7anI+EfPfXfcO7Ku4btQk5hI2n
STF3tXQNy8uDANtS9Y2U6I5a2dPFPi6bQe/2mM2OEGvUOMb+DECC8htxVY8F9i0j
8EzVq11s+ynl4hhpiLDowvznJ1tOVvhj1cSJ1qED+VvyGyj+6B6JvWOUZbO9rrlb
DarmuYYQU7mTD+eVs7+x8Yej/L1vg0GamYwmjsTjQLHHIZbLsj1TM9iqxYD/rHWT
qCJu22JSJfgGITsn7li8X7Siw5bdPY5NBPv9qAbv7EnIjvi/FShtg1E3qE4zkhGh
PnFxLbKi704tzdx9XkwoiYLR1RBOp5vvgk0pdpXGjBmML1z2xVN8yaiAwgwXeIE9
usJ0hOSG/dgYgLFb7r/SEMqDKYM2xAq63OMGPpUb36PUaOqEc7Pfwtgfo7NepV9n
ecf78+ImzjSWjbcgEKpRVOh0eDthvd6p4LmIIFx/NpbXESkAaFc=
=11HQ
-----END PGP SIGNATURE-----
From:		Moritz Muehlenhoff <jmm@debian.org>
To:		debian-security-announce@lists.debian.org
Subject:		[SECURITY] [DSA 6027-1] incus security update
Date:		Fri, 17 Oct 2025 13:18:38 +0000
Message-ID:		<aPJCLiWXUAo5FnZd@seger.debian.org>