[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 6051-1] incus security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6051-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 10, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : incus
CVE ID         : CVE-2025-64507

It was discovered that Incus, a system container and virtual machine
manager, is prone to a local privilege escalation vulnerability
unprivileged users are allowed access to Incus through incus-user.

For the stable distribution (trixie), this problem has been fixed in
version 6.0.4-2+deb13u2.

We recommend that you upgrade your incus packages.

For the detailed security status of incus please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/incus

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmkSQatfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QjUhAAiVnnXoVYn1dAqiGD8tRoROJmZlgGaRDgPSPobJZGYf06WvZLuVtsB1gG
qrLfHQfyddE7peNezsPtKqQBsecrFON7orrNTiRgIxZYBFugvr2AFyAsnE2DUw7r
uQF366Jxg0uAlAL1yC+XmJBqKEmMkMk95UryvwdDy0Qe+EipNOlQA7IvQkpdWqha
Ul/jWI4IXoDObFLW13/CqP6QqwWwB168zM3K8oIqz9/HjgIkla123Lq3UuoTuWJx
WvOAlyAztbGo1LszsSlg6tTFPktb9kcUykWZr0LTWuTZICFRkM6dJoPMYDzDva9R
itKgeq+Aomlurc7fDbmgPhB51xtSjQLyA0oJIW8dXDb6h2nIBlfsrFGLD4eHnzfM
U8QO9AWjtddCQnuLWUHjStYmI3VX4e56mMmHkBz/YIGmTfPZ0nrCdnaV97Q46TLs
6SfhX1akgJOR/fVYHRMCg4X9d/lR/IhebB6trfkbVMgSNOVkegCsMxL+1KehnsU6
SEDnMMNSZ1bFI6ik/eTAqFCBzjSJqzM56o90vRUUT/0Y2/nOYat5N2NsuJgdtRIn
r+OElgsgmZhkord/aBn8t9NMhU8wzCvxmC7JOYcb2fO6wlUVsaPMolbUlbUCnzCv
fnOc6zAVxvwlysZHtO9ZdfgvIbA2lZwQDQU9XykMj+tEmDgq0Q4=
=yngG
-----END PGP SIGNATURE-----
Reply to: