[SECURITY] [DSA 6244-1] incus security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6244-1] incus security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sat, 2 May 2026 19:04:33 +0000
Message-id: <[🔎] afZKwQlE2knw8NH6@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6244-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 02, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : incus
CVE ID         : CVE-2026-40195 CVE-2026-40197 CVE-2026-40243 CVE-2026-40251 
                 CVE-2026-41647 CVE-2026-41648 CVE-2026-41684 CVE-2026-41685

Multiple security issues were discovered in Incus, a system container
and virtual machine manager, which could result in denial of service,

For the stable distribution (trixie), these problems have been fixed in
version 6.0.4-2+deb13u7.

We recommend that you upgrade your incus packages.

For the detailed security status of incus please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/incus

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn2SfwACgkQEMKTtsN8
TjY4QhAAmZueNTBmlXWavkALBRb+Fh6kAj22t/duInjCVi+csJmIvRRL7hIl+TeH
TN6SdRQJuBeCtKiVXu1wVFYWOF/aitp83ItmrUQx0iecNQrq4RPFKTMQDSjbeD/u
XcxlajtMI7vbPWPqqQunwrrB4EmkgcKCjIK78A0V6JgYjjxwbxIpYHjvu6RLQfiV
W0YlyDfpWunPl8AM8y2QzAZHsFZ57W7TRMEI5ONGaOocyoQSJZSy2aBMewAZhr5w
+z6dHIsBA/IsG5AecvXGrmX9FEDgzR78fL46yQ5OATu8wvj4rbeP8q1DwmkoNe3T
eGAs7ieH/L3kLR5Q5Ay+F3YgJEh3xntEkXoCenRyMF2yQjBL4Gbswk+oHLgIxbXJ
YaqBwmNHV25rcmsX7EYXxR/UnI6PvvGRm14hYdp/rn2S4glIu44LjAt0l+UAHQm3
T12u0OPv4KxJJVyc1XhQ5n1eMgMaGEJtrdQi8GtQHbU3eIbszxV8+ecVnGIZyyZ3
I7VFYCwpFg764kMGQu6LmW0N2oHvXlYNKBvX0zvl/WxN0/n9e/AgpVKHbrYVsCUO
6SwzGGG/q3SxcThNWTuwGouaZC/MdJtMF0y0pOOq9IoSTgz2prJGcj5tZ1F3GZdK
ksYwYav4lFNuGN/XkA6r1JN2Z1o1dkE36POce5DG7cDzKlDdOT4=
=utyr
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6243-1] linux security update
Next by Date: [SECURITY] [DSA 6245-1] imagemagick security update
Previous by thread: [SECURITY] [DSA 6243-1] linux security update
Next by thread: [SECURITY] [DSA 6245-1] imagemagick security update
Index(es):
- Date
- Thread