[SECURITY] Fedora 42 Update: incus-6.23-3.fc42

updates--- via package-announce Sun, 19 Apr 2026 18:07:19 -0700

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4481307278
2026-04-20 01:04:24.758007+00:00
--------------------------------------------------------------------------------


Name        : incus
Product     : Fedora 42
Version     : 6.23
Release     : 3.fc42
URL         : https://linuxcontainers.org/incus
Summary     : Powerful system container and virtual machine manager
Description :
Container hypervisor based on LXC
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.

This package contains the Incus daemon.

--------------------------------------------------------------------------------
Update Information:

Remove incus dependency from incus-agent.
Update to 6.23
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  9 2026 Carl George <[email protected]> - 6.23-3
- Remove incus dependency from incus-agent rhbz#2456888
* Mon Apr  6 2026 Reto Gantenbein <[email protected]> - 6.23-2
- Fix static builds of vendored dependencies (RHBZ 2419661)
* Mon Apr  6 2026 Reto Gantenbein <[email protected]> - 6.23-1
- Update to 6.23
* Mon Mar 30 2026 Neal Gompa <[email protected]> - 6.19.1-4
- Drop selinux subpackage in favor of container-selinux
* Tue Feb  3 2026 Maxwell G <[email protected]> - 6.19.1-3
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> - 
6.19.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2390870 - incus: go-viper's mapstructure May Leak Sensitive 
Information in Logs [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2390870
  [ 2 ] Bug #2398840 - CVE-2025-47910 incus: CrossOriginProtection bypass in 
net/http [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2398840
  [ 3 ] Bug #2412795 - CVE-2025-58183 incus: Unbounded allocation when parsing 
GNU sparse map [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2412795
  [ 4 ] Bug #2432454 - CVE-2026-23954 incus: container image templating 
arbitrary host file read and write [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2432454
  [ 5 ] Bug #2432456 - CVE-2026-23953 incus: container environment 
configuration newline injection [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2432456
  [ 6 ] Bug #2441165 - CVE-2025-69725 incus: Go-chi/chi: Open Redirect 
vulnerability allows redirection to malicious websites [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2441165
  [ 7 ] Bug #2452041 - CVE-2026-33542 incus: Incus: Image cache poisoning due 
to insufficient image fingerprint validation [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2452041
  [ 8 ] Bug #2452043 - CVE-2026-33897 incus: Incus: Arbitrary file read/write 
as root via pongo2 template chroot bypass [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2452043
  [ 9 ] Bug #2452045 - CVE-2026-33711 incus: Incus: Local privilege escalation 
or denial of service via predictable temporary file paths [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2452045
  [ 10 ] Bug #2452047 - CVE-2026-33743 incus: Incus: Denial of Service via 
specially crafted storage bucket backup [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2452047
  [ 11 ] Bug #2452105 - CVE-2026-33898 incus: Incus: Privilege escalation and 
unauthorized access due to improper authentication token validation in web UI 
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2452105
  [ 12 ] Bug #2456888 - Installing incus-agent installs the entire incus stack
        https://bugzilla.redhat.com/show_bug.cgi?id=2456888
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4481307278' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: incus-6.23-3.fc42

Reply via email to