Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 42 Incus 6.23 Security Update Advisory 2026-4481307278

fedora
Calendar Grey April 20, 2026
Dist Fedora Esm H88
New update for Fedora 42 incus 6.23 removes dependencies and enhances security. Immediate action recommended.
Remove incus dependency from incus-agent

Summary

Container hypervisor based on LXC

Incus offers a REST API to remotely manage containers over the network,

using an image based work-flow and with support for live migration.

This package contains the Incus daemon.

Update Information:

Remove incus dependency from incus-agent. Update to 6.23

Topics%20covered

Topics Covered

security advisory fedora DoS removal incus 6.23

Change Log

* Thu Apr 9 2026 Carl George - 6.23-3 - Remove incus dependency from incus-agent rhbz#2456888 * Mon Apr 6 2026 Reto Gantenbein - 6.23-2 - Fix static builds of vendored dependencies (RHBZ 2419661) * Mon Apr 6 2026 Reto Gantenbein - 6.23-1 - Update to 6.23 * Mon Mar 30 2026 Neal Gompa - 6.19.1-4 - Drop selinux subpackage in favor of container-selinux * Tue Feb 3 2026 Maxwell G - 6.19.1-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 6.19.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2390870 - incus: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2390870 [ 2 ] Bug #2398840 - CVE-2025-47910 incus: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398840 [ 3 ] Bug #2412795 - CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412795 [ 4 ] Bug #2432454 - CVE-2026-23954 incus: container image templating arbitrary host file read and write [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432454 [ 5 ] Bug #2432456 - CVE-2026-23953 incus: container environment configuration newline injection [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432456 [ 6 ] Bug #2441165 - CVE-2025-69725 incus: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-42] h...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4481307278' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
informational
Lowest
Low
Medium
High
Critical

Name: incus
Product: Fedora 42
Version: 6.23
Release: 3.fc42
URL: https://linuxcontainers.org/incus
Summary: Powerful system container and virtual machine manager

Topics%20covered

Topics Covered

security advisory fedora DoS removal incus 6.23

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here