Debian LXD and Incus Command Execution Bypass Vulnerabilities Disclosed

Debian has issued security advisories for critical command execution bypass vulnerabilities in LXD and Incus. The vulnerabilities were addressed in LXD version 5.0.2+git20231211.1364ae4-9+deb13u7 and Incus version 6.0.4-2+deb13u8. Users of the stable distribution (trixie) are urged to upgrade their packages to mitigate potential exploitation. The vulnerabilities could allow unauthorized command execution, posing a significant risk to systems utilizing these tools. The advisories recommend immediate action to apply the updates. No specific CVEs were mentioned in the articles, but the issues are classified as critical. The security status of both LXD and Incus can be tracked through Debian's security tracker pages.

Key Points: • Critical command execution bypass vulnerabilities found in Debian's LXD and Incus. • Users are advised to upgrade to LXD 5.0.2+git20231211.1364ae4-9+deb13u7 and Incus 6.0.4-2+deb13u8. • Immediate action is recommended to prevent potential unauthorized command execution.