Back

Fedora Incus 6.23 Security Update Addresses Multiple Vulnerabilities

Severity: Medium (Score: 57.8)

Sources: Linuxsecurity

Summary

On April 20, 2026, Fedora released a security update for Incus 6.23, a container hypervisor based on LXC. The update removes the incus dependency from incus-agent and addresses several vulnerabilities. Notable CVEs include CVE-2025-58183, which involves unbounded allocation when parsing GNU sparse maps, and CVE-2026-23954, which allows arbitrary host file read and write through container image templating. Other vulnerabilities include CVE-2025-69725, an open redirect issue, and CVE-2026-23953, which involves newline injection in container environment configuration. The update is crucial for users of Fedora 42 and 43, as it mitigates potential exploits that could affect container management and security. Users are advised to apply the update using the 'dnf' package manager. The advisory emphasizes the importance of keeping systems updated to prevent exploitation of these vulnerabilities. Key Points: • Fedora released a security update for Incus 6.23 on April 20, 2026. • The update addresses multiple CVEs, including CVE-2025-58183 and CVE-2026-23954. • Users are advised to update their systems to mitigate potential vulnerabilities.

Key Entities

  • CVE-2025-47910 (cve)
  • CVE-2025-58183 (cve)
  • CVE-2025-69725 (cve)
  • CVE-2026-23953 (cve)
  • CVE-2026-23954 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-22 - Path Traversal (cwe)
  • Cwe-601 - Open Redirect (cwe)
  • CWE-78 - OS Command Injection (cwe)
  • CWE-862 - Missing Authorization (cwe)
  • Open Redirect Vulnerability (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed